AIP-C01 Domain 4: Security, Testing, and Governance for GenAI Applications

What is the MOST appropriate AWS solution to encrypt prompts/responses at rest in logs?

Multiple choice — select one answer

Answer choices

  1. a. IAM policies scoped to model ARNs
  2. b. Amazon Bedrock Guardrails
  3. c. KMS for CloudWatch Logs and S3
  4. d. Automated evaluation datasets in pipeline

Architectural breakdown & explanation

Encryption protects logged interactions.

Correct answer(s): c. KMS for CloudWatch Logs and S3

Exam domain: Domain 4: Security, Testing, and Governance for GenAI Applications (24% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Generative AI Developer – Professional bank. Run a full timed practice exam with domain-weighted random questions in your browser.