Q20 — AWS AIF-C01 Ch.2
Question 20 of 100 | ← Chapter 2
A financial institution is developing an AI application using Amazon Bedrock and hosting it within a Virtual Private Cloud (VPC). To meet regulatory compliance standards, the VPC must not permit any internet-bound traffic. Which AWS service or feature satisfies this requirement?
- A. AWS PrivateLink ✓
- B. Amazon Macie
- C. Amazon CloudFront
- D. Internet Gateway
Correct Answer: A. AWS PrivateLink
Explanation
AWS PrivateLink enables private, secure connectivity between a VPC and supported AWS services (including Amazon Bedrock) without traversing the public internet—fully satisfying the zero-internet-access compliance constraint. An Internet Gateway explicitly enables internet access, violating the requirement; Amazon Macie and CloudFront do not provide private service connectivity.