Topic 1 Question 126
A machine learning specialist is developing a proof of concept for government users whose primary concern is security. The specialist is using Amazon SageMaker to train a convolutional neural network (CNN) model for a photo classifier application. The specialist wants to protect the data so that it cannot be accessed and transferred to a remote host by malicious code accidentally installed on the training container. Which action will provide the MOST secure protection?
Remove Amazon S3 access permissions from the SageMaker execution role.
Encrypt the weights of the CNN model.
Encrypt the training and validation dataset.
Enable network isolation for training jobs.
ユーザの投票
コメント(7)
I will go with D, "cannot be accessed and transferred to a remote host by malicious code accidentally installed on the training container"
Based on the following link: https://aws.amazon.com/blogs/security/secure-deployment-of-amazon-sagemaker-resources/ "EnableNetworkIsolation – Set this to true when creating training, hyperparameter tuning, and inference jobs to prevent situations like malicious code being accidentally installed and transferring data to a remote host."
👍 17AShahine212021/10/21If you enable network isolation, the containers can't make any outbound network calls, even to other AWS services such as Amazon S3. Additionally, no AWS credentials are made available to the container runtime environment. In the case of a training job with multiple instances, network inbound and outbound traffic is limited to the peers of each training container. SageMaker still performs download and upload operations against Amazon S3 using your SageMaker execution role in isolation from the training or inference container.
👍 8achiko2021/09/27most likely it is C. https://docs.aws.amazon.com/sagemaker/latest/dg/data-protection.html
👍 5omar_bahrain2021/09/25
シャッフルモード