AWS Certified Generative AI – Professional (AIP-C01) — Question 17
A company is using Amazon Bedrock to build a customer-facing AI assistant to handle sensitive customer inquiries. The company must use defense-in-depth safety controls to block sophisticated prompt injection attacks. The company must keep audit logs of all safety interventions. The AI assistant must have cross-Region failover capabilities.
Which solution will meet these requirements?
Answer options
- A. Configure Amazon Bedrock guardrails to use content filters to protect against prompt injection attacks. Set the content filters to high. Use a guardrail profile to implement cross-Region guardrail inference. Use Amazon CloudWatch Logs with custom metrics to capture detailed guardrail intervention events.
- B. Configure Amazon Bedrock guardrails to use content filters to protect against prompt injection attacks. Set the content filters to high. Use AWS WAF to block suspicious inputs. Use AWS CloudTrail to log API calls for audits.
- C. Deploy Amazon Comprehend custom classification to detect prompt injection attacks. Use Amazon API Gateway to validate requests. Use Amazon CloudWatch Logs with custom metrics to capture detailed intervention events.
- D. Configure Amazon Bedrock guardrails to use custom content filters to protect against harmful content. Set the content filters to high. Use word filters to protect against known attack patterns. Configure cross-Region guardrail replication to provide failover capabilities. Store logs in AWS CloudTrail for compliance auditing.
Correct answer: A
Explanation
Option A is correct because it effectively uses Amazon Bedrock guardrails with content filters and cross-Region capabilities while logging interventions through Amazon CloudWatch Logs. Option B lacks the cross-Region failover aspect and uses AWS WAF instead of guardrails. Option C does not utilize Amazon Bedrock for content filtering or logging as required, and Option D does not implement the required guardrail profile for cross-Region inference.