🔥 3-day streak
AWS Certified Generative AI Developer - Professional38 / 166
Question 38 of 166

A financial services company runs a Bedrock-based application inside a private VPC. Security audits reveal that although the application uses an interface VPC endpoint for Bedrock, an insider could potentially use stolen IAM credentials to invoke models in an unauthorized AWS account and exfiltrate proprietary prompt data to that external account. The team has already restricted egress with security groups and uses least-privilege IAM roles. Which additional control most directly prevents data from being sent to Bedrock resources in accounts the company does not own?

Reviewed for accuracy · Report an issueNext question