AWS Certified SysOps Administrator – Associate — Question 76

A company wants to be alerted through email when IAM CreateUser API calls are made within its AWS account.

Which combination of actions should a SysOps administrator take to meet this requirement? (Choose two.)

Answer options

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS CloudTrail as the event source and IAM CreateUser as the specific API call for the event pattern.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with Amazon CloudSearch as the event source and IAM CreateUser as the specific API call for the event pattern.
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with AWS IAM Access Analyzer as the event source and IAM CreateUser as the specific API call for the event pattern.
• D. Use an Amazon Simple Notification Service (Amazon SNS) topic as an event target with an email subscription.
• E. Use an Amazon Simple Email Service (Amazon SES) notification as an event target with an email subscription.

Correct answer: A, D

Explanation

The correct combination is A and D. Option A correctly sets up an EventBridge rule with AWS CloudTrail to monitor the IAM CreateUser API calls. Option D uses Amazon SNS to send email notifications, which is an appropriate choice for alerting. The other options either use incorrect event sources or are not suitable for sending email notifications.