Exam AWS Certified Machine Learning - Specialty topic 1 question 6 discussion

I think the answer should be C

The correct answer HAS TO be A The instances are running in customer accounts but it's in an AWS managed VPC while exposing ENI to customer VPC if it was chosen. See explanation at https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/

C. Amazon SageMaker notebook instances are based on EC2 instances running within AWS service accounts. Why? Amazon SageMaker does use EC2 instances, but they are not directly managed within the customer's AWS account. Instead, these instances are provisioned within AWS-managed service accounts, which is why they do not appear within the customer’s VPC or EC2 console. The only way to access the underlying EBS volume is via SageMaker APIs, rather than the EC2 console.

Although I'd go with Glue and option B I'm pretty sure that this is one of those "15 unscored questions that do not affect your score. AWS collects information about performance on these unscored questions to evaluate these questions for future use as scored questions" Just for fun I asked perplexity, chatgpt, gemini, deepseek and claude: all gave D as first response When I pointed out that "according to this https://docs.aws.amazon.com/firehose/latest/dev/record-format-conversion.html Kinesis can't convert directly cvs to parquet. It needs a Lambda" each model responded in a different way (some of them contradictory). My reasoning is that D (Kinesis + Firehose) is incorrect because Firehose does not support direct CSV-to-Parquet conversion and needs a Lambda not mentioned in the option. But discussing about questions like this one is nothing but I big waste of time ;-P

Amazon SageMaker notebook instances are indeed based on EC2 instances, but they are managed by the SageMaker service and do not appear as standard EC2 instances in the customer's VPC. Instead, they run in a managed environment that abstracts away the underlying EC2 instances, which is why the ML Specialist cannot see the instance in the VPC.

The explanation for this choice is that Amazon SageMaker notebook instances are fully managed by AWS and run on EC2 instances that are not visible to customers. These EC2 instances are launched in AWS-owned accounts and are isolated from customer accounts by using AWS PrivateLink1. This means that customers cannot access or manage these EC2 instances directly, nor can they see the EBS volumes attached to them.

A. NO - AEC2 instances within the customer account are necessarily in a VPCb B. NO - Amazon ECS service is not within customer accounts C. YES - EC2 instances running within AWS service accounts are not visible to customer account D. NO - SageMaker manages EC2 instance, not ECS

A. NO. If the EC2 instance of the notebook was in the customer account, customer would be able to see it. Also, "they run outside VPCs" isn't true as they run in service managed VPC or can be also attached to customer provided VPC -> https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/ B. NO, Notebooks are based on EC2 + EBS C. YES -> https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/ D. NO, Notebooks are based on EC2 + EBS I also actually tested it in my account: I created a Notebook and attached it to my VPC, I was not able to see the EC2 instance behind the Notebook but I was able to see the its ENI with the following description "[Do not delete] Network Interface created to access resources in your VPC for SageMaker Notebook Instance ..."

already given below

I am pretty sure the answer is A : Amazon SageMaker notebook instances are indeed based on EC2 instances, and these instances are within your AWS customer account. However, by default, SageMaker notebook instances run outside of your VPC (Virtual Private Cloud), which is why they may not be visible within your VPC. SageMaker instances are designed to be easily accessible for data science and machine learning tasks, which is why they typically do not reside within a VPC. If you need them to operate within a VPC, you can configure them accordingly, but this is not the default behavior.

I think it should be c

Per https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html it's C

Notebooks can run inside AWS managed VPC or customer managed VPC

C, check the digram in https://docs.aws.amazon.com/sagemaker/latest/dg/studio-notebooks-and-internet-access.html

When a SageMaker notebook instance is launched in a VPC, it creates an Elastic Network Interface (ENI) in the subnet specified, but the underlying EC2 instance is not visible in the VPC. This is because the EC2 instance is managed by AWS, and it is outside of the VPC. The ENI acts as a bridge between the VPC and the notebook instance, allowing network connectivity between the notebook instance and other resources in the VPC. Therefore, the EBS volume of the notebook instance is also not visible in the VPC, and you cannot take a snapshot of the volume using VPC-based tools. Instead, you can create a snapshot of the EBS volume directly from the SageMaker console, AWS CLI, or SDKs.

Notebooks run inside a VPC not outside!

Definitely C