Exam AIP-C01 Topic 4 Question 8 Discussion
Actual exam question for Amazon's AIP-C01 exam
Question #: 8
Topic #: 4
Question #: 8
Topic #: 4
A medical company is creating a generative AI (GenAI) system by using Amazon Bedrock. The system processes data from various sources and must maintain end-to-end data lineage. The system must also use real- time personally identifiable information (PII) filtering and audit trails to automatically report compliance.
Which solution will meet these requirements?
Which solution will meet these requirements?
Suggested Answer: A Vote an answer
Option A is the most comprehensive and architecturally aligned solution for meeting end-to-end data lineage, real-time PII filtering, and automated compliance reporting requirements in a medical GenAI system built on Amazon Bedrock. Each requirement maps directly to a managed AWS service that is purpose-built for governance, security, and compliance.
AWS Glue Data Catalog is designed to register datasets across multiple sources and maintain metadata that supports lineage tracking. By cataloging all inputs that flow into the Bedrock-based system, the organization can trace how data moves from ingestion through processing and storage, which is essential for regulatory audits in healthcare environments.
For real-time PII filtering, Amazon Bedrock Guardrails provide native PII detection and filtering during model inference. Guardrails operate inline with model invocation, ensuring sensitive information is blocked or redacted before responses are returned to users. This satisfies the requirement for real-time protection rather than post-processing analysis.
AWS CloudTrail delivers a complete audit trail of all Amazon Bedrock API calls, including InvokeModel requests and configuration changes. Storing these logs in Amazon S3 enables long-term retention and supports compliance audits. CloudTrail ensures traceability of who accessed the system, when, and how it was used.
To strengthen compliance monitoring, Amazon Macie continuously scans stored data for sensitive information and automatically classifies findings. Publishing Macie findings to Amazon CloudWatch Logs and visualizing them through dashboards enables near-real-time visibility into compliance posture and supports automated reporting workflows.
The other options fall short. Option B performs PII filtering at the application edge rather than at inference time and relies on scheduled analysis instead of real-time enforcement. Option C focuses on replication and document processing rather than inline GenAI governance. Option D uses services that are not designed for PII detection in text-based GenAI workflows and lacks native lineage tracking.
Therefore, A best fulfills all stated requirements using AWS-recommended governance and security capabilities.
AWS Glue Data Catalog is designed to register datasets across multiple sources and maintain metadata that supports lineage tracking. By cataloging all inputs that flow into the Bedrock-based system, the organization can trace how data moves from ingestion through processing and storage, which is essential for regulatory audits in healthcare environments.
For real-time PII filtering, Amazon Bedrock Guardrails provide native PII detection and filtering during model inference. Guardrails operate inline with model invocation, ensuring sensitive information is blocked or redacted before responses are returned to users. This satisfies the requirement for real-time protection rather than post-processing analysis.
AWS CloudTrail delivers a complete audit trail of all Amazon Bedrock API calls, including InvokeModel requests and configuration changes. Storing these logs in Amazon S3 enables long-term retention and supports compliance audits. CloudTrail ensures traceability of who accessed the system, when, and how it was used.
To strengthen compliance monitoring, Amazon Macie continuously scans stored data for sensitive information and automatically classifies findings. Publishing Macie findings to Amazon CloudWatch Logs and visualizing them through dashboards enables near-real-time visibility into compliance posture and supports automated reporting workflows.
The other options fall short. Option B performs PII filtering at the application edge rather than at inference time and relies on scheduled analysis instead of real-time enforcement. Option C focuses on replication and document processing rather than inline GenAI governance. Option D uses services that are not designed for PII detection in text-based GenAI workflows and lacks native lineage tracking.
Therefore, A best fulfills all stated requirements using AWS-recommended governance and security capabilities.
by Kenneth at Feb 09, 2026, 01:36 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).