- (Exam Topic 1)
A SysOps administrator needs to give users the ability to upload objects to an Amazon S3 bucket. The SysOps administrator creates a presigned URL and provides the URL to a user, but the user cannot upload an object to the S3 bucket. The presigned URL has not expired, and no bucket policy is applied to the S3 bucket.
Which of the following could be the cause of this problem?

1. A. The user has not properly configured the AWS CLI with their access key and secret access key.
2. B. The SysOps administrator does not have the necessary permissions to upload the object to the S3 bucket.
3. C. The SysOps administrator must apply a bucket policy to the S3 bucket to allow the user to upload the object.
4. D. The object already has been uploaded through the use of the presigned URL, so the presigned URL is no longer valid.

Correct Answer: B

- (Exam Topic 1)
A company is using Amazon Elastic Container Sen/ice (Amazon ECS) to run a containerized application on Amazon EC2 instances. A SysOps administrator needs to monitor only traffic flows between the ECS tasks.
Which combination of steps should the SysOps administrator take to meet this requirement? (Select TWO.)

1. A. Configure Amazon CloudWatch Logs on the elastic network interface of each task.
2. B. Configure VPC Flow Logs on the elastic network interface of each task.
3. C. Specify the awsvpc network mode in the task definition.
4. D. Specify the bridge network mode in the task definition.
5. E. Specify the host network mode in the task definition.

Correct Answer: AE

- (Exam Topic 1)
A SysOps administrator developed a Python script that uses the AWS SDK to conduct several maintenance tasks. The script needs to run automatically every night.
What is the MOST operationally efficient solution that meets this requirement?

1. A. Convert the Python script to an AWS Lambda (unctio
2. B. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke the function every night.
3. C. Convert the Python script to an AWS Lambda functio
4. D. Use AWS CloudTrail to invoke the function every night.
5. E. Deploy the Python script to an Amazon EC2 Instanc
6. F. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule the instance to start and stop every night.
7. G. Deploy the Python script to an Amazon EC2 instanc
8. H. Use AWS Systems Manager to schedule the instance to start and stop every night.

Correct Answer: A

- (Exam Topic 1)
A SysOps administrator is configuring an application on Amazon EC2 instances for a company Teams in other countries will use the application over the internet. The company requires the application endpoint to have a static pubic IP address.
How should the SysOps administrator deploy the application to meet this requirement?

1. A. Behind an Amazon API Gateway API
2. B. Behind an Application Load Balancer
3. C. Behind an internet-facing Network Load Balancer
4. D. In an Amazon CloudFront distribution

Correct Answer: C

- (Exam Topic 1)
A company's SysOps administrator has created an Amazon EC2 instance with custom software that will be used as a template for all new EC2 instances across multiple AWS accounts. The Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instance are encrypted with AWS managed keys.
The SysOps administrator creates an Amazon Machine Image (AMI) of the custom EC2 instance and plans to share the AMI with the company's other AWS accounts. The company requires that all AMIs are encrypted with AWS Key Management Service (AWS KMS) keys and that only authorized AWS accounts can access the shared AMIs.
Which solution will securely share the AMI with the other AWS accounts?

1. A. In the account where the AMI was created, create a customer master key (CMK). Modify the key policyto provide kms:DescribeKey, kms ReEncrypf, kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
2. B. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.
3. C. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescribeKey, kms:ReEncrypt*. kms:CreateGrant, and kms;Decrypt permissions to the AWS accounts that the AMI will be shared wit
4. D. Create a copy of the AM
5. E. and specify the CM
6. F. Modify the permissions on the copied AMI to specify the AWS account numbers that the AMI will be shared with.
7. G. In the account where the AMI was created, create a customer master key (CMK). Modify the key policy to provide kms:DescrlbeKey, kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
8. H. Create a copy of the AM
9. I. and specify the CM
10. J. Modify the permissions on the copied AMI to make it public.
11. K. In the account where the AMI was created, modify the key policy of the AWS managed key to provide kms:DescnbeKe
12. L. kms:ReEncrypt\ kms:CreateGrant, and kms:Decrypt permissions to the AWS accounts that the AMI will be shared wit
13. M. Modify the AMI permissions to specify the AWS account numbers that the AMI will be shared with.

Correct Answer: B
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html