AWS Certified Generative AI Developer - Professional

Get started today

Ultimate access to all questions.

Explanation:

Explanation

Option A is correct because it provides a comprehensive, AWS-native defense-in-depth solution that addresses all requirements:

Defense-in-depth safety controls: Amazon Bedrock guardrails with content filters set to high provide robust protection against prompt injection attacks. Guardrails are specifically designed for AI safety and can detect and block sophisticated prompt injection attempts.
Cross-Region failover capabilities: Using a guardrail profile to implement cross-Region guardrail inference ensures high availability and failover capabilities across AWS Regions.
Audit logging: Amazon CloudWatch Logs with custom metrics can capture detailed guardrail intervention events, providing comprehensive audit trails of all safety interventions.

Why other options are incorrect:

Option B: While it uses Bedrock guardrails, AWS WAF is not specifically designed for prompt injection attacks in AI contexts, and AWS CloudTrail logs API calls but doesn't provide detailed guardrail intervention events.
Option C: Amazon Comprehend custom classifiers are not the optimal solution for prompt injection detection compared to Bedrock guardrails, which are purpose-built for this use case.
Option D: This option mentions cross-Region guardrail replication, but storing logs in AWS CloudTrail alone may not provide the detailed guardrail intervention events needed for comprehensive auditing.

Option A provides the most complete solution by leveraging Bedrock's native safety features, cross-Region capabilities, and appropriate logging mechanisms.

Explanation:

Explanation

Option A is correct because it provides a comprehensive, AWS-native defense-in-depth solution that addresses all requirements:

Defense-in-depth safety controls: Amazon Bedrock guardrails with content filters set to high provide robust protection against prompt injection attacks. Guardrails are specifically designed for AI safety and can detect and block sophisticated prompt injection attempts.
Cross-Region failover capabilities: Using a guardrail profile to implement cross-Region guardrail inference ensures high availability and failover capabilities across AWS Regions.
Audit logging: Amazon CloudWatch Logs with custom metrics can capture detailed guardrail intervention events, providing comprehensive audit trails of all safety interventions.

Why other options are incorrect:

Option B: While it uses Bedrock guardrails, AWS WAF is not specifically designed for prompt injection attacks in AI contexts, and AWS CloudTrail logs API calls but doesn't provide detailed guardrail intervention events.
Option C: Amazon Comprehend custom classifiers are not the optimal solution for prompt injection detection compared to Bedrock guardrails, which are purpose-built for this use case.
Option D: This option mentions cross-Region guardrail replication, but storing logs in AWS CloudTrail alone may not provide the detailed guardrail intervention events needed for comprehensive auditing.

Option A provides the most complete solution by leveraging Bedrock's native safety features, cross-Region capabilities, and appropriate logging mechanisms.

Comments (0)

No comments yet.

A company is using Amazon Bedrock to build a customer-facing AI assistant that handles sensitive customer inquiries. The company must use defense-in-depth safety controls to block sophisticated prompt injection attacks. The company must keep audit logs of all safety interventions. The AI assistant must have cross-Region failover capabilities.

Which solution will meet these requirements?

Real Exam

Community

DDucse

Last updated: March 29, 2026 at 14:03

Configure Amazon Bedrock guardrails with content filters set to high to protect against prompt injection attacks. Use a guardrail profile to implement cross-Region guardrail inference. Use Amazon CloudWatch Logs with custom metrics to capture detailed guardrail intervention events.

78.6%