AIP-C01 AWS Certified Generative AI Developer - Professional Question and Answers

Option B best meets the multimodal, ethical, and auditability requirements using managed AWS services designed for research-grade GenAI systems. Multimodal data such as audio, video, sensor telemetry, and tracking data must be curated and summarized before being consumed by a foundation model. Amazon SageMaker Processing and Amazon Transcribe provide scalable, managed preprocessing for audiovisual and textual data.

By ingesting summarized, validated observations into Amazon Bedrock Knowledge Bases, the GenAI assistant can answer natural language queries using grounded, evidence-based context instead of raw sensor signals. This significantly reduces the risk of speculative or anthropomorphic interpretations.

Amazon Bedrock guardrails are critical for preventing speculative behavioral claims, enforcing scientific and ethical constraints at inference time. Guardrails provide a validated, auditable safety layer that custom Lambda-based filters cannot reliably replicate.

AWS AppConfig enables controlled prompt management and change governance, ensuring that research prompts remain consistent and reviewable. AWS CloudTrail captures all access, query, and configuration changes, supporting ethical research audits and regulatory reviews.

Option A lacks grounding and speculative safeguards. Option C focuses on text analytics and does not properly handle multimodal reasoning or safety enforcement. Option D relies heavily on custom logic and introduces unnecessary operational risk.

Therefore, Option B provides the most robust, ethical, and auditable GenAI architecture for wildlife behavior research.

Option B is the correct solution because it leverages native Amazon Bedrock intelligent prompt routing, which is specifically designed to reduce cost and complexity in multi-model GenAI architectures. Intelligent prompt routing automatically analyzes incoming prompts and selects the most appropriate foundation model based on prompt characteristics and complexity—without requiring custom classification logic or orchestration code.

This approach directly meets the requirement for least implementation effort. The company does not need to deploy additional Lambda functions, maintain routing rules, or manage separate classification stages. Routing decisions are handled by Bedrock, which simplifies architecture and reduces operational risk.

By routing the majority (70%) of simple product inquiries to smaller, lower-cost models, the company minimizes inference cost and latency. More complex return policy inquiries are automatically routed to larger models that provide better reasoning capabilities, preserving response quality and customer satisfaction.

Because routing is handled inline by Bedrock, response latency remains low compared to multi-stage architectures that require an additional classification model call before inference. This is critical for customer service scenarios where responsiveness directly impacts satisfaction.

Option A introduces additional inference steps and custom logic. Option C increases cost by overusing a mid-sized model for all queries. Option D relies on brittle keyword rules and increases operational overhead through endpoint management.

Therefore, Option B delivers the optimal balance of cost efficiency, performance, and simplicity for dynamic model selection in Amazon Bedrock.

Option C is the correct solution because Amazon Bedrock guardrails are purpose-built to enforce defense-in-depth safety controls for GenAI applications with minimal operational overhead. Guardrails provide managed, policy-based enforcement that operates before prompts are sent to the foundation model and after responses are generated, which directly satisfies the requirement that PII must not be sent to the model and must not appear in outputs.

By configuring a sensitive information policy, the application can automatically detect and redact PII in user inputs and model responses without building custom preprocessing pipelines. This approach is more reliable and scalable than regex or prompt engineering techniques, which are brittle and error-prone for sensitive data handling.

The topic policy capability in Amazon Bedrock guardrails allows the bank to explicitly block investment advice topics, ensuring regulatory compliance. This policy-based approach is safer and more auditable than attempting to steer the model only through prompt instructions.

Using the Converse API enables structured, standardized interactions with the model and supports consistent logging of requests and responses. Enabling delivery logging and image logging to Amazon S3 ensures that all customer interactions, including documents and images, are captured in a durable, auditable storage layer. This directly supports compliance, regulatory audits, and forensic analysis.

Option A incorrectly relies on Amazon Macie, which is designed for data-at-rest discovery rather than real-time conversational filtering. Option B introduces custom Lambda pipelines and topic modeling, increasing operational complexity. Option D relies on regex and prompt engineering, which do not meet financial-grade compliance standards.

Therefore, Option C delivers the strongest security, governance, and auditability with the least operational effort.

Option B is the correct solution because Amazon Bedrock Knowledge Bases with the RetrieveAndGenerate API provide a fully managed Retrieval Augmented Generation (RAG) capability that directly addresses grounding, citation, and hallucination prevention with the least operational overhead.

Amazon Bedrock Knowledge Bases automatically manage document ingestion, chunking, embedding, retrieval, and ranking from approved data sources. When used with the RetrieveAndGenerate API, the model is constrained to generate responses only from retrieved, approved clinical documentation, significantly reducing the risk of hallucinations or unsupported claims. The API also returns explicit source citations, which satisfies regulatory and clinical transparency requirements without requiring custom comparison or validation logic.

This approach aligns with AWS best practices for healthcare GenAI workloads, where correctness and traceability are critical. Because retrieval and generation are tightly integrated, the system avoids multi-step orchestration, custom verification pipelines, or additional compute layers that would increase latency and maintenance burden.

Option A introduces Amazon Kendra and custom post-processing logic, increasing operational complexity. Option C focuses on entity extraction rather than controlled knowledge grounding and does not guarantee citation or hallucination prevention. Option D requires manual orchestration between retrieval and generation and custom verification logic, which increases development and maintenance effort.

Therefore, Option B delivers accurate, grounded, and cited clinical recommendations with minimal infrastructure and operational overhead.

Option B is the correct solution because Amazon Bedrock Prompt Management is purpose-built to manage, govern, and standardize prompt usage at scale across teams and Regions. It provides native version control, allowing teams to track prompt changes over time and ensure that only approved versions are used in production workflows.

Prompt Management supports approval workflows that align with enterprise governance requirements. Approval permissions can be enforced through IAM policies, ensuring that only authorized reviewers can approve or publish prompt versions. This removes the need for custom workflow engines or external storage systems, significantly reducing operational overhead.

Parameterized prompt templates enable consistent prompt structure while allowing controlled variation through defined variables. This ensures consistent quality standards and reduces prompt drift, which is critical when hundreds of prompts are reused across multiple applications and teams.

AWS CloudTrail integrates natively with Amazon Bedrock to provide immutable audit logs for prompt creation, updates, approvals, and usage. These detailed audit trails satisfy compliance requirements and allow security and governance teams to trace prompt activity across Regions and users.

Option A requires significant custom development to coordinate approvals and maintain state. Option C relies on general-purpose workflow services and manual versioning mechanisms that are error-prone and difficult to scale. Option D uses services not designed for large-scale GenAI prompt governance and introduces unnecessary complexity.

Therefore, Option B best meets the requirements for scalable, auditable, and low-overhead governance of AI-generated content using Amazon Bedrock.

Option D best satisfies all functional, performance, and governance requirements while minimizing architectural complexity. The requirement explicitly states that all filtering must complete before content reaches the foundation model, which rules out asynchronous or streaming-based approaches that could delay enforcement.

Amazon Comprehend supports toxicity detection, prompt safety classification, and PII detection with entity redaction as managed capabilities. Running these filters in parallel ensures low end-to-end latency, which is essential for customer-facing communication platforms. Parallel execution avoids the cumulative latency that would be introduced by sequential pipelines.

Toxicity detection identifies offensive or abusive content early. Prompt safety classification detects requests for unethical, harmful, or manipulative advice, which directly addresses inappropriate advice solicitation requirements. PII detection with entity redaction ensures that customer privacy is preserved before data is sent to the FM, preventing sensitive information from being processed or echoed in generated responses.

Configuring thresholds allows fine-grained control over sensitivity while maintaining acceptable false-positive rates. Using CloudWatch metrics and alarms enables continuous monitoring of filtering behavior and intervention rates without adding custom routing or human review pipelines that would slow responses.

Option A lacks PII redaction. Option B introduces unnecessary model-building complexity and delayed PII checks. Option C adds sequential latency and introduces human review routing, which violates the response-time requirement.

Therefore, Option D provides the most robust, performant, and AWS-aligned layered content filtering solution.

Option C is the correct solution because it uses a single, well-tuned Amazon Bedrock guardrail that applies different actions to different content types, which is the recommended approach for minimizing false positives while enforcing strong policy controls.

Setting content filters to medium rather than high reduces overblocking of benign customer conversations while still preventing harmful content. Amazon Bedrock guardrails are designed to balance precision and recall, and medium sensitivity is commonly recommended for customer-facing financial services use cases.

Denied topics explicitly prevent the assistant from discussing investment advice, which is a regulatory requirement. Including definitions and sample phrases improves detection accuracy and reduces ambiguity.

Sensitive information filters support different actions per context. Masking PII in responses preserves conversational usefulness for legitimate customer support while preventing exposure of sensitive data. Blocking sensitive financial information in inputs prevents downstream processing of disallowed content before it reaches the foundation model.

Critically, enabling both input and output evaluation ensures that guardrails are applied consistently at every stage of interaction. Custom blocked messages and audit logging provide clear compliance evidence for regulators and internal audits.

Option A causes excessive false positives by blocking all PII outright. Option B introduces unnecessary complexity and is not how Bedrock guardrails are intended to be applied. Option D uses orchestration logic that Bedrock guardrails already handle natively.

Therefore, Option C best satisfies enforcement, flexibility, auditability, and accuracy requirements.

The correct combination is B and C because together they address both workload diversity and hybrid deployment requirements with minimal custom engineering.

Option B provides consistent, high-throughput access by configuring provisioned throughput in Amazon Bedrock. Provisioned throughput guarantees predictable capacity and performance, which is essential for batch processing workloads that require sustained inference rates. This eliminates cold starts and throttling concerns that can occur with purely on-demand usage, making it well suited for high-volume enterprise workloads.

Option C enables hybrid deployment across cloud and on-premises environments by deploying foundation models to Amazon SageMaker AI endpoints and using Amazon SageMaker Neo for edge and on-premises optimization. SageMaker Neo compiles models for target hardware, allowing inference to run efficiently outside the AWS cloud while still using AWS-managed tooling. Orchestrating these deployments with AWS Lambda allows consistent invocation patterns across environments.

Option A uses asynchronous endpoints, which are not suitable for real-time, low-latency inference. Option D addresses scaling but does not support on-premises or hybrid deployment. Option E simplifies model onboarding but does not address hybrid execution or guaranteed throughput.

Therefore, Options B and C together provide real-time and batch support, predictable performance, and true hybrid deployment while minimizing operational overhead.

Option A is the correct solution because it uses native Amazon S3 metadata mechanisms to create a consistent, queryable, and model-friendly metadata framework with minimal complexity. S3 system metadata automatically records object creation and modification timestamps, providing reliable and consistent temporal context without additional processing.

Custom user-defined metadata is the appropriate mechanism for storing structured attributes such as author information. These key-value pairs are stored directly with the object, remain consistent across uploads, and can be accessed programmatically by downstream indexing or retrieval systems used by GenAI applications.

S3 object tags are ideal for domain classification because they are designed for lightweight categorization, filtering, and access control. Tags can be standardized across the organization to ensure consistent research domain labeling and can be consumed by search indexes or knowledge base ingestion pipelines without requiring access to the full document body.

Together, system metadata, user-defined metadata, and object tags provide a clean separation of concerns: timestamps for temporal context, metadata for authorship, and tags for classification. This structure allows foundation models to reason about document context (such as recency, domain relevance, and authorship) based on metadata alone, improving retrieval precision and reducing unnecessary token usage.

Options B, C, and D misuse features like Object Lock, access points, Storage Lens, or event notifications for purposes they were not designed for, adding complexity without improving metadata quality or model understanding.

Therefore, Option A best satisfies the metadata consistency, context enrichment, and low-overhead requirements for GenAI-driven document analysis.

Option B meets the requirement to combine scalable automated evaluation with targeted human oversight using managed AWS GenAI capabilities. Amazon Bedrock evaluations enable systematic, repeatable quality assessment across large volumes of interactions. Using an LLM-as-a-judge approach with a strong evaluator model such as Anthropic Claude Sonnet allows the company to automatically score outputs for dimensions like factual accuracy, conversational appropriateness, and policy alignment. This directly supports “automated quality evaluations at scale” without building custom scoring models.

However, financial recommendations add higher risk because regulatory compliance requires additional enforcement beyond general quality scoring. Amazon Bedrock guardrails provide a dedicated policy enforcement layer that can block or intervene when responses violate compliance constraints. Guardrails are particularly important for preventing disallowed financial guidance patterns and ensuring consistent behavior across deployments.

The requirement also calls for “targeted human reviews of critical interactions.” Amazon Augmented AI (A2I) is a managed human review service that supports routing specific items to human reviewers based on rules or confidence thresholds. In this design, the system can automatically send only high-risk or policy-flagged interactions to qualified financial experts for review, keeping human effort focused where it matters most while maintaining scale.

Option A is not scalable because it requires manual review of all responses. Option C relies on static rules and end-user feedback, which is insufficient for regulatory compliance and factual accuracy assurance. Option D provides monitoring but not structured quality evaluation or policy enforcement.

Therefore, Option B provides the most complete, AWS-aligned solution for scalable evaluation plus human oversight in a regulated financial context.

This error occurs because SCPs override IAM permissions, and the SCP currently blocks Bedrock inference calls that resolve to eu-west-3, even though the company intends to use cross-Region inference (CRI) from eu-central-1.

Amazon Nova Pro is not hosted in eu-central-1, so when invoked, Amazon Bedrock transparently routes the request to a supporting Region (such as eu-west-3) through CRI inference profiles. However, SCPs that restrict Regions or specific Bedrock resources will block this routing unless explicitly allowed.

Option B is required because the SCP must explicitly allow the eu.amazon.nova-pro-v1:0 inference profile, which is the Bedrock abstraction that enables CRI while preserving data residency guarantees. Without this, Bedrock cannot legally route the request.

Option E is also required to allow EU-scoped inference profiles rather than individual Regions. This preserves precise governance while allowing Bedrock-managed CRI routing within the EU boundary, ensuring no data leaves Europe.

Option A violates least-privilege and does not override SCPs. Option C breaks data residency by enabling direct eu-west-3 access. Option D does not resolve the SCP denial.

Therefore, Options B and E are the only combination that resolves the error while preserving governance and EU-only data residency.

Option D is the correct solution because it directly evaluates multilingual output consistency and quality in an automated, scalable, and deployment-gating workflow. Amazon Bedrock model evaluation jobs are designed to run large-scale, repeatable evaluations against defined datasets and to produce quantitative metrics that can be used as objective release criteria.

The core issue is semantic inconsistency across languages for equivalent inputs. The most reliable way to detect this is to create standardized test conversations where each language version expresses the same intent and constraints. Running those tests through the updated model and comparing results with similarity metrics (for example, semantic similarity between expected and actual answers, or between language variants) surfaces regressions that infrastructure testing cannot detect.

Bedrock evaluation jobs support running evaluations at scale and are well suited for processing large datasets quickly. By parallelizing evaluation runs across languages and conversations, the company can meet the 45-minute requirement while executing at least 15,000 conversations. Because the process is standardized, it also allows consistent baseline comparisons across releases.

Applying hallucination thresholds ensures that answers remain grounded and do not introduce fabricated details, which is particularly important when language-specific behavior shifts after a model upgrade. Integrating evaluation jobs into the CI/CD pipeline enables fully automated execution on every model or configuration update. The pipeline can enforce a hard quality gate that blocks deployment if thresholds are not met, preventing regressions from reaching production.

Option A focuses on performance and infrastructure bottlenecks, not multilingual response quality. Option B is post-deployment and too slow to prevent regressions. Option C normalizes inputs but does not measure multilingual output equivalence or provide robust, quantitative gating.

Therefore, Option D best meets the automation, scale, timing, and deployment-blocking requirements.

Option C best meets the requirements by combining native Amazon Bedrock logging with adaptive monitoring and minimal operational overhead. Amazon Bedrock model invocation logging can be sent directly to CloudWatch Logs, where detailed fields such as InputTokenCount, OutputTokenCount, and tool invocation metadata are captured for each request.

CloudWatch metric filters allow extraction of structured metrics from logs, including tool-specific token consumption patterns. By defining filters per tool integration, the company can isolate which tools are responsible for increased token usage without building custom log-processing pipelines.

CloudWatch anomaly detection provides automatic baseline modeling and dynamic thresholds based on historical traffic patterns. Unlike static alarms, anomaly detection adapts as usage evolves, making it ideal for applications with changing workloads or seasonal usage patterns. This directly satisfies the requirement to automatically adjust thresholds as traffic patterns change.

When abnormal token consumption occurs, anomaly detection alarms trigger immediately, enabling rapid investigation and remediation. Because this solution uses fully managed AWS services without custom analytics jobs or manual threshold tuning, it significantly reduces operational effort.

Option A fails to adapt to changing patterns. Option B introduces batch analysis and delayed insights. Option D requires manual intervention and custom code, increasing maintenance burden.

Therefore, Option C provides the most scalable, adaptive, and low-maintenance solution for monitoring and controlling token consumption in Amazon Bedrock–based applications.

Option B best meets all stated requirements by correctly combining PII protection, evaluation before launch, and data residency compliance using Amazon Bedrock Guardrails. Amazon Bedrock guardrails provide native sensitive information filtering that operates inline during model invocation, making them well suited for preventing personal data exposure in customer-facing AI assistants.

The requirement to evaluate how effective the AI assistant is at preventing exposure before release is best addressed by using mask mode during development and testing. Mask mode allows responses to be generated while automatically redacting detected personal information, making it easy for developers and reviewers to see where and how PII would have appeared. This provides concrete validation that the guardrail rules are correctly configured without fully blocking responses, which is ideal for quality assurance and pre-production evaluation.

For production, switching the guardrail to block mode ensures that responses containing personal information are fully prevented from being returned to users. This offers the strongest protection and aligns with compliance expectations for customer account data. Block mode is appropriate once confidence in the guardrail configuration has been established during testing.

The data residency requirement is addressed by deploying a copy of the guardrail in each AWS Region where the application operates. Amazon Bedrock guardrails are Region-specific resources, and using Region-local guardrails ensures that inference, filtering, and enforcement all occur within the same Region as the customer data. This avoids cross-Region processing and helps the company comply with regulatory and contractual data residency policies.

Option A and D incorrectly rely on cross-Region guardrails, which can violate data residency constraints. Option C focuses on topic filtering rather than sensitive information filtering and keeps detect mode enabled in production, which does not actively prevent PII exposure. Therefore, B is the only option that fully satisfies safety, compliance, and evaluation requirements.

Option B is the best solution because hierarchical chunking is specifically designed to preserve broader semantic context while still enabling precise retrieval at paragraph or sub-paragraph granularity. The problem described—answers citing irrelevant sections when a query spans multiple paper sections—often occurs when chunks are either too small (losing cross-paragraph context) or too “flat” (retrieving isolated snippets without their surrounding rationale).

In a scientific paper, related information is frequently distributed across methodology, results, and discussion. Flat, fixed-size chunking (Option A) can split these logically connected ideas into separate chunks, causing retrieval to surface fragments that match a term but not the full intent. Semantic chunking (Option C) improves boundary placement, but it does not inherently provide a multi-resolution structure that helps preserve section-level continuity at massive scale.

Hierarchical chunking solves this by creating parent chunks (larger context windows) that capture broader section context and child chunks (smaller units) that retain retrieval precision. When the retriever identifies relevant child chunks, it can also bring in the associated parent context so the foundation model sees the surrounding methodological or discussion framing. The defined overlaps further reduce the risk that key transitions or references are split across chunks.

This approach is well suited for a corpus of 25 million papers because it improves relevance without requiring a custom reranking model or a manual preprocessing pipeline. It remains operationally efficient because it is configured at the knowledge base level rather than implemented through custom code per document.

Option D introduces high operational complexity and inconsistent document handling at scale. Therefore, Option B best meets the requirement to preserve semantic context across related paragraphs and improve citation relevance across scientific paper sections.

Option C is the correct solution because it directly addresses the root cause of the problem—overly broad retrieval—while requiring minimal architectural change. Amazon Bedrock Knowledge Bases support metadata-aware filtering, which allows the system to constrain retrieval queries based on indexed metadata such as content type, publication date, source, or category.

By indexing Amazon S3 object metadata, the company can restrict vector searches to relevant subsets of the corpus, such as recent emergency reports, specific content formats, or trusted sources. This significantly reduces the number of documents evaluated during retrieval, which improves both latency and result relevance without changing embedding models or retrieval infrastructure.

This approach aligns with AWS best practices for optimizing RAG systems: when embeddings are already strong, retrieval quality is often improved by narrowing the candidate set rather than increasing model complexity. Metadata filtering reduces noise and ensures that retrieved documents are more contextually aligned with user queries.

Option A requires retraining or adapting embedding models, which the company has already determined will not provide additional benefit. Option B introduces a migration to OpenSearch, which adds operational overhead and deviates from the existing Bedrock knowledge base architecture. Option D requires moving to a different indexing service, increasing complexity and implementation effort.

Therefore, Option C provides the most effective and low-effort solution to improve retrieval accuracy and performance in the existing Amazon Bedrock RAG system.

Option A is the correct solution because it uses native Amazon Bedrock governance and evaluation capabilities to meet regulatory, performance, and deployment timeline requirements with the least operational overhead.

Amazon Bedrock guardrails provide built-in safety controls that enforce responsible AI policies directly during inference. Custom content filters and toxicity detection protect customer interactions and prevent disallowed investment guidance patterns without requiring custom application logic. Guardrails operate inline and are optimized for low latency, which helps meet the strict 200 ms response-time requirement.

Hallucination detection is addressed through Amazon Bedrock Model Evaluation, which supports automated evaluation at scale using LLM-as-a-judge techniques. This enables the company to detect factual inaccuracies and policy violations systematically, without building custom evaluation pipelines or requiring extensive human review. Evaluation outputs can be surfaced as metrics.

Storing all prompt-response pairs in Amazon DynamoDB provides a low-latency, highly scalable audit store that aligns with financial regulatory requirements. Using TTL enforces data retention policies automatically, reducing compliance risk and storage overhead.

Amazon CloudWatch custom metrics integrate seamlessly with existing compliance dashboards, allowing near–real-time monitoring of safety interventions, hallucination rates, and drift indicators. CloudWatch anomaly detection can be applied to these metrics to surface behavior changes quickly.

Option B relies on custom Lambda logic and S3-based auditing, increasing latency and operational complexity. Option C introduces additional services that increase setup time and may exceed the 60-day deployment window. Option D uses non–Bedrock-native monitoring and adds unnecessary infrastructure layers.

Therefore, Option A provides the most complete, compliant, and low-overhead governance solution for a regulated GenAI financial services application.

Option B is the correct solution because it aligns with AWS guidance for building high-throughput, ultra-low-latency GenAI applications while maintaining predictable costs and automatic scaling. Amazon Bedrock provides access to foundation models that are specifically optimized for real-time inference use cases, including conversational and recommendation-style workloads that require responses within milliseconds.

Low-latency models in Amazon Bedrock are designed to handle very high request rates with minimal per-request overhead. Purchasing provisioned throughput ensures that sufficient model capacity is reserved to handle peak loads, eliminating cold starts and reducing request queuing during traffic surges. This is critical when supporting up to 500,000 concurrent calls with strict latency requirements.

Automatic scaling policies allow the application to dynamically adjust capacity based on demand, ensuring cost efficiency during off-peak hours while maintaining performance during peak usage. This directly supports the requirement to stay within a predefined monthly compute budget.

Option A fails because batch processing and complex reasoning models introduce higher latency and are not suitable for real-time suggestions. Option C introduces significantly higher operational and cost overhead due to dedicated GPU instances and manual scaling responsibilities. Option D is optimized for batch workloads and cannot meet the sub-200 ms latency requirement.

Therefore, Option B provides the best balance of performance, scalability, cost control, and operational simplicity using AWS-native GenAI services.

Option B is the most appropriate solution because it directly aligns with AWS-recommended architectural patterns for building scalable, observable, and resilient generative AI applications on Amazon Bedrock. The requirements clearly distinguish between simple and complex routing decisions, and this option addresses both in an optimal way.

Simple routing based on file extension is latency sensitive. Handling this logic directly in the application code avoids unnecessary orchestration, state transitions, and service calls. This approach ensures that straightforward requests, such as routing images to vision-capable foundation models or text files to language models, are processed with minimal overhead and maximum performance.

For complex routing based on content semantics, AWS Step Functions is specifically designed for multi-step workflows that require analysis, branching logic, and error handling. Semantic routing often requires inspecting meaning, intent, or structure before selecting the appropriate foundation model. Step Functions enables this by orchestrating analysis steps and applying conditional logic to determine the correct model to invoke using the Amazon Bedrock InvokeModel API.

A key requirement is detailed execution history. Step Functions provides built-in execution tracing, including state inputs, outputs, and error details, which is essential for auditing, debugging, and compliance. Additionally, Step Functions supports native retry and catch mechanisms, allowing the workflow to automatically fall back to alternate foundation models if a primary model invocation fails. This directly satisfies the fallback requirement without introducing excessive custom code.

The other options lack one or more critical capabilities. Lambda-only logic lacks deep observability and structured fallback handling, SQS introduces additional latency and limited workflow visibility, and multiple coordinated workflows increase architectural complexity without added benefit.

Option C is the correct solution because it directly addresses both correctness and performance issues by grounding the model’s responses in authoritative product data using Retrieval Augmented Generation. Amazon Bedrock Knowledge Bases are designed to connect foundation models to trusted enterprise data sources, ensuring that generated responses are constrained to known, validated content.

By ingesting the product catalog into a knowledge base, the GenAI application retrieves only products that actually exist in the catalog. This prevents hallucinated or unavailable recommendations, which is a common issue when models rely solely on prompt instructions without retrieval grounding. RAG ensures that the model’s output is based on retrieved facts rather than learned generalizations.

Setting the PerformanceConfigLatency parameter to optimized enables Bedrock to prioritize lower-latency retrieval and inference paths, improving responsiveness for real-time recommendation scenarios. This directly addresses the reported performance issues without requiring provisioned throughput or caching strategies that are ineffective for mostly unique interactions.

Option A improves safety and latency predictability but does not ensure recommendations are limited to valid products. Option B relies on prompt constraints, which are not sufficient to prevent hallucinations. Option D introduces additional validation and caching layers but increases complexity and does not improve generation relevance.

Therefore, Option C best resolves both relevance and latency challenges using AWS-native, low-maintenance GenAI integration patterns.

The correct combination is C and D because together they enforce centralized governance over both model access and prompt content controls, which are the two core requirements of the scenario.

To ensure employees can use only approved Amazon Bedrock models, governance must be enforced at the organization level and not rely on individual application logic. Service Control Policies (SCPs) are the strongest control mechanism available in AWS Organizations because they define the maximum permissions an account or principal can have. In option C, the SCP prevents any Amazon Bedrock model invocation unless a centrally approved guardrail identifier is specified. This ensures that guardrails are always enforced, regardless of how or where the invocation originates. The additional use of IAM permissions boundaries ensures that even within allowed accounts, employees are restricted to invoking only explicitly approved foundation models.

To prevent specific topics and proprietary information from being included in prompts, Amazon Bedrock Guardrails must be used. Guardrails operate inline during model invocation and can block disallowed content before it is processed by the model. Option D correctly specifies a block filtering policy, which is appropriate when content must be prevented entirely rather than partially redacted. Deploying the guardrail using AWS CloudFormation StackSets allows the company to centrally manage and consistently deploy the same guardrail configuration across all accounts in the organization, ensuring uniform enforcement.

Option E uses mask filtering, which is better suited for redacting sensitive output rather than preventing prohibited content from being submitted in prompts. Option B attempts to use SCPs alone but does not enforce guardrail deployment or content filtering. Option A incorrectly places guardrail enforcement in permissions boundaries, which are not designed to validate request parameters such as guardrail identifiers.

By combining SCP-based enforcement with centrally deployed Bedrock guardrails, options C and D together provide strong, scalable, and centrally managed controls for both content safety and model governance across the organization.

Option D is the correct solution because Amazon Bedrock Knowledge Bases natively support reranking by using Amazon-managed reranker models, which are specifically designed to improve contextual relevance after the initial vector retrieval step. This approach directly addresses the root cause of the issue: semantically similar but contextually irrelevant documents being passed to the foundation model.

By enabling the reranking configuration within Amazon Bedrock Knowledge Bases, the application can automatically reorder retrieved documents based on deeper contextual understanding, such as regulatory scope, legal applicability, and semantic intent. This significantly improves retrieval precision, which reduces hallucinations and improves the factual accuracy of generated regulatory guidance.

Option D requires no additional infrastructure, no custom orchestration logic, and no separate model hosting. The reranking is fully managed by Amazon Bedrock and integrates seamlessly with the existing RetrieveAndGenerateStream workflow. This makes it the lowest operational overhead solution.

Option A introduces operational complexity by requiring a custom SageMaker endpoint, API Gateway routing, and model lifecycle management. Option B combines multiple unrelated services and introduces significant complexity without being purpose-built for RAG relevance ranking. Option C improves relevance but requires explicitly calling the Rerank API and modifying the application pipeline, which increases operational and integration effort compared to built-in reranking.

Therefore, Option D provides the most efficient, scalable, and AWS-recommended method to improve RAG retrieval quality while minimizing operational burden.

The correct answers are A and D because they collectively satisfy the requirements for structured inputs, consistent output formatting, and non-blocking detection of bullying language.

Option A is required because Amazon Bedrock Prompt Management enables prompt templates with explicit input variables and defined output formats. By defining the four required inputs as variables, the company ensures that every invocation of the Amazon Nova Pro FM receives the correct structured inputs. Specifying the output format ensures consistent responses, which is essential for a grants application workflow. Adding the managed prompt to the prompts node of the flow allows Bedrock Flows to invoke the model using this standardized configuration.

Option D addresses the requirement to receive notifications when bullying language is detected without blocking responses. Amazon Bedrock guardrails support content filters with configurable actions. By applying the insults content filter and setting the response action to detect, the system flags responses containing bullying or insulting language while still allowing the response to be returned. This enables monitoring, alerting, and auditing without interrupting application functionality.

Option B is incorrect because setting the filter response to block contradicts the requirement not to block all flagged responses. Option C introduces a prompt router, which is unnecessary because the application uses a single Amazon Nova Pro FM. Option E incorrectly attempts to enforce input variables and output formatting through an inference profile, which does not provide prompt-level variable enforcement or formatting guarantees.

Therefore, A and D together provide structured prompt management and non-blocking safety detection with minimal operational complexity.

Option B is the most appropriate solution because it directly uses Amazon Bedrock cross-Region inference profiles, which are designed to provide resilience and load distribution while respecting data residency boundaries. Cross-Region inference profiles allow applications to distribute inference requests across multiple Regions within a defined geographic boundary, such as Europe or North America, without requiring custom failover logic.

By specifying geographical codes in the inference profile ID, the application ensures that European user data is processed only within Europe-based Regions, satisfying regulatory requirements. At the same time, Bedrock automatically routes requests to healthy Regions within that geography when traffic spikes or service quotas are reached, improving availability and maintaining low latency.

Using separate Amazon API Gateway HTTP APIs for Europe and North America provides a clean, simple routing layer that directs users to the appropriate regional inference profile. This avoids complex custom routing or retry logic in application code and minimizes operational overhead.

Option A relies on custom routing and manual monitoring, which increases complexity and does not provide automatic resilience. Option C introduces custom retry and fallback logic that risks violating data residency requirements if misconfigured. Option D requires significant application-level failover logic and adds operational burden with Global Accelerator configuration.

Therefore, Option B best meets the requirements for low latency, data residency compliance, resilience during traffic spikes, and minimal operational complexity.

Option D is the correct solution because it relies primarily on managed, purpose-built AWS services and minimizes custom infrastructure and model management. Amazon Bedrock guardrails provide native, configurable content safety controls that can block or redact disallowed content before or after model inference. This directly ensures that the platform does not process or produce inappropriate outputs while maintaining low operational overhead.

Using Amazon Comprehend PII detection as a preprocessing step integrates cleanly with an Amazon S3–based ingestion workflow. Comprehend is a fully managed service that detects and optionally redacts PII in text without requiring custom models or pipelines. This ensures that sensitive information is removed before content is passed to Amazon Bedrock for generation.

Amazon Rekognition image moderation is purpose-built for detecting unsafe or inappropriate visual content and integrates naturally into Step Functions workflows. Step Functions provides orchestration without requiring servers or long-running infrastructure, allowing the company to integrate text and image moderation steps in a clear, auditable pipeline.

Option A introduces redundant monitoring logic and alarms that do not directly enforce content safety. Option B requires building and maintaining custom SageMaker models, increasing complexity and operational burden. Option C applies moderation at authentication time and uses services like Textract that are not designed for content moderation, increasing latency and management overhead.

Therefore, Option D best satisfies content safety, PII protection, S3 integration, and minimal infrastructure management requirements.

Option D is the best fit because it implements a reliable event-driven MLOps workflow that automates retraining and redeployment with clear orchestration, auditability, and production-grade error handling. The requirement is explicit: whenever a new file is uploaded to Amazon S3, the system must retrain and then redeploy the model used by a web application. A common AWS pattern is to use an S3 event notification to trigger an AWS Lambda function, which then starts a controlled workflow. In option D, Lambda serves as the event handler that reacts immediately to the S3 upload event and passes the necessary context (bucket, object key, dataset version) into an AWS Step Functions Standard state machine.

Step Functions Standard is appropriate for model retraining pipelines because training and deployment steps can be long-running and benefit from durable state, retries, and failure handling. It provides execution history, making it easier to troubleshoot why a particular retraining run failed and to prove which dataset version produced which model version. This operational visibility is critical when the dataset is “growing rapidly” and retraining is frequent.

Within the workflow, Amazon SageMaker Pipelines is the right service to run the ML lifecycle stages in a repeatable way: data processing (if needed), training, evaluation/quality checks, model registration, and deployment to an endpoint used by the application. SageMaker Pipelines is purpose-built for CI/CD-style ML, supporting automated redeployments when a new approved model artifact is produced. By calling a pipeline execution from Step Functions, the company can add governance gates (for example, only deploy if evaluation metrics meet thresholds), and can apply consistent rollback and notification steps when deployment fails.

The other options are weaker: A confuses inference with retraining and does not provide deployment orchestration. B adds unnecessary webhook complexity and describes an awkward event bus configuration. C introduces Autopilot/Data Wrangler, which may be useful but adds extra moving parts and is not required to meet the trigger-and-redeploy requirement.

Option B is the correct solution because it uses native AWS governance, access control, and auditing capabilities to protect PII while enabling controlled FM access to authorized data subsets. AWS Lake Formation is designed specifically to manage fine-grained permissions for data lakes, including column-level access control, which is critical when handling sensitive financial and PII data.

LF-Tags allow data administrators to define scalable, attribute-based access control policies. By tagging databases, tables, and columns with business unit and Region metadata, the company can enforce policies that ensure the foundation model only accesses approved datasets with PII-redacted columns. This eliminates the risk of sensitive data leaking into production inference workflows.

IAM role-based authentication ensures that the FM accesses data using least-privilege credentials. This integrates cleanly with Amazon Bedrock, which supports IAM-based authorization for service-to-service access. AWS CloudTrail provides immutable audit logs for all access attempts, satisfying compliance and regulatory requirements.

Option A introduces unnecessary data duplication and weak governance controls. Option C relies on custom application logic, increasing operational risk and complexity. Option D bypasses Lake Formation’s fine-grained controls and relies on presigned URLs, which reduces governance visibility and control.

Therefore, Option B best meets the requirements for security, compliance, scalability, and auditability when integrating Amazon Bedrock with a Lake Formation–governed data lake.

Option A is the best solution because it directly addresses both observed problems: user-perceived latency and resolver timeouts that occur more frequently for complex prompts. In the current design, an AWS AppSync Lambda resolver is configured with synchronous RequestResponse behavior. That means the client receives nothing until the entire retrieval and generation workflow completes. For longer-running knowledge base queries, this increases the likelihood of hitting request time limits in the synchronous path and creates a poor user experience because the UI appears stalled.

Using AWS Amplify AI Kit to implement streaming responses allows the application to return partial output incrementally as the model produces tokens. This improves perceived responsiveness because users can see the answer forming immediately, even when the full response takes longer. Streaming also reduces the impact of variable model latency and retrieval time because the client no longer waits for a single final payload before rendering content. From a troubleshooting perspective, streaming makes it easier to distinguish “slow generation” from “no response,” and it provides faster feedback during testing of complex questions.

Option B is not sufficient because increasing timeouts and adding retries can worsen load and cost while still producing a stalled UI experience. Retries also risk duplicating requests to the knowledge base and can amplify token usage. Option C introduces an awkward polling model for GraphQL interactions and adds significant operational complexity, while not inherently improving interactivity. Option D adds major architectural changes by replacing the knowledge base RetrieveAndGenerate call path with a different streaming invocation API and introducing a WebSocket layer, which is unnecessary when the goal is primarily to fix timeouts and improve UX within the existing AppSync and Amplify design.

Therefore, streaming through Amplify AI Kit is the most effective and lowest-friction improvement.

Thought for 24s

Option D is the correct solution because the Amazon Bedrock Converse API is purpose-built for multi-turn conversational interactions and is designed to work consistently across SDKs and compute environments. The Converse API standardizes how messages, roles, and context are represented, which ensures consistent behavior whether the application is running in AWS Lambda with Python or in Amazon EKS with JavaScript.

By passing previous messages in the messages array, the application explicitly maintains conversational context across turns without relying on external state stores. This approach is recommended by AWS for conversational GenAI workflows because it avoids state synchronization complexity and ensures deterministic model behavior across environments.

Using IAM roles for authentication provides a single, consistent security model for both Lambda and EKS. IAM roles integrate natively with AWS SDKs, eliminating the need for custom authentication logic or environment-specific credentials. This aligns with AWS best practices for least privilege and simplifies governance.

Option A introduces inconsistent authentication and custom formatting logic, increasing complexity. Option B unnecessarily introduces ElastiCache for state management, which is not required when using the Converse API correctly. Option C stores state in process memory, which is unsafe and unreliable for serverless and containerized workloads.

Therefore, Option D best satisfies the requirements for conversational consistency, multi-environment support, shared model usage, and consistent authentication with minimal operational overhead.