1. Which of the following statements accurately describes how AWS Identity and Access Management (IAM) can be used to secure machine learning workloads on AWS?

A) IAM roles can be used to grant access to AWS resources and services based on the principle of least privilege. For example, an IAM role can be created to grant access to Amazon SageMaker for a specific user or group of users.
B) IAM policies can be used to specify the permissions and actions that are allowed or denied to specific users, groups, or roles. For example, an IAM policy can be created to grant read-only access to Amazon S3 buckets that contain training data.
C) IAM users can be used to authenticate and authorize access to AWS resources and services. For example, an IAM user can be created to grant access to Amazon SageMaker notebooks or models.
D) IAM groups can be used to group IAM users and grant them the same permissions. For example, an IAM group can be created to grant a team of data scientists access to Amazon SageMaker.
E) IAM policies can be used to manage access to the AWS Management Console. For example, an IAM policy can be created to grant or deny access to specific AWS services, features, or resources in the AWS Management Console.


2. You are building a machine learning application that requires running a custom Docker container image in a serverless environment on AWS. The Docker container image requires several custom libraries and packages that are not available in the default environment provided by AWS Fargate. Which of the following options is the most appropriate way to run the custom Docker container image in a serverless environment on AWS Fargate?

A) Create an EC2 instance with the required custom libraries and packages, and deploy the Docker container image on the EC2 instance.
B) Create an AWS Lambda function and package the custom libraries and packages with the function code, then deploy the Lambda function.
C) Create a custom Fargate task definition that includes the required custom libraries and packages, and deploy the Docker container image using the custom task definition.
D) Use AWS Elastic Beanstalk to deploy the Docker container image in a serverless environment with the required custom libraries and packages.



3. You are developing a machine learning model and want to deploy it as an AWS Lambda function. The model requires access to a MySQL database hosted on Amazon RDS. Which of the following options would be the best way to provide the necessary database access to the Lambda function?

A) Store the database credentials in an environment variable within the Lambda function code.
B) Grant the necessary database permissions to the AWS Lambda execution role.
C) Open the RDS security group to allow inbound traffic from the Lambda function's IP address.
D) Create an IAM user with database permissions and provide its credentials to the Lambda function.



4. You are developing a machine learning model that requires the use of a Python library that is not included in the default Lambda environment. Which of the following options would be the best way to make this library available to your Lambda function?

A) Embed the library in your Lambda function code.
B) Install the library as a system package on the Lambda execution environment.
C) Use a custom runtime to include the library in the Lambda environment.
D) Use AWS Lambda Layers to include the library in your Lambda function.



5. Which of the following statements is true about Amazon Elastic File System (Amazon EFS)?

A) Amazon EFS is a fully managed, elastic, and scalable file storage service for use with Amazon EC2 instances.
B) Amazon EFS is designed to be accessed only from a single EC2 instance at a time.
C) Amazon EFS is a block-level storage service that provides high performance and low-latency access to data.
D) Amazon EFS is only available in a single availability zone.