AWS Certified Machine Learning Engineer – Associate (MLA-C01) — Question 94

A company is working on an ML project that will include Amazon SageMaker notebook instances. An ML engineer must ensure that the SageMaker notebook instances do not allow root access.

Which solution will prevent the deployment of notebook instances that allow root access?

Answer options

• A. Use IAM condition keys to stop deployments of SageMaker notebook instances that allow root access.
• B. Use AWS Key Management Service (AWS KMS) keys to stop deployments of SageMaker notebook instances that allow root access.
• C. Monitor resource creation by using Amazon EventBridge events. Create an AWS Lambda function that deletes all deployed SageMaker notebook instances that allow root access.
• D. Monitor resource creation by using AWS CloudFormation events. Create an AWS Lambda function that deletes all deployed SageMaker notebook instances that allow root access.

Correct answer: A

Explanation

The correct answer is A because using IAM condition keys allows you to set permissions that specifically deny root access to SageMaker notebook instances during deployment. Options B, C, and D do not directly address the prevention of root access at the time of deployment, making them ineffective for this requirement.