Amazon Web Services Updated AIP-C01 Exam Questions and Answers by cassidy

Option C directly addresses both retrieval relevance and performance scalability. Fixed token chunking breaks semantic continuity in legal texts, causing incomplete context retrieval and degraded response quality. By switching to semantic chunking—based on legal arguments, clauses, or sections—the application preserves contextual integrity, improving retrieval accuracy and reducing hallucinations.

Regenerating embeddings aligned with the new chunk structure also improves vector search efficiency, reducing unnecessary comparisons and helping control latency as the dataset scales.

Option A increases cost and latency without fixing the core issue. Option B removes dynamic reasoning, which defeats the purpose of a legal RAG system. Option D discards vector semantics entirely and is unsuitable for nuanced legal research. Therefore, Option C is the correct and scalable solution.

Option A is the correct solution because it satisfies authentication, private connectivity, fine-grained authorization, and auditing using AWS-recommended patterns.

SAML federation between Microsoft Entra ID and IAM is a mature, well-supported integration that enables centralized enterprise authentication. Department-specific IAM roles allow precise control over which Bedrock ModelId values each department can invoke, enforcing access by model family.

Using AWS PrivateLink interface VPC endpoints for Amazon Bedrock runtime services ensures that all inference traffic stays on private AWS network paths, with no public internet exposure. NAT gateways and public endpoints, as used in other options, violate this requirement.

AWS CloudTrail provides authoritative audit logs of all Bedrock API calls, which is required for compliance. Amazon Bedrock model invocation logging complements CloudTrail by capturing detailed prompt and response metadata for deeper auditing and investigation.

Option B uses public endpoints via NAT. Option C incorrectly claims public endpoints can be private. Option D relies on IdP-side logs, which do not capture Bedrock API activity.

Therefore, Option A is the only solution that fully meets security, compliance, and observability requirements.

Option C is the correct solution because it directly addresses both correctness and performance issues by grounding the model’s responses in authoritative product data using Retrieval Augmented Generation. Amazon Bedrock Knowledge Bases are designed to connect foundation models to trusted enterprise data sources, ensuring that generated responses are constrained to known, validated content.

By ingesting the product catalog into a knowledge base, the GenAI application retrieves only products that actually exist in the catalog. This prevents hallucinated or unavailable recommendations, which is a common issue when models rely solely on prompt instructions without retrieval grounding. RAG ensures that the model’s output is based on retrieved facts rather than learned generalizations.

Setting the PerformanceConfigLatency parameter to optimized enables Bedrock to prioritize lower-latency retrieval and inference paths, improving responsiveness for real-time recommendation scenarios. This directly addresses the reported performance issues without requiring provisioned throughput or caching strategies that are ineffective for mostly unique interactions.

Option A improves safety and latency predictability but does not ensure recommendations are limited to valid products. Option B relies on prompt constraints, which are not sufficient to prevent hallucinations. Option D introduces additional validation and caching layers but increases complexity and does not improve generation relevance.

Therefore, Option C best resolves both relevance and latency challenges using AWS-native, low-maintenance GenAI integration patterns.

Option B is the correct solution because it uses native AWS governance, access control, and auditing capabilities to protect PII while enabling controlled FM access to authorized data subsets. AWS Lake Formation is designed specifically to manage fine-grained permissions for data lakes, including column-level access control, which is critical when handling sensitive financial and PII data.

LF-Tags allow data administrators to define scalable, attribute-based access control policies. By tagging databases, tables, and columns with business unit and Region metadata, the company can enforce policies that ensure the foundation model only accesses approved datasets with PII-redacted columns. This eliminates the risk of sensitive data leaking into production inference workflows.

IAM role-based authentication ensures that the FM accesses data using least-privilege credentials. This integrates cleanly with Amazon Bedrock, which supports IAM-based authorization for service-to-service access. AWS CloudTrail provides immutable audit logs for all access attempts, satisfying compliance and regulatory requirements.

Option A introduces unnecessary data duplication and weak governance controls. Option C relies on custom application logic, increasing operational risk and complexity. Option D bypasses Lake Formation’s fine-grained controls and relies on presigned URLs, which reduces governance visibility and control.

Therefore, Option B best meets the requirements for security, compliance, scalability, and auditability when integrating Amazon Bedrock with a Lake Formation–governed data lake.