AWS Certified Machine Learning – Specialty — Question 124

A machine learning specialist is developing a proof of concept for government users whose primary concern is security. The specialist is using Amazon
SageMaker to train a convolutional neural network (CNN) model for a photo classifier application. The specialist wants to protect the data so that it cannot be accessed and transferred to a remote host by malicious code accidentally installed on the training container.
Which action will provide the MOST secure protection?

Answer options

• A. Remove Amazon S3 access permissions from the SageMaker execution role.
• B. Encrypt the weights of the CNN model.
• C. Encrypt the training and validation dataset.
• D. Enable network isolation for training jobs.

Correct answer: D

Explanation

Enabling network isolation for training jobs ensures that the training environment does not have access to the internet or other network resources, significantly reducing the risk of data being exfiltrated by malicious code. Removing Amazon S3 access permissions (A) only limits access to S3 but doesn't protect against other threats. Encrypting the weights of the CNN model (B) and the training dataset (C) adds security but does not prevent unauthorized network access, making option D the most effective choice.