All AIF-C01 Test Inside Amazon Web Services Questions

AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It tracks API calls and identifies unauthorized access attempts to AWS resources, including Amazon Bedrock.

AWS CloudTrail:

Provides detailed logs of all API calls made within an AWS account, including those to Amazon Bedrock.

Can identify unauthorized access attempts by logging and monitoring the API calls, which helps in setting appropriate IAM policies and roles.

Why Option B is Correct:

Monitoring and Security: CloudTrail logs all access requests and helps detect unauthorized access attempts.

Auditing and Compliance: The logs can be used to audit user activity and enforce security measures.

Why Other Options are Incorrect:

A. AWS Audit Manager: Used for automating audit preparation, not for tracking real-time unauthorized access attempts.

C. Amazon Fraud Detector: Designed to detect fraudulent online activities, not unauthorized access to AWS services.

D. AWS Trusted Advisor: Provides best practice recommendations for AWS resources, not access monitoring.

Thus, B is the correct answer for identifying unauthorized users attempting to access Amazon Bedrock.

Precision is the metric that measures the proportion of true positives (actual frauds) among all flagged positives (flagged frauds). High precision ensures that most of the flagged cases are truly fraudulent, minimizing the number of false positives employees must review.

C is correct:

" Precision is the ratio of true positives to all predicted positives, and it answers: ‘Of all the cases flagged as fraud, how many were actually fraud?’ High precision means fewer non-fraudulent cases are sent for manual review. "

(Reference: AWS ML Concepts – Precision and Recall, AWS Certified AI Practitioner Study Guide)

A (Recall) measures how many actual frauds are caught, but does not minimize false positives.

B (Accuracy) can be misleading in imbalanced datasets (like fraud detection).

The correct answer is A – Data residency. AWS defines data residency as ensuring that regulated or sensitive data—such as patient medical records under healthcare laws—remains physically stored and processed within specific national or regional boundaries. This aligns with regulatory frameworks such as HIPAA, GDPR, and country-specific health data protection acts. AWS allows customers to deploy all ML workloads, including Amazon SageMaker, Amazon Bedrock, and Amazon S3, within a chosen AWS Region, ensuring no cross-border data movement unless explicitly configured. Data quality (B) refers to accuracy and consistency, discoverability (C) relates to cataloging, and enrichment (D) refers to enhancing datasets. None of these address the compliance requirement to prevent data from leaving the country. Data residency is a core component of AWS’s Shared Responsibility Model and foundational for healthcare AI compliance.

Referenced AWS Documentation:

AWS Data Privacy Whitepaper – Data Residency Controls

AWS Compliance Programs – Regional Data Handling Requirements