Q26 — AWS AIF-C01 Ch.1
Question 26 of 100 | ← Chapter 1
A company wants to use a foundation model (FM) on Amazon Bedrock to build a chatbot. The FM needs to access encrypted data stored in an Amazon S3 bucket. The data is encrypted using Amazon S3 managed keys (SSE-S3). The FM fails when attempting to access the S3 bucket data. Which solution satisfies these requirements?
- A. Ensure the IAM role assumed by Amazon Bedrock has permissions to decrypt the data using the correct encryption key. ✓
- B. Configure the S3 bucket’s access permissions to allow public access for internet-based access.
- C. Use prompt engineering techniques to instruct the model to locate information in Amazon S3.
- D. Ensure the S3 data does not contain sensitive information.
Correct Answer: A. Ensure the IAM role assumed by Amazon Bedrock has permissions to decrypt the data using the correct encryption key.
Explanation
This question tests understanding of resolving FM access failures to encrypted data. In cloud environments, encrypted data access requires strict authorization. Option A is correct: granting the Amazon Bedrock-assumed IAM role appropriate decryption permissions resolves the access failure. Option B is insecure. Option C cannot resolve permission issues. Option D does not address the access failure. Therefore, option A satisfies the requirements.