Q11 — AWS AIF-C01 Ch.1
Question 11 of 100 | ← Chapter 1
A security-focused company is using Amazon Bedrock to deploy foundation models (FMs). The company wants to ensure only authorized users can access the models. It needs to identify unauthorized access attempts to configure appropriate AWS Identity and Access Management (IAM) policies and roles for FM access control. Which AWS service should the company use to identify access attempts to Amazon Bedrock?
- A. AWS Audit Manager
- B. AWS CloudTrail ✓
- C. Amazon Fraud Detector
- D. AWS Trusted Advisor
Correct Answer: B. AWS CloudTrail
Explanation
This question tests knowledge of AWS services for security monitoring. To detect and log access attempts — especially unauthorized ones — to Amazon Bedrock, the company requires an audit trail of API calls and user activity. AWS CloudTrail records all AWS API calls, including those made to Amazon Bedrock, enabling detection of suspicious or unauthorized access. AWS Audit Manager supports compliance assessments, Amazon Fraud Detector identifies fraudulent activity, and AWS Trusted Advisor offers optimization recommendations — none provide real-time access logging. Therefore, the correct answer is B.