Exam AIF-C01 Topic 2 Question 12 Discussion
Actual exam question for Amazon's AIF-C01 exam
Question #: 12
Topic #: 2
Question #: 12
Topic #: 2
A security company is using Amazon Bedrock to run foundation models (FMs). The company wants to ensure that only authorized users invoke the models. The company needs to identify any unauthorized access attempts to set appropriate AWS Identity and Access Management (IAM) policies and roles for future iterations of the FMs.
Which AWS service should the company use to identify unauthorized users that are trying to access Amazon Bedrock?
Which AWS service should the company use to identify unauthorized users that are trying to access Amazon Bedrock?
Suggested Answer: B Vote an answer
AWS CloudTrail is a service that enables governance, compliance, and operational and risk auditing of your AWS account. It tracks API calls and identifies unauthorized access attempts to AWS resources, including Amazon Bedrock.
* AWS CloudTrail:
* Provides detailed logs of all API calls made within an AWS account, including those to Amazon Bedrock.
* Can identify unauthorized access attempts by logging and monitoring the API calls, which helps in setting appropriate IAM policies and roles.
* Why Option B is Correct:
* Monitoring and Security: CloudTrail logs all access requests and helps detect unauthorized access attempts.
* Auditing and Compliance: The logs can be used to audit user activity and enforce security measures.
* Why Other Options are Incorrect:
* A. AWS Audit Manager: Used for automating audit preparation, not for tracking real-time unauthorized access attempts.
* C. Amazon Fraud Detector: Designed to detect fraudulent online activities, not unauthorized access to AWS services.
* D. AWS Trusted Advisor: Provides best practice recommendations for AWS resources, not access monitoring.
Thus, B is the correct answer for identifying unauthorized users attempting to access Amazon Bedrock.
* AWS CloudTrail:
* Provides detailed logs of all API calls made within an AWS account, including those to Amazon Bedrock.
* Can identify unauthorized access attempts by logging and monitoring the API calls, which helps in setting appropriate IAM policies and roles.
* Why Option B is Correct:
* Monitoring and Security: CloudTrail logs all access requests and helps detect unauthorized access attempts.
* Auditing and Compliance: The logs can be used to audit user activity and enforce security measures.
* Why Other Options are Incorrect:
* A. AWS Audit Manager: Used for automating audit preparation, not for tracking real-time unauthorized access attempts.
* C. Amazon Fraud Detector: Designed to detect fraudulent online activities, not unauthorized access to AWS services.
* D. AWS Trusted Advisor: Provides best practice recommendations for AWS resources, not access monitoring.
Thus, B is the correct answer for identifying unauthorized users attempting to access Amazon Bedrock.
by Eric at Jan 04, 2026, 09:19 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).