Domain 5: Security, Compliance, and Governance (14%)

← Domain 4 · Exam Tips →

---

5.1: Securing AI Systems

Data Security

AI Security

1 / 3

❓

What is Prompt Injection?

(Click to reveal)

💡

Malicious prompts to bypass safety controls
Example: "Ignore previous instructions and..."
Protection: Input sanitization, rate limiting, monitoring.

Encryption:

• ✅ At Rest: AWS KMS, S3 encryption
• ✅ In Transit: TLS/SSL, HTTPS

Access Control:

• IAM policies for fine-grained permissions
• VPC for network isolation
• Security groups and NACLs

Input Validation:

• Sanitize user inputs
• Limit input size
• Check for injection attacks

Output Filtering:

• Content moderation
• PII detection and redaction
• Toxicity filtering

---

Model Security

Adversarial Attacks:

• Prompt Injection: Malicious prompts to bypass safety
• Data Poisoning: Corrupt training data
• Model Inversion: Extract training data

Protection:

• Input sanitization
• Rate limiting
• Monitoring for unusual patterns
• Regular security audits

---

5.2: Governance and Compliance

Model Governance

Version Control:

• SageMaker Model Registry
• Track model lineage
• Associate models with data/code

Approval Workflows:

• Manual approval before production
• Automated testing gates
• Change management

Audit Trails:

• CloudTrail logs all API calls
• SageMaker logs training jobs
• Model deployment history

---

Compliance

Compliance Requirements

1 / 3

❓

What is HIPAA compliance for AI?

(Click to reveal)

💡

Healthcare data protection
Use HIPAA-eligible AWS services
Encrypt PHI, access controls, audit logs.

Data Residency:

• Choose appropriate AWS Region
• Keep data in specific geographic location

Industry Regulations:

• HIPAA: Healthcare data (use HIPAA-eligible services)
• GDPR: EU data privacy (right to explanation)
• SOC 2: Security controls
• PCI DSS: Payment card data

Documentation Requirements:

• Model cards
• Training data sources
• Performance metrics
• Bias testing results

---

Quick Reference: AWS AI/ML Services

When to Use Which Service?

Need	Service
Access foundation models	Amazon Bedrock
Business assistant	Amazon Q
Code suggestions	Amazon CodeWhisperer
End-to-end ML platform	Amazon SageMaker
Image/video analysis	Amazon Rekognition
Extract text from documents	Amazon Textract
Sentiment analysis	Amazon Comprehend
Translation	Amazon Translate
Speech-to-text	Amazon Transcribe
Text-to-speech	Amazon Polly
Chatbot	Amazon Lex
Recommendations	Amazon Personalize
Fraud detection	Amazon Fraud Detector
Intelligent search	Amazon Kendra
Human review	Amazon Augmented AI (A2I)
Vector database for RAG	Amazon OpenSearch Service
Detect bias	SageMaker Clarify
Monitor models	SageMaker Model Monitor

---

← Domain 4 · Exam Guide →