AWS Certified AI Practitioner (AIF-C01) Study Guide
The AWS Certified AI Practitioner (AIF-C01) validates foundational understanding of artificial intelligence, machine learning, and generative AI on AWS, along with responsible AI, security, and governance. It is aimed at people who use AI/ML solutions and understand the underlying concepts rather than those who build and train models. Expect conceptual questions on choosing the right approach or AWS service, not hands-on coding or math.
Reviewed Jul 2026.
Domain 1: Fundamentals of AI and ML
- Supervised learning trains on labeled data where the outcome is already known, and it powers both classification (predicting a category) and regression (predicting a numeric value). If historical records already contain the answer, such as loans marked repaid or defaulted, it is a supervised problem.
- Unsupervised learning finds structure in unlabeled data. Clustering algorithms like k-means discover natural groupings, such as customer segments, without any predefined labels or categories.
- Inference is the act of using an already-trained model to score new, unseen data, for example scoring a single new transaction for fraud risk.
- Hyperparameters are settings chosen before training begins, such as the number of layers or the learning rate. They are configured by the practitioner, unlike model parameters (weights), which are learned during training.
- Overfitting is when a model performs well on training data but poorly on new data, shown by a large gap between training and validation accuracy or by validation loss rising while training loss keeps falling. Underfitting is the opposite: the model is too simple to capture the pattern.
- The bias-variance tradeoff describes how model complexity shifts error between underfitting (high bias) and overfitting (high variance); tuning complexity balances the two.
- Accuracy can be misleading on imbalanced datasets because a model can score high just by predicting the majority class. Precision, recall, and the F1 score (their harmonic mean) better expose minority-class performance.
- AUC-ROC summarizes a classifier's ability to separate classes across all decision thresholds, giving a threshold-independent measure of quality.
- Root Mean Squared Error (RMSE) is a regression metric that squares errors before averaging, so it penalizes large mispredictions disproportionately and is sensitive to outliers.
- Amazon SageMaker offers multiple inference options: real-time endpoints keep dedicated instances running and billed continuously for low-latency needs; serverless inference auto-scales compute to traffic (with possible cold-start latency) and avoids paying for idle capacity; and batch inference processes large datasets on a schedule, such as refreshing recommendations nightly.
- SageMaker Neo compiles and optimizes a trained model for a specific target hardware or runtime, improving inference speed and shrinking the memory footprint, which suits resource-constrained edge devices with limited compute or intermittent connectivity.
- SageMaker Pipelines supports step caching, which lets a pipeline skip a step and reuse its previous output when nothing relevant has changed, saving time and cost.
- SageMaker provides built-in algorithms for common tasks, such as BlazingText for large-scale text classification and word-embedding generation.
- AWS offers managed AI services that require no model building: Amazon Polly for text-to-speech, Amazon Transcribe for speech-to-text, Amazon Textract for extracting text and data from scanned documents, and Amazon Rekognition for image and video analysis.
Domain 2: Fundamentals of generative AI
- Foundation models are large models pre-trained on broad data that can be adapted to many tasks. Pre-training gives broad general ability but not task-optimized behavior, which is why further customization is often needed.
- Tokens are the units of text a model processes, and each model uses its own tokenizer and vocabulary. The same text can split into different numbers of tokens across models, so token counts are model-specific, not universal.
- Prompt engineering (prompt design) is how a prompt is worded, structured, and detailed; it strongly influences output quality and is the lowest-effort way to steer a model without changing its weights.
- The typical customization effort ranking from least to most is: prompt engineering, then Retrieval Augmented Generation (RAG), then fine-tuning.
- In-context learning, including few-shot prompting (supplying a handful of example input-output pairs in the prompt), guides the model at inference time and leaves the model's weights unchanged.
- Fine-tuning updates the model's weights to bake a behavior or format directly into the model, reducing per-request prompt length and cost. Its drawbacks are that baked-in knowledge can become stale and it requires the most effort of the customization approaches.
- RAG retrieves relevant external content at query time and does not update the model's weights, making it well suited to information that changes frequently, such as a near-daily product catalog that fine-tuning could not keep pace with.
- Multimodal models process or produce more than one type of data (for example text plus images), which is required for tasks like reading scanned documents that mix text and images, or combining text and visuals.
- Generative AI excels at open-ended, low-stakes tasks like brainstorming, where it quickly produces many varied, plausible ideas for a human to filter and refine.
- Common generative AI capabilities include summarization, real-time speech-to-speech translation (chaining speech recognition, translation, and synthesis), and image inpainting (generating new pixel content to replace a selected region).
- An AI agent orchestrates reasoning steps and external API calls to complete multi-step tasks autonomously, going beyond a single text completion.
- Amazon Q is AWS's generative AI assistant family; Amazon Q Developer includes a conversational assistant integrated into the AWS Management Console to troubleshoot and answer questions about AWS services.
- Key selection factors for generative AI use cases include inference latency (critical for real-time voice interaction), prompt sensitivity (small prompt wording changes causing large output changes), and data privacy exposure when sending data to a model.
- A strong generative AI use case is a conversational virtual assistant that automatically resolves routine customer inquiries, freeing staff for complex issues.
Domain 3: Applications of foundation models
- A RAG pipeline typically chunks documents into smaller pieces, uses an embedding model to convert each chunk and the user query into numeric vectors, stores those vectors, then retrieves the most similar chunks to ground the model's response in current, verified source content.
- Cosine similarity is the standard measure for comparing embedding vectors, ranking retrieved chunks by how close they are in vector space to the query.
- Vector storage options on AWS include the pgvector extension on Aurora PostgreSQL, and Amazon Kendra can act as a managed retriever with prebuilt enterprise connectors and ML relevance ranking, so a team need not pick an embedding model, build chunking, or run a separate vector database.
- Temperature reshapes the token probability distribution to control randomness; a temperature near 0 approximates deterministic, greedy selection. Combined with a restrictive top-k (for example top-k of 1), it drives near-deterministic, repeatable output.
- Maximum tokens only caps the length of the output; it does not affect creativity or randomness.
- Prompt structure matters for safety: separating trusted, developer-authored system instructions from untrusted user input (via message roles or clear delimiters) makes prompt injection harder, though not impossible.
- A prompt injection attack aims to override or extract instructions, such as tricking the model into revealing its confidential system prompt. This is malicious, unlike an ambiguous prompt, which causes unintended or inconsistent output without any attacker.
- A prompt commonly has components such as instructions, context, examples, and an output indicator that signals the desired response format.
- Few-shot prompting supplies multiple example input-output pairs so the model infers the desired pattern, format, and style, generally improving consistency more than a single example would.
- Fine-tuning adapts a model to a specific subject area or format, while RAG is the better fit when responses must reflect frequently updated content, such as adding a retrieval layer over a current product catalog.
- Amazon Bedrock Agents can be associated with a knowledge base to perform RAG over source documents like product manuals and return answers with citations.
- Amazon Bedrock offers pricing and hosting models including on-demand usage-based pricing and Provisioned Throughput, a capacity commitment that provides guaranteed throughput and is generally required for hosting custom (fine-tuned) models.
- Evaluation metrics for generated text include BERTScore, which measures semantic similarity to a reference answer but not factual accuracy, so a response can score high on similarity yet still be factually wrong.
- Reducing hallucination can involve grounding techniques such as RAG and self-verification, where the model checks its output against the provided source content.
Domain 4: Guidelines for responsible AI
- The core dimensions of responsible AI include fairness, robustness, privacy and security, transparency, explainability, governance, and sustainability.
- Robustness is a system's ability to keep performing reliably under noisy, degraded, unexpected, or adversarial inputs, such as an image classifier that still works despite blur, poor lighting, or deliberate perturbations.
- Hallucination is when a model generates plausible-sounding but fabricated or incorrect content. Grounding responses in retrieved verified sources with RAG is a key mitigation.
- SageMaker Clarify targets bias detection and prediction explainability (feature attribution). It computes pre-training bias metrics on the raw dataset before any model exists, such as Class Imbalance (CI) and Difference in Proportions of Labels (DPL), and separate post-training bias metrics computed on model predictions.
- SageMaker Model Monitor detects drift in production, including bias drift and feature attribution drift, addressing shifting fairness disparities and changing feature importance over time.
- Amazon Bedrock Guardrails enforce runtime safety policies on generative AI applications; a single guardrail configuration can be reused across multiple models and applications. Clarify focuses on bias and explainability, while Guardrails focus on real-time content safety.
- Contextual grounding checks in Bedrock Guardrails validate that a response is supported by and relevant to the provided source content, directly reducing hallucination in RAG-style applications.
- A feedback loop occurs when a model's outputs influence the data used to retrain it, reinforcing and amplifying its original predictions, as when predictive-policing recommendations generate arrest records that then retrain the model.
- Data poisoning is an attack that deliberately injects malicious or corrupted samples into training or fine-tuning data to degrade performance or bias the model; vetting the provenance and quality of data sources is the defense.
- Sampling bias arises when training data is not representative of the real population, producing a model that performs poorly for underrepresented groups.
- AI Service Cards are published by AWS about AWS AI services and describe intended use and limitations, whereas Model Cards are provided by the model owner about their own models.
- Privacy-preserving practices include redacting personal information before sending it to a model and using enterprise deployments that offer data-use guarantees so inputs are not used to train the provider's models.
- AWS Trainium and Inferentia are purpose-built accelerators designed for efficient ML training and inference, supporting the sustainability dimension by improving performance per watt.
- AI governance involves defining roles and accountability, establishing risk-management policies, and maintaining audit trails and oversight over how AI systems are built and used.
Domain 5: Security, compliance, and governance for AI solutions
- The AWS shared responsibility model applies to managed services like Bedrock: AWS secures the underlying infrastructure, while the customer remains responsible for access control, data protection, and guardrail configuration.
- Private connectivity keeps AI traffic off the public internet: an interface VPC endpoint (AWS PrivateLink) keeps Bedrock API calls on the AWS network, and running a training job inside a VPC with network isolation enabled contains its network access.
- IAM should scope permissions tightly; for example, restricting the Bedrock InvokeModel action to specific model ARNs enforces exactly which models a principal is allowed to call.
- Server-side encryption with KMS using a customer managed key (SSE-KMS with CMK) gives the data owner control over key policy, rotation, and grants, so access can be revoked immediately if the key is suspected of compromise.
- Secrets such as API keys should be stored in AWS Secrets Manager and retrieved at build or run time, keeping credentials out of source control and container images.
- Amazon Inspector performs automated vulnerability scanning and factors network reachability into its risk scores, reflecting whether a vulnerable resource is actually exposed. Adding a scan as a CI/CD gate that fails the build on critical findings blocks vulnerable images from reaching production.
- Amazon GuardDuty detects threats using ML; its RDS Protection profiles normal database login activity to flag anomalous access, such as unusual locations, times, or repeated failed logins against a feature store.
- Amazon Detective builds a behavior graph from sources like VPC Flow Logs, CloudTrail, and GuardDuty findings, letting analysts pivot across roles, IPs, and API calls to investigate the scope of an incident.
- Data governance requires defining sensitivity levels and their corresponding handling requirements, and enabling object-level visibility (for example, logging object-level S3 operations) to track access to sensitive data.
- Privacy regulations such as GDPR require a documented lawful basis for processing personal data (consent, contract necessity, or legitimate interest); using data for a new purpose like model training may require obtaining new, purpose-specific consent, and individuals hold rights such as the right to access their data.
- AWS Artifact is the self-service portal for downloading AWS compliance reports and agreements, providing evidence of AWS's certifications.
- AWS Config conformance packs group config rules into prebuilt compliance frameworks, and AWS Audit Manager offers prebuilt frameworks to continuously assess and evidence compliance.
- AWS WAF Bot Control is a managed rule group that categorizes and manages automated bot traffic against web-facing applications.
- Organizational safeguards for AI data include establishing accountability, oversight, and policies, and requiring nondisclosure agreements before granting access to sensitive datasets.
AWS Certified AI Practitioner (AIF-C01) exam tips
- Focus on choosing the right approach or AWS service for a scenario rather than math or coding; the exam tests conceptual judgment for people who use AI/ML, not build it.
- Memorize the customization effort ladder (prompt engineering, then RAG, then fine-tuning) and know which fits: RAG for frequently changing data, fine-tuning to bake in format or domain style, prompting for quick low-effort steering.
- Learn what each AWS AI tool is for: Bedrock and Bedrock Guardrails for generative AI and runtime safety, SageMaker Clarify for bias and explainability, Model Monitor for drift, and managed services (Polly, Transcribe, Textract, Rekognition) for ready-made tasks.
- Understand evaluation metrics and when accuracy misleads: use precision, recall, and F1 on imbalanced data, and know that inference parameters like temperature and top-k control randomness while max tokens only caps length.
- For security questions, apply the shared responsibility model, least-privilege IAM scoping, private connectivity via VPC endpoints, encryption with customer managed KMS keys, and Secrets Manager for credentials.
Study guide FAQ
Do I need coding or machine learning experience to pass the AI Practitioner exam?
No. AIF-C01 is a foundational exam for people who use rather than build AI/ML. It tests conceptual understanding of AI, ML, and generative AI plus the right AWS services and responsible-AI practices, without requiring you to write code or do the underlying math.
When should I use RAG instead of fine-tuning?
Use RAG when responses must reflect frequently changing or proprietary information, because it retrieves current source content at query time without altering the model's weights. Use fine-tuning to bake a consistent format, style, or domain behavior into the model, accepting that its knowledge can become stale and that it takes more effort.
What is the difference between SageMaker Clarify and Amazon Bedrock Guardrails?
Clarify detects dataset and model bias and explains predictions through feature attribution, primarily during development. Bedrock Guardrails enforce runtime safety policies on generative AI applications, such as blocking harmful content and applying contextual grounding checks, and one guardrail configuration can be reused across multiple models and applications.
How does the shared responsibility model apply to a managed service like Amazon Bedrock?
AWS secures the underlying infrastructure that runs the service, while you remain responsible for how you use it: managing access control with IAM, protecting your data with encryption, keeping traffic private with VPC endpoints, and configuring guardrails and governance for your application.