Security, Compliance and Governance for AI Flashcards

1
Q

What is a defense in depth security strategy?

A

Uses multiple redundant defenses to protect your AWS accounts, workloads, data, and assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you protect data at rest?

A

Encrypt with AWS Key Management Service (AWS KMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you protect data in transit?

A

1) AWS Certificate Manager (ACM) 2)AWS Private Certificate Authority (AWS Private CA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon service for identity and access management

A

AWS Identity and Access Management (IAM).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AWS application protection services

A

measures to protect against various threats, such as unauthorized access, data breaches, denial-of-service (DoS) attacks, and other security vulnerabilities.
AWS Shield
Amazon Cognito

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Infrastructure protection services

A

AWS Identity and Access Management (IAM)
IAM user groups and network access control lists (network ACLs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AWS services that provide network and edge protection

A

Amazon Virtual Private Cloud (Amazon VPC)
AWS WAF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat detection and incident response services

A

AWS Security Hub
Amazon GuardDuty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Data logging?

A

Data logging involves the systematic recording of data related to the processing of an AI workload. This can include the following:

Tracking inputs
Tracking outputs
Model performance metrics
System events
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are prompt injections?

A

In these attacks, adversaries attempt to manipulate the input prompts of generative AI models to generate malicious or undesirable content

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Open Web Application Security Project (OWASP)

A

Industry standard list of the top 10 vulnerabilities that can impact a generative AI LLM system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The Open Web Application Security Project (OWASP) Top 10

A

Prompt injection: Malicious user inputs that can manipulate the behavior of a language model
2

Insecure output handling: Failure to properly sanitize or validate model outputs, leading to security vulnerabilities
3

Training data poisoning: Introducing malicious data into a model’s training set, causing it to learn harmful behaviors
4

Model denial of service: Techniques that exploit vulnerabilities in a model’s architecture to disrupt its availability
5

Supply chain vulnerabilities: Weaknesses in the software, hardware, or services used to build or deploy a model
6

Sensitive information disclosure: Leakage of sensitive data through model outputs or other unintended channels
7

Insecure plugin design: Flaws in the design or implementation of optional model components that can be exploited
8

Excessive agency: Granting a model too much autonomy or capability, leading to unintended and potentially harmful actions
9

Overreliance: Over-dependence on a model’s capabilities, leading to over-trust and failure to properly audit its outputs
10

Model theft: Unauthorized access or copying of a model’s parameters or architecture, allowing for its reuse or misuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does AWS Security Hub provide?

A

a single dashboard to view all security findings, and to create and run automated playbooks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does AWS Key management service (KMS) do?

A

AWS KMS encrypts data and gives customers the choice and control of using AWS managed keys or customer-managed keys to protect their data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Amazon GuardDuty?

A

A threat detection service that monitors for suspicious activity and unauthorized behavior to protect AWS accounts, workloads, and data

17
Q

What is AWS Shield Advanced?

A

protect workloads against Distributed Denial of Service (DDoS) events. AWS Shield Advanced includes AWS WAF and AWS Firewall Manager.

18
Q

What is cataloging?

A

the systematic organization and documentation of the datasets, models, and other resources used in the development of a generative AI system.

18
Q

What is Amazon Inspector?

A

an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.

18
Q

What is Amazon Detective?

A

streamlines the investigative process and helps security teams conduct faster and more effective forensic investigations.

18
Q

What are model cards?

A

standardized format for documenting the key details about an ML model, including its intended use, performance characteristics, and potential limitations.

In the context of generative AI, model cards can be used to provide source citations and data origin documentation

18
Q

Data lineage

A

Technique used to track history of data. data lineage can be used to document the journey of the training data, from its initial sources to the final model.

18
Q

Prompt Injection

A

Influencing the outputs by embedding specific instructions within the prompts themselves

18
Q

Exposure

A

The risk of exposing sensitive or confidential information to a model during training or inference. The model can then reveal this sensitive data from their training corpus, leading to potential data leaks or privacy violations.

19
Q

5 types of machine learning

A

1) Supervised
2) Unsupervised
3) Semi-Supervised (small amount of labeled data and large amount of unlabeled data)
4) Reinforcement Learning
5) Deep Learning

20
Q

What is AWS Artifact?

A

designed to provide access to a wide range of AWS compliance reports, including those from Independent Software Vendors (ISVs). AWS Artifact allows users to configure settings to receive notifications when new compliance documents or reports are available