AIF-C01 · topic practice

Security, Compliance, and Governance for AI Solutions practice questions

Practise AWS Certified AI Practitioner AIF-C01 Security, Compliance, and Governance for AI Solutions practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security, Compliance, and Governance for AI Solutions

What the exam tests

What to know about Security, Compliance, and Governance for AI Solutions

Security, Compliance, and Governance for AI Solutions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security, Compliance, and Governance for AI Solutions exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security, Compliance, and Governance for AI Solutions questions

20 questions · select your answer, then reveal the explanation

A company uses Amazon SageMaker to train sensitive ML models. Which AWS service should they use to encrypt the training data and model artifacts at rest?

A data scientist needs to allow a foundation model in Amazon Bedrock to access a specific S3 bucket containing reference documents. The bucket is in a different AWS account. What is the MOST secure way to grant access?

A company uses Bedrock Guardrails to filter harmful content in a generative AI application. They need to prevent the model from discussing proprietary internal projects. Which Guardrail component should be configured?

A financial services firm needs to ensure that all calls to Amazon Bedrock APIs are logged for audit purposes. Which AWS service should they enable to capture API calls?

A company wants to detect sensitive data such as PII in their training datasets stored in S3 before using them for model training. Which AWS service should they use?

A company uses SageMaker Clarify to detect bias in a deployed model. The monitoring must run automatically on a schedule. Which SageMaker feature should they use?

An organization uses AWS Lake Formation to govern a data lake used for SageMaker training. They need to enforce row-level security so that different teams only see data relevant to their projects. Which Lake Formation feature should they use?

A company wants to use Amazon Bedrock to generate responses grounded in their proprietary knowledge base. They need to minimize hallucinations and ensure responses are based on the provided documents. Which feature should they enable?

A data scientist needs to restrict access to a SageMaker notebook instance to only the corporate network. Which configuration should they use?

Question 10mediummultiple choice
Review the full subnetting walkthrough →

A company needs to ensure that model inference endpoints in SageMaker are only accessible from a private subnet in their VPC, and no traffic goes over the public internet. Which network configuration should they use?

A company using Amazon Bedrock needs to redact personally identifiable information (PII) from user inputs before sending them to the foundation model. Which Bedrock Guardrails component should be configured?

A company wants to use a third-party foundation model in Bedrock and is concerned about the provider's data handling policies. Which action should they take to ensure their data is not used for model training by the provider?

A company needs to govern the lifecycle of ML models, including versioning, monitoring for drift, and decommissioning outdated models. Which TWO services should they use? (Choose 2)

A company wants to enforce strict data residency for training data used in SageMaker. The data must never leave a specific AWS Region. Which THREE actions should they take? (Choose 3)

A company wants to log all model invocation requests in Amazon Bedrock for audit and troubleshooting. Which TWO destinations can they configure for invocation logging? (Choose 2)

A data scientist wants to restrict which IAM roles can invoke a specific Amazon Bedrock base model. Which AWS feature should they use?

A healthcare company uses Amazon SageMaker to train a model on patient data. To meet HIPAA compliance, they must ensure training data is encrypted at rest and in transit. Additionally, the training job should not have internet access. Which combination of actions should the company take?

A financial services firm uses Amazon Bedrock to generate investment summaries. They need to prevent the model from generating content containing personally identifiable information (PII) such as social security numbers. Which feature should they configure in Bedrock Guardrails?

A company uses Amazon SageMaker Clarify to monitor a deployed model for bias. After running an analysis, they find that the model's predictions have a disparate impact on a protected group. What is the MOST appropriate next step?

A data governance team wants to enforce fine-grained access control on data in an Amazon S3 data lake used by multiple business units for AI training. Which AWS service should they use to define and manage data permissions at the table and column level?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security, Compliance, and Governance for AI Solutions sessions

Start a Security, Compliance, and Governance for AI Solutions only practice session

Every question in these sessions is drawn from the Security, Compliance, and Governance for AI Solutions domain — nothing else.

Related practice questions

Related AIF-C01 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the AIF-C01 exam test about Security, Compliance, and Governance for AI Solutions?
Security, Compliance, and Governance for AI Solutions questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security, Compliance, and Governance for AI Solutions questions in a focused session?
Yes — the session launcher on this page draws every question from the Security, Compliance, and Governance for AI Solutions domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other AIF-C01 topics?
Use the topic links above to move to related areas, or go back to the AIF-C01 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the AIF-C01 exam covers. They are not copied from any real exam or dump site.
AWS Certified AI Practitioner AIF-C01 Security, Compliance, and Governance for AI Solutions Practice Questions with Explanations | Courseiva