AWS Certified Machine Learning Engineer – Associate (MLA-C01) — Question 65

A company needs to give its ML engineers appropriate access to training data. The ML engineers must access training data from only their own business group. The ML engineers must not be allowed to access training data from other business groups.
The company uses a single AWS account and stores all the training data in Amazon S3 buckets. All ML model training occurs in Amazon SageMaker.
Which solution will provide the ML engineers with the appropriate access?

Answer options

• A. Enable S3 bucket versioning.
• B. Configure S3 Object Lock settings for each user.
• C. Add cross-origin resource sharing (CORS) policies to the S3 buckets.
• D. Create IAM policies. Attach the policies to IAM users or IAM roles.

Correct answer: D

Explanation

The correct answer is D, as creating and attaching IAM policies to users or roles allows for fine-grained control over access permissions, ensuring that ML engineers only access their designated training data. Options A, B, and C do not address the specific access restrictions needed for different business groups and are not suitable for managing user permissions effectively.