AIP-C01 AWS Certified Generative AI Developer - Professional Question and Answers

Option D best satisfies all functional, performance, and governance requirements while minimizing architectural complexity. The requirement explicitly states that all filtering must complete before content reaches the foundation model, which rules out asynchronous or streaming-based approaches that could delay enforcement.

Amazon Comprehend supports toxicity detection, prompt safety classification, and PII detection with entity redaction as managed capabilities. Running these filters in parallel ensures low end-to-end latency, which is essential for customer-facing communication platforms. Parallel execution avoids the cumulative latency that would be introduced by sequential pipelines.

Toxicity detection identifies offensive or abusive content early. Prompt safety classification detects requests for unethical, harmful, or manipulative advice, which directly addresses inappropriate advice solicitation requirements. PII detection with entity redaction ensures that customer privacy is preserved before data is sent to the FM, preventing sensitive information from being processed or echoed in generated responses.

Configuring thresholds allows fine-grained control over sensitivity while maintaining acceptable false-positive rates. Using CloudWatch metrics and alarms enables continuous monitoring of filtering behavior and intervention rates without adding custom routing or human review pipelines that would slow responses.

Option A lacks PII redaction. Option B introduces unnecessary model-building complexity and delayed PII checks. Option C adds sequential latency and introduces human review routing, which violates the response-time requirement.

Therefore, Option D provides the most robust, performant, and AWS-aligned layered content filtering solution.

Option B is the correct solution because it parallelizes independent foundation model inference tasks while maintaining orchestration, observability, and time-bound execution. AWS Generative AI best practices emphasize reducing end-to-end latency by parallelizing independent inference calls rather than scaling individual calls vertically.

In this scenario, each report requires multiple independent analyses such as financial extraction, sentiment analysis, and compliance validation. These tasks do not depend on each other’s output, making them ideal candidates for parallel execution. AWS Step Functions provides a Parallel state that can invoke multiple AWS Lambda functions simultaneously, drastically reducing total processing time compared to sequential execution.

By invoking Amazon Bedrock from separate Lambda functions in parallel, the system can reduce batch execution time from 45 seconds to well under the 10-second requirement, assuming each inference call remains within acceptable latency bounds. Step Functions also provide built-in error handling, retries, and state tracking, which improves reliability without increasing complexity.

CloudWatch metrics allow teams to monitor both workflow execution time and individual model inference latency, enabling performance tuning and operational visibility. Configuring client-side timeouts ensures that slow or failed model invocations do not block the entire batch.

Option A still processes tasks sequentially and therefore cannot meet the strict latency requirement. Option C introduces queuing delays and sequential processing within each report, which increases total execution time. Option D relies on container-based sequential processing and adds unnecessary operational overhead for a workload that is event-driven and latency-sensitive.

Therefore, Option B best meets the performance, scalability, and operational efficiency requirements for high-speed batch document analysis using Amazon Bedrock.

Option B is the correct solution because it aligns with AWS guidance for building high-throughput, ultra-low-latency GenAI applications while maintaining predictable costs and automatic scaling. Amazon Bedrock provides access to foundation models that are specifically optimized for real-time inference use cases, including conversational and recommendation-style workloads that require responses within milliseconds.

Low-latency models in Amazon Bedrock are designed to handle very high request rates with minimal per-request overhead. Purchasing provisioned throughput ensures that sufficient model capacity is reserved to handle peak loads, eliminating cold starts and reducing request queuing during traffic surges. This is critical when supporting up to 500,000 concurrent calls with strict latency requirements.

Automatic scaling policies allow the application to dynamically adjust capacity based on demand, ensuring cost efficiency during off-peak hours while maintaining performance during peak usage. This directly supports the requirement to stay within a predefined monthly compute budget.

Option A fails because batch processing and complex reasoning models introduce higher latency and are not suitable for real-time suggestions. Option C introduces significantly higher operational and cost overhead due to dedicated GPU instances and manual scaling responsibilities. Option D is optimized for batch workloads and cannot meet the sub-200 ms latency requirement.

Therefore, Option B provides the best balance of performance, scalability, cost control, and operational simplicity using AWS-native GenAI services.

Option D is the correct solution because the Amazon Bedrock Converse API is purpose-built for multi-turn conversational interactions and is designed to work consistently across SDKs and compute environments. The Converse API standardizes how messages, roles, and context are represented, which ensures consistent behavior whether the application is running in AWS Lambda with Python or in Amazon EKS with JavaScript.

By passing previous messages in the messages array, the application explicitly maintains conversational context across turns without relying on external state stores. This approach is recommended by AWS for conversational GenAI workflows because it avoids state synchronization complexity and ensures deterministic model behavior across environments.

Using IAM roles for authentication provides a single, consistent security model for both Lambda and EKS. IAM roles integrate natively with AWS SDKs, eliminating the need for custom authentication logic or environment-specific credentials. This aligns with AWS best practices for least privilege and simplifies governance.

Option A introduces inconsistent authentication and custom formatting logic, increasing complexity. Option B unnecessarily introduces ElastiCache for state management, which is not required when using the Converse API correctly. Option C stores state in process memory, which is unsafe and unreliable for serverless and containerized workloads.

Therefore, Option D best satisfies the requirements for conversational consistency, multi-environment support, shared model usage, and consistent authentication with minimal operational overhead.

Option B best satisfies the requirements with the least custom development effort by using native Amazon Bedrock capabilities for prompt experimentation, traffic management, fairness monitoring, and alerting. Amazon Bedrock Prompt Management allows teams to define and manage multiple prompt variants without code changes, making it ideal for comparing recommendation strategies across demographic groups.

Amazon Bedrock Flows enables controlled traffic allocation between prompt variants, which supports real-time A/B testing. This allows the company to collect live fairness metrics under production conditions instead of relying on offline analysis. Because Flows are fully managed, they eliminate the need for custom routing or experimentation frameworks.

Amazon Bedrock guardrails provide built-in monitoring and intervention mechanisms. When configured for fairness-related checks, guardrails can detect policy violations and surface metrics such as InvocationsIntervened, which indicate when outputs are modified or blocked due to rule enforcement. These metrics integrate directly with Amazon CloudWatch, enabling real-time dashboards and threshold-based alarms. Setting an alarm at a 15% discrepancy threshold satisfies the alerting requirement with minimal configuration.

Weekly reporting can be generated from CloudWatch metrics using scheduled exports or dashboards without building custom analytics pipelines. Option A requires significant custom post-processing logic. Option C introduces an additional service with higher operational overhead and is not optimized for real-time monitoring. Option D focuses on offline evaluation jobs and does not provide continuous real-time fairness monitoring.

Therefore, Option B provides the most AWS-native, scalable, and low-effort solution for fairness evaluation and monitoring.

Option B best meets the latency, resilience, and data residency requirements while keeping operational complexity low by using built-in Amazon Bedrock cross-Region inference behavior through inference profiles . Cross-Region inference profiles are designed to provide higher availability and better traffic absorption when a single Region experiences throttling, transient capacity constraints, or quota-related degradation. By selecting the appropriate geography-scoped inference profile (for example, a Europe-scoped profile for European users and a North America-scoped profile for North American users), the application can keep inference traffic within the required geographic boundary. This directly supports EU data residency needs because European requests can be served only by Europe-based Regions while still benefiting from multi-Region resilience inside Europe.

The question also highlights degradation when Regional traffic spikes hit quotas. Cross-Region inference profiles help mitigate these conditions by allowing Bedrock to serve requests from another Region within the same geography, improving continuity during spikes without requiring the company to implement custom retry-and-failover logic across Regions. This reduces development and operational burden compared to building and maintaining a bespoke routing and fallback system.

Using separate Amazon API Gateway HTTP APIs to direct European and North American users to the correct endpoints simplifies request routing and provides a clean boundary for compliance controls, logging, and monitoring. It also allows each geography to scale independently and maintain consistently low latency by keeping users close to the entry point and the Bedrock geography they must use.

Option A requires custom routing and manual operational monitoring and does not inherently solve quota-driven degradation. Option C adds significant complexity by embedding throttling retries and cross-Region selection logic in Lambda while still needing careful controls to prevent cross-border routing mistakes. Option D introduces the highest operational complexity and can inadvertently violate residency if failover crosses geographies unless additional safeguards are implemented.

Option C is the correct solution because it directly addresses the root cause of the problem—overly broad retrieval—while requiring minimal architectural change. Amazon Bedrock Knowledge Bases support metadata-aware filtering, which allows the system to constrain retrieval queries based on indexed metadata such as content type, publication date, source, or category.

By indexing Amazon S3 object metadata, the company can restrict vector searches to relevant subsets of the corpus, such as recent emergency reports, specific content formats, or trusted sources. This significantly reduces the number of documents evaluated during retrieval, which improves both latency and result relevance without changing embedding models or retrieval infrastructure.

This approach aligns with AWS best practices for optimizing RAG systems: when embeddings are already strong, retrieval quality is often improved by narrowing the candidate set rather than increasing model complexity. Metadata filtering reduces noise and ensures that retrieved documents are more contextually aligned with user queries.

Option A requires retraining or adapting embedding models, which the company has already determined will not provide additional benefit. Option B introduces a migration to OpenSearch, which adds operational overhead and deviates from the existing Bedrock knowledge base architecture. Option D requires moving to a different indexing service, increasing complexity and implementation effort.

Therefore, Option C provides the most effective and low-effort solution to improve retrieval accuracy and performance in the existing Amazon Bedrock RAG system.

Option B best satisfies the requirements because it directly applies Retrieval Augmented Generation principles using managed Amazon Bedrock Knowledge Bases, which are designed to handle large, complex documents while preserving contextual relationships. Financial reports often interleave tables with explanatory narrative, and accurate analysis depends on keeping those elements logically connected. By segmenting documents based on their structural layout —for example, sections, subsections, tables, and surrounding commentary—the knowledge base can retrieve semantically relevant chunks that maintain this relationship during inference.

Amazon Bedrock Knowledge Bases support contextual chunking strategies that go beyond simple fixed-size segmentation. This is critical for financial documents, where a metric in a table may be explained in adjacent paragraphs or footnotes. Context-aware chunking ensures that retrieved content includes both the numeric data and its interpretation, enabling the foundation model to generate accurate, grounded responses. Including citations further improves analyst trust and auditability by allowing users to trace answers back to specific source sections, which is a common requirement in financial environments.

Scalability is another key requirement. Knowledge Bases manage embedding generation, indexing, and retrieval orchestration as a managed service, which allows the solution to scale across large document collections without requiring custom infrastructure or model hosting. This approach also supports efficient updates as new quarterly reports are added, ensuring the retrieval layer remains current.

Option A does not scale well because processing entire 5–100 page documents in a single prompt increases token usage, latency, and cost while risking context truncation. Option C relies on fixed-size chunking triggered at query time, which often breaks semantic relationships in structured financial content. Option D introduces unnecessary architectural complexity by splitting structured and unstructured data into separate applications, increasing operational overhead without providing better contextual retrieval than a unified RAG approach.

Option C is the correct solution because AWS AppConfig is purpose-built to manage dynamic application configurations with low latency, strong validation, and minimal operational overhead, which directly matches the company’s requirements.

AWS AppConfig enables the company to centrally manage model selection logic, inference parameters, and customer-tier routing rules without redeploying Lambda functions. By using feature flags, the company can easily perform A/B testing of new models or prompt strategies by gradually rolling out changes to a subset of users or customer tiers. This allows experimentation and controlled releases without code changes.

AppConfig also supports JSON schema validation, which is critical for validating parameters such as temperature, maximum token limits, and other model-specific settings before they are applied. This prevents invalid or unsafe configurations from being deployed and reduces the risk of runtime errors or degraded model behavior in production.

Using the AWS AppConfig Agent allows Lambda functions to retrieve configurations efficiently with built-in caching and polling mechanisms, minimizing latency and avoiding excessive calls to configuration services. This approach scales well for high-throughput, low-latency applications such as GenAI APIs behind Amazon API Gateway.

Option A introduces unnecessary redeployment logic and polling complexity. Option B requires building and maintaining custom configuration access patterns in DynamoDB and does not natively support feature flags or schema validation. Option D adds operational overhead by requiring ElastiCache cluster management and custom validation logic.

Therefore, Option C provides the most scalable, flexible, and low-maintenance solution for dynamic model switching, A/B testing, and safe configuration management in a GenAI application.

Comprehensive and Detailed 250 to 350 words of Explanation From AWS Generative AI concepts and services documents:

Option D is the best solution because it delivers a fully managed, scalable pipeline with minimal infrastructure management while meeting the 50 GB and 4-hour constraint. AWS Step Functions provides a serverless orchestration layer that can coordinate parallel processing steps, retries, and error handling without managing clusters or tuning long-running compute.

Using Amazon Comprehend for PII detection fulfills the requirement to remove customer PII in a managed and consistent way. Step Functions can coordinate Comprehend calls at scale and route sanitized outputs into the embedding step. Generating embeddings with Amazon Bedrock keeps the entire workflow within AWS managed services, eliminates the need to maintain custom embedding models, and supports consistent vector representations for downstream retrieval.

Direct integration with Amazon OpenSearch Serverless provides a low-operations vector store that can handle large-scale indexing and similarity search without cluster sizing, node maintenance, or shard management. This aligns strongly with the requirement for least operational overhead and supports growth beyond the initial 50 GB corpus. Step Functions can batch and parallelize ingestion into OpenSearch Serverless to meet the 4-hour completion goal in a cost-effective manner by controlling concurrency, chunk sizes, and failure handling.

Option A can be difficult and costly at this scale because Lambda concurrency and per-invocation overhead can become complex to tune for 50 GB within 4 hours. Option B introduces SageMaker Processing and embedding model management, increasing operational complexity. Option C requires EMR cluster management and tuning, which is the opposite of minimal overhead.

Therefore, Option D is the most operationally efficient, scalable, and managed approach to build the required PII-sanitized embedding pipeline for a RAG corpus.

Option A is the best solution because it satisfies streaming, token control, and retry requirements while keeping operational overhead low by using fully managed, serverless AWS services. Amazon API Gateway HTTP APIs provide a lightweight, cost-effective front door for APIs and integrate cleanly with AWS Lambda for request processing and security controls.

AWS Lambda response streaming allows the API to begin returning content to the client as soon as partial model output is available, reducing perceived latency and improving user experience for long responses. Using Lambda as the integration layer also provides a centralized place to enforce token-aware request handling, such as rejecting oversized requests, truncating optional context, or applying consistent limits across users and tenants to manage compute usage.

Retry logic is best handled in the client or integration layer for transient failures such as timeouts and throttling. Lambda can implement controlled retries with exponential backoff and jitter, while API Gateway timeouts help bound request lifetimes and prevent hung connections from consuming resources indefinitely. Because the model service is managed, the company avoids infrastructure management and focuses only on request shaping, safety, and resiliency behavior.

Option B is not suitable because client-side polling is not true streaming, front-end token enforcement is insecure and inconsistent, and API Gateway does not provide model-aware retry behavior on its own. Option C introduces container hosting and scaling complexity, which increases operational overhead compared to serverless. Option D can work, but REST APIs are generally heavier than HTTP APIs for this pattern and do not reduce overhead compared to Option A.

Therefore, Option A provides the required streaming and resiliency capabilities with the least infrastructure management effort.

Option C best satisfies the requirements because it combines application-aware observability, metric baselining, anomaly detection, and correlated alerting using fully managed AWS services with minimal operational overhead. Amazon CloudWatch Application Insights is designed to automatically monitor application health by analyzing metrics, logs, and events across EC2-based workloads. This aligns directly with the need to detect intermittent performance issues and deviations from expected behavior.

By publishing custom metrics using the CloudWatch embedded metric format, the application can track generative AI–specific signals such as recommendation quality indicators, token usage, request volume, and response latency from Amazon Bedrock foundation model calls. Adding di mensions such as request type or user segment enables fine-grained visibility into which workloads or customer groups are impacted when recommendation quality degrades.

A critical requirement is detecting degradation compared to established baselines and generating alerts within 10 minutes. CloudWatch anomaly detection automatically builds statistical models of normal behavior for time-series metrics and flags deviations without requiring manually tuned thresholds. This capability is well suited for monitoring foundation model behavior, which can vary subtly over time. When anomalies are detected, CloudWatch alarms can trigger notifications with contextual metric data quickly, meeting the alerting requirement.

CloudWatch Logs Insights complements the metric-based view by enabling log pattern analysis and correlation. Engineers can query application logs and model response logs to identify recurring error patterns or shifts in output behavior that explain why recommendations no longer align with user preferences. Application Insights further correlates metrics and logs to surface probable root causes, reducing mean time to resolution.

The other options lack one or more critical elements. Option A focuses on infrastructure-level metrics without baseline anomaly detection. Option B emphasizes tracing and auditing but does not provide automated performance deviation analysis. Option D offers flexibility but requires significantly more development and operational effort than a native CloudWatch-based solution.

Option B is the correct solution because Amazon Bedrock Knowledge Bases with the RetrieveAndGenerate API provide a fully managed Retrieval Augmented Generation (RAG) capability that directly addresses grounding, citation, and hallucination prevention with the least operational overhead.

Amazon Bedrock Knowledge Bases automatically manage document ingestion, chunking, embedding, retrieval, and ranking from approved data sources. When used with the RetrieveAndGenerate API, the model is constrained to generate responses only from retrieved, approved clinical documentation, significantly reducing the risk of hallucinations or unsupported claims. The API also returns explicit source citations, which satisfies regulatory and clinical transparency requirements without requiring custom comparison or validation logic.

This approach aligns with AWS best practices for healthcare GenAI workloads, where correctness and traceability are critical. Because retrieval and generation are tightly integrated, the system avoids multi-step orchestration, custom verification pipelines, or additional compute layers that would increase latency and maintenance burden.

Option A introduces Amazon Kendra and custom post-processing logic, increasing operational complexity. Option C focuses on entity extraction rather than controlled knowledge grounding and does not guarantee citation or hallucination prevention. Option D requires manual orchestration between retrieval and generation and custom verification logic, which increases development and maintenance effort.

Therefore, Option B delivers accurate, grounded, and cited clinical recommendations with minimal infrastructure and operational overhead.

Option A provides the most complete, AWS-native defense-in-depth solution for protecting against prompt injection attacks while meeting audit and resiliency requirements. Amazon Bedrock guardrails are designed specifically to enforce safety policies on both user inputs and model outputs, including protections against prompt injection and jailbreak attempts.

Setting content filters to high increases sensitivity to malicious or manipulative inputs. Guardrail profiles allow the same guardrail configuration to be applied consistently across multiple Regions, enabling cross-Region inference and failover without configuration drift. This directly satisfies the requirement for regional resilience.

Amazon CloudWatch Logs captures detailed guardrail intervention events, including when content is blocked, modified, or flagged. Custom metrics derived from these logs enable fine-grained auditing, alerting, and reporting on safety enforcement actions. This provides a more detailed audit trail of safety interventions than API-level logs alone.

Option B adds WAF protection but lacks detailed guardrail intervention logging. Option C introduces additional services and custom logic that increase complexity and may miss model-specific injection patterns. Option D references replication concepts that are not aligned with Bedrock guardrail operational models and relies on word filters, which are insufficient against sophisticated prompt injection techniques.

Therefore, Option A best meets the requirements for layered protection, auditability, and cross-Region resilience using managed Amazon Bedrock safety controls.

Option A is the best solution because it directly addresses both observed problems: user-perceived latency and resolver timeouts that occur more frequently for complex prompts. In the current design, an AWS AppSync Lambda resolver is configured with synchronous RequestResponse behavior. That means the client receives nothing until the entire retrieval and generation workflow completes. For longer-running knowledge base queries, this increases the likelihood of hitting request time limits in the synchronous path and creates a poor user experience because the UI appears stalled.

Using AWS Amplify AI Kit to implement streaming responses allows the application to return partial output incrementally as the model produces tokens. This improves perceived responsiveness because users can see the answer forming immediately, even when the full response takes longer. Streaming also reduces the impact of variable model latency and retrieval time because the client no longer waits for a single final payload before rendering content. From a troubleshooting perspective, streaming makes it easier to distinguish “slow generation” from “no response,” and it provides faster feedback during testing of complex questions.

Option B is not sufficient because increasing timeouts and adding retries can worsen load and cost while still producing a stalled UI experience. Retries also risk duplicating requests to the knowledge base and can amplify token usage. Option C introduces an awkward polling model for GraphQL interactions and adds significant operational complexity, while not inherently improving interactivity. Option D adds major architectural changes by replacing the knowledge base RetrieveAndGenerate call path with a different streaming invocation API and introducing a WebSocket layer, which is unnecessary when the goal is primarily to fix timeouts and improve UX within the existing AppSync and Amplify design.

Therefore, streaming through Amplify AI Kit is the most effective and lowest-friction improvement.

Thought for 24s

Option C is the correct solution because it directly addresses both correctness and performance issues by grounding the model’s responses in authoritative product data using Retrieval Augmented Generation. Amazon Bedrock Knowledge Bases are designed to connect foundation models to trusted enterprise data sources, ensuring that generated responses are constrained to known, validated content.

By ingesting the product catalog into a knowledge base, the GenAI application retrieves only products that actually exist in the catalog. This prevents hallucinated or unavailable recommendations, which is a common issue when models rely solely on prompt instructions without retrieval grounding. RAG ensures that the model’s output is based on retrieved facts rather than learned generalizations.

Setting the PerformanceConfigLatency parameter to optimized enables Bedrock to prioritize lower-latency retrieval and inference paths, improving responsiveness for real-time recommendation scenarios. This directly addresses the reported performance issues without requiring provisioned throughput or caching strategies that are ineffective for mostly unique interactions.

Option A improves safety and latency predictability but does not ensure recommendations are limited to valid products. Option B relies on prompt constraints, which are not sufficient to prevent hallucinations. Option D introduces additional validation and caching layers but increases complexity and does not improve generation relevance.

Therefore, Option C best resolves both relevance and latency challenges using AWS-native, low-maintenance GenAI integration patterns.

Option A best meets the combined requirements of low latency, stability, and validated safety controls by using purpose-built Amazon Bedrock features designed for production GenAI operations. The company’s latency target of under 1 second and its observation of degradation during spikes strongly indicate capacity and throughput variability. Provisioned throughput for Amazon Bedrock is intended to deliver more predictable performance by reserving inference capacity for a chosen model, reducing throttling risk and stabilizing response times under load. This directly improves operational consistency across Regions where on-demand capacity can vary.

The requirement to “block unsafe or hallucinated recommendations” is most directly addressed by Amazon Bedrock Guardrails . Guardrails provide managed safety enforcement, including sensitive information controls and configurable content policies. Using semantic denial rules enables the application to prevent unsafe guidance such as dangerous brewing temperatures or other harmful procedural instructions, enforcing safety at the model boundary rather than relying on downstream filtering.

The remaining requirement is “99.5% output consistency for identical inputs.” While generative models can be probabilistic, production systems achieve practical consistency by controlling prompt versions, inputs, and policy behavior. Amazon Bedrock Prompt Management supports controlled prompt lifecycle practices, including versioning and approval workflows, which reduce unintended drift across deployments and Regions. By ensuring the same approved prompt templates and parameters are used consistently, the company can materially improve repeatability for the same structured inputs and retrieval context, which is essential in multi-stage prompt chains.

The other options are incomplete. B improves experimentation and observability but does not enforce safety controls or stabilize latency. C can improve performance, but it does not provide validated safety enforcement at inference time. D can help retrieval relevance, but it does not address unsafe outputs or inference stability. Therefore, A is the only option that simultaneously targets predictable latency, governance of prompt behavior, and strong safety controls within Amazon Bedrock.

The first option labeled B is the correct solution because it fully satisfies both private connectivity and fine-grained cross-account data governance requirements using AWS-native services.

Creating interface VPC endpoints for Amazon Bedrock runtimes ensures that all inference calls remain on the AWS private network and never traverse the public internet. Running AWS Lambda functions in private subnets enforces network isolation, and using IAM conditions that restrict access to specific VPC endpoints and roles prevents unauthorized inference calls.

For the governed data lake, AWS Lake Formation LF-tag–based access control is the recommended AWS mechanism for enforcing cross-account, column-level permissions. LF-tags allow the company to define data access policies once and apply them consistently across accounts, databases, tables, and even individual columns. This is required for sensitive customer records and is not achievable with S3 bucket policies or IAM alone.

The second option labeled B uses a NAT gateway, which violates the private connectivity requirement. Option C uses public Bedrock endpoints and only database-level grants, which are insufficient. Option D relies on IAM path-based policies, which cannot enforce column-level access and introduces public fallback paths.

Therefore, the first option labeled B is the only solution that meets all networking, security, and data governance requirements.

Option B is the most appropriate solution because it directly uses Amazon Bedrock cross-Region inference profiles, which are designed to provide resilience and load distribution while respecting data residency boundaries. Cross-Region inference profiles allow applications to distribute inference requests across multiple Regions within a defined geographic boundary, such as Europe or North America, without requiring custom failover logic.

By specifying geographical codes in the inference profile ID, the application ensures that European user data is processed only within Europe-based Regions, satisfying regulatory requirements. At the same time, Bedrock automatically routes requests to healthy Regions within that geography when traffic spikes or service quotas are reached, improving availability and maintaining low latency.

Using separate Amazon API Gateway HTTP APIs for Europe and North America provides a clean, simple routing layer that directs users to the appropriate regional inference profile. This avoids complex custom routing or retry logic in application code and minimizes operational overhead.

Option A relies on custom routing and manual monitoring, which increases complexity and does not provide automatic resilience. Option C introduces custom retry and fallback logic that risks violating data residency requirements if misconfigured. Option D requires significant application-level failover logic and adds operational burden with Global Accelerator configuration.

Therefore, Option B best meets the requirements for low latency, data residency compliance, resilience during traffic spikes, and minimal operational complexity.

Option A is the correct solution because it provides proactive, model-aware token management with fine-grained visibility and alerting, which is required for regulated financial workloads. Amazon Bedrock currently exposes token usage metrics after invocation, but it does not natively enforce proactive, model-specific token limits across multiple applications or business units.

By implementing model-specific tokenizers in AWS Lambda, the company can estimate input and output token usage before sending requests to Amazon Bedrock. This enables early detection of requests that are approaching or exceeding model limits and allows the application to block, truncate, or reroute requests proactively rather than reacting to failures.

Publishing token usage metrics to Amazon CloudWatch enables real-time monitoring and alerting at scale, easily supporting more than 5,000 requests per minute. Storing detailed token usage data in Amazon DynamoDB allows the company to attribute usage and costs to specific applications, teams, or business units—an essential requirement for regulatory reporting and internal chargeback.

Option B is incorrect because Amazon Bedrock Guardrails do not currently provide token quota enforcement or proactive token alerts. Option C is reactive and only analyzes failures after they occur. Option D throttles requests but cannot enforce token-based limits or provide per-model cost attribution.

Therefore, Option A best satisfies proactive alerting, scalability, compliance reporting, and cost allocation requirements with acceptable operational effort.

Option B is the correct solution because it uses native AWS governance, access control, and auditing capabilities to protect PII while enabling controlled FM access to authorized data subsets. AWS Lake Formation is designed specifically to manage fine-grained permissions for data lakes, including column-level access control, which is critical when handling sensitive financial and PII data.

LF-Tags allow data administrators to define scalable, attribute-based access control policies. By tagging databases, tables, and columns with business unit and Region metadata, the company can enforce policies that ensure the foundation model only accesses approved datasets with PII-redacted columns. This eliminates the risk of sensitive data leaking into production inference workflows.

IAM role-based authentication ensures that the FM accesses data using least-privilege credentials. This integrates cleanly with Amazon Bedrock, which supports IAM-based authorization for service-to-service access. AWS CloudTrail provides immutable audit logs for all access attempts, satisfying compliance and regulatory requirements.

Option A introduces unnecessary data duplication and weak governance controls. Option C relies on custom application logic, increasing operational risk and complexity. Option D bypasses Lake Formation’s fine-grained controls and relies on presigned URLs, which reduces governance visibility and control.

Therefore, Option B best meets the requirements for security, compliance, scalability, and auditability when integrating Amazon Bedrock with a Lake Formation–governed data lake.

Amazon Bedrock Prompt Management is the purpose-built service for prompt lifecycle management. it provides native version control , allowing developers to test and compare variants side-by-side. Use of parameterized variables ensures that a single prompt structure can be consistently reused across different sub-applications (assistants vs. graders) while still being tailored to the specific context. To " integrate into the main application " with minimal overhead, Amazon Bedrock Flows provide a managed orchestration layer. Flows allow developers to link managed prompts with AWS services (like knowledge bases or Lambda functions) without writing complex state-machine logic in Step Functions (Option B). This combination ensures consistent, auditable, and easily deployable prompt assets across the university ' s diverse use cases.

Option B is the correct solution because Amazon Bedrock Prompt Management is purpose-built to manage, govern, and standardize prompt usage at scale across teams and Regions. It provides native version control, allowing teams to track prompt changes over time and ensure that only approved versions are used in production workflows.

Prompt Management supports approval workflows that align with enterprise governance requirements. Approval permissions can be enforced through IAM policies, ensuring that only authorized reviewers can approve or publish prompt versions. This removes the need for custom workflow engines or external storage systems, significantly reducing operational overhead.

Parameterized prompt templates enable consistent prompt structure while allowing controlled variation through defined variables. This ensures consistent quality standards and reduces prompt drift, which is critical when hundreds of prompts are reused across multiple applications and teams.

AWS CloudTrail integrates natively with Amazon Bedrock to provide immutable audit logs for prompt creation, updates, approvals, and usage. These detailed audit trails satisfy compliance requirements and allow security and governance teams to trace prompt activity across Regions and users.

Option A requires significant custom development to coordinate approvals and maintain state. Option C relies on general-purpose workflow services and manual versioning mechanisms that are error-prone and difficult to scale. Option D uses services not designed for large-scale GenAI prompt governance and introduces unnecessary complexity.

Therefore, Option B best meets the requirements for scalable, auditable, and low-overhead governance of AI-generated content using Amazon Bedrock.

Option B best meets all stated requirements by correctly combining PII protection , evaluation before launch , and data residency compliance using Amazon Bedrock Guardrails. Amazon Bedrock guardrails provide native sensitive information filtering that operates inline during model invocation, making them well suited for preventing personal data exposure in customer-facing AI assistants.

The requirement to evaluate how effective the AI assistant is at preventing exposure before release is best addressed by using mask mode during development and testing . Mask mode allows responses to be generated while automatically redacting detected personal information, making it easy for developers and reviewers to see where and how PII would have appeared. This provides concrete validation that the guardrail rules are correctly configured without fully blocking responses, which is ideal for quality assurance and pre-production evaluation.

For production , switching the guardrail to block mode ensures that responses containing personal information are fully prevented from being returned to users. This offers the strongest protection and aligns with compliance expectations for customer account data. Block mode is appropriate once confidence in the guardrail configuration has been established during testing.

The data residency requirement is addressed by deploying a copy of the guardrail in each AWS Region where the application operates. Amazon Bedrock guardrails are Region-specific resources, and using Region-local guardrails ensures that inference, filtering, and enforcement all occur within the same Region as the customer data. This avoids cross-Region processing and helps the company comply with regulatory and contractual data residency policies.

Option A and D incorrectly rely on cross-Region guardrails, which can violate data residency constraints. Option C focuses on topic filtering rather than sensitive information filtering and keeps detect mode enabled in production, which does not actively prevent PII exposure. Therefore, B is the only option that fully satisfies safety, compliance, and evaluation requirements.

Option B is the best solution because hierarchical chunking is specifically designed to preserve broader semantic context while still enabling precise retrieval at paragraph or sub-paragraph granularity. The problem described—answers citing irrelevant sections when a query spans multiple paper sections—often occurs when chunks are either too small (losing cross-paragraph context) or too “flat” (retrieving isolated snippets without their surrounding rationale).

In a scientific paper, related information is frequently distributed across methodology, results, and discussion. Flat, fixed-size chunking (Option A) can split these logically connected ideas into separate chunks, causing retrieval to surface fragments that match a term but not the full intent. Semantic chunking (Option C) improves boundary placement, but it does not inherently provide a multi-resolution structure that helps preserve section-level continuity at massive scale.

Hierarchical chunking solves this by creating parent chunks (larger context windows) that capture broader section context and child chunks (smaller units) that retain retrieval precision. When the retriever identifies relevant child chunks, it can also bring in the associated parent context so the foundation model sees the surrounding methodological or discussion framing. The defined overlaps further reduce the risk that key transitions or references are split across chunks.

This approach is well suited for a corpus of 25 million papers because it improves relevance without requiring a custom reranking model or a manual preprocessing pipeline. It remains operationally efficient because it is configured at the knowledge base level rather than implemented through custom code per document.

Option D introduces high operational complexity and inconsistent document handling at scale. Therefore, Option B best meets the requirement to preserve semantic context across related paragraphs and improve citation relevance across scientific paper sections.

Option B best fulfills all functional, scalability, and collaboration requirements by combining purpose-built AWS services with Amazon Bedrock capabilities. Amazon Bedrock Data Automation is designed to orchestrate large-scale, multimodal data processing pipelines and integrates naturally with foundation models for summarization and concept extraction. Using BDA to process document files ensures consistent preprocessing and model invocation at scale, which is essential for handling more than 10,000 sources per day with high concurrency.

Integrating Amazon Textract for PDFs enables accurate extraction of structured and unstructured text from scanned and digital documents, while Amazon Transcribe is the appropriate service for converting recorded videos into text for downstream semantic analysis. These services are optimized for their respective media types and feed clean, normalized inputs into Bedrock foundation models, improving the quality of contextual summaries.

Storing processed content in Amazon S3 with versioning enabled directly addresses the requirement for version control. S3 versioning provides immutable object history and rollback capabilities without additional complexity. Metadata storage in Amazon DynamoDB supports high-throughput, low-latency access patterns and scales automatically to handle peak upload concurrency.

Real-time collaboration is achieved through AWS AppSync GraphQL subscriptions combined with DynamoDB. AppSync enables real-time updates to connected clients whenever study materials are created or modified, making it well suited for collaborative editing and live synchronization. DynamoDB streams integrate seamlessly with AppSync to propagate changes efficiently.

The other options misuse services or fail to meet key requirements. Amazon SNS does not support collaborative state synchronization, Amazon DocumentDB is not optimized for versioned document storage, Amazon Neptune is unsuitable for document-centric workloads, and Amazon ElastiCache is not designed for durable storage or version control. Option B aligns with AWS best practices for scalable, multimodal generative AI systems built on Amazon Bedrock.

Option B best meets the requirements because it provides systematic diagnosis, measurable comparison, and historical traceability of prompt performance. By placing prompts under version control and testing them against complex clinical documents, the company can consistently reproduce issues, track regressions, and compare prompt behavior using quantifiable metrics such as factual accuracy, completeness, and consistency. Automated testing ensures scalability and repeatability, while version history preserves prompt evolution over time.

Option A lacks objective metrics and does not address complex documents. Option C focuses on live traffic experimentation but does not inherently diagnose prompt inconsistencies or preserve detailed historical evaluations. Option D adds medical entity analysis but introduces unnecessary service coupling and does not provide robust prompt version history or automated comparative benchmarking. Therefore, Option B is the most complete and disciplined solution.

Option D is the correct solution because Amazon Q Developer customizations are designed to incorporate organization-approved knowledge and coding guidance without requiring per-project changes. A customization can point Amazon Q Developer to curated internal sources such as approved libraries, coding standards, architectural patterns, and proprietary techniques. This allows the assistant’s suggestions to align with company policies and preferred implementations consistently across teams and repositories.

The key requirement is that the company does not want to make project-level modifications. Options A, B, and C all require adding files or repositories into the project workspace, which directly violates this constraint. They also rely on developer behavior to “use workspace context,” which is harder to enforce and can lead to inconsistent adherence to standards.

With a customization, the organization centrally manages and updates approved resources. This reduces operational overhead because updates to libraries, patterns, or guidelines propagate automatically to developers using the customization, without requiring changes to each project. This is especially valuable for a new team, where consistent enforcement of approved practices is important to reduce compliance risk, security issues, and inconsistent code style.

Additionally, customizations support governance by allowing the company to standardize how Amazon Q Developer responds, ensuring that suggestions reflect approved internal content rather than generic public patterns.

Therefore, Option D best satisfies the requirement for centralized enforcement of approved resources with minimal ongoing management and no project-level modifications.

Option B is correct because the application is currently invoking the base foundation model identifier, which routes traffic to the on-demand capacity pool rather than the company’s purchased provisioned throughput. In Amazon Bedrock, provisioned throughput is attached to a specific provisioned resource created through the provisioned throughput APIs. To consume that reserved capacity, inference requests must target the provisioned resource identifier that represents the purchased throughput, not the generic model identifier used for on-demand inference.

The code snippet uses modelId= " anthropic.claude-v2 " . This value selects the on-demand endpoint for that model. As a result, requests are subject to on-demand quotas and throttling behavior, while the provisioned throughput remains idle. This directly explains the CloudWatch observation: provisioned capacity metrics show unused capacity because no traffic is being directed to the provisioned resource, and the on-demand path is throttling because it is exceeding the applicable on-demand limits during peak volume.

Replacing the modelId value with the provisioned throughput ARN returned by the CreateProvisionedModelThroughput workflow ensures the runtime invocation is routed to the reserved capacity. Once traffic is directed correctly, the purchased model units provide the consistent throughput required for predictable performance during business hours, which is exactly why provisioned throughput is used.

Option A could increase capacity, but it does not fix the core issue that the application is not using the provisioned resource at all. Option C can reduce the impact of throttling temporarily, but it adds latency and does not guarantee consistent throughput; it also still wastes the provisioned capacity. Option D changes the response delivery mechanism, but throttling is a capacity routing and quota issue, not a streaming API issue.