Cert-Pass
Log in Sign up
arrow_back Cert

AWS AWS Certified AI Practitioner AIF-C01

🔥 0 streak
0%
timer Mock Exam lock Pro menu_book Course description 3-Page download Free
menu_book

AWS Certified AI Practitioner AIF-C01

Compressed Course

AWS Certified AI Practitioner (AIF-C01) — Complete Exam-Focused Study Guide

Purpose: A compressed but complete course for preparing for the AWS Certified AI Practitioner (AIF-C01) exam.
Study method: Learn the decision rules first, then use the question bank for repetition and scenario practice.
Alignment: This guide is aligned to the AWS AIF-C01 exam guide revision published on April 30, 2026 and distilled from the accompanying 1,100-question practice bank.


Table of Contents

  1. Exam Overview
  2. Exam Domains
  3. Start-to-Finish Study Path
  4. Core Concepts by Domain
  5. Service Selection Guide
  6. Architecture Patterns
  7. Exam Traps and Elimination Rules
  8. Quick Memory Rules
  9. Final Revision Notes
  10. Exam-Day Checklist
  11. Official References

1. Exam Overview

1.1 What the certification validates

AWS Certified AI Practitioner (AIF-C01) is a foundational certification. It tests whether you can:

  • Explain AI, machine learning (ML), generative AI (GenAI), foundation model (FM), and agentic AI concepts.
  • Match a business problem to the most suitable AI technique or AWS service.
  • Recognize when a traditional deterministic solution is better than AI.
  • Compare traditional ML with foundation-model approaches.
  • Select sensible GenAI patterns such as prompt engineering, Retrieval Augmented Generation (RAG), fine-tuning, model distillation, and agents.
  • Recognize responsible-AI, security, compliance, and governance controls.
  • Reason about tradeoffs: quality, latency, cost, explainability, safety, operational overhead, and regulatory requirements.

This exam is not a coding exam. You are not expected to implement ML algorithms, tune advanced models, or build infrastructure from scratch. Most questions are business scenarios that ask for the best-fitting service, approach, metric, or control.

1.2 Exam format

The current exam guide states:

Item Details
Scored questions 50
Unscored questions 15
Total questions presented 65
Passing score 700 on a 100–1,000 scale
Scoring model Compensatory: you pass based on the overall score
Question styles Multiple choice, multiple response, ordering, matching
Guessing No penalty for guessing

Practical consequence: answer every question. You do not need to be perfect in every domain, but Domains 2 and 3 deserve extra attention because they represent more than half of the scored exam.

1.3 How to think during the exam

For each scenario, identify five things:

  1. Business outcome: classification, forecast, summary, recommendation, search, automation, document extraction, security control, audit evidence, or governance.
  2. Data type: tabular, text, image, audio, documents, embeddings, private enterprise knowledge, or user interactions.
  3. Response-time need: nightly, interactive, long-running asynchronous, or unpredictable intermittent traffic.
  4. Risk level: public content, regulated decision, sensitive data, user-facing answer, or agent with tool access.
  5. Simplest suitable AWS option: prefer the managed service or lightweight pattern that directly meets the stated requirement.

A common mistake is choosing the most powerful or fashionable option. The exam rewards the smallest correct solution, not the most complex architecture.


2. Exam Domains

Domain Official weight Main focus
Domain 1: Fundamentals of AI and ML 20% Core AI/ML concepts, techniques, inference types, managed AI services, ML lifecycle, metrics
Domain 2: Fundamentals of GenAI 24% Tokens, embeddings, context engineering, FMs, limitations, agents, AWS GenAI services, cost tradeoffs
Domain 3: Applications of Foundation Models 28% FM selection, RAG, vectors, prompting, customization, model evaluation, agent evaluation
Domain 4: Guidelines for Responsible AI 14% Fairness, bias, robustness, safety, explainability, human review, legal and trust risks
Domain 5: Security, Compliance, and Governance for AI Solutions 14% IAM, encryption, privacy, prompt security, logging, governance, compliance evidence, data lifecycle

Recommended study priority

  1. Domain 3 first: RAG, prompts, FM selection, evaluation, and customization.
  2. Domain 2 second: GenAI foundations, cost, context engineering, and agent concepts.
  3. Domain 1 third: traditional ML foundations and service selection.
  4. Domains 4 and 5 together: responsible AI, security, compliance, and governance.

3. Start-to-Finish Study Path

Phase 1 — Build the mental model

Study these concepts until you can explain them without notes:

  • AI vs ML vs deep learning vs GenAI vs agentic AI
  • Classification vs regression vs clustering
  • Supervised vs unsupervised vs reinforcement learning
  • Batch vs real-time vs asynchronous vs serverless inference
  • Tokens, chunks, embeddings, vectors, context windows
  • Prompt engineering vs RAG vs fine-tuning vs pre-training vs distillation
  • Hallucination, nondeterminism, bias, robustness, explainability
  • Least privilege, encryption, data lineage, logging, retention, residency

Phase 2 — Memorize the service map

Learn services in families rather than isolated definitions:

  • Text and language: Amazon Comprehend, Amazon Translate, Amazon Lex
  • Speech: Amazon Transcribe, Amazon Polly
  • Images and documents: Amazon Rekognition, Amazon Textract
  • Personalization: Amazon Personalize
  • ML platform: Amazon SageMaker AI, SageMaker JumpStart
  • Foundation models and GenAI: Amazon Bedrock, Amazon Nova
  • Agents and development: Amazon Bedrock AgentCore, Strands Agents, Kiro, Amazon Q, AWS Transform
  • Business work and analytics: Amazon Quick
  • Security: IAM, AWS KMS, Amazon Macie, AWS Secrets Manager, AWS PrivateLink
  • Governance and auditing: AWS CloudTrail, AWS Config, AWS Audit Manager, AWS Artifact, Amazon Inspector, AWS Trusted Advisor

Phase 3 — Learn decision rules

Do not memorize long definitions only. Memorize the condition that causes you to select a service or architecture.

Example:

  • “Recorded call to text” → Amazon Transcribe
  • “Text read aloud” → Amazon Polly
  • “Scanned invoice tables and fields” → Amazon Textract
  • “Objects in an image” → Amazon Rekognition
  • “Updated private documents should ground answers” → RAG
  • “Stable behavior or style must change” → Fine-tuning
  • “Agent must call tools safely in production” → AgentCore controls + least privilege
  • “Audit API activity” → AWS CloudTrail
  • “Retrieve AWS compliance reports” → AWS Artifact

Phase 4 — Practice scenario elimination

For each practice question:

  1. Mark the requirement words: real-time, lowest overhead, regulated, private, frequently changing, human review, audit trail, predict numeric value, extract text from documents.
  2. Eliminate answers solving a different category of problem.
  3. Eliminate unnecessarily complex designs.
  4. Check security, cost, and governance tradeoffs.
  5. Choose the answer that satisfies the requirement directly.

Phase 5 — Final revision

In the final review:

  • Re-read the service selection tables.
  • Review the RAG, agentic-AI, and security architecture patterns.
  • Recite the quick memory rules.
  • Practice multiple-response, ordering, and matching questions.
  • Review the April 2026 additions: agentic AI, context engineering, MCP, asynchronous inference, serverless inference, prompt caching, model distillation, LLM-as-a-judge, prompt management, business-alignment metrics, AgentCore security controls, grounding, output validation, and confidence scoring.

4. Core Concepts by Domain

Domain 1: Fundamentals of AI and ML

4.1 AI, ML, deep learning, GenAI, and agentic AI

Concept Meaning Typical exam clue
Artificial intelligence (AI) Broad field of machines performing tasks that usually require human intelligence Umbrella term
Machine learning (ML) Subset of AI where systems learn patterns from data Prediction, classification, forecasting
Deep learning ML using multi-layer neural networks Large-scale complex pattern recognition
Generative AI (GenAI) Models that create new content such as text, images, audio, video, or code Summarization, drafting, generation, conversational answers
Foundation model (FM) Large pre-trained model adaptable to multiple tasks Reuse, prompting, RAG, fine-tuning
Large language model (LLM) FM focused on language tasks Text generation, question answering, summarization
Agentic AI AI that reasons about goals, uses tools, manages steps, and performs workflows Multi-step execution, tool calls, memory, orchestration

Decision rule

  • Need a predicted label or number from structured data? Start with traditional ML.
  • Need generated content, conversational responses, flexible summarization, or language reasoning? Consider an FM.
  • Need goal-oriented multi-step execution with tools? Consider agentic AI.
  • Need a guaranteed exact result from fixed rules? Use a rules-based system, not AI.

4.2 Learning types

Learning type Training signal Good use case Common trap
Supervised learning Labeled examples Fraud / not fraud, route ticket to team, predict price Choosing it when no labels exist
Unsupervised learning Unlabeled data Customer segmentation, article grouping Confusing clustering with classification
Reinforcement learning Rewards and penalties for actions Sequential decisions, agent behavior improvement Confusing it with ordinary classification

4.3 Core ML techniques

Technique Output Scenario example
Classification Discrete category Approve vs review; spam vs legitimate
Regression Numeric value Sales forecast; demand amount; price estimate
Clustering Natural groupings without predefined labels Segment customers; group similar documents

Fast elimination rule

  • Output is a category → classification.
  • Output is a number → regression.
  • Goal is to discover groups without labels → clustering.

4.4 Inference patterns

Pattern Best fit Example Trap
Batch inference Large set of predictions on a schedule Overnight inventory forecast Paying for real-time when no user is waiting
Real-time inference Immediate interactive response Fraud check during payment authorization Using nightly batch for an online request
Asynchronous inference Long-running request, caller can retrieve result later Large document processing Forcing long workloads into synchronous endpoints
Serverless inference Intermittent or unpredictable traffic with reduced capacity management Low-volume prototype or sporadic API traffic Provisioning an oversized always-on endpoint

4.5 Data concepts

Data concept Meaning Examples
Structured data Defined schema Relational rows, transaction tables
Unstructured data No fixed tabular structure Emails, documents, images, audio
Labeled data Target outcome is known Fraud / not fraud records
Unlabeled data No target label Raw purchase histories for clustering
Time-series data Values ordered over time Demand, sensor readings, sales
Training Learning or adapting model parameters from data Model-building stage
Inference Applying a trained model to new inputs Prediction or generation stage

4.6 Traditional ML or FM?

Choose traditional ML when:

  • The task is narrow and predictive.
  • Outputs must be explainable or tightly controlled.
  • The organization has labeled historical data.
  • Cost, latency, or operational constraints favor a smaller model.
  • Regulatory reviewers need a clear prediction rationale.

Choose an FM when:

  • The task involves language generation, summarization, flexible content creation, or open-ended interaction.
  • A single adaptable model can support several related tasks.
  • Prompting, RAG, or light customization is sufficient.

Exam trap

Do not choose an FM automatically because the scenario mentions AI. A regulated numeric credit-risk prediction may be better served by traditional ML than by a general-purpose FM.

4.7 AI/ML lifecycle

A practical lifecycle:

  1. Define the business objective and success metric.
  2. Collect and review data.
  3. Prepare data and features or context.
  4. Select a model or service.
  5. Train or customize only if needed.
  6. Evaluate technical and business performance.
  7. Deploy.
  8. Monitor quality, drift, cost, safety, and user feedback.
  9. Retrain, refine, or replace when required.

MLOps essentials

MLOps is about repeatability and production readiness:

  • Experiments should be traceable.
  • Deployment processes should be repeatable.
  • Monitoring should continue after launch.
  • Drift and changing data can require retraining.
  • Technical debt matters: a quick prototype is not automatically production-ready.

4.8 ML metrics

Metric Use Key question
Accuracy Overall proportion of correct predictions How often was the model correct?
Precision Correct predicted positives / all predicted positives When the model flags something, how often is it right?
Recall Correct predicted positives / all actual positives How many true positives did the model find?
F1 score Balance of precision and recall Need one metric for an imbalanced problem
Business metrics ROI, customer feedback, cost per user, task completion Does the system create business value?

Precision vs recall

  • False positives are costly → prioritize precision.
  • Missing true positives is costly → prioritize recall.
  • Need balance, especially with imbalance → use F1 score.

Domain 2: Fundamentals of GenAI

4.9 Core GenAI vocabulary

Concept Meaning Exam relevance
Token Unit of text processed by a model Input and output tokens affect inference cost and sometimes latency
Chunk Smaller passage split from a larger document Improves retrieval focus and context management
Embedding Numeric vector representation of meaning Enables semantic similarity search
Vector Array of numbers representing an item Used to find semantically similar chunks
Transformer Common architecture behind modern LLMs Understand at a conceptual level
Multimodal model Model handling more than one modality Text + image, or other combinations
Diffusion model Common approach for image generation Distinguish generation from classification
Context window Amount of input and output a model can handle Long documents and prompt design
Prompt Instruction and context sent to the model Main control surface for behavior
Context engineering Designing the information supplied to an FM System instructions, retrieved content, tools, memory, examples

4.10 Token economics

Many FM inference workloads are priced partly by input and output tokens.

Cost-reduction rules:

  • Remove irrelevant context.
  • Chunk documents well.
  • Retrieve only useful passages.
  • Limit maximum output length.
  • Reuse repeated prompt prefixes when prompt caching is appropriate.
  • Choose the smallest suitable model.
  • Measure cost per interaction and business value.

Exam trap

More tokens do not automatically mean better quality. Duplicated context can increase cost, latency, and confusion.

4.11 Context engineering

Context engineering is broader than writing a single prompt. It includes:

  • System instructions
  • User requests
  • Retrieved documents
  • Examples
  • Conversation history
  • Agent memory
  • Tool descriptions
  • Tool outputs
  • Security boundaries
  • Output format constraints

Decision rule

  • Prompt wording problem → improve prompt engineering.
  • Missing or outdated knowledge problem → improve retrieval and grounding.
  • Agent forgets useful prior context → add appropriate memory.
  • Agent needs external action or data → connect a controlled tool, often through an agent pattern or MCP-compatible interface.

4.12 Agentic AI concepts

An agent does more than generate text. It can:

  • Interpret a goal.
  • Plan steps.
  • Select approved tools.
  • Call tools and inspect results.
  • Use memory.
  • Coordinate with other agents.
  • Continue until the task is complete or requires human intervention.

Model Context Protocol (MCP)

MCP is relevant when agents need standardized connections to external systems or tools. For the exam, remember:

  • MCP is about connecting agents to tools and external systems.
  • MCP does not replace IAM, authorization, input validation, or monitoring.
  • Tool access should remain tightly scoped.

Multi-agent patterns

Pattern Best fit
Specialist agents Different agents handle research, analysis, approval, or execution
Agent-as-tool One agent invokes another specialist agent
Workflow orchestration Steps occur in a controlled sequence
Collaboration Agents exchange information to solve a complex problem

Exam trap

Do not use agents when a single deterministic API call or a simple prompt is enough. Agents add capability but also introduce cost, latency, security, and observability requirements.

4.13 GenAI advantages and limitations

Advantages

  • Flexible content generation
  • Conversational interfaces
  • Summarization and transformation
  • Faster experimentation
  • Reusable capabilities across tasks
  • Assistance with code, search, research, and customer support

Limitations

Limitation Meaning Mitigation
Hallucination Fluent but unsupported or inaccurate output RAG grounding, validation, citations, confidence scoring, human review
Nondeterminism Same prompt can produce different outputs Lower temperature, test ranges, evaluate representative inputs
Interpretability limits Hard to explain exactly why output was generated Human review, documentation, transparent design, appropriate model choice
Bias Unequal outcomes or problematic generated content Curated data, subgroup analysis, monitoring, safeguards
Cost variability Tokens and request patterns affect cost Measure usage, limit context, use caching, select suitable model

4.14 Foundation-model lifecycle

  1. Define the business problem.
  2. Select representative data and approved knowledge sources.
  3. Choose a model based on modality, quality, latency, cost, context length, regional availability, and compliance.
  4. Start with the lightest customization method.
  5. Evaluate with technical and business metrics.
  6. Deploy securely.
  7. Gather feedback.
  8. Monitor cost, safety, quality, and user satisfaction.
  9. Iterate.

4.15 AWS GenAI ecosystem

AWS offering Best-fit clue
Amazon Bedrock Managed access to foundation models and GenAI building blocks
Amazon Nova AWS family of foundation models
Amazon SageMaker AI ML development, training, deployment, and operational workflows
SageMaker JumpStart Discover and deploy pre-trained models and solution templates
Amazon Bedrock AgentCore Build, deploy, connect, secure, observe, and evaluate production agents
Strands Agents Open-source SDK for building agents with a model-driven approach
Kiro Agentic coding service that turns prompts into specifications, code, tests, and documentation
Amazon Q AI assistance for work and AWS or developer productivity use cases
Amazon Quick AI assistant for work, BI, dashboards, research, knowledge, and automation
AWS Transform Agentic AI service for accelerating migration and modernization of infrastructure, applications, and code

Domain 3: Applications of Foundation Models

4.16 FM selection criteria

Do not select a model based only on reputation or size. Evaluate:

Criterion Why it matters
Modality Does the model need text, image, audio, or multimodal capability?
Quality Does it meet task-specific acceptance thresholds?
Latency Is it suitable for interactive use?
Cost Are token and capacity costs justified?
Context length Can it process the needed input and output size?
Multilingual support Does it support the required languages?
Complexity and size Is a smaller model sufficient?
Customization support Does it support the required tuning or adaptation path?
Prompt caching Can repeated context be reused to reduce repeated processing?
Regional availability Is the model available where data and compliance requirements demand?
Governance Can the application be evaluated, monitored, and controlled appropriately?

Exam rule

“The largest model” is rarely the correct default. Select the smallest suitable model that meets quality, latency, cost, and compliance requirements.

4.17 Inference parameters

Parameter Effect Use carefully when
Temperature Controls randomness and creativity Lower for consistency; higher for diverse brainstorming
Maximum output length Limits response length and token usage Control verbosity, latency, and cost
Input context length Amount of context supplied Balance relevance against token cost and distraction
Prompt caching Reuse stable repeated prompt content Large repeated prefixes or instructions recur across requests

Temperature memory rule

  • Low temperature = more stable, consistent, less creative.
  • High temperature = more varied, creative, less predictable.

4.18 Retrieval Augmented Generation (RAG)

RAG grounds a model using retrieved content at inference time.

Standard RAG flow

  1. Collect approved documents.
  2. Split documents into meaningful chunks.
  3. Generate embeddings.
  4. Store embeddings in a vector-capable data store.
  5. Convert a user query into an embedding.
  6. Retrieve semantically relevant chunks.
  7. Add retrieved content to the model context.
  8. Generate an answer grounded in that context.
  9. Provide citations or source references when appropriate.
  10. Evaluate answer quality and retrieval relevance.

Use RAG when

  • Knowledge changes frequently.
  • Answers must reference private enterprise content.
  • Users need grounded responses.
  • Repeated fine-tuning for changing facts would be inefficient.
  • Source citations improve trust.

Do not assume RAG solves everything

RAG can still fail if:

  • Poor chunks are retrieved.
  • The source documents are wrong or outdated.
  • Access control is weak.
  • Retrieved text contains malicious instructions.
  • Too much irrelevant context is injected.
  • The model ignores or misinterprets evidence.

RAG services and storage

Need AWS option
Managed grounding workflow with Bedrock Knowledge Bases for Amazon Bedrock
Vector search Amazon OpenSearch Service
Relational data plus vector capabilities Amazon Aurora or Amazon RDS for PostgreSQL
Graph-oriented relationships and vector use cases Amazon Neptune

4.19 Prompt engineering

A strong prompt often includes:

  1. Role or purpose
  2. Clear instruction
  3. Relevant context
  4. Constraints
  5. Desired format
  6. Examples when useful
  7. Safety boundaries
  8. A request to acknowledge uncertainty or use sources

Prompting techniques

Technique Meaning Use case
Zero-shot Instruction only, no examples Straightforward task
Single-shot One example Clarify format with low token overhead
Few-shot Several examples Improve consistency for nuanced patterns
Prompt template Reusable prompt with placeholders Repeatable production workflow
Negative prompt State what must not appear Often relevant to image generation
Chain-of-thought-style decomposition Ask for structured step-by-step task handling where appropriate Complex reasoning or workflow planning
Prompt management Version, test, and govern prompts Production changes and repeatability

Amazon Bedrock Prompt Management

Use Prompt Management when the team needs:

  • Versioned prompts
  • Repeatable prompt templates
  • Controlled experimentation
  • Clear rollback paths
  • Governed production releases

Prompt risks

Risk Meaning Control
Prompt injection User or retrieved content tries to override instructions Separate instructions from data, limit tools, validate inputs and outputs, use guardrails
Jailbreaking User attempts to bypass restrictions Guardrails, testing, moderation, monitoring
Prompt poisoning Malicious content influences behavior through data or retrieval Curate sources, scan content, isolate untrusted data
Exposure Sensitive instructions or data leak into outputs Minimize context, redact sensitive data, use access control

4.20 Customization ladder

Start with the least expensive method that meets the requirement.

Method Changes model weights? Best fit Relative effort
Prompt engineering No Improve instructions and output structure Lowest
In-context learning No Add examples or context during inference Low
RAG No Add current or private knowledge at inference Low to medium
Fine-tuning Yes Adapt stable style, format, or task behavior Medium
Continuous pre-training Yes Extend domain knowledge with additional pre-training data High
Model distillation Creates a smaller student model Preserve useful behavior with lower latency or cost Medium to high
Pre-training from scratch Yes, broadly Build broad capabilities from large-scale data Highest

RAG vs fine-tuning

Requirement Better answer
Policies change every week RAG
Need current private documentation in answers RAG
Need citations to source documents RAG
Need stable tone, style, or specialized output behavior Fine-tuning
Need lower cost and latency with acceptable quality Consider distillation
Need broad new model capability from huge data Pre-training or continuous pre-training

Exam trap

Do not fine-tune for frequently changing facts. Fine-tuning is not a database.

4.21 FM evaluation

Technical evaluation methods

  • Benchmark datasets
  • Human-in-the-loop evaluation
  • Amazon Bedrock Model Evaluation
  • Automated text metrics
  • LLM-as-a-judge
  • RAG retrieval-quality evaluation
  • Agent workflow evaluation
  • Safety, robustness, and adversarial testing

Text-generation metrics

Metric Most relevant use
ROUGE Summary overlap compared with reference summaries
BLEU Translation-style comparison with reference text
BERTScore Semantic similarity using contextual representations
LLM-as-a-judge Model-based evaluation of qualities such as relevance or helpfulness
Human review Nuanced, regulated, high-impact, or subjective quality assessment

Application-level evaluation

A good FM application is more than the base model.

Evaluate:

  • Task completion rate
  • User satisfaction
  • Cost per interaction
  • Response latency
  • Groundedness
  • Retrieval relevance
  • Hallucination rate
  • Correct tool usage
  • Agent success and failure paths
  • Escalation to humans
  • User engagement
  • Productivity improvement
  • ROI

Exam trap

A high offline quality metric does not prove business success. Pair technical evaluation with business-alignment metrics.


Domain 4: Guidelines for Responsible AI

4.22 Responsible AI characteristics

Responsible AI includes:

  • Fairness
  • Inclusivity
  • Robustness
  • Safety
  • Veracity and truthfulness
  • Transparency
  • Explainability
  • Human-centered design
  • Privacy
  • Sustainability
  • Accountability

4.23 Bias and fairness

Bias can arise from:

  • Historical inequalities
  • Unrepresentative data
  • Poor labels
  • Sampling problems
  • Proxy variables
  • Inadequate subgroup testing
  • Drift after deployment

Responsible evaluation flow

  1. Review the use case and potential harm.
  2. Curate representative data.
  3. Test overall performance.
  4. Analyze subgroup performance.
  5. Review labels and edge cases.
  6. Add human review where needed.
  7. Monitor after deployment.
  8. Reassess when data, users, or business context change.

Exam trap

Overall accuracy can hide poor results for a demographic group. If the scenario mentions unequal group performance, choose subgroup analysis, fairness review, and mitigation.

4.24 Bias, variance, overfitting, and underfitting

Concept Meaning Typical symptom
Bias Systematic error or unfair outcome Consistent error patterns; unequal results
Variance Model reacts too strongly to training-data variations Good training performance, poor generalization
Overfitting Learns training details too closely Weak performance on new data
Underfitting Model too simple to capture the pattern Weak performance even on training data

4.25 Responsible-AI tools

AWS service or feature Use
SageMaker Clarify Bias analysis and explainability support
SageMaker Model Monitor Production monitoring and drift detection
Amazon Augmented AI (Amazon A2I) Human-review workflows
SageMaker Model Cards Document intended use, limitations, risk, and evaluation details
Amazon Bedrock Guardrails Apply configurable safeguards for GenAI applications
Amazon Bedrock Model Evaluation Evaluate models and support transparent comparison

4.26 Transparency and explainability

Use explainable and transparent approaches when:

  • Decisions affect people materially.
  • Regulators or auditors require justification.
  • Users need a clear reason and appeal path.
  • The organization must document intended use and limitations.

Human-centered explainability

Good explanations should be:

  • Relevant to the affected user
  • Understandable without unnecessary jargon
  • Clear about the role of AI
  • Honest about uncertainty and limitations
  • Connected to feedback, appeal, or human-review mechanisms

4.27 Legal and trust risks

Before publishing GenAI content, consider:

  • Intellectual-property claims
  • Licensing restrictions
  • Privacy leakage
  • Biased output
  • Hallucinations
  • Customer trust
  • Reputational harm
  • End-user safety
  • Inadequate disclosure
  • Lack of human review for high-impact content

Sustainability rule

When two models satisfy the requirement, prefer the smaller or more efficient suitable model. Larger is not automatically better.


Domain 5: Security, Compliance, and Governance for AI Solutions

4.28 Shared responsibility

AWS secures the underlying cloud infrastructure. The customer remains responsible for choices such as:

  • Data classification
  • IAM policies
  • Application configuration
  • Access control
  • Prompt and response handling
  • Secure integrations
  • Retention
  • Residency
  • Logging
  • Governance processes

Managed services reduce operational burden. They do not eliminate customer responsibility.

4.29 Core security services

Requirement AWS service or feature
Least-privilege permissions AWS Identity and Access Management (IAM)
Encrypt data at rest with managed key control AWS Key Management Service (AWS KMS)
Store and rotate secrets AWS Secrets Manager
Discover sensitive data in Amazon S3 Amazon Macie
Private connectivity to supported services AWS PrivateLink
Audit AWS API activity AWS CloudTrail
Vulnerability and unintended exposure findings for supported workloads Amazon Inspector
Config history and compliance checks AWS Config

4.30 Secure data engineering

Good AI security begins before model inference:

  • Assess data quality.
  • Classify sensitive data.
  • Apply access controls.
  • Encrypt data at rest and in transit.
  • Preserve data integrity.
  • Document data origins.
  • Minimize sensitive data sent to models.
  • Apply retention and deletion policies.
  • Validate retrieved content.
  • Monitor data flows.

4.31 Data lineage and citations

Document:

  • Where training and grounding data came from
  • Who approved it
  • How it was transformed
  • Which model version used it
  • Which source supported a generated answer
  • When the source was updated
  • Whether users are authorized to access it

Lineage improves trust, investigation, compliance review, and answer validation.

4.32 Securing GenAI applications

A layered pattern:

  1. Authenticate the user.
  2. Authorize access with least privilege.
  3. Filter or validate input.
  4. Protect system instructions.
  5. Retrieve only authorized knowledge.
  6. Treat retrieved text as data, not trusted instructions.
  7. Restrict agent tool permissions.
  8. Apply safeguards and output filtering.
  9. Validate important outputs.
  10. Log interactions and tool activity.
  11. Monitor failures, toxicity, and anomalies.
  12. Escalate high-risk cases to humans.

4.33 Hallucination reduction

Use several controls together:

  • RAG grounding
  • Current and approved knowledge sources
  • Source citations
  • Output validation
  • Confidence scoring
  • Clear prompt constraints
  • Human review for high-impact decisions
  • Monitoring and feedback loops

Exam trap

Grounding reduces risk but does not guarantee correctness.

4.34 Prompt injection and agent security

Agents can amplify risk because they may act on external systems.

Controls include:

  • Narrow IAM permissions
  • Tool allowlists
  • Input validation
  • Output validation
  • Isolation of untrusted content
  • Guardrails
  • Logging
  • Human approval for high-impact actions
  • AgentCore Identity
  • Policy in AgentCore
  • Agent observability and evaluation

AgentCore memory rule

Memory improves contextual interactions but must be controlled. Store only appropriate information, separate users correctly, and avoid leaking data between sessions or tenants.

4.35 Governance and compliance services

Need AWS service
Retrieve AWS compliance reports and agreements AWS Artifact
Collect and organize audit evidence AWS Audit Manager
Track AWS API activity AWS CloudTrail
Evaluate resource configurations and changes AWS Config
Identify vulnerabilities and exposure Amazon Inspector
Receive AWS best-practice recommendations AWS Trusted Advisor
Monitor operational metrics and logs Amazon CloudWatch

4.36 Data governance

A governance policy should explicitly define:

  • Data owners
  • Approved sources
  • Retention periods
  • Deletion rules
  • Data residency
  • Logging
  • Monitoring and observability
  • Access reviews
  • Review cadence
  • Model and prompt versioning
  • Human escalation
  • Transparency expectations
  • Training requirements for teams
  • Incident response
  • Change approval

Exam trap

“Retain everything forever” is not a sound default. Retention must reflect business, legal, privacy, and regulatory needs.


5. Service Selection Guide

5.1 Managed AI service quick map

Scenario Choose Do not confuse with
Convert speech to text Amazon Transcribe Amazon Polly
Convert text to speech Amazon Polly Amazon Transcribe
Translate text between languages Amazon Translate Amazon Comprehend
Analyze sentiment or entities in text Amazon Comprehend Amazon Translate
Conversational interface with intents and slots Amazon Lex Amazon Polly
Detect objects and labels in images or video Amazon Rekognition Amazon Textract
Extract text, forms, and tables from scanned documents Amazon Textract Amazon Rekognition
Personalized recommendations Amazon Personalize General text generation
Build, train, deploy, and operate ML workflows Amazon SageMaker AI Amazon Bedrock
Discover pre-trained models and templates SageMaker JumpStart AWS Artifact
Use managed foundation models and GenAI features Amazon Bedrock Self-hosting by default
Use AWS foundation-model family Amazon Nova Amazon Textract
Ground Bedrock responses with enterprise knowledge Knowledge Bases for Amazon Bedrock Fine-tuning for changing facts
Store and search embeddings OpenSearch, Aurora, RDS for PostgreSQL, or Neptune depending on requirements Ordinary keyword search only
Build production agent infrastructure Amazon Bedrock AgentCore A single prompt template
Build agents with an open-source SDK Strands Agents SageMaker Model Cards
Agentic specification-driven coding Kiro Amazon Quick
Work assistant and developer or AWS assistance Amazon Q Amazon Textract
AI-powered work, BI, dashboards, research, and automation Amazon Quick Amazon Q Developer only
Agentic modernization and migration AWS Transform Generic document summarization

5.2 Security and governance service quick map

Scenario Choose
Grant only required actions IAM
Encrypt with managed keys AWS KMS
Store secrets securely AWS Secrets Manager
Find sensitive data in S3 Amazon Macie
Private service connectivity AWS PrivateLink
API audit history AWS CloudTrail
Resource configuration compliance AWS Config
Audit evidence collection AWS Audit Manager
AWS reports and agreements AWS Artifact
Vulnerability findings Amazon Inspector
Best-practice recommendations AWS Trusted Advisor
Metrics, logs, and operational monitoring Amazon CloudWatch

5.3 Commonly confused pairs

Pair Difference
Transcribe vs Polly Speech → text vs text → speech
Rekognition vs Textract General image/video analysis vs document text/forms/tables extraction
Translate vs Comprehend Translate languages vs analyze text
Lex vs Polly Conversational intent handling vs speech synthesis
Bedrock vs SageMaker AI Managed FM application building vs broad ML platform workflows
RAG vs fine-tuning Add current knowledge at inference vs change model behavior
Artifact vs Audit Manager Retrieve AWS compliance documents vs collect and organize audit evidence
CloudTrail vs Config API activity history vs configuration history and compliance
Macie vs KMS Discover sensitive S3 data vs manage encryption keys
IAM vs Secrets Manager Permissions vs secret storage and rotation
Clarify vs Model Cards Bias and explainability analysis vs documentation of model use and limitations
Guardrails vs human review Configurable safeguards vs human judgment and approval

6. Architecture Patterns

6.1 Pattern: Simple managed AI capability

Use when one managed service directly solves the problem.

Input → Purpose-built AWS AI service → Result

Examples:

  • Audio file → Amazon Transcribe → transcript
  • Written text → Amazon Polly → spoken audio
  • Invoice scan → Amazon Textract → extracted tables and fields
  • Customer review → Amazon Comprehend → sentiment and entities

Exam rule: do not propose an FM, custom model, or complex pipeline when a purpose-built managed service directly meets the need.

6.2 Pattern: Traditional ML prediction

Historical labeled data
        ↓
Prepare and evaluate data
        ↓
Train classification or regression model
        ↓
Deploy suitable inference endpoint
        ↓
Monitor performance and drift
        ↓
Retrain when needed

Use for:

  • Fraud-risk prediction
  • Numeric forecasting
  • Discrete approval categories
  • Narrow regulated predictions

6.3 Pattern: RAG knowledge assistant

Approved enterprise documents
        ↓
Chunking
        ↓
Embeddings
        ↓
Vector-capable data store
        ↓
User query → query embedding → retrieve relevant chunks
        ↓
Add grounded context to FM prompt
        ↓
Generate answer with citations
        ↓
Validate, monitor, and collect feedback

Use for:

  • Internal policy assistant
  • Product-documentation chatbot
  • Research assistant
  • Customer support knowledge base

Security additions:

  • Retrieve only content the user may access.
  • Keep system instructions separate from retrieved documents.
  • Treat retrieved text as untrusted input.
  • Log source retrieval and response generation.
  • Add human escalation for uncertain answers.

6.4 Pattern: Prompt-managed production application

Versioned prompt template
        ↓
Representative evaluation set
        ↓
Controlled release
        ↓
Application traffic
        ↓
Quality, safety, latency, and cost monitoring
        ↓
Rollback or improve prompt version

Use Amazon Bedrock Prompt Management when prompt changes need repeatability and governance.

6.5 Pattern: Agentic workflow

Authenticated user request
        ↓
Agent receives goal and context
        ↓
Plan and tool selection
        ↓
Authorized tool invocation
        ↓
Inspect tool output
        ↓
Continue, stop, or request human approval
        ↓
Return result with logs and traceability

Add:

  • Least-privilege permissions
  • AgentCore Identity and Policy where appropriate
  • Tool allowlists
  • Memory boundaries
  • Observability
  • Evaluation
  • Human approvals for high-impact actions

6.6 Pattern: Responsible AI review

Use-case risk assessment
        ↓
Representative and curated data
        ↓
Technical evaluation
        ↓
Subgroup analysis and bias review
        ↓
Safeguards and human-review path
        ↓
Transparent documentation
        ↓
Production monitoring
        ↓
Periodic review and remediation

6.7 Pattern: Governance and auditability

Policies and ownership
        ↓
IAM, encryption, private connectivity, secrets
        ↓
Logging and configuration tracking
        ↓
Audit evidence and compliance documentation
        ↓
Retention, residency, monitoring
        ↓
Periodic governance review

Relevant services:

  • IAM
  • AWS KMS
  • AWS Secrets Manager
  • AWS PrivateLink
  • AWS CloudTrail
  • AWS Config
  • AWS Audit Manager
  • AWS Artifact
  • Amazon CloudWatch

7. Exam Traps and Elimination Rules

7.1 Wrong-service traps

Eliminate an option when it solves a different data modality or outcome:

  • Amazon Polly cannot transcribe calls.
  • Amazon Transcribe cannot generate speech.
  • Amazon Rekognition is not the specialist service for extracting invoice tables.
  • Amazon Textract is not the general-purpose object-recognition service.
  • Amazon Comprehend does not translate text.
  • Amazon Translate does not analyze sentiment.
  • AWS Artifact does not collect your internal audit evidence.
  • AWS Audit Manager does not provide private network connectivity.
  • AWS KMS does not discover sensitive content in S3.
  • Amazon Macie does not create encryption keys.

7.2 Overengineering traps

Prefer a lightweight solution unless the requirement justifies complexity.

Requirement Good answer Overengineered answer
Fixed exact tax rules Rules engine GenAI model
Frequently updated policy knowledge RAG Retrain or fine-tune every week
Simple prompt-format issue Prompt template Pre-train a new FM
Nightly forecast Batch inference Real-time endpoint
Sporadic traffic Serverless inference Permanently oversized capacity
Long-running document request Asynchronous inference Synchronous low-latency endpoint
Existing FM is suitable Managed API such as Bedrock Self-host everything by default

7.3 Metrics traps

  • Accuracy can be misleading with class imbalance.
  • Precision matters when false positives are expensive.
  • Recall matters when missing true positives is expensive.
  • F1 is useful when balancing precision and recall.
  • ROUGE is commonly associated with summaries.
  • BLEU is commonly associated with translation.
  • BERTScore reflects semantic similarity.
  • Technical quality does not replace business metrics such as task completion, satisfaction, ROI, or cost per interaction.

7.4 GenAI traps

  • Higher temperature increases diversity, not factuality.
  • More context can hurt if it is irrelevant.
  • RAG reduces hallucination risk but does not eliminate it.
  • Fine-tuning changes model behavior; it is not the right tool for weekly knowledge updates.
  • Agents are not automatically needed for every chatbot.
  • MCP connects agents to systems; it does not remove the need for authorization.
  • Memory improves context but creates privacy and isolation responsibilities.
  • A bigger model is not automatically more cost-effective or responsible.

7.5 Security traps

Reject answers that:

  • Grant administrator access without justification.
  • Make a bucket public.
  • Store secrets in prompts or source code.
  • Disable logging.
  • Trust retrieved text as instructions.
  • Retain data forever by default.
  • Ignore encryption in transit.
  • Skip authorization for agent tools.
  • Assume AWS owns all customer security responsibilities.

7.6 Responsible-AI traps

Reject answers that:

  • Use only overall accuracy despite subgroup harm.
  • Publish high-impact output with no human review.
  • Assume generated content has no intellectual-property risk.
  • Skip documentation.
  • Treat initial evaluation as permanent.
  • Select the largest model regardless of sustainability or need.
  • Remove user feedback and appeal paths.

7.7 Multiple-response strategy

For multiple-response questions:

  1. Evaluate each option independently.
  2. Select only answers that directly satisfy the scenario.
  3. Avoid choosing a technically true but irrelevant statement.
  4. Watch for one correct control plus one missing-control distractor.
  5. Prefer layered security when the scenario involves public GenAI or agents.

7.8 Ordering strategy

Common correct order:

Define objective → choose data and approach → evaluate → deploy with controls → monitor and improve

Common incorrect orders:

  • Deploy before evaluation.
  • Grant broad permissions first.
  • Skip data review.
  • Remove monitoring.
  • Add governance only after a failure.

8. Quick Memory Rules

8.1 One-line concept rules

  • AI is the umbrella; ML is a subset of AI.
  • Deep learning uses multi-layer neural networks.
  • GenAI creates content.
  • Agentic AI plans, uses tools, and performs steps.
  • Category output → classification.
  • Numeric output → regression.
  • Unlabeled groups → clustering.
  • Labels → supervised learning.
  • No labels → unsupervised learning.
  • Rewards and penalties → reinforcement learning.
  • Scheduled predictions → batch inference.
  • Immediate prediction → real-time inference.
  • Long-running request with later result → asynchronous inference.
  • Sporadic traffic with low endpoint-management needs → serverless inference.
  • Exact deterministic rule → conventional code or rules engine.
  • Frequently changing private knowledge → RAG.
  • Stable style or behavior change → fine-tuning.
  • Lower cost and latency with acceptable retained behavior → distillation.
  • Build broad capability from huge datasets → pre-training.
  • Low temperature → consistent.
  • High temperature → creative.
  • Repeated stable prompt prefix → consider prompt caching.
  • Tools and external systems for agents → MCP is relevant.
  • Production agents → identity, policy, least privilege, memory boundaries, observability, and evaluation.
  • Hallucination reduction → grounding, validation, citations, confidence scoring, and human review.
  • False positives expensive → precision.
  • Missed positives expensive → recall.
  • Need balance → F1.

8.2 One-line AWS service rules

  • Speech to text → Amazon Transcribe.
  • Text to speech → Amazon Polly.
  • Translation → Amazon Translate.
  • Sentiment and entities → Amazon Comprehend.
  • Intent and slots chatbot → Amazon Lex.
  • Image and video objects → Amazon Rekognition.
  • Document text, forms, and tables → Amazon Textract.
  • Recommendations → Amazon Personalize.
  • Managed FMs and GenAI building blocks → Amazon Bedrock.
  • Broad ML platform → Amazon SageMaker AI.
  • Pre-trained model templates → SageMaker JumpStart.
  • AWS FM family → Amazon Nova.
  • Ground Bedrock with enterprise data → Knowledge Bases for Amazon Bedrock.
  • Vector search → OpenSearch, Aurora, RDS for PostgreSQL, or Neptune depending on requirements.
  • Open-source agent SDK → Strands Agents.
  • Production agent infrastructure → Amazon Bedrock AgentCore.
  • Agentic coding with specs, code, tests, and docs → Kiro.
  • AI assistance for AWS or developer work → Amazon Q.
  • AI-powered work, research, dashboards, BI, and automation → Amazon Quick.
  • Agentic migration and modernization → AWS Transform.
  • Permissions → IAM.
  • Encryption keys → AWS KMS.
  • Secrets → AWS Secrets Manager.
  • Sensitive-data discovery in S3 → Amazon Macie.
  • Private service connectivity → AWS PrivateLink.
  • AWS API history → AWS CloudTrail.
  • Configuration compliance → AWS Config.
  • Audit evidence collection → AWS Audit Manager.
  • AWS compliance reports → AWS Artifact.
  • Vulnerability findings → Amazon Inspector.
  • AWS best-practice recommendations → AWS Trusted Advisor.
  • Bias and explainability analysis → SageMaker Clarify.
  • Human review → Amazon A2I.
  • Model documentation → SageMaker Model Cards.
  • GenAI safeguards → Amazon Bedrock Guardrails.

9. Final Revision Notes

9.1 Highest-value comparison table

Scenario phrase Think first
“Must always return the exact result” Rules-based implementation
“Predict whether” Classification
“Predict the amount” Regression
“Discover segments” Clustering
“While the customer waits” Real-time inference
“Overnight report” Batch inference
“May take several minutes” Asynchronous inference
“Intermittent unpredictable usage” Serverless inference
“Updated documents every week” RAG
“Ground answers in private knowledge” RAG + authorized retrieval
“Change stable tone or behavior” Fine-tuning
“Reduce latency and cost while retaining useful behavior” Distillation
“Reuse repeated context” Prompt caching
“Multiple steps and tool calls” Agentic AI
“Connect agent to tools using a standard protocol” MCP
“Secure production agents” AgentCore controls + IAM + validation + observability
“Explain why one group receives worse outcomes” Subgroup analysis + Clarify
“Low-confidence prediction needs human approval” Amazon A2I
“Document model purpose and limitations” SageMaker Model Cards
“Block harmful content patterns” Bedrock Guardrails
“Find sensitive data in S3” Amazon Macie
“API audit trail” CloudTrail
“Resource configuration compliance” AWS Config
“Collect audit evidence” AWS Audit Manager
“Download AWS compliance report” AWS Artifact

9.2 April 2026 revision focus

Ensure you can recognize these additions and updates:

  • Agentic AI as a foundational concept
  • Asynchronous inference
  • Serverless inference
  • Traditional ML vs FM selection
  • Token-based pricing
  • Context engineering
  • Multi-agent concepts
  • MCP
  • Tool usage, memory, and workflow orchestration
  • Amazon Quick
  • Kiro
  • Strands Agents
  • Amazon Bedrock AgentCore
  • Prompt caching
  • Model distillation
  • Amazon Bedrock Prompt Management
  • LLM-as-a-judge
  • Business-alignment metrics
  • Agent and workflow evaluation
  • AgentCore Identity
  • Policy in AgentCore
  • Data leakage prevention
  • Output filtering and validation
  • AI interaction audit trails
  • Toxicity handling
  • Hallucination detection
  • RAG grounding
  • Confidence scoring
  • AWS Transform
  • Amazon Aurora as an in-scope service

9.3 Final ten-minute recall

Before ending revision, recite:

  1. Classification, regression, clustering.
  2. Batch, real-time, asynchronous, serverless inference.
  3. Transcribe, Polly, Translate, Comprehend, Lex, Rekognition, Textract, Personalize.
  4. Bedrock vs SageMaker AI.
  5. Tokens, chunks, embeddings, vectors.
  6. RAG vs fine-tuning vs pre-training vs distillation.
  7. Temperature and maximum output length.
  8. Prompt injection, jailbreaking, poisoning, MCP, memory, agent controls.
  9. Clarify, A2I, Model Cards, Guardrails.
  10. IAM, KMS, Macie, PrivateLink, CloudTrail, Config, Audit Manager, Artifact.

10. Exam-Day Checklist

Before starting

  • Read every scenario for the true business requirement.
  • Pay attention to words such as MOST appropriate, best fit, least operational overhead, lowest cost, regulated, real-time, and human review.
  • Remember that several answers may be technically possible. Select the answer that directly meets the stated need with the fewest unnecessary components.

During the exam

  • Answer every question; there is no penalty for guessing.
  • Eliminate answers that solve the wrong modality or business problem.
  • Eliminate unnecessary complexity.
  • Prefer AWS managed capabilities when the scenario values simplicity or lower operational overhead.
  • Check whether the workload needs predictions, generated content, current knowledge, or tool-using automation.
  • For public GenAI or agents, look for layered safety and security controls.
  • For regulated or high-impact scenarios, look for explainability, human review, documentation, and monitoring.
  • For multiple-response questions, judge each option separately.
  • For ordering questions, place evaluation before deployment and monitoring after deployment.
  • For matching questions, use the service families to eliminate swaps.

Before submitting

  • Return to unanswered questions.
  • Review questions where two options remained plausible.
  • Re-check directionality:
    • Transcribe vs Polly
    • Rekognition vs Textract
    • Artifact vs Audit Manager
    • CloudTrail vs Config
    • Precision vs recall
    • RAG vs fine-tuning
  • Confirm that you did not choose a larger or more complex service without a requirement.

11. Official References

Use these AWS sources when reviewing the live exam scope:


Closing study rule

Choose the simplest suitable approach, ground GenAI answers when knowledge matters, evaluate both model quality and business value, and never treat security or responsible AI as an afterthought.

lock_open

Unlock the full course

All 73 modules with detailed explanations, code examples, and exam tips.

workspace_premium
You've answered 0 of 35 free questions 1065 questions locked : these will appear on exam day.
0/35
rocket_launch Unlock All
event_available
Day 1 of 16 72 questions/day Finish by Jul 29, 2026
Question 1 of 1100
Domain 1: Fundamentals of AI and ML · 20%

[Easy] Matching-style question: A cloud practitioner at a regional bank is validating a study map before an architecture workshop. Which option correctly matches every item to its primary purpose?

0 correct
0 wrong
1100 left
0% done