Question 1

A healthcare company stores patient intake forms, insurance documents, and medical records as PDF files in multiple Amazon S3 buckets. Before building a GenAI document summarization system, the security team needs to identify which S3 buckets contain sensitive PII (like Social Security numbers, patient names, and medical record numbers) to ensure proper access controls are in place.Which AWS service should the security team use to automatically discover and classify sensitive data across their S3 buckets?

Options :

A : Amazon Inspector

B : Amazon Macie

C : Amazon Comprehend

D : AWS CloudTrail

Answer: B

Question 2

A large financial services enterprise is building a centralized platform to allow internal development teams to consume Foundation Models (FMs) from Amazon Bedrock. To ensure strict compliance and governance, the organization requires a "GenAI Gateway" architecture.The architecture must meet the following requirements:Prevent "Shadow AI" by forcing all internal applications to route requests through a single control point that logs every prompt and response for auditing.Automate the testing of prompt templates. Whenever a prompt engineer updates a standard system prompt, it must be automatically evaluated for toxicity and accuracy before being made available to applications.Ensure that PII is automatically redacted from prompts before they are sent to the model provider.Which combination of actions should you implement to achieve this?

Options :

A : Grant all internal application roles direct IAM permissions to bedrock:InvokeModel. Enable AWS CloudTrail data events for Amazon Bedrock to capture the request payloads and response bodies for auditing purposes.

B : Use Amazon Inspector within the CI/CD pipeline to scan the weights of the Amazon Bedrock base models for vulnerabilities and malware before approving them for use in the production environment.

C : Implement AWS AppSync with a direct data source to Amazon Bedrock. Use VTL resolvers to hardcode the system prompts within the API definition, ensuring that developers cannot modify them without redeploying the API.

D : Develop a centralized REST API using Amazon API Gateway and AWS Lambda. Configure the Lambda function to act as an abstraction layer that intercepts requests, uses Amazon Comprehend to detect and redact PII, logs the transaction to Amazon CloudWatch Logs, and then invokes Amazon Bedrock.

E : Create an AWS CodePipeline for prompt versioning. Include an AWS CodeBuild stage that runs an automated evaluation script (using a library like Ragas or specific Bedrock evaluations) against the new prompt candidate. Configure the pipeline to fail and rollback if the toxicity score exceeds a defined threshold.

Answer: D,E

Question 3

A news aggregator uses a RAG architecture with Amazon OpenSearch Service (Provisioned) as the vector store. The system ingests breaking news in real-time, performing thousands of vector insertions per minute.Users are reporting that the "Related Articles" search is becoming increasingly slow (high latency) during these ingestion spikes. The OpenSearch cluster metrics show high CPU utilization and high JVM memory pressure.The index is configured with the standard settings for k-NN search.Which index configuration change should the developer apply to improve search performance under heavy ingestion load?

Options :

A : Change the vector data type from float32 to binary to reduce the storage footprint.

B : Switch the index engine from nmslib to faiss and enable the ivf (Inverted File) algorithm.

C : Enable the "Force Merge" operation to run automatically every minute to reduce the number of segments in the index.

D : Increase the refresh_interval setting of the OpenSearch index (e.g., from 1s to 30s or 60s).

Answer: D

Question 4

A bank uses an AWS CodePipeline to deploy a GenAI loan approval application. The application consists of an Amazon Bedrock Knowledge Base and a set of Lambda functions. The compliance team requires that before any new Knowledge Base configuration (e.g., chunking strategy change) is promoted to Production, it must pass a "Golden Set" evaluation.If the evaluation score (F1 score) is below 0.85, the pipeline must automatically rollback.Which solution meets these requirements?

Options :

A : Use Amazon Inspector within the pipeline to scan the Knowledge Base configuration for misconfigurations and vulnerabilities.

B : Add a Manual Approval action to the pipeline. Configure an Amazon SNS notification to the compliance team with a link to the Bedrock Console so they can manually test the agent and click "Approve."

C : Add a Test Stage to the pipeline. Use AWS CodeBuild to run a script that invokes the new Knowledge Base Retrieve API against the golden questions. Calculate the score and return a non-zero exit code if it fails, causing the pipeline to stop.

D : Use AWS CloudFormation Guard. Define a policy that checks the VectorIndexConfiguration parameter in the template. Fail the stack deployment if the chunking strategy has changed.

Answer: C

Question 5

A biotechnology company has fine-tuned an open-source LLaMA model on their proprietary research dataset to generate scientific hypotheses. They need to deploy this custom model to a production endpoint where it can be invoked by their research application. The team requires control over the instance type (GPU-optimized) and auto-scaling policies.Which AWS service should they use to deploy and host their custom fine-tuned model?

Options :

A : AWS Lambda with container images

B : Amazon Bedrock with custom model import

C : Amazon SageMaker AI with real-time endpoints

D : Amazon EC2 with manual model deployment

Answer: C

Confidently Practice Online with Free AIP-C01 Exam Cram

Buying Options: