AWS Certified AI Practitioner

Get started today

Ultimate access to all questions.

Explanation:

Analysis of the Question Requirements

The medical company has two specific requirements:

Prevent the model from including personal patient information in its responses
Receive notifications when policy violations occur

These requirements call for a solution that both proactively filters sensitive content and provides alerting capabilities.

Evaluation of Each Option

Option A: Amazon Macie

Purpose: Amazon Macie is a data security service that uses machine learning to discover, classify, and protect sensitive data in AWS storage services (primarily S3).
Limitations: Macie is designed to scan and classify data at rest in storage, not to filter or moderate real-time model outputs. It cannot prevent sensitive information from being generated by a model; it can only detect such information after it has been generated and stored.
Suitability: While Macie could potentially scan stored outputs for sensitive data and trigger alerts, it does not meet the first requirement of preventing the inclusion of personal information in the model's responses.

Option B: AWS CloudTrail

Purpose: CloudTrail is an auditing service that logs API calls and account activity for governance, compliance, and operational auditing.
Limitations: CloudTrail monitors API activity but does not have built-in capabilities to detect personal information in model outputs. It would require additional processing and analysis of logs to identify policy violations, making it an indirect and complex solution.
Suitability: CloudTrail alone cannot prevent sensitive information from being included in responses, and it is not optimized for real-time content filtering or violation detection.

Option C: Guardrails for Amazon Bedrock + CloudWatch Alarms

Guardrails for Amazon Bedrock: This service is specifically designed to implement safeguards for generative AI applications. It allows configuration of content filters to block or mask sensitive information (like personal health information) before it reaches the end user. This directly addresses the prevention requirement.
Amazon CloudWatch Alarms: CloudWatch can monitor metrics and logs, including those from Guardrails. When Guardrails detects policy violations (such as blocked sensitive content), CloudWatch alarms can be configured to send notifications via SNS, email, or other channels.
Suitability: This combination provides both proactive prevention (through Guardrails) and reactive alerting (through CloudWatch), fully meeting both requirements.

Option D: Amazon SageMaker Model Monitor

Purpose: Model Monitor is designed to detect concept drift, data quality issues, and model performance degradation in machine learning models deployed on SageMaker.
Limitations: It focuses on model quality metrics (accuracy, precision, etc.) rather than content filtering or privacy compliance. It cannot prevent or detect personal information in model outputs.
Suitability: Completely irrelevant to the requirements of preventing personal information disclosure and alerting on policy violations.

Conclusion

Option C is the optimal solution because:

Guardrails for Amazon Bedrock provides the necessary content filtering capabilities to prevent personal patient information from appearing in model responses.
Amazon CloudWatch Alarms enables real-time notification when policy violations are detected by Guardrails.
This combination is specifically designed for generative AI applications on Amazon Bedrock, making it the most direct and effective approach.

The other options either address only part of the requirements (like alerting without prevention) or are designed for different use cases entirely.

Explanation:

Analysis of the Question Requirements

The medical company has two specific requirements:

Prevent the model from including personal patient information in its responses
Receive notifications when policy violations occur

These requirements call for a solution that both proactively filters sensitive content and provides alerting capabilities.

Evaluation of Each Option

Option A: Amazon Macie

Purpose: Amazon Macie is a data security service that uses machine learning to discover, classify, and protect sensitive data in AWS storage services (primarily S3).
Limitations: Macie is designed to scan and classify data at rest in storage, not to filter or moderate real-time model outputs. It cannot prevent sensitive information from being generated by a model; it can only detect such information after it has been generated and stored.
Suitability: While Macie could potentially scan stored outputs for sensitive data and trigger alerts, it does not meet the first requirement of preventing the inclusion of personal information in the model's responses.

Option B: AWS CloudTrail

Purpose: CloudTrail is an auditing service that logs API calls and account activity for governance, compliance, and operational auditing.
Limitations: CloudTrail monitors API activity but does not have built-in capabilities to detect personal information in model outputs. It would require additional processing and analysis of logs to identify policy violations, making it an indirect and complex solution.
Suitability: CloudTrail alone cannot prevent sensitive information from being included in responses, and it is not optimized for real-time content filtering or violation detection.

Option C: Guardrails for Amazon Bedrock + CloudWatch Alarms

Guardrails for Amazon Bedrock: This service is specifically designed to implement safeguards for generative AI applications. It allows configuration of content filters to block or mask sensitive information (like personal health information) before it reaches the end user. This directly addresses the prevention requirement.
Amazon CloudWatch Alarms: CloudWatch can monitor metrics and logs, including those from Guardrails. When Guardrails detects policy violations (such as blocked sensitive content), CloudWatch alarms can be configured to send notifications via SNS, email, or other channels.
Suitability: This combination provides both proactive prevention (through Guardrails) and reactive alerting (through CloudWatch), fully meeting both requirements.

Option D: Amazon SageMaker Model Monitor

Purpose: Model Monitor is designed to detect concept drift, data quality issues, and model performance degradation in machine learning models deployed on SageMaker.
Limitations: It focuses on model quality metrics (accuracy, precision, etc.) rather than content filtering or privacy compliance. It cannot prevent or detect personal information in model outputs.
Suitability: Completely irrelevant to the requirements of preventing personal information disclosure and alerting on policy violations.

Conclusion

Option C is the optimal solution because:

Guardrails for Amazon Bedrock provides the necessary content filtering capabilities to prevent personal patient information from appearing in model responses.
Amazon CloudWatch Alarms enables real-time notification when policy violations are detected by Guardrails.
This combination is specifically designed for generative AI applications on Amazon Bedrock, making it the most direct and effective approach.

The other options either address only part of the requirements (like alerting without prevention) or are designed for different use cases entirely.

Comments (0)

No comments yet.

A medical company has implemented a disease detection model using Amazon Bedrock. To adhere to privacy regulations, they need to ensure the model does not output any personal patient information in its responses. Additionally, they require alerts to be generated whenever any policy violations are detected.

What solution fulfills these requirements?

Exam-Like

Last updated: February 8, 2026 at 20:17

Use Amazon Macie to scan the model's output for sensitive data and set up alerts for potential violations.

20.0%

Configure AWS CloudTrail to monitor the model's responses and create alerts for any detected personal information.

0.0%

Use Guardrails for Amazon Bedrock to filter content. Set up Amazon CloudWatch alarms for notification of policy violations.