Q45 — AWS AIF-C01 Ch.2
Question 45 of 100 | ← Chapter 2
A security company is using Amazon Bedrock to host foundation models (FMs). The company wants to ensure only authorized users can access these models. It needs to identify any unauthorized access attempts to configure appropriate AWS Identity and Access Management (IAM) policies and roles for future iterations of the foundation models. Which AWS service should the company use to identify unauthorized users accessing Amazon Bedrock?
- A. AWS Audit Manager
- B. AWS CloudTrail ✓
- C. Amazon Fraud Detector
- D. AWS Trusted Advisor
Correct Answer: B. AWS CloudTrail
Explanation
AWS CloudTrail records user activity and API calls across AWS services, including management and data events. It provides detailed logs that can be stored, monitored, and analyzed to detect anomalous or unauthorized API call patterns. By reviewing CloudTrail event history, the company can identify and respond to unauthorized access attempts to Amazon Bedrock.