Q18 — AWS AIF-C01 Ch.2

Question 18 of 100 | ← Chapter 2

A company wants to build a large language model (LLM) application using Amazon Bedrock and customer data stored in Amazon S3. Its security policy mandates that each team can access only its own team’s customer data. Which solution satisfies these requirements?

Correct Answer: A. Create an Amazon Bedrock custom service role for each team, granting access only to that team’s customer data.

Explanation

Option A implements least-privilege access by assigning each team a dedicated Amazon Bedrock service role scoped exclusively to its designated customer data in S3—enforcing data isolation per security policy. Option D conflates Bedrock execution roles with IAM roles and risks over-permissioning; B introduces insecure client-side enforcement; C violates data minimization and lacks access control granularity.