ML Solution Monitoring, Maintenance, and Security
Drill 20 practice questions focused entirely on ML Solution Monitoring, Maintenance, and Security for the AWS MLA-C01 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A financial services company must maintain a tamper-evident audit trail of all administrative API calls made against its SageMaker resources (creating endpoints, updating endpoint configs, deleting models) across every AWS Region. The compliance team needs to detect any unauthorized configuration changes and be able to query historical activity months later. Which approach best meets these requirements?
An ML engineer runs a fraud-detection endpoint monitored by two SageMaker Model Monitor jobs: one for data quality drift and one for model quality (accuracy) degradation. Each job publishes a CloudWatch metric, and separate CloudWatch alarms already trigger an automated retraining pipeline via EventBridge. The team complains that during noisy input spikes, the data-quality alarm fires transient alerts and needlessly launches expensive retraining jobs, even when model accuracy is still acceptable. They want retraining to be triggered only when BOTH drift is detected AND accuracy has actually degraded, without deleting the existing individual alarms used for dashboards. What is the most operationally efficient way to meet this requirement?
A company hosts several real-time SageMaker endpoints for internal analytics teams. The ML platform lead notices the monthly inference bill has grown steadily, but many endpoints show very low invocation counts during business hours and none overnight. The lead wants an automated, low-effort way to identify underutilized endpoints so that the team can decommission or consolidate them, while avoiding manual review of each endpoint. Which approach best meets this goal?
A machine learning engineer operates a real-time SageMaker endpoint serving a recommendation model. Recently, downstream applications have reported intermittent failures. The engineer wants to be automatically notified whenever the endpoint returns a sustained elevated rate of server-side errors (HTTP 5xx) so the on-call team can respond quickly. Which approach requires the least custom instrumentation to meet this requirement?
A healthcare company runs a SageMaker real-time endpoint that processes protected health information (PHI). A compliance auditor requires that all model prediction logs and captured inference data be encrypted at rest with a customer-managed key, and that any attempt to disable logging or delete the key be centrally recorded for audit. The ML engineer has already enabled SageMaker Data Capture writing to an S3 bucket. Which combination of actions BEST satisfies these requirements with the least custom code?
A machine learning engineer manages a real-time SageMaker endpoint serving a recommendation model. Business stakeholders complain that during peak hours the recommendations feel slow, but the endpoint's average latency in CloudWatch looks acceptable. The engineer needs to detect and alert on the tail-latency experienced by the slowest requests so the team can react before customers are affected. Which CloudWatch approach best addresses this requirement?
A retail company runs three SageMaker real-time endpoints, each with Model Monitor data-quality schedules that emit violation counts as CloudWatch metrics. The operations team wants a single view where on-call engineers can see current drift violation counts across all three endpoints side by side, without navigating to each endpoint separately, and share it with stakeholders. Which approach requires the least custom code and best meets this requirement?
A financial services company trains models in the us-east-1 account and copies the resulting model artifacts to an S3 bucket in a disaster-recovery account located in us-west-2. Both buckets use SSE-KMS with customer managed keys. When a SageMaker training job in us-east-1 tries to write artifacts that are then replicated, and when the DR account's SageMaker attempts to deploy the model, the team encounters AccessDenied errors on decryption. What is the MOST likely root cause and correct remediation?
A data science team in Account A trains models and stores the resulting model artifacts in an S3 bucket in a shared Account B, which is encrypted with a customer managed KMS key owned by Account B. A SageMaker training job's execution role in Account A repeatedly fails to write artifacts, returning an AccessDenied error even though the S3 bucket policy grants the role s3:PutObject. What is the MOST likely cause and correct remediation?
A data science team launches a SageMaker training job that reads a dataset from an S3 bucket encrypted with a customer managed KMS key. The training job runs under a dedicated SageMaker execution role that already has s3:GetObject permission on the bucket. However, the job fails immediately with an AccessDenied error when attempting to read the objects. What is the MOST likely cause and correct remediation?
A retail company deploys a fraud-detection model to a real-time SageMaker endpoint. Over several weeks, upstream systems change how they populate certain input fields, causing the distribution of incoming feature values to differ from the training data. The ML team wants an automated way to detect when live inference data statistically diverges from the data used to train the model, and to be alerted so they can investigate. Which approach best meets this requirement with the least custom development?
A retail company runs a SageMaker real-time endpoint for a credit approval model. Over recent weeks, the overall accuracy on ground-truth data remains stable, but the business team suspects the model is relying on different input features than during training, which could signal changing customer behavior. The ML engineer wants an automated way to detect when the relative importance of input features shifts significantly compared to the training baseline, and to alert the team without manually recomputing feature importance. Which approach best meets this requirement?
A retail company runs a real-time SageMaker endpoint for a credit-approval model. The team wants to automatically detect when the model's predictive accuracy degrades in production and trigger a retraining pipeline. Actual loan repayment outcomes (ground truth labels) become available roughly 30 days after each prediction and are stored in S3. Which approach best enables ongoing detection of accuracy degradation?
A retail company runs a SageMaker Model Monitor data quality monitoring schedule against a real-time endpoint that serves roughly 50 requests per minute. The schedule is currently configured to run hourly, and each monitoring job spins up a processing instance that runs for about 8 minutes. The ML team observes that monitoring costs have grown significantly, while their SLA only requires them to be notified of data quality drift within one business day. Which change reduces monitoring cost while still meeting the requirement?
A healthcare company runs a real-time SageMaker inference endpoint that processes patient data. Their security team requires that all traffic from application servers (running in a private VPC subnet) to the SageMaker Runtime API must never traverse the public internet, and no internet gateway or NAT device should be involved in these calls. What is the correct way to meet this requirement?
A retail company runs a real-time SageMaker endpoint for product recommendations. Business analysts report that recommendation click-through rates have gradually declined over the past three months, though the endpoint shows no errors and stable latency. The ML team confirms input feature distributions have shifted as customer behavior evolved seasonally. The team wants an automated, low-maintenance approach to keep the deployed model accurate over time without manually inspecting metrics each week. Which approach best addresses this requirement?
A healthcare company runs a real-time SageMaker endpoint that serves patient risk scores. Compliance requires that all inference request and response payloads captured to Amazon S3 be encrypted with a customer-managed KMS key, and that data captured from this specific endpoint can be cryptographically distinguished from data captured by other endpoints in audit logs. The security team also wants CloudTrail records to show which endpoint triggered each KMS decrypt operation without decrypting the data itself. What is the MOST appropriate way to meet these requirements?
A data science team runs a real-time SageMaker endpoint serving a credit-scoring model. Compliance requires that a sample of incoming requests and the model's predictions be persistently stored so the team can later analyze production traffic and build monitoring baselines. The team wants to enable this with minimal custom code and without modifying the inference container. What is the most appropriate approach?
A machine learning engineer deploys a real-time SageMaker endpoint using a model whose artifacts are stored in an S3 bucket encrypted with a customer managed KMS key. The endpoint deployment fails during creation, and CloudWatch logs show the container could not download the model.tar.gz file. The SageMaker execution role has s3:GetObject permission on the bucket. What is the MOST likely cause and the correct remediation?
A machine learning team runs a real-time SageMaker endpoint for image classification on ml.g4dn.xlarge instances. Monitoring shows GPU utilization averages only 12%, but inference latency is acceptable and traffic is steady throughout the day. Finance has asked the team to reduce the endpoint's compute cost without significantly degrading latency or rewriting the model. Which action best addresses this requirement?
More MLA-C01 practice
Keep going with the other AWS Certified Machine Learning Engineer - Associate domains, or take a full timed mock exam.
← Back to MLA-C01 overview