- (Exam Topic 1)
A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket.
Which of the following could be the cause of this problem?

1. A. The user has not properly configured the AWS CLI with their access key and secret access key.
2. B. The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket.
3. C. The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object.
4. D. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.

Correct Answer: B

- (Exam Topic 1)
A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.
Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

1. A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
2. B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
3. C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
4. D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
5. E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Correct Answer: AD
https://aws.amazon.com/blogs/security/how-to-receive-alerts-when-your-iam-configuration-changes/

- (Exam Topic 1)
A SysOps administrator is responsible for a large fleet of Amazon EC2 instances and must know whether any instances will be affected by upcoming hardware maintenance. Which option would provide this information with the LEAST administrative overhead?

1. A. Deploy a third-party monitoring solution to provide real-time EC2 instance monitoring
2. B. List any instances with failed system status checks using the AWS Management Console
3. C. Monitor AWS CloudTrail for Stopinstances API calls
4. D. Review the AWS Personal Health Dashboard

Correct Answer: D
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html

- (Exam Topic 1)
A company is releasing a new static website hosted on Amazon S3. The static website hosting feature was enabled on the bucket and content was uploaded: however, upon navigating to the site, the following error message is received:
403 Forbidden - Access Denied
What change should be made to fix this error?

1. A. Add a bucket policy that grants everyone read access to the bucket.
2. B. Add a bucket policy that grants everyone read access to the bucket objects.
3. C. Remove the default bucket policy that denies read access to the bucket.
4. D. Configure cross-origin resource sharing (CORS) on the bucket.

Correct Answer: B

- (Exam Topic 1)
A company has two VPC networks named VPC A and VPC B. The VPC A CIDR block is 10.0.0.0/16 and the VPC B CIDR block is 172.31.0.0/16. The company wants to establish a VPC peering connection named
pcx-12345 between both VPCs.
Which rules should appear in the route table of VPC A after configuration? (Select TWO.)

1. A. Destination: 10.0.0.0/16, Target: Local
2. B. Destination: 172.31.0.0/16, Target: Local
3. C. Destination: 10.0.0.0/16, Target: pcx-12345
4. D. Destination: 172.31.0.0/16, Target: pcx-12345
5. E. Destination: 10.0.0.0/16. Target: 172.31.0.0/16

Correct Answer: AD
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html