AWS Certified AI Practitioner (AIF-C01) — Question 26

A security company is using Amazon Bedrock to run foundation models (FMs). The company wants to ensure that only authorized users invoke the models. The company needs to identify any unauthorized access attempts to set appropriate AWS Identity and Access Management (IAM) policies and roles for future iterations of the FMs.
Which AWS service should the company use to identify unauthorized users that are trying to access Amazon Bedrock?

Answer options

• A. AWS Audit Manager
• B. AWS CloudTrail
• C. Amazon Fraud Detector
• D. AWS Trusted Advisor

Correct answer: B

Explanation

AWS CloudTrail is the correct choice as it logs all API calls made within an AWS account, which includes unauthorized access attempts. The other options do not specifically provide logging for access attempts: AWS Audit Manager focuses on compliance audits, Amazon Fraud Detector is aimed at detecting fraudulent activities, and AWS Trusted Advisor offers best practices but does not monitor access attempts.