Topic 1 Question 66
A company wants to develop a large language model (LLM) application by using Amazon Bedrock and customer data that is uploaded to Amazon S3. The company's security policy states that each team can access data for only the team's own customers. Which solution will meet these requirements?
Create an Amazon Bedrock custom service role for each team that has access to only the team's customer data.
Create a custom service role that has Amazon S3 access. Ask teams to specify the customer name on each Amazon Bedrock request.
Redact personal data in Amazon S3. Update the S3 bucket policy to allow team access to customer data.
Create one Amazon Bedrock role that has full Amazon S3 access. Create IAM roles for each team that have access to only each team's customer folders.
ユーザの投票
コメント(11)
I think it should be D, one IAM role for the service, and multiple IAM roles for the teams
👍 3jove2024/11/10- 正解だと思う選択肢: D
A. Create an Amazon Bedrock custom service role for each team that has access to only the team's customer data While this restricts data access, managing multiple service roles for Amazon Bedrock per team is unnecessarily complex and does not align with Bedrock’s design of using a single service role.
B. Create a custom service role that has Amazon S3 access. Ask teams to specify the customer name on each Amazon Bedrock request Relying on teams to specify the customer name without enforcing access control policies does not guarantee compliance with the security policy.
C. Redact personal data in Amazon S3. Update the S3 bucket policy to allow team access to customer data Redacting personal data is helpful for privacy but does not solve the issue of restricting access based on team-specific customer data.
👍 3Contactfornitish2024/11/30 - 正解だと思う選択肢: A
Creating a Bedrock role with access to all S3 data violates the principle of least privilege.
👍 2taka50942024/11/11
シャッフルモード