Questão 49 — Amazon AIF-C01 Simulado | AWS Certified AI Practitioner Questões e Respostas

A security company is using Amazon Bedrock to run foundation models (FMs). The company wants to ensure that only authorized users invoke the models. The company needs to identify any unauthorized access attempts to set appropriate AWS Identity and Access Management (IAM) policies and roles for future iterations of the FMs. Which AWS service should the company use to identify unauthorized users that are trying to access Amazon Bedrock?
  • A. AWS Audit Manager
  • B. AWS CloudTrail
  • C. Amazon Fraud Detector
  • D. AWS Trusted Advisor
Resposta correta: B

Explicação

Explanation: AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It tracks API calls and identifies unauthorized access attempts to AWS resources, including Amazon Bedrock. AWS CloudTrail: Provides detailed logs of all API calls made within an AWS account, including those to Amazon Bedrock. Can identify unauthorized access attempts by logging and monitoring the API calls, which helps in setting appropriate IAM policies and roles. Why Option B is Correct: Monitoring and Security: CloudTrail logs all access requests and helps detect unauthorized access attempts. Auditing and Compliance: The logs can be used to audit user activity and enforce security measures. Why Other Options are Incorrect: A . AWS Audit Manager: Used for automating audit preparation, not for tracking real-time unauthorized access attempts. C . Amazon Fraud Detector: Designed to detect fraudulent online activities, not unauthorized access to AWS services. D . AWS Trusted Advisor: Provides best practice recommendations for AWS resources, not access monitoring. Thus, B is the correct answer for identifying unauthorized users attempting to access Amazon Bedrock.