AWS Certified Machine Learning – Specialty — Question 195

A healthcare company is using an Amazon SageMaker notebook instance to develop machine learning (ML) models. The company's data scientists will need to be able to access datasets stored in Amazon S3 to train the models. Due to regulatory requirements, access to the data from instances and services used for training must not be transmitted over the internet.

Which combination of steps should an ML specialist take to provide this access? (Choose two.)

Answer options

• A. Configure the SageMaker notebook instance to be launched with a VPC attached and internet access disabled.
• B. Create and configure a VPN tunnel between SageMaker and Amazon S3.
• C. Create and configure an S3 VPC endpoint Attach it to the VPC.
• D. Create an S3 bucket policy that allows traffic from the VPC and denies traffic from the internet.
• E. Deploy AWS Transit Gateway Attach the S3 bucket and the SageMaker instance to the gateway.

Correct answer: A, C

Explanation

The correct answers are A and C. Configuring the SageMaker notebook instance with a VPC and disabling internet access ensures that all traffic remains within the private network, adhering to regulatory requirements. Creating an S3 VPC endpoint allows the SageMaker instance to access S3 directly without needing internet access. Options B, D, and E are either not necessary or do not directly ensure compliance with the requirement to avoid internet transmission.