CloudWatch and CloudTrail

Question 1

Q: What is Amazon CloudWatch?

Answer 1

A: A monitoring and observability service that provides metrics, logs, and alarms for AWS resources and applications.

Question 2

Q: What are CloudWatch metrics?

Answer 2

A: Time-ordered data points used to monitor AWS resources and applications, such as CPU utilization or request counts.

Question 3

Q: What are custom metrics in CloudWatch?

Answer 3

A: Metrics defined and published by users for monitoring application-specific data.

Question 4

Q: What are CloudWatch alarms?

Answer 4

A: Configurations that monitor CloudWatch metrics and trigger actions when thresholds are breached.

Question 5

Q: What are CloudWatch Logs?

Answer 5

A: A service that collects, stores, and monitors logs from AWS resources, applications, and custom log sources.

Question 6

Q: What are log groups in CloudWatch?

Answer 6

A: Containers for log streams with shared retention, access policies, and metrics.

Question 7

Q: What are log streams in CloudWatch?

Answer 7

A: Sequences of log events from the same source, such as an EC2 instance.

Question 8

Q: What is CloudWatch Logs Insights?

Answer 8

A: An interactive query service for analyzing CloudWatch Logs with SQL-like queries.

Question 9

Q: What are CloudWatch dashboards?

Answer 9

A: Customizable visualizations of CloudWatch metrics and logs displayed in a single view.

Question 10

Q: What are CloudWatch Events (EventBridge)?

Answer 10

A: A service that delivers near real-time notifications of system events and changes in AWS resources.

Question 11

Q: What is the CloudWatch Agent?

Answer 11

A: A software agent that collects metrics and logs from on-premises and EC2 instances for CloudWatch.

Question 12

Q: What is CloudWatch Synthetics?

Answer 12

A: A feature for monitoring APIs, URLs, and user workflows with canary testing to detect issues.

Question 13

Q: What is CloudWatch ServiceLens?

Answer 13

A: A tool for monitoring application performance and dependencies by combining CloudWatch metrics, logs, and traces.

Question 14

Q: What is CloudWatch Anomaly Detection?

Answer 14

A: A feature that uses machine learning to identify unusual metric behavior and detect anomalies.

Question 15

Q: What is metric math in CloudWatch?

Answer 15

A: A feature for performing calculations on existing metrics to create new, derived metrics.

Question 16

Q: What are the retention options for CloudWatch Logs?

Answer 16

A: Logs can be retained indefinitely or set to expire after a specific period (e.g., 1 day, 1 week, or 10 years).

Question 17

Q: Which AWS services integrate with CloudWatch?

Answer 17

A: EC2, Lambda, RDS, S3, API Gateway, DynamoDB, ECS, EKS, and more.

Question 18

Q: What actions can CloudWatch alarms trigger?

Answer 18

A: Sending SNS notifications, executing Auto Scaling actions, or invoking Lambda functions.

Question 19

Q: What is a log subscription in CloudWatch?

Answer 19

A: A configuration that sends logs to destinations like Lambda, Kinesis, or Elasticsearch in real time.

Question 20

Q: How is CloudWatch pricing structured?

Answer 20

A: Based on metrics, dashboards, log storage, API requests, and log data ingestion and retrieval.

Question 21

Q: What is AWS CloudTrail?

Answer 21

A: A service that records API calls, console actions, and events in your AWS account for auditing and compliance.

Question 22

Q: What are the types of events in CloudTrail?

Answer 22

A: Management Events, Data Events, and Insights Events.

Question 23

Q: What are Management Events in CloudTrail?

Answer 23

A: Events that log management operations, such as creating or modifying resources (e.g., IAM roles, VPCs).

Question 24

Q: What are Data Events in CloudTrail?

Answer 24

A: Events that log resource-specific operations, such as S3 object access or Lambda function execution.

Question 25

Q: What are CloudTrail Insights Events?

Answer 25

A: Events that detect unusual activity in your account, such as spikes in API calls or unauthorized access attempts.

Question 26

Q: What is a trail in CloudTrail?

Answer 26

A: A configuration that delivers log files from CloudTrail to an S3 bucket for auditing and analysis.

Question 27

Q: What are cross-region trails in CloudTrail?

Answer 27

A: Trails that consolidate logs from multiple AWS regions into a single S3 bucket.

Question 28

Q: How does CloudTrail ensure log file integrity?

Answer 28

A: By using SHA-256 hash algorithms and digest files to verify the integrity of log files.

Question 29

Q: What is Event History in CloudTrail?

Answer 29

A: A feature that allows you to view the most recent 90 days of account activity through the AWS Management Console.

Question 30

Q: What does CloudTrail log for S3?

Answer 30

A: Events like bucket creation, object uploads, and changes to bucket policies.

Question 31

Q: How does CloudTrail integrate with AWS Config?

Answer 31

A: CloudTrail records actions that AWS Config uses to assess resource compliance.

Question 32

Q: How does CloudTrail log Lambda activity?

Answer 32

A: By recording API calls, such as CreateFunction, Invoke, or DeleteFunction.

Question 33

Q: How does CloudTrail help with compliance?

Answer 33

A: By providing detailed logs for audits, ensuring traceability of actions, and helping meet regulations like GDPR, SOC, and HIPAA.

Question 34

Q: How can you manage the retention of CloudTrail logs?

Answer 34

A: By configuring S3 lifecycle policies to archive or delete logs after a specific period.

Question 35

Q: What is the difference between CloudTrail and CloudWatch?

Answer 35

A: CloudTrail focuses on logging API calls and account activity, while CloudWatch monitors performance metrics and logs for operational insights.

Question 36

Q: What tools can analyze CloudTrail logs?

Answer 36

A: AWS Athena, Amazon S3 Select, CloudWatch Logs Insights, and third-party SIEM tools.

Question 37

Q: Where can CloudTrail logs be delivered?

Answer 37

A: To an S3 bucket, optionally with integration to CloudWatch Logs for real-time analysis.

Question 38

Q: Is AWS CloudTrail free?

Answer 38

A: The first trail in each region is free for management events. Additional trails or data events incur costs.

Question 39

Q: How can you use CloudTrail for multiple accounts?

Answer 39

A: By consolidating logs from multiple accounts in an AWS Organization to a single S3 bucket.

Question 40

Q: How does Trusted Advisor relate to CloudTrail?

Answer 40

A: Trusted Advisor recommends enabling CloudTrail for better auditing and compliance.