CCNA Ai Security Governance Questions

74 questions · Ai Security Governance topic · All types, answers revealed

1
MCQeasy

A company that uses Amazon Bedrock for generating product descriptions wants to ensure that the output does not contain any confidential information from its proprietary database that is used as context. The company uses a knowledge base in Bedrock to augment the model. The security team is concerned that the model might inadvertently regurgitate exact strings from the knowledge base. The company wants to adopt a solution that prevents this while still allowing the model to use the knowledge base for generating relevant descriptions. What should the company do?

A.Configure Bedrock Guardrails with a 'Prompt/Response Output' filter to block responses that match exact phrases from the knowledge base.
B.Remove the knowledge base and rely solely on the model's pre-trained knowledge.
C.Reduce the maximum token limit for model responses so that it cannot generate long strings.
D.Encrypt the knowledge base data using AWS KMS with a unique key.
AnswerA

Guardrails can filter out responses that contain specific strings, preventing regurgitation.

Why this answer

Option A is correct because Bedrock Guardrails can be configured with a 'Prompt/Response Output' filter that uses a deny list of exact phrases or patterns. This allows the model to use the knowledge base for context while blocking any generated responses that contain verbatim strings from the proprietary database, directly addressing the security team's concern about regurgitation.

Exam trap

The trap here is that candidates may confuse data-at-rest protection (encryption) with output filtering, or assume that limiting response length prevents data leakage, when in fact only a guardrail-based output filter can block exact string matches from the generated content.

How to eliminate wrong answers

Option B is wrong because removing the knowledge base eliminates the context needed for generating relevant product descriptions, defeating the purpose of augmentation. Option C is wrong because reducing the maximum token limit does not prevent regurgitation of exact strings; it only truncates responses, and short strings can still contain confidential data. Option D is wrong because encrypting the knowledge base data with AWS KMS protects data at rest and in transit but does not control or filter the model's output, so it cannot prevent the model from generating exact matches from the decrypted context.

2
MCQeasy

A company is using Amazon Bedrock to generate responses for customer support. They want to ensure that the model does not expose personally identifiable information (PII) in its outputs. Which AWS feature can be configured to automatically redact PII from model responses?

A.Amazon Macie
B.Amazon SageMaker Model Monitor
C.Amazon Bedrock Guardrails
D.AWS CloudTrail
AnswerC

Bedrock Guardrails can be configured to identify and redact PII from model responses.

Why this answer

Amazon Bedrock Guardrails is the correct choice because it provides configurable policies that can automatically detect and redact personally identifiable information (PII) from model inputs and outputs. This feature is specifically designed for Amazon Bedrock to enforce content safety and compliance requirements, including PII redaction, without requiring custom code or external services.

Exam trap

The trap here is that candidates may confuse Amazon Macie (a data discovery service for S3) with a real-time content filtering capability, or assume that SageMaker Model Monitor can be applied to Bedrock, when in fact only Bedrock Guardrails provides native PII redaction for model responses.

How to eliminate wrong answers

Option A is wrong because Amazon Macie is a data security service that discovers and protects sensitive data in Amazon S3, not a feature for redacting PII from model responses in Amazon Bedrock. Option B is wrong because Amazon SageMaker Model Monitor detects data drift and model quality issues for SageMaker endpoints, not for Bedrock, and does not perform PII redaction. Option D is wrong because AWS CloudTrail records API activity for auditing and governance, not for modifying or filtering model responses.

3
MCQhard

An organization uses Amazon Bedrock to generate content. They have implemented guardrails to block toxic content. However, some users are able to bypass the guardrails by encoding their prompts. What step should be taken to improve security?

A.Encode the prompts before sending to the model.
B.Enable prompt injection detection in the guardrail configuration.
C.Use a different foundation model that is less susceptible.
D.Restrict access to the model using IAM policies.
AnswerB

Prompt injection detection can identify and block encoded or malicious prompts.

Why this answer

Option B is correct because Amazon Bedrock guardrails include a built-in prompt injection detection capability that can identify and block attempts to bypass content filters through encoded or obfuscated prompts. Enabling this feature specifically addresses the scenario where users encode their inputs to evade toxic content blocking, as it analyzes the decoded intent of the prompt rather than just the surface-level encoding.

Exam trap

Cisco often tests the misconception that encoding or encrypting inputs is a security measure, when in reality it is a common bypass technique that must be countered by content inspection mechanisms like prompt injection detection.

How to eliminate wrong answers

Option A is wrong because encoding the prompts before sending them to the model would not improve security; it would actually compound the problem by further obfuscating the input, making it harder for guardrails to detect toxic content. Option C is wrong because the susceptibility to encoded prompts is not a model-specific vulnerability; it is a function of the input processing layer, and switching foundation models would not prevent encoding-based bypasses. Option D is wrong because restricting access with IAM policies controls who can invoke the model but does not inspect or sanitize the content of prompts, so it cannot prevent users from submitting encoded toxic inputs.

4
MCQeasy

A data scientist needs to grant an IAM user access to a specific Amazon SageMaker notebook instance. The user should only be able to start and stop the notebook instance, but not delete it. Which IAM policy statement should be used?

A.{"Effect":"Allow","Action":["sagemaker:Start*","sagemaker:Stop*"],"Resource":"*"}
B.{"Effect":"Allow","Action":["sagemaker:StartNotebookInstance","sagemaker:StopNotebookInstance"],"Resource":"arn:aws:sagemaker:us-east-1:123456789012:notebook-instance/MyNotebook"}
C.{"Effect":"Allow","Action":"sagemaker:*","Resource":"*"}
D.{"Effect":"Allow","Action":"sagemaker:*","Resource":"arn:aws:sagemaker:us-east-1:123456789012:notebook-instance/MyNotebook"}
AnswerB

Grants only start and stop on the specific resource.

Why this answer

Option B is correct because it uses the specific actions `sagemaker:StartNotebookInstance` and `sagemaker:StopNotebookInstance` with a resource ARN that targets only the intended notebook instance. This grants the least privilege required to start and stop the instance while explicitly preventing deletion, as no delete action is included. The resource ARN restricts the policy to a single notebook instance, ensuring the user cannot affect other resources.

Exam trap

The trap here is that candidates often choose a wildcard action like `sagemaker:Start*` or `sagemaker:*` thinking it covers the needed actions, but they overlook that these patterns grant unintended permissions (e.g., delete or other start/stop actions on different resources), violating the principle of least privilege.

How to eliminate wrong answers

Option A is wrong because it uses wildcard actions `sagemaker:Start*` and `sagemaker:Stop*`, which could match unintended actions like `sagemaker:StartPipelineExecution` or `sagemaker:StopTrainingJob`, and the resource `*` grants access to all SageMaker resources, violating least privilege. Option C is wrong because `sagemaker:*` allows all SageMaker actions, including `sagemaker:DeleteNotebookInstance`, which the user should not have. Option D is wrong because `sagemaker:*` on a specific resource still grants all actions on that notebook instance, including deletion, which exceeds the required permissions.

5
MCQmedium

A company deploys an Amazon Bedrock agent that uses a knowledge base with sensitive financial documents. The security team requires that all data retrieval queries be logged for auditing, and that the LLM responses do not contain any personally identifiable information (PII). What combination of services should the company use?

A.Enable AWS CloudTrail for API logging and use Amazon GuardDuty to detect PII in responses.
B.Use AWS Config to monitor Bedrock resource configurations and apply an IAM policy to restrict PII.
C.Enable Amazon CloudWatch Logs for the Bedrock agent and use Amazon Comprehend to redact PII from responses.
D.Use Amazon S3 server access logs for the knowledge base and enable Amazon Macie to redact PII.
AnswerC

CloudWatch Logs can capture detailed logs from Bedrock, and Comprehend (or Bedrock Guardrails) can identify and mask PII.

Why this answer

Option B is correct because Amazon CloudWatch Logs can capture query logs, and Amazon Comprehend (or Bedrock Guardrails) can detect and redact PII. Option A is wrong because GuardDuty is for threat detection, not PII redaction. Option C is wrong because AWS Config is for resource compliance, not logging queries.

Option D is wrong because Macie is for data discovery in S3, not real-time PII redaction in responses.

6
MCQhard

A company is using Amazon SageMaker Ground Truth to create labeled datasets for a computer vision model. The dataset contains images of people in public places. The company must comply with data privacy regulations that require explicit consent for using images of individuals. The company has a privacy team that reviews the images and provides consent lists. The ML team suspects that some images in the dataset might include individuals who have not consented. The company wants to ensure that only those images with consent are used for training. What should the company do?

A.Apply a blur filter to all faces in the dataset using Amazon Rekognition before labeling.
B.Use Amazon Rekognition to detect faces in all images and re-label those without consent as invalid.
C.Create an Amazon Simple Workflow Service (SWF) workflow that cross-references image metadata with the consent list, and update the Ground Truth manifest to include only approved images.
D.Use Amazon SageMaker Clarify to detect bias in the training data and exclude images of people.
AnswerC

This creates an automated pipeline to filter approved images based on the consent list, using SWF for workflow orchestration.

Why this answer

Option C is correct because it uses Amazon Simple Workflow Service (SWF) to orchestrate a cross-referencing workflow between image metadata and the consent list, then updates the SageMaker Ground Truth manifest to include only approved images. This ensures that only images with explicit consent are used for training, directly addressing the data privacy compliance requirement without altering or mislabeling the data.

Exam trap

The trap here is that candidates may confuse privacy compliance with data anonymization (blurring faces) or bias detection, rather than recognizing that explicit consent requires a cross-referencing workflow against an external consent list, which is best orchestrated by a workflow service like SWF.

How to eliminate wrong answers

Option A is wrong because applying a blur filter to all faces using Amazon Rekognition does not remove images of individuals without consent; it only obscures faces, which may still violate privacy regulations if the image itself is used without consent. Option B is wrong because using Amazon Rekognition to detect faces and re-label images as invalid does not cross-reference a consent list; it only marks images based on face detection, not on actual consent status, and could incorrectly exclude or include images. Option D is wrong because Amazon SageMaker Clarify is designed to detect bias in training data and model predictions, not to manage consent compliance or exclude images based on privacy consent lists.

7
Multi-Selecthard

A financial services company is deploying a machine learning model that must comply with SOC 2 and PCI DSS. They need to ensure that the model artifacts and training data are encrypted, access is audited, and the environment is protected from network threats. Which THREE AWS services should they implement?

Select 3 answers
A.Amazon DynamoDB Accelerator (DAX)
B.Amazon GuardDuty
C.AWS CloudTrail
D.AWS KMS
E.AWS WAF
AnswersB, C, D

GuardDuty continuously monitors for malicious activity and network threats.

Why this answer

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, which helps protect the environment from network threats as required by SOC 2 and PCI DSS. By analyzing VPC Flow Logs, DNS logs, and CloudTrail events, it can detect anomalies such as port scanning or data exfiltration, directly addressing the need for network threat protection in a compliant ML deployment.

Exam trap

AWS often tests the distinction between network threat detection (GuardDuty) and web application layer protection (WAF), leading candidates to incorrectly choose WAF for general network threat protection when it only addresses HTTP/S-based attacks.

8
MCQhard

A healthcare company needs to use Amazon SageMaker Ground Truth for data labeling. The data includes protected health information (PHI) that must remain in the US. Which configuration meets the compliance requirements?

A.Use a vendor-managed workforce and set up data encryption
B.Use a private workforce consisting of the company's employees and launch the labeling job in the us-east-1 region
C.Use a public workforce (Mechanical Turk) and select the US East region
D.Use a private workforce but launch the labeling job in the eu-west-1 region
AnswerB

Private workforce ensures data is handled by employees under the company's control, and region choice ensures data residency.

Why this answer

Option B is correct because a private workforce consisting of the company's own employees ensures that PHI is never exposed to external workers, and launching the labeling job in us-east-1 keeps all data within the US, satisfying the data residency requirement. Amazon SageMaker Ground Truth allows you to restrict data access to a private workforce that you manage, and by selecting a US region, you ensure that data processing and storage remain within US borders.

Exam trap

The trap here is that candidates often assume that selecting a US region with a public workforce is sufficient for compliance, overlooking that PHI must not be exposed to external workers regardless of geographic location.

How to eliminate wrong answers

Option A is wrong because a vendor-managed workforce involves third-party vendors who may not have the same compliance controls for PHI, and data encryption alone does not guarantee that data remains within the US. Option C is wrong because a public workforce (Mechanical Turk) exposes PHI to anonymous external workers, which violates HIPAA and data privacy requirements, even if the region is set to US East. Option D is wrong because launching the labeling job in eu-west-1 (Ireland) violates the requirement that PHI must remain in the US, as data would be processed and stored in the European Union.

9
MCQmedium

A machine learning engineer wants to ensure that a SageMaker notebook instance only has access to a specific S3 bucket containing training data. The notebook instance is in a VPC. What is the most secure way to restrict access?

A.Use a VPC endpoint for S3 and a bucket policy that restricts access to the VPC endpoint.
B.Place the notebook instance in a private subnet with a NAT gateway.
C.Use AWS KMS to encrypt the bucket and grant the notebook role decrypt permissions.
D.Assign an IAM role to the notebook with an S3 bucket policy that only allows access to that bucket.
AnswerA

Combines network-level and resource-based policy to enforce access only from the VPC.

Why this answer

Option A is correct because using a VPC endpoint for S3 combined with a bucket policy that restricts access to that specific endpoint ensures that only traffic originating from within the VPC (and thus from the SageMaker notebook instance) can reach the S3 bucket. This approach enforces network-level isolation and prevents access from any other source, including the public internet, even if the IAM role is compromised. It is the most secure method because it layers network policy (VPC endpoint) with resource-based policy (bucket policy) to create a tightly scoped access control.

Exam trap

The trap here is that candidates often think IAM roles and bucket policies alone are sufficient for security, but they overlook the need for network-level restrictions (like VPC endpoints) to prevent data exfiltration or unauthorized access from outside the VPC.

How to eliminate wrong answers

Option B is wrong because placing the notebook instance in a private subnet with a NAT gateway still allows outbound internet traffic through the NAT gateway, which does not restrict access to a specific S3 bucket; the notebook could potentially reach any S3 bucket or internet resource, and the NAT gateway does not enforce bucket-level restrictions. Option C is wrong because using AWS KMS to encrypt the bucket and granting the notebook role decrypt permissions only protects data at rest but does not restrict which S3 bucket the notebook can access; the notebook could still access any bucket if the IAM policy allows it. Option D is wrong because assigning an IAM role with a bucket policy that only allows access to that bucket is a necessary but insufficient security measure; it does not prevent the notebook from accessing the bucket from outside the VPC or via the public internet, and it lacks the network-level restriction provided by a VPC endpoint.

10
MCQeasy

A company is using Amazon SageMaker to train machine learning models on sensitive customer data. Which AWS service can be used to encrypt the data at rest in the S3 bucket used by SageMaker?

A.AWS Key Management Service (KMS)
B.AWS CloudHSM
C.AWS Secrets Manager
D.AWS Certificate Manager (ACM)
AnswerA

KMS creates and manages encryption keys used for S3 server-side encryption.

Why this answer

AWS Key Management Service (KMS) is the correct service because it provides managed encryption keys that can be used to enable server-side encryption (SSE-KMS) for Amazon S3 buckets. When SageMaker accesses training data from S3, it can use a customer-managed KMS key to encrypt data at rest, ensuring sensitive customer data remains protected. KMS integrates directly with S3 and SageMaker, allowing you to specify a KMS key in the SageMaker training job configuration.

Exam trap

The trap here is that candidates often confuse AWS CloudHSM with KMS, thinking that a dedicated HSM is required for encryption, but KMS is the simpler, fully managed service that directly integrates with S3 and SageMaker for at-rest encryption.

How to eliminate wrong answers

Option B (AWS CloudHSM) is wrong because CloudHSM provides dedicated hardware security modules for key generation and storage, but it does not directly integrate with S3 for server-side encryption; you would need to manage the encryption process yourself, making it more complex and less suitable for simple at-rest encryption. Option C (AWS Secrets Manager) is wrong because Secrets Manager is designed to securely store and rotate secrets like database credentials and API keys, not to manage encryption keys for S3 data at rest. Option D (AWS Certificate Manager (ACM)) is wrong because ACM is used to provision, manage, and deploy SSL/TLS certificates for securing network traffic (in transit), not for encrypting data at rest in S3.

11
MCQmedium

A data scientist is using Amazon SageMaker Studio. The company policy requires that all data used in SageMaker Studio notebooks be encrypted at rest and in transit. Which configuration should be enabled to meet this requirement?

A.Store all data in encrypted DynamoDB tables and query from notebooks.
B.Use a VPC with no internet access and enable S3 encryption for all data.
C.Enable SageMaker Studio's default encryption using the AWS managed key for EFS.
D.Enable SageMaker Studio's data encryption using a customer managed key (CMK) and configure the notebook to use HTTPS for all traffic.
AnswerD

Ensures encryption at rest (CMK) and in transit (HTTPS).

Why this answer

Option D is correct because it addresses both encryption at rest and in transit. SageMaker Studio uses Amazon EFS for persistent storage, and enabling encryption at rest with a customer managed key (CMK) ensures data on the EFS file system is encrypted. Additionally, configuring the notebook to use HTTPS ensures all traffic between the notebook and other services is encrypted in transit, meeting the company policy.

Exam trap

The trap here is that candidates often assume default encryption (Option C) is sufficient, but it only covers data at rest on EFS and ignores the encryption in transit requirement, which is explicitly tested in this scenario.

How to eliminate wrong answers

Option A is wrong because DynamoDB encryption only protects data at rest in DynamoDB, but SageMaker Studio notebooks do not natively use DynamoDB for storage; the primary storage is EFS, and this option does not address encryption in transit or the actual data storage used by Studio. Option B is wrong because while using a VPC with no internet access and enabling S3 encryption can protect data in S3, SageMaker Studio's default storage is EFS, not S3, and this configuration does not ensure encryption at rest for the EFS file system or encryption in transit for notebook traffic. Option C is wrong because enabling SageMaker Studio's default encryption using the AWS managed key for EFS only encrypts data at rest on the EFS file system, but it does not address encryption in transit for notebook traffic, which is required by the policy.

12
MCQmedium

A company uses Amazon SageMaker to build and deploy machine learning models. The security team has implemented a policy that all SageMaker notebook instances must be launched in a VPC and cannot have direct internet access. However, data scientists need to download open-source datasets from the internet for model training. They also need to install Python packages from PyPI. Currently, the SageMaker notebook instances are in a VPC with no internet gateway. The data scientists cannot download any external data or packages. The VPC has a NAT gateway already configured. What should the company do to allow the necessary internet access while maintaining the security requirement?

A.Attach an internet gateway to the VPC and add a route to the internet gateway in the subnet's route table.
B.Place the notebook instances in a public subnet and configure security group rules to restrict inbound traffic.
C.Create a VPC endpoint for S3 and a VPC endpoint for PyPI, and route traffic through them.
D.Add a route from the private subnets to the NAT gateway for 0.0.0.0/0.
AnswerD

NAT gateway provides outbound internet access for private subnets, allowing downloads without direct inbound access.

Why this answer

Option D is correct because the VPC already has a NAT gateway configured, but the private subnets lack a route to it for internet-bound traffic. By adding a route from the private subnets to the NAT gateway for destination 0.0.0.0/0, outbound traffic from the SageMaker notebook instances can reach the internet (e.g., to download datasets from open-source sites and install packages from PyPI) while the instances remain in a private subnet without direct internet access, satisfying the security requirement.

Exam trap

The trap here is that candidates often confuse VPC endpoints (which only work for AWS services like S3 or DynamoDB) with a general internet access solution, forgetting that PyPI and arbitrary websites are not AWS services and thus cannot be reached via VPC endpoints.

How to eliminate wrong answers

Option A is wrong because attaching an internet gateway and adding a route to it would give the notebook instances direct internet access, violating the security policy that they cannot have direct internet access. Option B is wrong because placing notebook instances in a public subnet with a security group restricting inbound traffic still gives them direct internet access via the internet gateway, which breaks the security requirement. Option C is wrong because while VPC endpoints exist for S3, there is no VPC endpoint for PyPI (PyPI is not an AWS service), so this approach cannot route PyPI traffic through a VPC endpoint; additionally, VPC endpoints do not provide general internet access for downloading arbitrary open-source datasets.

13
MCQeasy

A company is deploying a machine learning model that processes personal data of EU citizens. Which AWS service can help them comply with the General Data Protection Regulation (GDPR) by tracking data lineage and usage?

A.AWS CloudTrail
B.AWS Audit Manager
C.AWS Config
D.Amazon SageMaker Model Registry
AnswerB

Audit Manager offers prebuilt frameworks for GDPR and can help track data lineage and usage.

Why this answer

AWS Audit Manager is the correct service because it provides prebuilt frameworks and automated evidence collection to help you audit and demonstrate compliance with regulations like GDPR. It specifically tracks data lineage and usage by continuously collecting and organizing evidence from your AWS resources, which is essential for GDPR's requirements on data processing transparency and accountability.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail's API logging with comprehensive compliance auditing, but CloudTrail alone lacks the prebuilt GDPR frameworks and automated evidence collection that Audit Manager provides for demonstrating data lineage and usage compliance.

How to eliminate wrong answers

Option A is wrong because AWS CloudTrail records API activity for governance and auditing, but it does not provide prebuilt compliance frameworks or track data lineage and usage in the context of GDPR. Option C is wrong because AWS Config evaluates resource configurations against desired policies and tracks configuration changes, but it does not offer GDPR-specific frameworks or evidence collection for data lineage. Option D is wrong because Amazon SageMaker Model Registry is a feature for managing and versioning machine learning models, not for tracking data lineage or usage across AWS services for compliance purposes.

14
MCQeasy

A company uses Amazon SageMaker Model Registry to manage model versions. The security team requires that only approved models can be deployed to production. The ML team creates a new model version and registers it in the Model Registry. When trying to deploy the model to a production endpoint, the deployment fails because the model is not approved. The ML team asks the DevOps team to approve the model. However, the DevOps team cannot see the model in the Model Registry. What is the MOST likely reason?

A.The model artifacts are stored in an S3 bucket that uses SSE-KMS, and the DevOps team does not have KMS decrypt permission.
B.The model version is in a 'Pending' approval status and needs to be promoted by the ML team first.
C.The DevOps team does not have the required IAM permissions to view models in the Model Registry.
D.The Model Registry is in a different AWS account, and the DevOps team does not have cross-account access.
AnswerC

Access to Model Registry is controlled by IAM; the DevOps team likely lacks list/list-approvals permissions.

Why this answer

Option C is correct because the most likely reason the DevOps team cannot see the model in the Model Registry is that they lack the required IAM permissions (e.g., `sagemaker:DescribeModelPackage` or `sagemaker:ListModelPackages`) to view models. Without these permissions, the model is invisible to them in the SageMaker console or API, even though it exists. The deployment failure due to approval status is a separate symptom; the core issue here is visibility, not approval workflow.

Exam trap

The trap here is that candidates confuse the approval status (Pending) with visibility, assuming a model in 'Pending' status is hidden, when in fact the approval status only controls deployment, not the ability to see the model in the registry.

How to eliminate wrong answers

Option A is wrong because SSE-KMS permissions affect the ability to decrypt model artifacts when deploying or downloading them, not the ability to see the model in the Model Registry. Option B is wrong because a 'Pending' approval status would prevent deployment but would not hide the model from the DevOps team; they would still be able to see it in the registry. Option D is wrong because while cross-account access could cause visibility issues, the question states the Model Registry is used by the company, implying a single-account setup, and there is no mention of multiple accounts.

15
MCQmedium

A company wants to ensure that only approved machine learning models are deployed to production on Amazon SageMaker. Which combination of services can enforce this governance requirement?

A.AWS CodePipeline and Amazon CodeGuru
B.Amazon CloudWatch Events and AWS CloudTrail
C.AWS Organizations and AWS Artifact
D.AWS Config custom rules and AWS IAM policies
AnswerD

Config can evaluate tags on models, IAM can restrict deployment to roles that can only deploy approved models.

Why this answer

Option D is correct because AWS Config custom rules can evaluate SageMaker model deployment configurations against defined policies (e.g., requiring models to be from an approved registry), and AWS IAM policies can restrict who can create or update endpoints, together enforcing that only approved ML models are deployed. This combination provides both continuous compliance checking and access control, directly addressing the governance requirement.

Exam trap

The trap here is that candidates often confuse monitoring/auditing services (like CloudTrail and CloudWatch) with enforcement mechanisms, failing to recognize that only AWS Config rules combined with IAM policies can actively prevent or flag non-compliant deployments.

How to eliminate wrong answers

Option A is wrong because AWS CodePipeline is a CI/CD service for automating build and deploy pipelines, and Amazon CodeGuru provides code reviews and profiling, neither of which can enforce governance over which specific ML models are deployed to SageMaker. Option B is wrong because Amazon CloudWatch Events (now Amazon EventBridge) and AWS CloudTrail are monitoring and auditing services that record API calls and trigger events, but they cannot prevent or enforce deployment of only approved models. Option C is wrong because AWS Organizations manages multi-account governance and service control policies, and AWS Artifact provides compliance reports, but neither can directly evaluate or restrict SageMaker model deployment approvals.

16
Multi-Selectmedium

A company is deploying a machine learning model using Amazon SageMaker. They need to ensure that the training data, which contains personally identifiable information (PII), is encrypted both in transit and at rest. They also need to control access to the model endpoints. Which TWO actions should the company take?

Select 2 answers
A.Use AWS Certificate Manager (ACM) to attach an SSL/TLS certificate to the SageMaker endpoint.
B.Enable SageMaker Data Wrangler for data preparation.
C.Enable SageMaker Model Monitor to detect data drift.
D.Use AWS Key Management Service (KMS) to encrypt the S3 bucket where training data is stored, and enable encryption for the SageMaker notebook instance.
E.Use a VPC with security groups to restrict access to the SageMaker endpoint to only known IP addresses.
AnswersA, D

Encrypts data in transit.

Why this answer

Option A ensures data at rest encryption using KMS for the S3 bucket and SageMaker notebook instance. Option D ensures data in transit encryption by attaching an SSL/TLS certificate to the SageMaker endpoint via ACM. Option B addresses network-level access control, not encryption.

Option C is for model monitoring, not encryption. Option E is a data preparation tool, not encryption.

17
MCQeasy

A company uses Amazon Rekognition to analyze images stored in an S3 bucket. The security team requires that all image analysis be logged to AWS CloudTrail for auditing. What is the minimum configuration needed to meet this requirement?

A.Enable Rekognition logging in the AWS Management Console
B.Enable CloudTrail management events for the S3 bucket
C.Enable S3 server access logs on the bucket
D.Enable CloudTrail data events for the S3 bucket to capture GetObject API calls
AnswerD

Data events capture object-level operations; Rekognition calls GetObject when reading images.

Why this answer

Option D is correct because CloudTrail data events capture S3 object-level API operations such as GetObject, which is the API call made by Amazon Rekognition when it retrieves images from the S3 bucket for analysis. By enabling data events for the S3 bucket, every GetObject request is logged to CloudTrail, providing the audit trail the security team requires. Management events alone do not capture object-level operations, and S3 server access logs are not integrated with CloudTrail for auditing.

Exam trap

The trap here is that candidates often confuse management events with data events, assuming that enabling CloudTrail for the S3 bucket automatically captures all API calls, when in fact management events only cover control-plane operations and not the object-level GetObject calls made by Rekognition.

How to eliminate wrong answers

Option A is wrong because Amazon Rekognition does not have a separate logging configuration in the AWS Management Console; its API calls are logged via CloudTrail when data events are enabled for the relevant S3 bucket. Option B is wrong because CloudTrail management events capture control-plane operations (e.g., bucket creation, policy changes) but do not capture data-plane operations like GetObject, which is the specific API call used by Rekognition to read images. Option C is wrong because S3 server access logs provide detailed records of requests made to the bucket, but they are not part of CloudTrail and do not satisfy the requirement for auditing via CloudTrail; they are a separate logging mechanism.

18
MCQeasy

A data scientist sets up a Model Monitoring schedule for data quality. What is a potential security issue with this configuration?

A.The monitoring job uses a single role for both training and monitoring, violating least privilege
B.The schedule runs every hour, which may generate too many logs
C.The monitoring job uses the same endpoint as the production model
D.The output is stored in an S3 bucket with no encryption
AnswerA

Best practice is to have separate roles for different tasks to limit permissions.

Why this answer

Option A is correct because using a single AWS Identity and Access Management (IAM) role for both the training job and the monitoring job violates the principle of least privilege. The training role typically requires broader permissions (e.g., access to training datasets, SageMaker full access), while the monitoring role only needs read-only access to the endpoint and write access to the monitoring output location. Sharing a single role increases the blast radius if the monitoring job is compromised, as an attacker could leverage the elevated training permissions to modify or exfiltrate data.

Exam trap

AWS often tests the principle of least privilege by presenting a seemingly harmless configuration (like a shared role) and distracting candidates with operational or encryption concerns that are less directly tied to the security of the monitoring schedule itself.

How to eliminate wrong answers

Option B is wrong because running a monitoring schedule every hour is a standard practice for data quality checks and does not inherently create a security issue; excessive logging is an operational concern, not a security vulnerability. Option C is wrong because using the same endpoint for monitoring and production is expected — Model Monitoring captures inference requests from the production endpoint to analyze data drift or quality; sharing the endpoint does not introduce a security issue. Option D is wrong because storing output in an unencrypted S3 bucket is a data-at-rest compliance risk, but the question specifically asks for a 'potential security issue' with the monitoring schedule configuration, and the most direct security flaw is the IAM role misconfiguration, not the encryption setting.

19
Multi-Selecthard

A company uses Amazon SageMaker Pipelines for MLOps. The security team requires that all pipeline steps use only approved Docker images from a private Amazon ECR repository, and that all pipeline artifacts are encrypted with a customer managed KMS key. Which THREE steps must the company configure to meet these requirements? (Choose three.)

Select 3 answers
A.Specify a KMS key in the pipeline definition for encrypting output artifacts.
B.Set an ECR lifecycle policy to delete untagged images older than 30 days.
C.Configure each pipeline step to use an ImageUri that references a Docker image in the private Amazon ECR repository.
D.Enable AWS Config rules to check for public ECR repositories.
E.Assign an IAM role to the pipeline that includes kms:Encrypt and kms:Decrypt permissions for the customer managed KMS key.
AnswersA, C, E

This encrypts artifacts with the customer managed key.

Why this answer

Option A is correct because Amazon SageMaker Pipelines allows you to specify a KMS key in the pipeline definition to encrypt output artifacts at rest. This ensures that all artifacts generated by pipeline steps are encrypted using a customer managed KMS key, meeting the security team's encryption requirement.

Exam trap

Cisco often tests the distinction between configuration that directly enforces a requirement (like specifying ImageUri and KMS key) versus monitoring or housekeeping actions (like lifecycle policies or Config rules) that do not enforce the requirement at the pipeline step level.

20
MCQhard

A company uses Amazon SageMaker to host a real-time inference endpoint. The model was trained on sensitive data, and the company wants to ensure that the data sent to the endpoint is encrypted in transit. Additionally, the company wants to restrict access to the endpoint to only traffic originating from a specific VPC. Which configuration meets these requirements?

A.Create the SageMaker endpoint in a VPC, associate a security group that allows inbound HTTPS from the VPC CIDR, and configure the endpoint to use HTTPS
B.Configure the SageMaker endpoint to use mutual TLS (mTLS) with client certificates
C.Place the SageMaker endpoint behind an Amazon CloudFront distribution with an origin access identity
D.Use AWS STS to generate temporary credentials and require the client to sign requests with them
AnswerA

VPC placement restricts network access; HTTPS encrypts data in transit.

Why this answer

Option A is correct because creating the SageMaker endpoint within a VPC and associating a security group that restricts inbound HTTPS traffic to the VPC CIDR ensures that only traffic from within that VPC can reach the endpoint. Configuring the endpoint to use HTTPS encrypts data in transit using TLS, meeting both the encryption and VPC-only access requirements.

Exam trap

The trap here is that candidates may think mTLS or signed requests alone satisfy both encryption and VPC restriction, but they fail to realize that network-level access control (security group with VPC CIDR) is required to restrict traffic to a specific VPC, and HTTPS is needed for encryption in transit.

How to eliminate wrong answers

Option B is wrong because mutual TLS (mTLS) provides two-way authentication between client and server but does not restrict traffic to a specific VPC; it only ensures client certificate validation, not network-level access control. Option C is wrong because placing the endpoint behind CloudFront with an origin access identity restricts access to CloudFront only, but CloudFront itself is a public service and does not limit traffic to a specific VPC; it also does not inherently enforce HTTPS encryption from the client to CloudFront unless explicitly configured. Option D is wrong because using AWS STS to generate temporary credentials and requiring signed requests provides authentication and authorization but does not encrypt data in transit (HTTPS is still needed) and does not restrict traffic to a specific VPC; it only ensures the request is signed, not that it originates from a particular network.

21
MCQhard

A financial institution uses Amazon SageMaker to host a model for credit scoring. The model was trained on data that includes demographic attributes. During a routine audit, the compliance team finds that the model produces significantly different approval rates for applicants of different ethnicities, even when credit profiles are similar. The institution must continue using the model but needs to ensure compliance with fair lending laws. What should the company do FIRST?

A.Adjust the decision threshold to equalize approval rates across groups.
B.Run Amazon SageMaker Clarify to analyze the model for bias and generate a bias report.
C.Document the disparity in a compliance report and continue using the model.
D.Replace the model with a simpler explainable model to eliminate bias.
AnswerB

SageMaker Clarify provides bias metrics and explanations, which is the first step in understanding and mitigating bias.

Why this answer

Amazon SageMaker Clarify is the correct first step because it provides built-in bias detection and explainability for machine learning models. Before taking any corrective action, the company must first quantify and understand the nature and extent of the bias using SageMaker Clarify's bias metrics (e.g., Difference in Positive Proportions, Disparate Impact). This diagnostic report is essential for compliance documentation and for determining whether the bias is due to the model, the data, or the threshold, thereby guiding any subsequent remediation steps.

Exam trap

AWS often tests the principle that the first step in addressing bias is always to measure and understand it using a dedicated tool like SageMaker Clarify, rather than jumping to a corrective action like threshold adjustment or model replacement.

How to eliminate wrong answers

Option A is wrong because blindly adjusting the decision threshold to equalize approval rates can introduce new forms of bias, violate fair lending laws by ignoring legitimate risk factors, and does not address the root cause of the bias in the model or data. Option C is wrong because merely documenting the disparity without any analysis or remediation fails to meet regulatory requirements under fair lending laws, which mandate proactive identification and mitigation of discriminatory outcomes. Option D is wrong because replacing the model with a simpler explainable model is a premature and potentially unnecessary action that does not first diagnose the source of bias; a simpler model may still exhibit bias if trained on the same biased data, and the company must first use SageMaker Clarify to understand the bias before deciding on a replacement.

22
MCQhard

A security analyst is reviewing CloudTrail logs for SageMaker API calls to identify which user executed a particular training job. The logs show assumed roles. In which CloudTrail event field can the analyst find the name of the user who assumed the role?

A.userIdentity.arn
B.eventName
C.requestParameters
D.userIdentity.sessionContext.sessionIssuer.userName
AnswerD

This field contains the username of the IAM user who assumed the role.

Why this answer

When a user assumes an IAM role to perform SageMaker actions, the CloudTrail log records the assumed role's ARN in the `userIdentity.arn` field, but the original user's identity is preserved in the `userIdentity.sessionContext.sessionIssuer.userName` field. This field contains the name of the IAM user or role that initiated the `sts:AssumeRole` call, allowing the analyst to trace back to the actual user who assumed the role.

Exam trap

The trap here is that candidates see `userIdentity.arn` and assume it shows the original user, but it actually shows the ARN of the assumed role, while the original user is nested deeper in `sessionContext.sessionIssuer.userName`.

How to eliminate wrong answers

Option A is wrong because `userIdentity.arn` contains the ARN of the assumed role (e.g., `arn:aws:sts::123456789012:assumed-role/SageMakerExecutionRole/session`), not the original user who assumed it. Option B is wrong because `eventName` records the API action (e.g., `CreateTrainingJob`), not the identity of the user. Option C is wrong because `requestParameters` contains the input parameters of the API call (e.g., training job configuration), not user identity information.

23
Multi-Selecteasy

A data science team is using Amazon SageMaker to build a model. They want to ensure that only authorized users can deploy models to production. Which TWO methods can they use to enforce this?

Select 2 answers
A.Use SageMaker Model Registry to require approval before deployment.
B.Enable multi-factor authentication (MFA) for all AWS accounts.
C.Use IAM policies to restrict the sagemaker:CreateEndpoint action to specific users.
D.Use AWS CloudTrail to audit deployment actions.
E.Use Amazon GuardDuty to monitor for unauthorized deployment.
AnswersA, C

Model Registry can enforce an approval workflow before a model is deployed.

Why this answer

Option A is correct because SageMaker Model Registry allows you to set up an approval workflow for model versions. By requiring explicit approval before a model can be deployed to production, you enforce a governance gate that prevents unauthorized or unverified models from being used in production endpoints.

Exam trap

The trap here is that candidates often confuse auditing or monitoring services (like CloudTrail or GuardDuty) with preventive controls, failing to recognize that only IAM policies and registry approval workflows can actively block unauthorized deployment actions.

24
Multi-Selecthard

A financial services company uses Amazon SageMaker Feature Store to manage features for machine learning models. The compliance auditor requires that all changes to feature definitions are logged and that feature data is immutable once written. Which TWO approaches should the team implement? (Choose two.)

Select 2 answers
A.Enable AWS CloudTrail for SageMaker Feature Store API calls.
B.Use SageMaker Feature Store offline store with record identifier and event time.
C.Enable feature group versioning to track changes to feature definitions.
D.Implement feature store online store with TTL to automatically expire data.
E.Use AWS Config to track changes to Feature Store resources.
AnswersA, C

CloudTrail logs all API calls, providing an audit trail for changes.

Why this answer

Option A is correct because enabling AWS CloudTrail for SageMaker Feature Store API calls provides a detailed audit log of all operations, including changes to feature definitions (e.g., CreateFeatureGroup, UpdateFeatureGroup). This satisfies the compliance requirement for logging all changes. Option C is correct because enabling feature group versioning in SageMaker Feature Store allows you to track and manage changes to feature definitions over time, ensuring a historical record of modifications.

Exam trap

The trap here is that candidates often confuse AWS Config (which tracks resource configuration changes) with AWS CloudTrail (which logs API calls), or they mistakenly think the offline store's point-in-time query capability inherently enforces data immutability, when in fact immutability requires explicit design choices.

25
Multi-Selectmedium

A company is using Amazon Bedrock to deploy a chatbot. They want to ensure that the chatbot does not produce harmful or biased content. Which TWO AWS services or features can be used together to implement content moderation and monitoring?

Select 2 answers
A.Amazon SageMaker Model Monitor for drift detection
B.Amazon Rekognition for image moderation
C.Amazon Comprehend for sentiment analysis
D.Amazon Bedrock Guardrails for content filtering
E.Amazon CloudWatch Logs for logging and analyzing model outputs
AnswersD, E

Guardrails can filter harmful, toxic, or biased content in model responses.

Why this answer

Amazon Bedrock Guardrails (Option D) is correct because it provides built-in content filtering capabilities specifically designed for foundation models, allowing you to define denied topics, filter harmful content, and enforce safety policies directly within the Bedrock chatbot workflow. Amazon CloudWatch Logs (Option E) is correct because it enables you to log model inputs and outputs, which can be monitored for compliance, audited for bias, and used to trigger alerts when harmful content is detected. Together, they form a comprehensive content moderation and monitoring solution that addresses both proactive filtering and reactive analysis.

Exam trap

Cisco often tests the distinction between monitoring (CloudWatch Logs) and analysis (Comprehend, Rekognition) versus enforcement (Guardrails), leading candidates to mistakenly choose services that only analyze or detect content without the ability to block or filter it in real time.

26
MCQmedium

A data science team needs to grant a SageMaker notebook instance access to an S3 bucket containing training data. Which IAM policy should be attached to the notebook instance's execution role?

A.An IAM policy that allows the sagemaker:InvokeEndpoint action
B.An IAM policy that allows kms:Decrypt on the S3 bucket's KMS key
C.An IAM policy that allows ec2:DescribeVpcs
D.An IAM policy that allows s3:GetObject and s3:ListBucket on the specific bucket
AnswerD

The notebook instance's execution role needs these permissions to read training data.

Why this answer

The correct answer is D because a SageMaker notebook instance needs read access to the S3 bucket containing training data. The execution role must have an IAM policy that explicitly allows s3:GetObject (to read objects) and s3:ListBucket (to list the bucket contents) on the specific bucket. Without these permissions, the notebook cannot retrieve the training data.

Exam trap

Cisco often tests the distinction between the permissions needed for data access (S3 actions) versus inference (SageMaker actions) or encryption (KMS actions), leading candidates to overcomplicate by adding unnecessary permissions like kms:Decrypt when the question does not mention encryption.

How to eliminate wrong answers

Option A is wrong because sagemaker:InvokeEndpoint is used to invoke a deployed SageMaker endpoint for inference, not to access S3 training data. Option B is wrong because while kms:Decrypt may be needed if the S3 bucket uses KMS encryption, it is not the primary permission required; the core need is s3:GetObject and s3:ListBucket. Option C is wrong because ec2:DescribeVpcs is used for VPC networking operations, not for S3 data access.

27
MCQmedium

A machine learning team needs to share a trained model with multiple teams across different AWS accounts. The model artifacts are stored in an S3 bucket in the central account. What is the most secure way to grant cross-account read access to the model artifacts?

A.Use an S3 bucket policy that grants access to the root user of each target account.
B.Make the S3 bucket public.
C.Use S3 cross-region replication to copy the artifacts to each target account's bucket.
D.Use AWS KMS to encrypt the artifacts and share the KMS key with the target accounts, then use bucket policies and IAM roles in the target accounts.
AnswerD

This ensures least privilege and encryption in transit and at rest.

Why this answer

Option D is correct because it implements a defense-in-depth approach: AWS KMS encrypts the model artifacts at rest, and cross-account access is granted by combining an S3 bucket policy that allows the target accounts' IAM roles to read the objects, with those roles assuming the necessary permissions. This ensures that only authenticated and authorized IAM principals in the target accounts can decrypt and access the artifacts, preventing unauthorized access even if the bucket policy is misconfigured.

Exam trap

The trap here is that candidates often assume S3 bucket policies alone are sufficient for cross-account access, overlooking the need for KMS key policies and IAM role permissions when encryption is involved, which is a common real-world requirement for securing sensitive ML artifacts.

How to eliminate wrong answers

Option A is wrong because granting access to the root user of each target account is overly permissive and violates the principle of least privilege; root users have unrestricted access and cannot be audited per specific IAM role or user. Option B is wrong because making the S3 bucket public exposes the model artifacts to anyone on the internet, completely bypassing authentication and authorization, which is insecure for sensitive ML artifacts. Option C is wrong because S3 cross-region replication only copies objects to another bucket; it does not grant cross-account read access to the original bucket, and the replicated objects would still require separate permissions in the target account, adding complexity without solving the access control problem.

28
MCQeasy

A company is using Amazon Bedrock to deploy a foundation model. To comply with GDPR, they need to ensure that the model does not generate outputs containing personally identifiable information (PII). Which AWS service can best help detect and redact PII from the model's responses?

A.Amazon Comprehend
B.Amazon GuardDuty
C.Amazon Rekognition
D.AWS WAF
AnswerA

Amazon Comprehend has PII detection and redaction features.

Why this answer

Amazon Comprehend is the correct service because it provides a built-in PII detection and redaction capability that can be integrated with Amazon Bedrock. Using the `DetectPiiEntities` API, you can scan model responses for PII such as names, addresses, and credit card numbers, and then redact or mask those entities before returning the output to the user. This directly addresses the GDPR requirement to prevent PII leakage from generative AI outputs.

Exam trap

Cisco often tests the distinction between security monitoring services (GuardDuty, WAF) and content analysis services (Comprehend), leading candidates to mistakenly choose a network-level security tool for a data content problem.

How to eliminate wrong answers

Option B is wrong because Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior in AWS accounts and workloads, not a service for detecting or redacting PII in text content. Option C is wrong because Amazon Rekognition is an image and video analysis service that can detect faces, objects, and text in media, but it does not provide PII detection or redaction for text-based model responses. Option D is wrong because AWS WAF is a web application firewall that protects against common web exploits like SQL injection and cross-site scripting, and it has no capability to analyze or redact PII from AI model outputs.

29
MCQhard

A company uses Amazon SageMaker for model training. To comply with data residency requirements, they must ensure that the training data never leaves a specific AWS region. However, during training, the SageMaker service might use resources in other regions for auto-scaling. Which configuration should they use to enforce data residency?

A.Configure the training job to use only local spot instances and enable network isolation.
B.Use Amazon SageMaker's inter-container traffic encryption and disable cross-region data transfer.
C.Use AWS Organizations to create an SCP that denies access to SageMaker resources in other regions.
D.Use a VPC with a VPC endpoint for SageMaker and restrict the training job to use only local resources.
AnswerC

SCPs can explicitly deny SageMaker actions in non-compliant regions, enforcing data residency.

Why this answer

Option C is correct because AWS Organizations Service Control Policies (SCPs) can explicitly deny access to SageMaker resources in any region outside the allowed one. By attaching an SCP that denies `sagemaker:*` actions when the `aws:RequestedRegion` condition key does not match the permitted region, the company can enforce data residency at the account level, preventing SageMaker from provisioning resources in other regions even if auto-scaling would otherwise trigger cross-region activity.

Exam trap

The trap here is that candidates often assume VPC endpoints or network isolation are sufficient to enforce regional boundaries, but they do not control the SageMaker control plane's ability to launch resources in other regions; only an SCP or IAM policy with a region condition can enforce that restriction at the API level.

How to eliminate wrong answers

Option A is wrong because using local spot instances and network isolation only restricts the instance type and network access; it does not prevent SageMaker from launching training resources in other regions for auto-scaling or data processing. Option B is wrong because inter-container traffic encryption secures data in transit between containers but does not control the geographic location of the compute resources; disabling cross-region data transfer is not a configurable SageMaker setting. Option D is wrong because a VPC with a VPC endpoint for SageMaker restricts network traffic to the service endpoint within the VPC, but SageMaker can still launch training jobs in other regions if the training job configuration or service backend decides to use resources outside the local region; the VPC endpoint does not enforce regional boundaries on SageMaker's resource provisioning.

30
MCQmedium

A company is using Amazon Textract to extract text from scanned documents stored in an S3 bucket. The security team requires that all access to the documents be logged and that the documents be encrypted at rest using a customer-managed key. What should the company do to meet these requirements?

A.Use S3 default encryption and enable Textract logging
B.Enable S3 server-side encryption with AWS KMS (SSE-KMS) and enable CloudTrail data events for the S3 bucket
C.Enable S3 server access logs and use S3 SSE-KMS
D.Use S3 server-side encryption with S3-managed keys (SSE-S3) and enable S3 access logs
AnswerB

SSE-KMS provides encryption with customer-managed keys; CloudTrail data events log access to objects.

Why this answer

Option B is correct because enabling S3 server-side encryption with AWS KMS (SSE-KMS) satisfies the requirement for encryption at rest using a customer-managed key, and enabling CloudTrail data events for the S3 bucket captures all access to the documents (including GetObject, PutObject, etc.) for logging. This combination meets both security requirements precisely.

Exam trap

The trap here is that candidates often confuse S3 server access logs with CloudTrail data events, assuming both provide equivalent logging, but only CloudTrail data events offer reliable, real-time, and comprehensive object-level access logging required for security audits.

How to eliminate wrong answers

Option A is wrong because S3 default encryption uses either SSE-S3 or SSE-KMS, but it does not specify customer-managed keys, and enabling Textract logging only logs Textract API calls, not S3 data access events. Option C is wrong because S3 server access logs provide access logs but are delivered on a best-effort basis with potential delays and do not capture all API-level details like CloudTrail data events; also, while SSE-KMS is used, the logging mechanism is insufficient for comprehensive audit requirements. Option D is wrong because SSE-S3 uses AWS-managed keys, not customer-managed keys, and S3 access logs are not as granular or reliable as CloudTrail data events for logging all access.

31
MCQmedium

A research organization is using Amazon SageMaker Studio to collaborate on building machine learning models. The security policy requires that all data and code remain within a VPC and cannot be accessed from the public internet. Additionally, the organization wants to enforce that only approved base images are used for the Studio environment. How should the organization configure SageMaker Studio to meet these requirements?

A.Use an AWS Transit Gateway to connect the VPC, and enforce HTTPS for all traffic.
B.Configure the Studio domain in VPC Only mode and use a SageMaker Studio lifecycle configuration to restrict the list of available base images to those in a private Amazon ECR repository.
C.Configure the Studio domain to disable direct internet access, and let users choose any base image from the SageMaker public registry.
D.Use AWS CloudFormation to create a Studio domain in a VPC and rely on individuals to use approved images.
AnswerB

VPC Only ensures no public internet access, and lifecycle configurations can restrict images to approved ones from a private ECR.

Why this answer

Option B is correct because configuring the SageMaker Studio domain in VPC Only mode ensures that all data and code remain within the VPC and cannot be accessed from the public internet. Additionally, using a lifecycle configuration script to restrict available base images to those in a private Amazon ECR repository enforces the policy that only approved base images are used, as the lifecycle configuration can modify the Jupyter Server settings to limit the image registry.

Exam trap

The trap here is that candidates often confuse disabling direct internet access with fully restricting image choices, not realizing that without a lifecycle configuration to filter the image registry, users can still select any public SageMaker image that is available within the VPC's network scope.

How to eliminate wrong answers

Option A is wrong because AWS Transit Gateway is used to connect multiple VPCs or on-premises networks, not to enforce VPC-only access for SageMaker Studio, and enforcing HTTPS for all traffic does not restrict base images or prevent public internet access. Option C is wrong because disabling direct internet access alone does not restrict users from choosing any base image from the SageMaker public registry; it only prevents outbound internet traffic, but users could still select public images that are cached or accessible within the VPC. Option D is wrong because using AWS CloudFormation to create a Studio domain in a VPC does not enforce the use of approved images; relying on individuals to use approved images is a manual process that does not meet the security policy requirement.

32
MCQmedium

A data engineer needs to ensure that all data uploaded to an S3 bucket for SageMaker training is automatically encrypted with a customer-managed key. Which S3 feature should they enable?

A.Object lock with compliance mode.
B.Default encryption with SSE-KMS using an AWS managed key.
C.Default encryption with SSE-KMS using a customer managed key (CMK).
D.Default encryption with SSE-S3.
AnswerC

CMK provides customer control over encryption keys.

Why this answer

Option C is correct because the requirement specifies a customer-managed key (CMK). Default encryption with SSE-KMS allows you to specify a CMK, ensuring all objects uploaded to the S3 bucket are automatically encrypted using that key. This satisfies the data engineer's need for control over the encryption key.

Exam trap

Cisco often tests the distinction between AWS managed keys and customer managed keys (CMKs) in SSE-KMS, where candidates mistakenly select an AWS managed key option when the question explicitly requires a customer-managed key.

How to eliminate wrong answers

Option A is wrong because Object Lock with compliance mode is designed to prevent object deletion or overwrites for a fixed retention period, not to enforce encryption. Option B is wrong because it uses an AWS managed key, not a customer-managed key as required. Option D is wrong because SSE-S3 uses Amazon S3-managed keys, which do not provide the customer control required by the scenario.

33
MCQhard

A healthcare company is developing a machine learning model using Amazon SageMaker to process protected health information (PHI). They have strict security requirements to comply with HIPAA. The company has implemented the following measures: All training data is stored in an S3 bucket with server-side encryption using AWS KMS. The data is accessed exclusively through Amazon SageMaker notebooks running in a private VPC with no internet access. The VPC has a VPC endpoint for S3 to ensure traffic stays within the AWS network. Despite these measures, a recent security audit discovered that the S3 bucket containing the training data is accessible from an IP address outside the company's network. Upon investigation, it was found that the bucket policy allowed access from any IP address due to a misconfigured bucket policy. Which corrective action should the company take to prevent this issue from recurring?

A.Add a condition in the bucket policy to restrict access to the VPC endpoint ID.
B.Move the training data to an EBS volume attached to the SageMaker notebook.
C.Remove the bucket policy and rely solely on IAM policies to control access.
D.Disable S3 Block Public Access settings to allow more granular control.
AnswerA

This ensures that only requests from the VPC endpoint can access the bucket, blocking external IPs.

Why this answer

Option B is correct because adding a condition to the bucket policy that restricts access to the VPC endpoint ID (aws:SourceVpce) ensures that only traffic from the VPC endpoint can access the bucket, preventing external IP access. Option A is incorrect because removing the bucket policy entirely would still allow access if IAM roles are not properly restricted. Option C is incorrect because disabling Block Public Access would increase risk.

Option D is incorrect because moving data to EBS is not scalable and does not address the underlying policy issue.

34
MCQhard

An administrator reviews a CloudTrail log entry for a CreateModel API call. Which security concern should they investigate?

A.The model name is not encrypted in the log
B.The model data URL uses HTTP instead of HTTPS
C.The source IP address is an external IP
D.The execution role ARN is visible in the log
AnswerB

HTTPS should be used to encrypt data in transit; using HTTP is a security risk.

Why this answer

Option B is correct because using HTTP instead of HTTPS for the model data URL exposes the data in transit to potential interception or tampering. CloudTrail logs record the URL as provided, and if it uses HTTP, the data transferred from that URL to SageMaker is unencrypted, violating security best practices for data in transit. This is a direct security concern that should be investigated and remediated by using HTTPS.

Exam trap

Cisco often tests the distinction between data in transit encryption (HTTPS vs HTTP) and data at rest encryption, leading candidates to incorrectly focus on log encryption or ARN visibility instead of the actual security risk in the API call parameters.

How to eliminate wrong answers

Option A is wrong because model names are not sensitive data that require encryption in CloudTrail logs; CloudTrail logs are encrypted at rest by default using AWS KMS, but the content of the log entry (including the model name) is not individually encrypted. Option C is wrong because an external source IP address is not inherently a security concern; CloudTrail logs all API calls regardless of source, and external IPs are expected for calls made from outside AWS. Option D is wrong because the execution role ARN is a standard part of the CreateModel API call and is not sensitive; it is necessary for auditing who performed the action and does not expose credentials.

35
MCQhard

A company uses Amazon SageMaker to train a model on customer transaction data. The data is stored in an S3 bucket encrypted with SSE-KMS. The data scientists are using a SageMaker notebook instance to preprocess the data. The security team notices that the notebook instance can access the KMS key directly through the SageMaker console, even when the data scientists do not have explicit KMS permissions. What is the MOST likely reason for this behavior?

A.The KMS key policy allows the SageMaker service to decrypt using the key, and the console displays this permission globally.
B.The S3 bucket has a bucket policy that grants s3:GetObject access using the SageMaker service principal, bypassing KMS permissions.
C.The SageMaker execution role attached to the notebook instance has permission to use the KMS key for the S3 bucket, and the SageMaker console uses that role to perform decryption operations on behalf of the user.
D.The SageMaker notebook instance is using an IAM role that has the AWS managed policy AmazonSageMakerFullAccess, which includes kms:Decrypt for all keys.
AnswerC

The SageMaker execution role is assumed by the notebook instance and has KMS permissions. The console uses the role to show decryption status.

Why this answer

Option C is correct because the SageMaker notebook instance uses an execution IAM role that is assumed when performing operations. If that execution role has permissions to use the KMS key (e.g., kms:Decrypt, kms:GenerateDataKey) for the S3 bucket, the SageMaker console can leverage that role to decrypt data on behalf of the user, even if the user's own IAM identity lacks explicit KMS permissions. The console acts as a proxy, using the notebook's execution role to access the key.

Exam trap

The trap here is that candidates often assume the user's own IAM permissions are the only factor, but AWS services like SageMaker can proxy requests using the execution role attached to the resource, effectively decoupling the user's identity from the data access permissions.

How to eliminate wrong answers

Option A is wrong because the KMS key policy granting the SageMaker service principal decryption permissions would allow the service to use the key, but the console does not display permissions globally; it reflects the effective permissions of the assumed role. Option B is wrong because an S3 bucket policy granting s3:GetObject to the SageMaker service principal does not bypass KMS permissions; accessing SSE-KMS encrypted objects still requires kms:Decrypt or kms:GenerateDataKey permissions on the KMS key. Option D is wrong because the AWS managed policy AmazonSageMakerFullAccess does not include kms:Decrypt for all keys; it only includes limited KMS actions (e.g., kms:ListKeys) and does not grant decrypt on arbitrary customer-managed KMS keys.

36
MCQmedium

A company is using Amazon Comprehend to extract entities from customer support tickets. The compliance team requires that the text sent to Comprehend be encrypted in transit and that Comprehend does not store any data beyond the processing time. How should the company configure the API call?

A.Encrypt the text using AWS KMS before sending it to Comprehend
B.Use the AWS SDK with server-side encryption enabled for the API call
C.Create a VPC endpoint for Comprehend and send requests over the private network
D.Use the HTTPS endpoint for the DetectEntities API and rely on Comprehend's stateless design
AnswerD

HTTPS provides encryption in transit; Comprehend does not store data after processing.

Why this answer

Option D is correct because Amazon Comprehend's DetectEntities API is inherently stateless—it does not store any text or results beyond the processing time required to generate the response. By using the HTTPS endpoint, the company ensures encryption in transit via TLS, satisfying the compliance requirement without additional configuration. Comprehend does not persist data from synchronous API calls, so no data is retained after the response is returned.

Exam trap

The trap here is that candidates confuse encryption in transit with encryption at rest or data retention controls, leading them to overcomplicate the solution with KMS, SSE, or VPC endpoints when the simple use of HTTPS and the stateless nature of the API already meet the requirements.

How to eliminate wrong answers

Option A is wrong because encrypting the text with AWS KMS before sending it would render the data unreadable to Comprehend, as the service requires plaintext input to perform entity extraction; KMS encryption is for data at rest, not for protecting data in transit. Option B is wrong because server-side encryption (SSE) is a feature for data at rest in services like S3, not for API calls to Comprehend; the AWS SDK does not have a 'server-side encryption' setting for API requests, and encryption in transit is handled by TLS, not SSE. Option C is wrong because a VPC endpoint for Comprehend enables private connectivity over the AWS network but does not inherently encrypt data in transit; encryption still requires TLS, and the VPC endpoint does not affect Comprehend's data retention behavior.

37
MCQhard

A company uses Amazon Bedrock to generate content. They need to guarantee that the model does not produce toxic or biased outputs and that any violations are logged for review. Which service should they integrate with Bedrock?

A.Amazon Comprehend
B.AWS WAF
C.AWS CloudTrail
D.Amazon Bedrock Guardrails
AnswerD

Guardrails provides content filters and toxicity detection.

Why this answer

Amazon Bedrock Guardrails is the correct service because it is specifically designed to enforce content policies, filter toxic or biased outputs, and log violations for review within Bedrock workflows. It provides configurable thresholds for harmful categories (e.g., hate, insults, sexual content) and integrates directly with Bedrock models to intercept and redact or block undesired responses, with all violations recorded in Amazon CloudWatch Logs.

Exam trap

The trap here is that candidates may confuse AWS CloudTrail (which logs API calls) with content-level logging, or assume Amazon Comprehend can be used for real-time content filtering, when in fact Bedrock Guardrails is the only integrated service that both enforces content policies and logs violations directly within the Bedrock invocation flow.

How to eliminate wrong answers

Option A is wrong because Amazon Comprehend is a natural language processing (NLP) service for extracting insights (e.g., sentiment, entities) from text, but it does not provide real-time content filtering or enforcement of safety policies within Bedrock model outputs; it operates as a separate analysis tool, not an integrated guardrail. Option B is wrong because AWS WAF is a web application firewall that protects HTTP/HTTPS endpoints from common web exploits (e.g., SQL injection, cross-site scripting), not a service for monitoring or filtering AI-generated content for toxicity or bias. Option C is wrong because AWS CloudTrail records API activity for auditing (e.g., who called Bedrock APIs), but it does not inspect or log the content of model outputs for toxic or biased violations; it captures metadata, not the payload of responses.

38
MCQeasy

A company wants to use Amazon SageMaker to train a model on sensitive healthcare data. What is the MOST secure way to ensure that the training data is encrypted at rest and in transit, and that only authorized users can access the model artifacts?

A.Enable server-side encryption with AWS KMS managed keys for the S3 buckets, SageMaker notebook instances, and training jobs, and use IAM roles to limit access.
B.Disable encryption for faster training, and rely on IAM policies to restrict access.
C.Use client-side encryption for all data, and store encryption keys in AWS Secrets Manager.
D.Use an AWS CloudHSM to store encryption keys and configure SageMaker to use it.
AnswerA

SageMaker supports KMS encryption for all resources, and IAM roles enforce least privilege. This meets the security requirements.

Why this answer

Option A is correct because it provides end-to-end encryption for sensitive healthcare data by enabling server-side encryption with AWS KMS managed keys for S3 buckets (data at rest), SageMaker notebook instances (data at rest and in transit via TLS), and training jobs (data at rest on ephemeral storage and in transit between services). IAM roles enforce least-privilege access to model artifacts, ensuring only authorized users can read or write them. This combination meets compliance requirements like HIPAA by encrypting data at rest (AES-256) and in transit (TLS 1.2+), while IAM policies control access.

Exam trap

AWS often tests the misconception that client-side encryption (Option C) or hardware security modules (Option D) are inherently more secure, but the exam expects you to know that SageMaker's native integration with AWS KMS provides the simplest and most secure end-to-end encryption for training jobs, data, and model artifacts without custom code or unsupported integrations.

How to eliminate wrong answers

Option B is wrong because disabling encryption violates security best practices and compliance mandates (e.g., HIPAA) for sensitive healthcare data, and IAM policies alone cannot protect data at rest or in transit from physical or network-level exposure. Option C is wrong because client-side encryption requires managing encryption keys outside AWS (even if stored in Secrets Manager), which adds complexity and risk of key exposure, and SageMaker does not natively support client-side encryption for training jobs or model artifacts without custom code. Option D is wrong because AWS CloudHSM provides hardware-based key storage but SageMaker does not directly integrate with CloudHSM for encryption of training data or model artifacts; SageMaker uses AWS KMS for encryption, and CloudHSM would require custom integration via KMS custom key store, which is not the most straightforward or recommended approach for this scenario.

39
MCQhard

A company is deploying a generative AI model on Amazon Bedrock. The model is accessed by an application running on Amazon ECS Fargate. The security team requires that all data sent to and from the Bedrock model be encrypted in transit, and that the ECS task does not have internet access. The ECS tasks are launched in a private VPC subnet with a VPC endpoint for Bedrock configured. However, when the application attempts to invoke the Bedrock model, the call fails with a timeout error. The VPC endpoint policy is set to allow all actions from all principals. What is the most likely cause of the failure?

A.The ECS tasks are not configured to use a NAT gateway to reach the Bedrock endpoint
B.The VPC endpoint policy does not grant the ECS task IAM role permission to invoke Bedrock
C.The ECS task IAM role does not have the bedrock:InvokeModel permission
D.The security group associated with the VPC endpoint does not allow inbound HTTPS traffic from the ECS tasks
AnswerD

The security group must allow inbound HTTPS from the ECS tasks' security group; otherwise, traffic is blocked.

Why this answer

The timeout error indicates a network connectivity issue, not an authentication or authorization problem. Since the ECS tasks are in a private subnet without internet access and a VPC endpoint for Bedrock is configured, the most likely cause is that the security group associated with the VPC endpoint does not allow inbound HTTPS (port 443) traffic from the ECS tasks. Without this inbound rule, the TCP handshake fails, resulting in a timeout.

Exam trap

AWS often tests the distinction between network-level failures (timeouts) and authorization failures (access denied), and the trap here is that candidates confuse VPC endpoint policy with security group rules, assuming a permissive policy is sufficient for connectivity.

How to eliminate wrong answers

Option A is wrong because a NAT gateway is used for internet access, but the VPC endpoint allows private connectivity to Bedrock without internet; a NAT gateway is not required and would actually violate the requirement that the ECS task has no internet access. Option B is wrong because the VPC endpoint policy is set to allow all actions from all principals, so it does not restrict the ECS task IAM role; the issue is a network timeout, not a policy denial. Option C is wrong because the IAM role lacking bedrock:InvokeModel would cause an access denied error (HTTP 403), not a timeout; the timeout indicates the request never reached Bedrock.

40
Multi-Selectmedium

A company needs to secure data used for training machine learning models in Amazon SageMaker. Which TWO actions should be taken to protect data at rest and in transit? (Choose TWO.)

Select 2 answers
A.Use AWS Certificate Manager (ACM) to generate certificates for all SageMaker endpoints
B.Enable default encryption on S3 buckets using AWS KMS
C.Disable root access on SageMaker notebook instances
D.Use SageMaker with VPC endpoints and enforce HTTPS for API calls
E.Use SageMaker Model Registry to track model versions
AnswersB, D

This encrypts data at rest in S3.

Why this answer

Option B is correct because enabling default encryption on S3 buckets using AWS KMS ensures that all objects stored in the bucket are encrypted at rest. This is a fundamental security practice for protecting training data in SageMaker, as SageMaker reads data from S3. Using AWS KMS allows you to manage and audit encryption keys, providing fine-grained control over data protection.

Exam trap

AWS often tests the distinction between data protection mechanisms (encryption) and other security controls (access management, model governance), leading candidates to confuse disabling root access or using Model Registry with data encryption requirements.

41
MCQhard

A company is using Amazon SageMaker to train a model. The training data is stored in an S3 bucket that is encrypted with an AWS KMS customer managed key (CMK). The training job fails with an error indicating that the SageMaker execution role does not have permission to decrypt the data. The administrator has verified that the execution role has the kms:Decrypt permission. What additional permission might be missing?

A.kms:CreateGrant
B.kms:ReEncrypt
C.kms:DescribeKey
D.kms:GenerateDataKey
AnswerA

Allows SageMaker to create a grant on the KMS key for its internal service principal.

Why this answer

When SageMaker accesses encrypted S3 data, it must create a grant on the KMS key to allow the SageMaker service principal to decrypt the data on behalf of the execution role. Even if the execution role has kms:Decrypt, SageMaker itself needs permission to call kms:CreateGrant to set up this delegated access. Without kms:CreateGrant, the service cannot establish the necessary cryptographic context for the training job.

Exam trap

The trap here is that candidates assume kms:Decrypt alone is sufficient, overlooking that SageMaker requires kms:CreateGrant to delegate decryption permissions to the SageMaker service principal for cross-account or service-integrated access.

How to eliminate wrong answers

Option B is wrong because kms:ReEncrypt is used to re-encrypt data under a new key, which is not required for reading training data; the job only needs decryption. Option C is wrong because kms:DescribeKey provides metadata about the key but does not enable the service to decrypt data; it is not a prerequisite for SageMaker's S3 access. Option D is wrong because kms:GenerateDataKey is used to create new data keys for encryption, not for decrypting existing data; the training job needs to decrypt, not generate keys.

42
MCQeasy

An organization uses Amazon Macie to discover sensitive data in S3. The compliance team needs to receive notifications when Macie finds PII. Which AWS service should they use to send notifications?

A.AWS Lambda
B.Amazon CloudWatch
C.Amazon Simple Notification Service (SNS)
D.Amazon Simple Email Service (SES)
AnswerC

SNS is used for notifications triggered by Macie findings.

Why this answer

Amazon Macie publishes findings to Amazon EventBridge, which can trigger a target such as an SNS topic. SNS then pushes notifications (e.g., email, SMS, HTTP) to subscribers. This decoupled architecture allows the compliance team to receive real-time alerts when PII is detected, without needing to poll or manage compute resources.

Exam trap

The trap here is that candidates often confuse the service that generates the event (Macie) with the service that delivers the notification, or they assume Lambda is required for all event-driven workflows, when in fact SNS can directly receive events from EventBridge without any compute layer.

How to eliminate wrong answers

Option A is wrong because AWS Lambda is a compute service that can process events but does not itself send notifications; it would need to invoke SNS or another service to deliver messages. Option B is wrong because Amazon CloudWatch is for monitoring metrics, logs, and alarms, not for sending human-readable notifications directly to end users; it can trigger SNS but is not the notification delivery service. Option D is wrong because Amazon Simple Email Service (SES) is designed for sending transactional and marketing emails, not for event-driven notifications from Macie; SES requires explicit API calls and is not a native target for Macie findings via EventBridge.

43
MCQhard

Refer to the exhibit. An IAM policy is attached to a role used by an Amazon SageMaker notebook instance. The notebook instance attempts to upload a model artifact to the S3 bucket 'my-bucket' without specifying server-side encryption. What will happen?

A.The upload succeeds because S3 automatically encrypts objects at rest
B.The upload fails because the policy does not allow PutObject without encryption
C.The upload succeeds because the bucket has default encryption enabled
D.The upload fails with an access denied error
AnswerD

The condition requires the encryption header to be present and set to AES256; without it, the action is denied.

Why this answer

Option D is correct because the IAM policy attached to the SageMaker role includes a condition that denies s3:PutObject unless the request includes the x-amz-server-side-encryption header with a value of 'AES256'. Since the notebook instance attempts to upload without specifying server-side encryption, the condition is not met, and the request is denied with an access denied error. S3 default bucket encryption does not override explicit IAM policy conditions that require encryption headers in the request.

Exam trap

The trap here is that candidates assume S3's default encryption or automatic server-side encryption satisfies the policy condition, but Cisco tests the distinction between bucket-level encryption settings and request-level IAM conditions that require explicit encryption headers.

How to eliminate wrong answers

Option A is wrong because while S3 does automatically encrypt objects at rest via server-side encryption (SSE-S3) by default, the IAM policy explicitly requires the request to include the x-amz-server-side-encryption header; automatic encryption does not satisfy this condition. Option B is wrong because the policy does not deny PutObject without encryption in general; it denies it only when the condition for the encryption header is not met, and the error is access denied, not a failure due to missing encryption. Option C is wrong because bucket default encryption applies server-side encryption at the bucket level, but it does not add the required encryption header to the request; the IAM policy condition evaluates the request headers, not the bucket's default behavior.

44
MCQhard

Refer to the exhibit. A data scientist is trying to run a SageMaker training job that uses training data from an S3 bucket encrypted with the specified KMS key. The training job fails with an access denied error. The IAM role shown is attached to the training job. What is the missing permission?

A.s3:ListBucket
B.kms:GenerateDataKey
C.kms:CreateGrant
D.s3:GetBucketLocation
AnswerC

Required for SageMaker to delegate decrypt permissions to its service roles.

Why this answer

When a SageMaker training job accesses encrypted S3 data, it must be granted permission to use the KMS key for decryption. The `kms:CreateGrant` permission allows SageMaker to create a grant on the KMS key, which is required for the service to decrypt the data on behalf of the user. Without this permission, the training job fails with an access denied error even if other KMS actions are allowed.

Exam trap

Cisco often tests the misconception that `kms:Decrypt` alone is sufficient for SageMaker to access encrypted S3 data, but the service requires `kms:CreateGrant` to create a delegation grant for its internal principal.

How to eliminate wrong answers

Option A is wrong because `s3:ListBucket` is used to list objects in a bucket, not to read or decrypt objects; the error is related to KMS decryption, not listing. Option B is wrong because `kms:GenerateDataKey` is used to create a new data key for encryption, not to decrypt existing data; SageMaker needs `kms:Decrypt` and `kms:CreateGrant` for decryption. Option D is wrong because `s3:GetBucketLocation` is used to retrieve the bucket's region, which is unrelated to KMS decryption permissions.

45
MCQhard

A company uses Amazon SageMaker to host a model for fraud detection. The model must be re-evaluated for bias on a monthly basis. Which SageMaker feature can be used to detect bias in a trained model?

A.SageMaker Debugger
B.SageMaker Model Monitor
C.SageMaker Clarify
D.SageMaker Autopilot
AnswerC

Clarify provides bias detection and explainability.

Why this answer

SageMaker Clarify is the correct choice because it is specifically designed to detect bias in machine learning models and data. It provides built-in capabilities to evaluate bias metrics (e.g., difference in positive proportions, disparate impact) both before training (pre-training bias) and after training (post-training bias), making it suitable for the monthly re-evaluation requirement.

Exam trap

The trap here is that candidates confuse SageMaker Model Monitor (which monitors data drift) with bias detection, but Model Monitor does not evaluate model fairness or bias metrics.

How to eliminate wrong answers

Option A is wrong because SageMaker Debugger is used for monitoring training jobs in real time to detect issues like vanishing gradients or overfitting, not for bias detection. Option B is wrong because SageMaker Model Monitor focuses on detecting data drift and quality issues in deployed endpoints, not on evaluating model bias. Option D is wrong because SageMaker Autopilot automates the process of building, training, and tuning models, but it does not include built-in bias detection capabilities.

46
MCQmedium

A team is using Amazon SageMaker to deploy a real-time inference endpoint. The endpoint must be accessible only from a specific IP range and must automatically scale based on request volume. Which configuration meets these requirements?

A.Deploy the endpoint in a public subnet with a security group allowing the IP range.
B.Configure the endpoint with a VPC and attach a security group that allows inbound traffic from the IP range, and enable automatic scaling for the endpoint.
C.Deploy the endpoint with a VPC and use a Network Load Balancer with target group health checks.
D.Deploy the endpoint with an AWS WAF ACL to filter by IP and enable auto scaling for the endpoint.
AnswerB

VPC security group restricts by IP and automatic scaling handles demand.

Why this answer

Option B is correct because Amazon SageMaker endpoints can be deployed within a VPC, allowing you to attach a security group that restricts inbound traffic to a specific IP range. Additionally, SageMaker supports automatic scaling for real-time endpoints using Application Auto Scaling, which adjusts the number of instances based on request volume metrics like InvocationsPerInstance.

Exam trap

The trap here is that candidates often confuse network-level access control (security groups in a VPC) with application-layer filtering (AWS WAF) or assume that a public subnet with a security group is sufficient, not realizing that SageMaker endpoints in a public subnet are still internet-facing and cannot be restricted to a specific IP range without a VPC.

How to eliminate wrong answers

Option A is wrong because deploying the endpoint in a public subnet exposes it to the internet, and a security group alone cannot restrict access to a specific IP range if the endpoint is publicly accessible; SageMaker endpoints in public subnets are not supported for IP-based restriction without a VPC. Option C is wrong because while a Network Load Balancer (NLB) can provide health checks and distribute traffic, SageMaker endpoints do not require an NLB for IP-based access control or scaling; the VPC and security group configuration already handles access control, and NLB is not a standard component for SageMaker endpoint deployment. Option D is wrong because AWS WAF is a web application firewall that operates at the application layer (HTTP/HTTPS) and is typically associated with API Gateway or CloudFront, not directly with SageMaker endpoints; SageMaker endpoints do not natively integrate with AWS WAF for IP filtering, and using WAF would not replace the need for VPC-based network controls.

47
MCQmedium

A machine learning engineer notices that a SageMaker training job failed due to insufficient permissions to access a KMS-encrypted S3 bucket. The training job's IAM role has S3 access permissions. What should be done to resolve the issue?

A.Create a new KMS key and re-encrypt the data
B.Assign the SageMakerFullAccess policy to the role
C.Add a kms:Decrypt permission to the IAM role for the specific KMS key used to encrypt the S3 bucket
D.Change the S3 bucket's default encryption to S3-managed keys (SSE-S3)
AnswerC

The role needs decryption permissions to access the encrypted data.

Why this answer

The training job failed because the IAM role lacks permission to decrypt the KMS key used for S3 server-side encryption. Even with S3 access permissions, SageMaker cannot read encrypted objects without the kms:Decrypt action on the specific KMS key. Adding kms:Decrypt to the role's policy for that key resolves the issue.

Exam trap

The trap here is that candidates assume S3 permissions alone are sufficient, overlooking that KMS-encrypted objects require explicit kms:Decrypt permissions on the IAM role, not just S3 bucket policies or managed policies like SageMakerFullAccess.

How to eliminate wrong answers

Option A is wrong because creating a new KMS key and re-encrypting the data is unnecessary and disruptive; the existing key can be used if the IAM role is granted the proper decrypt permission. Option B is wrong because SageMakerFullAccess is an AWS managed policy that does not include KMS permissions for customer-managed keys; it only grants basic SageMaker and S3 access, so it would not resolve the KMS decryption failure. Option D is wrong because changing the bucket's default encryption to SSE-S3 removes KMS encryption, which may violate security or compliance requirements, and is an overreaction when a simple IAM permission update can fix the issue.

48
MCQmedium

A data science team is using Amazon SageMaker Studio. To meet compliance requirements, they need to ensure that all user activity in the environment is logged and that any unauthorized access attempts are detected. Which approach should they take?

A.Enable SageMaker Model Monitor and configure Amazon S3 server access logs.
B.Enable AWS CloudTrail and Amazon GuardDuty for threat detection.
C.Use AWS Config rules to track changes and Amazon Inspector for vulnerability scanning.
D.Enable SageMaker Studio with VPC only mode and use AWS CloudTrail.
AnswerB

CloudTrail logs API calls and GuardDuty detects unauthorized access patterns.

Why this answer

AWS CloudTrail logs all API activity in SageMaker Studio, including user actions and access attempts, while Amazon GuardDuty provides intelligent threat detection by analyzing CloudTrail logs, VPC flow logs, and DNS logs for unauthorized access patterns. Together, they meet compliance requirements for logging and detecting unauthorized access without additional configuration overhead.

Exam trap

The trap here is that candidates often confuse logging (CloudTrail) with threat detection (GuardDuty) and assume that enabling CloudTrail alone satisfies both requirements, but GuardDuty is specifically needed to analyze logs for unauthorized access attempts.

How to eliminate wrong answers

Option A is wrong because SageMaker Model Monitor is designed for detecting data drift and model quality issues, not for logging user activity or detecting unauthorized access; Amazon S3 server access logs only capture requests to S3 buckets, not SageMaker Studio user actions. Option C is wrong because AWS Config rules track resource configuration changes and compliance, not user activity logging, and Amazon Inspector focuses on vulnerability scanning of EC2 instances and container images, not threat detection for user access. Option D is wrong because VPC only mode restricts network access but does not provide logging of user activity or threat detection; AWS CloudTrail alone logs API calls but lacks the intelligent threat detection capability that GuardDuty provides for identifying unauthorized access attempts.

49
MCQhard

A financial services company is building a predictive model using Amazon SageMaker. The model training data contains personally identifiable information (PII). The company must ensure that the data is encrypted at rest and in transit, and that access to the data is logged. Which combination of AWS services meets these requirements?

A.Use S3 server-side encryption with S3-managed keys (SSE-S3) and enable CloudTrail trail for S3 data events
B.Use S3 server-side encryption with AWS KMS (SSE-KMS), enable SageMaker inter-container traffic encryption, and enable CloudTrail data events for the S3 bucket
C.Use S3 client-side encryption and configure SageMaker to use HTTPS for inter-container traffic
D.Enable S3 default encryption with AES-256 and use AWS CloudTrail for S3 data events
AnswerB

SSE-KMS provides encryption at rest with key control, inter-container traffic encryption provides transit encryption, and CloudTrail data events log access to objects.

Why this answer

Option B is correct because it addresses all three requirements: SSE-KMS encrypts data at rest in S3, SageMaker inter-container traffic encryption ensures data in transit between training containers is encrypted, and CloudTrail data events for the S3 bucket log all access to the PII data. This combination provides a complete, auditable encryption and logging solution.

Exam trap

The trap here is that candidates often assume S3 server-side encryption alone (SSE-S3 or SSE-KMS) satisfies all encryption requirements, forgetting that SageMaker inter-container traffic encryption is needed for data in transit during distributed training.

How to eliminate wrong answers

Option A is wrong because SSE-S3 does not provide customer-controlled key management or audit trails for key usage, and CloudTrail data events alone do not cover encryption of data in transit within SageMaker. Option C is wrong because client-side encryption places the burden on the client and does not guarantee encryption at rest in S3 unless explicitly configured, and HTTPS for inter-container traffic is not the same as SageMaker's built-in inter-container encryption which uses TLS. Option D is wrong because S3 default encryption with AES-256 is equivalent to SSE-S3, which lacks customer-managed key audit capabilities, and CloudTrail data events do not address encryption in transit for SageMaker training jobs.

50
MCQeasy

A company is using Amazon Comprehend to analyze customer feedback. They need to ensure that the documents are encrypted at rest. What should they do?

A.No action is needed; Amazon Comprehend automatically encrypts data at rest using AES-256
B.Enable encryption using AWS KMS in the Comprehend console
C.Store documents in an encrypted S3 bucket and use a VPC endpoint
D.Use SSL/TLS for all API calls to Comprehend
AnswerA

Comprehend encrypts all data at rest by default.

Why this answer

Amazon Comprehend automatically encrypts all data at rest using AES-256 encryption by default, with no additional configuration required. This encryption covers both the documents processed by the service and any models or artifacts stored internally. Therefore, no action is needed from the customer to enable encryption at rest.

Exam trap

The trap here is that candidates often assume they need to manually enable encryption or use KMS, but Amazon Comprehend enforces encryption at rest automatically with no user action required, making 'No action needed' the correct answer.

How to eliminate wrong answers

Option B is wrong because Amazon Comprehend does not expose a console option to enable or disable encryption via AWS KMS; encryption is always-on and managed by the service. Option C is wrong because while storing documents in an encrypted S3 bucket is a best practice for data in transit to Comprehend, it does not affect how Comprehend encrypts data at rest within its own storage; the service already encrypts at rest regardless of the source bucket's encryption. Option D is wrong because SSL/TLS protects data in transit, not data at rest, and is already enforced by Comprehend for API calls.

51
Multi-Selecthard

A company uses Amazon SageMaker to build and deploy models. They want to enforce compliance that all model endpoints are encrypted in transit and use least privilege access. Which THREE steps should they take? (Choose THREE.)

Select 3 answers
A.Configure the SageMaker endpoint to use a custom SSL certificate via AWS Certificate Manager
B.Use an interface VPC endpoint (AWS PrivateLink) for SageMaker
C.Attach an IAM policy to the execution role that only allows specific actions on the endpoint
D.Enable AWS CloudTrail to log all endpoint invocations
E.Disable root access on the SageMaker notebook instances
AnswersA, B, C

This ensures HTTPS for encryption in transit.

Why this answer

Option A is correct because configuring a SageMaker endpoint to use a custom SSL certificate from AWS Certificate Manager (ACM) ensures that all data transmitted between clients and the endpoint is encrypted in transit using TLS. This enforces the compliance requirement for encryption in transit by replacing the default SageMaker certificate with a customer-managed certificate, which can be validated and rotated as needed.

Exam trap

The trap here is that candidates often confuse logging (CloudTrail) with enforcement of encryption or access control, or they mistakenly think disabling root access on notebooks affects endpoint security, when in fact it only secures the development environment.

52
MCQhard

During a security review, it is found that an Amazon SageMaker notebook instance has outbound internet access, which could lead to data exfiltration. The notebook must only access resources within the VPC. Which step should be taken to restrict internet access?

A.Modify the notebook instance's IAM role to deny s3:GetObject
B.Attach a security group that denies all outbound traffic to 0.0.0.0/0
C.Configure the notebook instance in a VPC with no internet gateway or NAT device, and set the notebook's 'Direct Internet Access' option to 'Disabled'
D.Disable the SageMaker notebook instance's root volume encryption
AnswerC

This ensures the notebook can only reach resources within the VPC.

Why this answer

Option C is correct because disabling 'Direct Internet Access' on a SageMaker notebook instance and placing it in a VPC without an internet gateway or NAT device ensures the notebook cannot reach the public internet. This configuration forces all traffic to stay within the VPC, preventing data exfiltration via outbound internet connections while still allowing access to VPC resources.

Exam trap

The trap here is that candidates may confuse network-level controls (security groups, VPC routing) with IAM permissions, thinking that denying S3 access prevents all exfiltration, or they may incorrectly assume that disabling encryption or blocking all outbound traffic is the correct approach.

How to eliminate wrong answers

Option A is wrong because modifying the IAM role to deny s3:GetObject only restricts access to S3 objects, not outbound internet traffic; data exfiltration could still occur via other protocols (e.g., HTTP, DNS tunneling). Option B is wrong because attaching a security group that denies all outbound traffic to 0.0.0.0/0 would block all outbound traffic, including legitimate VPC resources (e.g., other services within the same VPC), which is overly restrictive and not the intended solution. Option D is wrong because disabling root volume encryption does not affect internet access; it only removes encryption at rest, which is a security risk but unrelated to network egress control.

53
MCQmedium

A financial services company uses Amazon Bedrock to power a customer-facing chatbot that provides investment advice. The company must ensure that the chatbot's responses comply with regulatory standards, meaning that the model should not generate advice that is speculative or promises returns. The company has implemented Bedrock Guardrails with content filters. However, during testing, the chatbot still generates responses that violate the guidelines. A review of the guardrail configuration shows that the content filters are set to the lowest sensitivity. The company wants to enforce stricter filtering without completely blocking legitimate responses. What should the company do?

A.Increase the sensitivity of the content filters in the Bedrock Guardrails configuration.
B.Use a different foundational model that has built-in compliance filters.
C.Configure the chatbot to route all responses to a human reviewer before delivering to the customer.
D.Add a deny topic for investment advice to completely block that topic.
AnswerA

Higher sensitivity blocks more content that violates guidelines, while still allowing compliant responses.

Why this answer

Option A is correct because increasing the sensitivity of the content filters in Bedrock Guardrails directly addresses the issue: the current filters are set to the lowest sensitivity, allowing speculative or promise-based responses to pass through. By raising the sensitivity, the guardrails will block more non-compliant content while still permitting legitimate investment advice, striking the required balance between regulatory compliance and functionality.

Exam trap

The trap here is that candidates may think adding a deny topic (Option D) is the simplest way to enforce compliance, but they overlook that it completely blocks all investment advice, which violates the requirement to allow legitimate responses; the exam tests understanding of granular guardrail tuning versus blunt blocking.

How to eliminate wrong answers

Option B is wrong because switching to a different foundational model does not guarantee built-in compliance filters that meet the specific regulatory standards; models themselves do not enforce content policies—guardrails do. Option C is wrong because routing all responses to a human reviewer introduces latency and scalability issues, and does not solve the underlying guardrail configuration problem; it is a workaround, not a fix. Option D is wrong because adding a deny topic for investment advice would completely block all investment-related queries, which is overly restrictive and prevents the chatbot from providing any legitimate advice, violating the requirement to avoid completely blocking legitimate responses.

54
MCQeasy

Refer to the exhibit. A data scientist is training a model in SageMaker using a KMS-encrypted dataset. The training job fails with the error shown. Which action should be taken to resolve this issue?

A.Add the SageMaker execution role to the KMS key policy with the kms:Decrypt permission.
B.Create a new KMS key and update the bucket policy to use the new key.
C.Attach an IAM policy to the SageMaker execution role that allows kms:Decrypt on the key.
D.Disable server-side encryption on the S3 bucket and use client-side encryption.
AnswerA

The key policy must explicitly grant the execution role the kms:Decrypt permission.

Why this answer

The error indicates the SageMaker execution role lacks permission to decrypt the KMS key. The most direct solution is to add the role to the KMS key policy with the kms:Decrypt permission. Option B is unnecessary; Option C changes encryption approach unnecessarily; Option D is also valid but less direct because the key policy must allow the role anyway, and modifying the key policy is the standard practice for SageMaker.

55
Multi-Selecteasy

A company is using Amazon Rekognition to detect objects in images stored in an S3 bucket. The company needs to ensure that the Rekognition service has permission to read images from the S3 bucket. Which TWO methods can achieve this? (Choose TWO.)

Select 2 answers
A.Attach an IAM role to the Lambda function that calls Rekognition, with an IAM policy granting s3:GetObject on the bucket
B.Create an IAM role for Rekognition to assume and attach it to the Rekognition service
C.Configure the S3 bucket with a bucket ACL that grants read access to the Rekognition service
D.Attach a resource-based policy to the Rekognition collection allowing S3 access
E.Add a bucket policy that grants the Rekognition service principal (rekognition.amazonaws.com) permission to read objects
AnswersA, E

The IAM role provides permissions to the Lambda function to read from S3.

Why this answer

Option A is correct because when a Lambda function calls Amazon Rekognition, the function needs an IAM role with a policy that grants s3:GetObject permission on the source bucket. This allows the Lambda function to read the images and pass them to Rekognition for analysis. Option E is correct because you can attach a bucket policy that explicitly grants the Rekognition service principal (rekognition.amazonaws.com) permission to read objects, enabling Rekognition to directly access the S3 bucket when invoked.

Exam trap

The trap here is that candidates often confuse which AWS services can assume IAM roles (like Lambda or EC2) versus those that require resource-based policies (like Rekognition or S3), leading them to incorrectly select option B.

56
Multi-Selectmedium

A data science team uses Amazon SageMaker to train models. To comply with SOC 2, they must ensure that access to training data is logged, that the data is encrypted at rest, and that model training jobs are isolated from each other. Which THREE actions should they take? (Choose three.)

Select 3 answers
A.Enable Amazon Inspector to scan training instances for vulnerabilities.
B.Enable server-side encryption on the S3 bucket containing training data using SSE-KMS.
C.Use SageMaker Debugger to monitor training jobs.
D.Enable AWS CloudTrail to capture SageMaker API calls.
E.Use SageMaker VPC mode to launch training jobs in a private subnet.
AnswersB, D, E

SSE-KMS encrypts data at rest.

Why this answer

Option B is correct because enabling server-side encryption on the S3 bucket containing training data using SSE-KMS ensures data at rest is encrypted, which is a direct requirement for SOC 2 compliance. SSE-KMS provides envelope encryption with a customer-managed AWS KMS key, allowing fine-grained access control and audit trails for the encryption keys.

Exam trap

The trap here is that candidates may confuse Amazon Inspector with a logging or encryption service, or think SageMaker Debugger provides security logging, when in fact Inspector only scans for vulnerabilities and Debugger only monitors model training metrics.

57
MCQeasy

A company wants to track API calls made to Amazon SageMaker for audit purposes. Which AWS service should they enable?

A.AWS CloudTrail
B.Amazon Macie
C.AWS Config
D.Amazon CloudWatch Logs
AnswerA

CloudTrail records all API calls for auditing and compliance.

Why this answer

AWS CloudTrail is the correct service because it records API activity across AWS services, including Amazon SageMaker. By enabling CloudTrail, the company can capture all SageMaker API calls (e.g., CreateModel, InvokeEndpoint) for audit, compliance, and security analysis. CloudTrail logs provide details such as the identity of the caller, the time of the call, and the request parameters, which are essential for auditing.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (for API auditing) with Amazon CloudWatch Logs (for log monitoring), mistakenly thinking CloudWatch Logs is the primary service for tracking API calls, but CloudTrail is the dedicated service for recording API activity across AWS.

How to eliminate wrong answers

Option B (Amazon Macie) is wrong because Macie is a data security service that uses machine learning to discover, classify, and protect sensitive data in Amazon S3, not to track API calls. Option C (AWS Config) is wrong because Config evaluates and records resource configuration changes (e.g., SageMaker endpoint configuration), not API call activity. Option D (Amazon CloudWatch Logs) is wrong because CloudWatch Logs is for monitoring, storing, and accessing log files from applications and AWS services, but it does not natively capture API calls; it can ingest CloudTrail logs but is not the primary service for API auditing.

58
MCQeasy

A company is using Amazon Bedrock to build a generative AI application. The company wants to prevent the model from generating toxic or harmful content while still allowing creative responses. Which feature should the company enable?

A.Amazon Bedrock Guardrails with content filters.
B.AWS Key Management Service (KMS) to encrypt model responses.
C.AWS Identity and Access Management (IAM) policies to restrict model output.
D.Amazon CloudWatch Logs to monitor and block harmful content.
AnswerA

Guardrails provide configurable content filters to block harmful output without overly restricting creativity.

Why this answer

Amazon Bedrock Guardrails with content filters is the correct feature because it allows the company to define and enforce policies that block toxic or harmful content in model inputs and outputs, while still permitting creative responses within safe boundaries. This feature provides configurable thresholds for content categories like hate, insults, and sexual content, enabling precise control over model behavior without restricting overall creativity.

Exam trap

The trap here is that candidates may confuse security services (like KMS for encryption or IAM for access control) with content moderation capabilities, assuming any AWS security service can filter model outputs, when in fact only Bedrock Guardrails provides purpose-built content filters for generative AI.

How to eliminate wrong answers

Option B is wrong because AWS KMS encrypts data at rest and in transit but does not inspect or filter model responses for toxic content; encryption ensures confidentiality, not content safety. Option C is wrong because IAM policies control access to AWS resources and actions (e.g., who can invoke a model) but cannot restrict the actual text output of a model; they are for authorization, not content moderation. Option D is wrong because Amazon CloudWatch Logs can monitor and store logs for analysis but cannot actively block harmful content in real-time; it is a logging and monitoring service, not a content filter.

59
MCQeasy

Refer to the exhibit. A security analyst is reviewing CloudTrail logs and notices a training job creation from an IP address (203.0.113.5) that is not associated with the company's network. What is the most likely cause?

A.The user john.doe is accessing the AWS Management Console from a VPN.
B.The CloudTrail log is being generated by a cross-account role.
C.The training job was created using the AWS CLI from an external machine.
D.The training job was created by a malicious actor who stole credentials.
AnswerA

A VPN would route traffic through an external IP; this is a common scenario for remote workers.

Why this answer

The IP address 203.0.113.5 is a non-routable test IP (RFC 5737) and not associated with the company's network. The most likely cause is that user john.doe is accessing the AWS Management Console through a VPN, which would route traffic through the VPN's public IP rather than the corporate network. This explains why the source IP appears external while the user identity is legitimate.

Exam trap

AWS often tests the distinction between 'external IP' and 'unauthorized access'—the trap here is assuming any external IP indicates a security breach, when in fact VPN usage is a legitimate and common cause for such logs.

How to eliminate wrong answers

Option B is wrong because cross-account roles would show the source IP of the role's session, not necessarily an external IP, and the log would include a 'userIdentity' with 'arn:aws:sts::...' indicating assumed role, which is not described. Option C is wrong because using the AWS CLI from an external machine would still show the machine's public IP, but the question states the IP is 'not associated with the company's network'—this is a plausible scenario but less likely than a VPN, as the user identity (john.doe) suggests a legitimate user, not an external machine. Option D is wrong because while stolen credentials are possible, the question asks for the 'most likely cause' given the context of a legitimate user identity; a malicious actor would typically not use a known corporate username without additional suspicious activity.

60
Multi-Selectmedium

A company is using Amazon SageMaker to train machine learning models. The security team wants to ensure that the training data is encrypted at rest and that the SageMaker notebook instances cannot access the internet. Which TWO actions should the company take? (Choose TWO.)

Select 2 answers
A.Enable S3 server-side encryption with AWS KMS (SSE-KMS) for the training data bucket
B.Create an AWS CloudTrail trail to log all S3 data events
C.Enable encryption at rest for the SageMaker endpoint using the AWS Management Console
D.Disable internet access for the SageMaker notebook instance by placing it in a VPC without a NAT gateway or internet gateway
E.Use AWS Security Token Service (STS) to generate temporary credentials for the notebook instance
AnswersA, D

SSE-KMS encrypts objects at rest using KMS keys.

Why this answer

Option A is correct because enabling S3 server-side encryption with AWS KMS (SSE-KMS) ensures that the training data stored in the S3 bucket is encrypted at rest. This satisfies the security team's requirement for data encryption at rest, as SSE-KMS provides envelope encryption with a customer-managed or AWS-managed KMS key, giving the company control over the encryption keys and auditability via AWS CloudTrail.

Exam trap

The trap here is that candidates often confuse encryption at rest for the endpoint (Option C) with encryption of the training data in S3, or they mistakenly think that CloudTrail logging (Option B) or STS credentials (Option E) provide encryption, when in fact they address auditing and access control, not data encryption.

61
MCQmedium

An IAM policy allows creation of SageMaker training jobs only if they use a specific VPC security group. A user tries to create a training job without specifying that security group. What will happen?

A.The request will succeed but SageMaker will ignore the condition
B.The request will succeed because the condition is optional
C.The request will be denied because the training job resource ARN is invalid
D.The request will be denied with an AccessDenied error
AnswerD

The IAM condition is not satisfied, so the request is denied.

Why this answer

Option D is correct because IAM policies are evaluated before any AWS API action is executed. If the policy includes a condition that requires a specific VPC security group for SageMaker training jobs, and the user's request does not include that security group, the condition is not met, resulting in an explicit deny (AccessDenied error). AWS IAM denies the request by default if the condition in a policy is not satisfied, regardless of whether the condition is marked as optional in the API.

Exam trap

The trap here is that candidates assume an optional API parameter means the IAM condition is also optional, but IAM conditions are strictly enforced regardless of whether the parameter is required by the API.

How to eliminate wrong answers

Option A is wrong because IAM policies do not ignore conditions; if a condition is not met, the request is denied, not silently ignored. Option B is wrong because the condition is not optional from an IAM perspective; even if the API parameter is optional, the IAM policy condition must be satisfied for the request to be allowed. Option C is wrong because the training job resource ARN is not invalid; the request is denied due to the policy condition, not due to an ARN format issue.

62
Multi-Selecteasy

Which TWO AWS services can be used to monitor and detect security anomalies in Amazon SageMaker model inference data? (Choose TWO.)

Select 2 answers
A.Amazon Macie
B.AWS CloudTrail
C.Amazon CodeGuru Security
D.Amazon SageMaker Model Monitor
E.Amazon CloudWatch Logs
AnswersD, E

Model Monitor detects data drift and anomalies in inference data.

Why this answer

Amazon SageMaker Model Monitor is specifically designed to detect deviations in model quality, such as data drift and feature attribution drift, by continuously monitoring inference data against a baseline. Amazon CloudWatch Logs can be used to capture and analyze inference request logs, enabling custom anomaly detection through log-based metrics and alarms. Together, they provide a comprehensive approach to monitoring security anomalies in SageMaker model inference data.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (API auditing) with CloudWatch Logs (log monitoring), or assume Macie can monitor any data flow, when it is restricted to S3 object-level sensitive data discovery.

63
MCQeasy

A company wants to monitor for malicious activity in their machine learning pipelines, such as unauthorized access to training data or model artifacts. Which AWS service can provide automated threat detection and continuous monitoring?

A.AWS Config
B.Amazon GuardDuty
C.AWS Shield
D.Amazon Inspector
AnswerB

GuardDuty continuously monitors for malicious activity across AWS accounts and workloads.

Why this answer

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior across AWS workloads, including machine learning pipelines. It uses machine learning, anomaly detection, and integrated threat intelligence to identify threats such as unauthorized access to S3 buckets containing training data or model artifacts, without requiring manual intervention.

Exam trap

AWS often tests the distinction between services that monitor for security threats (GuardDuty) versus services that manage compliance (AWS Config), protect against DDoS (AWS Shield), or scan for vulnerabilities (Amazon Inspector), leading candidates to confuse configuration auditing with active threat detection.

How to eliminate wrong answers

Option A is wrong because AWS Config is a service for evaluating and auditing resource configurations against compliance rules, not for continuous threat detection or monitoring for malicious activity. Option C is wrong because AWS Shield is a managed Distributed Denial of Service (DDoS) protection service, designed to safeguard against network and transport layer attacks, not for detecting unauthorized access or malicious behavior in ML pipelines. Option D is wrong because Amazon Inspector is a vulnerability management service that scans for software vulnerabilities and unintended network exposure, not for real-time threat detection or monitoring of malicious activity.

64
MCQmedium

A healthcare company is deploying a machine learning model on Amazon SageMaker to analyze patient records. The model requires access to a DynamoDB table containing patient data. Which combination of AWS services and features should the company use to restrict access to only the necessary resources?

A.Attach a DynamoDB resource-based policy to the table allowing access from the SageMaker notebook
B.Create an IAM role with a policy granting read-only access to the specific DynamoDB table and attach it to the SageMaker notebook instance
C.Store AWS access keys in the notebook and use those credentials to access DynamoDB
D.Launch the SageMaker notebook in a VPC with a security group that allows access to DynamoDB
AnswerB

This follows least-privilege principle and uses temporary credentials via IAM roles.

Why this answer

Option B is correct because it follows the AWS principle of least privilege by creating an IAM role with a policy that grants read-only access to the specific DynamoDB table, then attaching that role to the SageMaker notebook instance. This ensures the notebook can only perform read operations on the required table without exposing long-term credentials or granting broader permissions.

Exam trap

Cisco often tests the misconception that DynamoDB supports resource-based policies like S3 bucket policies, but in reality DynamoDB only uses IAM identity-based policies for access control.

How to eliminate wrong answers

Option A is wrong because DynamoDB does not support resource-based policies; access control is managed exclusively through IAM policies, not by attaching policies directly to the table. Option C is wrong because storing AWS access keys in the notebook violates security best practices by introducing long-term credentials that can be leaked or misused, and SageMaker notebooks should use IAM roles for temporary credentials. Option D is wrong because a VPC with a security group controls network-level traffic but does not authenticate or authorize the SageMaker notebook to access DynamoDB; DynamoDB access requires IAM permissions regardless of network configuration.

65
MCQhard

A healthcare company is using Amazon SageMaker to train and deploy a model that predicts patient readmission risk. The model uses sensitive protected health information (PHI). The company must ensure that data is encrypted at rest and in transit, and that access to the model endpoint is restricted to authorized applications only. The security team has configured AWS KMS customer managed keys for encryption, and IAM roles for SageMaker execution. However, during a security audit, it was discovered that the model endpoint is accessible from the internet and that the data used for training was stored in an S3 bucket with default encryption enabled. The compliance team requires that all PHI data be encrypted with a key that is rotated annually, and that no public access is allowed to the endpoint or training data. Which combination of actions should the ML engineer take to remediate these issues?

A.Use a SageMaker notebook instance with a lifecycle configuration to encrypt data with a customer managed KMS key, and restrict endpoint access using an IAM policy.
B.Enable S3 bucket encryption with SSE-S3, attach a bucket policy denying public access, and use an AWS Lambda function to rotate the S3 bucket key every year.
C.Apply SSE-KMS with an AWS managed key to the S3 bucket, and use a Lambda function to rotate the key every year. Disable public access to the endpoint using a VPC endpoint.
D.Enable S3 bucket encryption with a customer managed KMS key, disable public access on the SageMaker endpoint by deploying it in a VPC, and configure the KMS key to rotate annually.
AnswerD

Correct: Addresses all requirements with customer managed key, VPC endpoint, and key rotation.

Why this answer

Option D is correct because it addresses all compliance requirements: enabling S3 bucket encryption with a customer managed KMS key ensures PHI is encrypted at rest with a key that can be rotated annually, deploying the SageMaker endpoint in a VPC removes public internet access, and configuring annual KMS key rotation satisfies the rotation policy. This combination ensures encryption at rest and in transit (via VPC), restricts endpoint access to authorized applications only, and meets the key rotation requirement.

Exam trap

The trap here is that candidates confuse 'disabling public access' with 'using a VPC endpoint'—a VPC endpoint only allows private access to the endpoint from within the VPC, but the endpoint itself remains publicly accessible unless it is deployed inside a VPC with no internet gateway.

How to eliminate wrong answers

Option A is wrong because a SageMaker notebook instance with a lifecycle configuration does not encrypt data at rest in S3 or the endpoint, and restricting endpoint access via an IAM policy alone does not prevent public internet access—network-level controls like VPC are required. Option B is wrong because SSE-S3 uses AWS-managed keys that cannot be rotated annually by the customer, and a Lambda function cannot rotate an SSE-S3 key (S3 manages it automatically); also, it does not address endpoint public access. Option C is wrong because using an AWS managed key (SSE-KMS with AWS managed key) does not allow customer-controlled annual rotation—only customer managed KMS keys support customer-initiated rotation; additionally, disabling public access to the endpoint via a VPC endpoint is insufficient—the endpoint itself must be deployed in a VPC to remove internet exposure.

66
Multi-Selecteasy

A company uses Amazon Bedrock to build a generative AI application. They need to secure the application by restricting access to the model and preventing sensitive data from being stored in prompts. Which TWO actions should they take? (Choose two.)

Select 2 answers
A.Enable VPC Flow Logs for Bedrock.
B.Enable AWS CloudTrail to log all Bedrock API calls.
C.Use Amazon Bedrock Guardrails to define content filters and deny topics.
D.Implement IAM policies that allow only specific users to invoke the model.
E.Use AWS KMS to encrypt the model data.
AnswersC, D

Guardrails can filter sensitive data and enforce content policies.

Why this answer

Amazon Bedrock Guardrails (Option C) directly addresses the need to prevent sensitive data from being stored in prompts by allowing you to define content filters, deny topics, and configure sensitive information filters that block or mask such data before it reaches the model. This is the native service feature designed for content safety and data leakage prevention.

Exam trap

AWS often tests the distinction between logging/auditing services (CloudTrail, VPC Flow Logs) and actual security enforcement mechanisms (Guardrails, IAM), leading candidates to confuse observability with prevention.

67
MCQmedium

Refer to the exhibit. A security officer has attached this IAM policy to a user to allow invocation of a SageMaker endpoint. However, the user is unable to invoke the endpoint from an EC2 instance in the same VPC. What is the most likely cause?

A.The SageMaker endpoint is not configured to accept traffic from the VPC.
B.The IAM policy does not allow the sagemaker:InvokeEndpoint action without conditions.
C.The user's IAM role is missing the s3:GetObject permission for model artifacts.
D.The EC2 instance is not using the specified VPC endpoint (vpce-12345678).
AnswerD

The condition restricts invocation to traffic coming through that specific VPC endpoint.

Why this answer

The policy condition requires that the request originates from a specific VPC endpoint (vpce-12345678). If the EC2 instance is not using that endpoint (e.g., it is using a different endpoint or direct VPC access), the request will be denied. Option B is correct because the instance likely does not use that specific VPC endpoint.

68
Multi-Selecthard

A company is deploying an Amazon Lex chatbot that processes customer credit card information. The company must ensure that the chatbot does not log sensitive data and that the data is encrypted in transit. Which THREE actions should the company take? (Choose THREE.)

Select 3 answers
A.Ensure the Amazon Lex endpoint uses HTTPS for all API calls
B.Enable audio logging in Amazon Lex with content redaction enabled
C.Enable CloudTrail data events for the Lex bot to capture conversation logs
D.Enable S3 server access logs on the bucket storing the Lex bot configuration
E.Configure the Amazon Lex bot to use obfuscation for the credit card slot type
AnswersA, B, E

HTTPS encrypts data in transit.

Why this answer

Option A is correct because Amazon Lex endpoints support HTTPS, which encrypts data in transit using TLS. By ensuring all API calls use HTTPS, the company protects sensitive credit card information from being intercepted during communication between the client and the Lex service.

Exam trap

The trap here is that candidates may confuse CloudTrail data events (which log API activity) with conversation logging (which captures user utterances), leading them to incorrectly select option C as a solution for preventing sensitive data logging.

69
MCQeasy

A company uses Amazon Rekognition to analyze images for a user-generated content platform. To comply with data residency requirements, they must ensure that images are not processed outside a specific AWS region. What should the company do?

A.Enable Amazon Rekognition VPC endpoints.
B.Use an AWS Lambda function to copy images to a bucket in the desired region and invoke Rekognition there.
C.Configure an AWS WAF rule to block cross-region processing.
D.Set up AWS Organizations to restrict the Rekognition service to one region.
AnswerB

This ensures data is processed only in the specified region.

Why this answer

Option B is correct because it directly addresses the data residency requirement by using a Lambda function to copy images to an S3 bucket in the desired region and then invoking Rekognition in that same region. This ensures that image data never leaves the specified AWS region, as Rekognition processes images only in the region where the API call is made. The other options either do not prevent cross-region processing or are not applicable to Rekognition's data handling.

Exam trap

The trap here is that candidates often confuse VPC endpoints or WAF with data residency controls, not realizing that Rekognition processes data in the region of the API call, and that network-level or application-layer controls do not enforce regional data processing boundaries.

How to eliminate wrong answers

Option A is wrong because Amazon Rekognition VPC endpoints allow private connectivity to the Rekognition API within a VPC, but they do not restrict the region where processing occurs; the API call still goes to the Region endpoint you specify, and data can be processed in any region you choose. Option C is wrong because AWS WAF is a web application firewall that operates at the application layer (HTTP/HTTPS) and cannot control or block cross-region processing of Rekognition API calls, which are made via the AWS API or SDK, not through HTTP requests filtered by WAF. Option D is wrong because AWS Organizations can manage accounts and service control policies (SCPs) to restrict service usage, but SCPs cannot restrict Rekognition to a single region; they can only deny access to the Rekognition API in specific regions, but the company's requirement is to ensure images are not processed outside a specific region, which is a data residency concern, not an API access control issue.

70
MCQhard

A healthcare company is deploying a model to predict patient readmission risk using Amazon SageMaker. The model processes protected health information (PHI). The company must adhere to HIPAA regulations, which require that all PHI is encrypted at rest and in transit, and that access to the data is logged and audited. The data is stored in an S3 bucket encrypted with SSE-S3. The SageMaker training job uses a custom Docker container that reads data from the S3 bucket and writes model artifacts back to another S3 bucket. The security team notices that the model artifacts in the output bucket are not encrypted. Also, the training logs in CloudWatch Logs contain PHI because the training script logs patient features. The company must fix these issues without delaying the deployment. What should the company do?

A.Implement client-side encryption for the output bucket, and update the training script to mask PHI before logging.
B.Change the output S3 bucket to use SSE-KMS encryption, and enable server access logs for the bucket.
C.Modify the training container to avoid logging PHI, and configure the output S3 bucket to use SSE-KMS encryption.
D.Configure the training job to use a VPC with private subnets, and enable data encryption in transit using TLS.
AnswerC

This directly addresses both issues: encryption of output artifacts and removal of PHI from logs.

Why this answer

Option C is correct because it directly addresses both issues: modifying the training container to avoid logging PHI ensures CloudWatch Logs no longer contain protected health information, and configuring the output S3 bucket to use SSE-KMS encryption ensures model artifacts are encrypted at rest. SSE-KMS is preferred over SSE-S3 for HIPAA compliance because it provides additional controls like key rotation and audit trails. This approach fixes the problems without delaying deployment, as it requires only code and configuration changes.

Exam trap

The trap here is that candidates may focus on network-level controls (VPC, TLS) or logging mechanisms, overlooking the fact that the core issues are encryption at rest for the output bucket and preventing PHI from being written to CloudWatch Logs, which require application-level changes and bucket configuration.

How to eliminate wrong answers

Option A is wrong because client-side encryption for the output bucket would require the training container to encrypt data before writing, which does not address the PHI in CloudWatch Logs; also, client-side encryption is not a native S3 encryption method and adds complexity. Option B is wrong because enabling server access logs for the bucket only logs access requests, not the content of the logs, and does not prevent PHI from being logged in CloudWatch Logs; it also does not address the encryption of model artifacts. Option D is wrong because configuring a VPC with private subnets and TLS encryption addresses data in transit but does not solve the encryption-at-rest issue for the output bucket or the PHI in CloudWatch Logs.

71
MCQhard

A financial services company is deploying a fraud detection model using Amazon SageMaker. They need to ensure that inference requests are encrypted in transit and that the model endpoint is only accessible from within a VPC. What is the MOST secure way to achieve this?

A.Enable public endpoint with TLS and restrict access using a VPN
B.Use SageMaker Model Monitor to detect anomalies in request data
C.Create a SageMaker endpoint in a private subnet without an internet gateway, and use AWS PrivateLink
D.Deploy the model endpoint in a VPC with an interface VPC endpoint (AWS PrivateLink) and configure the model to require HTTPS
AnswerD

This ensures traffic stays within the VPC and uses TLS encryption in transit.

Why this answer

Option D is correct because it combines two critical security controls: deploying the SageMaker endpoint within a VPC using an interface VPC endpoint (AWS PrivateLink) ensures that all traffic stays within the AWS network and never traverses the public internet, while configuring the model to require HTTPS enforces encryption in transit. This architecture eliminates exposure to the internet and meets the requirement for encrypted inference requests and VPC-only access.

Exam trap

The trap here is that candidates often confuse 'deploying in a private subnet' with 'making the endpoint accessible within the VPC'—a SageMaker endpoint in a private subnet without an internet gateway or VPC endpoint cannot be reached because the SageMaker service itself needs a network path to invoke the endpoint, and without a VPC endpoint, the endpoint is effectively isolated and unreachable.

How to eliminate wrong answers

Option A is wrong because enabling a public endpoint with TLS still exposes the endpoint to the internet, and VPN access does not restrict access to within a VPC—it only adds an encrypted tunnel from a remote network. Option B is wrong because SageMaker Model Monitor is a feature for detecting data drift and model quality issues, not for controlling network access or encrypting inference traffic. Option C is wrong because creating a SageMaker endpoint in a private subnet without an internet gateway prevents the endpoint from being reachable at all—SageMaker endpoints require network connectivity to the SageMaker service for invocation, and without an internet gateway or VPC endpoint, the endpoint cannot receive requests.

72
Multi-Selecteasy

A company is using Amazon Bedrock to generate content for a marketing application. The company wants to ensure that the model does not generate content that violates the company's brand guidelines, which prohibit certain keywords and tones. Which TWO features should the company use to enforce these guidelines? (Choose two.)

Select 2 answers
A.Enable Amazon CloudWatch Logs to capture model output and manually review.
B.Create a prompt template that instructs the model to adhere to brand guidelines and avoid prohibited keywords.
C.Configure Amazon Bedrock Guardrails with custom deny topics and content filters.
D.Use AWS IAM policies to restrict the model's output to only approved words.
E.Encrypt the model responses using AWS KMS to prevent unauthorized viewing.
AnswersB, C

Prompt engineering is an effective way to guide model behavior without additional infrastructure.

Why this answer

Option B is correct because prompt engineering allows the company to embed brand guidelines directly into the instruction given to the model, effectively steering the output away from prohibited keywords and tones. Option C is correct because Amazon Bedrock Guardrails provides a managed, policy-based mechanism to define custom deny topics and content filters that can block or mask unwanted content at inference time, enforcing brand guidelines without manual intervention.

Exam trap

The trap here is that candidates often confuse IAM policies with content moderation, mistakenly believing that IAM can restrict model output vocabulary, when in fact IAM only governs API-level permissions and has no awareness of the semantic content of model responses.

73
Multi-Selectmedium

A company is deploying an AI-based customer service chatbot using Amazon Lex and AWS Lambda. The company must ensure compliance with GDPR by allowing users to request deletion of their personal data collected during conversations. Which TWO actions should the company take? (Choose two.)

Select 2 answers
A.Use the Amazon Lex DeleteTranscript API to delete user conversation transcripts.
B.Apply an IAM policy that denies access to the conversation logs for the user who requested deletion.
C.Delete the corresponding log streams in Amazon CloudWatch Logs that contain the conversation data.
D.Disable encryption of conversation logs to allow manual deletion.
E.Modify the Lex bot's conversation log settings to stop collecting personal data.
AnswersA, C

DeleteTranscript directly removes stored transcripts for a specific user.

Why this answer

Option A is correct because Amazon Lex provides the DeleteTranscript API, which allows the deletion of user conversation transcripts stored by Lex. This directly supports GDPR compliance by enabling the removal of personal data from conversation logs. The API targets the specific transcripts associated with a user, ensuring that their data is permanently deleted.

Exam trap

The trap here is that candidates may think that restricting access (IAM policy) or stopping data collection (modifying settings) is sufficient for GDPR deletion, but GDPR requires actual erasure of existing data, not just access control or future prevention.

74
MCQmedium

Refer to the exhibit. A company has the S3 bucket policy shown above. The company uses Amazon Rekognition to analyze images in the 'my-images' bucket. An IAM role used by a Lambda function calls Rekognition. Why might Rekognition be unable to read images from the bucket?

A.The Lambda function does not have an IAM role that allows Rekognition to call S3
B.The bucket policy does not grant Rekognition access to the bucket
C.The bucket policy does not include PutObject permission
D.The condition 'aws:SourceAccount' does not match the account of the Rekognition service
AnswerD

The condition ensures that the request originates from the specified account; if not, access is denied.

Why this answer

The bucket policy includes a condition 'aws:SourceAccount' that restricts access to requests originating from a specific AWS account. If the Rekognition service is being called from a different account (e.g., the Lambda function's IAM role is in a different account than the one specified in the condition), Rekognition will be denied read access to the S3 bucket. This condition is often misconfigured, causing cross-account access failures even when the principal is allowed.

Exam trap

Cisco often tests the nuance that a bucket policy can explicitly grant access to a service principal (like Rekognition) but still block requests due to a condition key mismatch, leading candidates to incorrectly assume the policy is missing the permission entirely.

How to eliminate wrong answers

Option A is wrong because the Lambda function's IAM role is used to call Rekognition, not to directly access S3; Rekognition itself needs permission to read from the bucket, which is governed by the bucket policy. Option B is wrong because the bucket policy does grant Rekognition access (the exhibit shows an Allow effect for the Rekognition service principal), but the condition is blocking it. Option C is wrong because PutObject permission is irrelevant to reading images; Rekognition only needs GetObject (read) permission to analyze images, not write access.

Ready to test yourself?

Try a timed practice session using only Ai Security Governance questions.