Domain 5 Flashcards
Does an IAM user have any perms by default?
No
CloudTrail captures all API calls from SageMaker except
Invoking endpoints
What levels can you block public access for S3?
Bucket and/or account level (enabled at the account level blocks existing and new)
This simplifies role creation for AI/ML activities. When you create a role by using SageMaker Role Manager, you choose a persona that will have the appropriate activities for that persona preselected. You can customize which activities are enabled if you like. In this way, it will create the permissions policy for the role for you. You also have the option to add additional IAM policies.
Amazon SageMaker Role Manager
SageMaker Role Manager can create these three personas
Data Scientist - or someone who needs to use SageMaker to perform general machine learning development and experimentation
MLOps - for someone who is managing models, pipelines, experiments, and endpoints, but doesn’t need to access the data in Amazon S3
SageMaker Compute - for creating a role that SageMaker compute resources can use to perform tasks such as training and inference
t of f Amazon S3, Amazon DynamoDB, and Amazon SageMaker, will encrypt your data by default without your having to enable it
true
t or f all requests to Amazon S3 and SageMaker through the APIs and console are made over a secure encrypted connection.
true
SageMaker distributed training, uses multiple nodes in a cluster. By default, inter-node traffic is not encrypted, but an option exists to enable it. Although this encryption might be required for very sensitive data, enabling inter-node encryption can increase training times for some algorithms, particularly deep learning ones.
torf In general, PII should not be removed from training data at the point of ingestion and transformation
false. In general, PII should be removed from training data at the point of ingestion and transformation
You should do this regarding VPCs for SageMaker Studio Notebooks
The best practice recommendation is to create a VPC in your account and specify your VPC when launching SageMaker Studio and notebooks. This will create an elastic network interface in your VPC and attach it to the notebook instance. By using your own VPC, you can control which traffic can access the internet by configuring security groups, network access lists, and network firewalls
How do you prevent SageMaker from giving your notebook instances internet access?
You can prevent SageMaker from giving your notebook instances internet access by specifying VPC only for the network access type. SageMaker Studio normally reaches required services like Amazon S3, Amazon CloudWatch, the SageMaker runtime, and the SageMaker API by using the public network. But when you use VPC only mode, the public endpoints for these services are no longer reachable. To keep all network traffic going over only a private network, you can use VPC interface endpoints.
Describe training data vulnerabilities
If a malicious actor gains access to the training data, they can introduce data that will change the model’s predictions.
Describe input vulnerabilities
An attacker can slightly manipulate input data in a way that will cause the model to misclassify it. For example, a company uses a face recognition model to recognize employees. An attacker can make subtle but carefully designed modifications to their image to cause the model to recognize them as someone else.
Describe output vulnerabilities
A sophisticated attacker can cause a model’s output to infer the training data
What is model inversion?
The attacker keeps feeding data into the model and studying the outputs. For example, the facial recognition model is trained on employee images, and its output is the employee’s name and the confidence score. The attacker can repeatedly feed the model facial images, making changes until the output is an employee’s name and a high-confidence score. The hacker then has a good image of an employee that they can use to pretend to be the employee
with enough input and output pairs, an attacker can
create a new model that works in reverse. That is they can train a new model on the original model’s outputs, and use it to infer the training input data. Similarly, the hacker can reverse engineer the model and make their own model that is very similar to original model.
prompt injection.
In this kind of attack, an attacker gives malicious instructions to the model in the prompt with the goal of influencing its output. For example, the attacker can prompt the LLM to ignore or alter its prompt template, which would permit the attacker to gain sensitive information
you can teach an LLM to detect prompt injection by using key attack patterns in training and
and return the response prompt attack detected.
To help a model avoid being tricked, you should
train models with adversarial input. Also, you can train your models frequently on new data so that any damage from corrupted training data will be undone.
routinely scan and monitor your data for
quality and detect anomalies before using it for training.
Amazon SageMaker Model Monitor monitors the quality of Amazon SageMaker machine learning models in production.
After deploying a model into your production environment, use Amazon SageMaker Model Monitor to continuously monitor the quality of your models in real time. You can use Amazon SageMaker Model Monitor to set up an automated alert system for deviations in model quality, such as data drift or anomalies
Amazon SageMaker Model Monitor also can be used for
monitoring data quality.SageMaker Model compares the data and model with baselines. It generates statistics and metrics that are visible on SageMaker Studio and also sent to Amazon CloudWatch
Datasets should be stored in Amazon S3 and
partitioned with prefixes to uniquely identify the training datase