The correct answers are A and E because both directly align with AWS best practices for securing generative AI services and data privacy in enterprise applications.

From the AWS Amazon Q Business documentation:

"AWS Key Management Service (KMS) integrates with Amazon Q Business to encrypt sensitive data at rest. You can use customer-managed KMS keys to meet compliance requirements."

And:

"You must configure IAM access controls to manage which users and applications can access Amazon Q Business indexes, ensuring that only authorized users can retrieve information."

Explanation of other options:

B. Cross-account access is not a common requirement for internal enterprise use of Amazon Q Business unless explicitly sharing data across organizations. It’s not a requirement for securing access.

C. Amazon Inspector is a vulnerability management tool for EC2 and containers. It is unrelated to Amazon Q authentication or security.

D. Allowing public access would violate security and privacy principles and directly contradict the stated requirement.

Referenced AWS AI/ML Documents and Study Guides:

Amazon Q Business Developer Guide – Security and Identity Management

AWS KMS Documentation – Integration with Bedrock and Amazon Q

AWS Certified Machine Learning Specialty Guide – Responsible AI and Governance Section