AWS Certified AI Practitioner (AIF-C01) — Question 273

A company wants to fine-tune an ML model that is hosted on Amazon Bedrock. The company wants to use its own sensitive data that is stored in private databases in a VPC. The data needs to stay within the company’s private network.

Which solution will meet these requirements?

Answer options

• A. Restrict access to Amazon Bedrock by using an AWS Identity and Access Management (IAM) service role.
• B. Restrict access to Amazon Bedrock by using an AWS Identity and Access Management (IAM) resource policy.
• C. Use AWS PrivateLink to connect the VPC and Amazon Bedrock.
• D. Use AWS Key Management Service (AWS KMS) keys to encrypt the data.

Correct answer: C

Explanation

AWS PrivateLink provides private connectivity between VPCs and AWS services like Amazon Bedrock, ensuring that data traffic does not traverse the public internet. While IAM roles and resource policies manage access permissions, they do not secure network routing or prevent data from leaving the private network. AWS KMS is used for encrypting data at rest and in transit but cannot establish the required private network path on its own.