CloudWatch & Monitoring & Alerting Flashcards

1
Q

You have de­ployed an ap­pli­ca­tion on an Ama­zon
EC2 in­stance in a pri­vate sub­net with­in a VPC. The
sub­net does not have In­ter­net con­nec­tiv­i­ty. You
need to write ap­pli­ca­tion logs to Cloud­Watch logs
via the CWA­gent what must be con­fig­ured to al­low
this to work

A

An in­stance role on the EC2 in­stance and An In­ter­face end­point in the VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which feature of CloudWatch Logs allows you to generate an alarm based on patterns within a Log Group

A

Metric filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements is ALWAYS true for CloudWatch Logs

A

Permission and retention are defined on a Log Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which two products can be used together for real time processing of CloudWatch Logs

A

Subscription + Lambda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are valid Alarm states within CloudWatch? (choose all that apply)

A

OK
Alarm
Insufficient data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What types of information is logged by VPC flow logs? (Choose all that apply)

A

Packet SRC and DST
Date and time
Ports
Allow or Deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is the correct structure within CloudWatch Logs

A

Log Groups -> Log Streams -> Log events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following options is the MINIMUM required to log processing_running within an EC2 Instance

A

EC2 instance role with CW permissions
CW agent install(with configuration)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following options are enabled via installing the CWAgent

A

Injecting Detailed and Custom metrics from EC2 instance
Logging system, app and cust logs into CW logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following are valid locations for VPC Flow Logging (choose all that apply)

A

ENI
Subnet
VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company has several applications and workloads running on AWS that are managed by various teams. The SysOps Administrator has been instructed to configure alerts to notify the teams in the event that the resource utilization exceeded the defined threshold.

Which of the following is the MOST suitable AWS service that the Administrator should use?

A

AWS Budgets

AWS Cost Explorer is incorrect because it only lets you visualize, understand, and manage your AWS costs and usage over time. You cannot define any threshold using this service, unlike AWS Budgets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A pharmaceutical company has a hybrid cloud architecture. The company has a fleet of EC2 instances in their VPC and a group of servers on their on-premises data center. The SysOps Administrator is instructed by the manager to set up a unified dashboard monitoring system for both the EC2 instances as well as the on-premises servers.

Which of the following options should the Administrator do to satisfy the given requirement? (Select TWO.)

A

– Set up the metrics dashboard in CloudWatch.
– Install the CloudWatch Agent to both Amazon EC2 Instances and On-Premises servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A large technology company, which is heavily using AWS for its cloud-based applications to serve its clients, has both private and public application servers that are hosted in over 1000 EC2 Instances. To ensure security, the SysOps Administrator needs to ensure that public SSH is always disabled for the private servers.

Which of the following options would be the best way to ensure this security check is in place?

A

Use AWS Config Rules to check all the configuration of the Security Groups.

NOT Use Amazon Inspector to check all the configuration of the Security Groups is incorrect because Amazon Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A startup is using Amazon CloudWatch to monitor the workload of its website running on an EC2 instance. The CloudWatch Logs Agent has been set up on the instance to publish application logs. Despite having full access to the AWS account, the administrator is still unable to view the logs in the CloudWatch Logs Console.

Which solution would most likely solve the issue?

A

Attach an IAM role with sufficient CloudWatch Logs permission to the instance profile of the EC2 instance

NOT Create a connection between CloudWatch Logs and the instance using an interface VPC endpoint is incorrect. This only needs to be done when you want your instances to communicate with the CloudWatch service privately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A Junior DevOps Engineer needs to monitor an ELB for one of the web applications and asked you where to find the information such as the client’s IP address, latencies, request paths, and server responses. Which of the following options would you recommend to get the above information?

A

ELB Access Logs

NOT VPC Flow logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A SysOps Administrator needs to produce regular reports and statistics on EC2 resource consumption across different regions. In an upcoming meeting, the Administrator is asked to present these findings to the CTO and Data Analytics team. Aggregating these statistics would detail a lot of information on resource consumption with ease.

What is the procedure for viewing aggregation statistics in CloudWatch?

A

Use CloudWatch Metric Math to query metrics and apply mathematical operations on these metrics.

17
Q

A company needs to ensure the safety of its employees by measuring the temperature of their facility every 5 minutes using smart sensors. They want to send the custom data metrics of their application to CloudWatch to view the data graphs visually.

Which of the below statements is true regarding the scenario above?

A

You can use AWS CLI or API to upload the data metrics to CloudWatch.

18
Q

A money transfer mobile app is heavily using RESTful web services, which is hosted in an Auto Scaling group of Spot EC2 instances across multiple Availability Zones and a Load Balancer. You are setting up the monitoring system and you know that the web services currently utilize a lot of memory in order to function properly.

Which of the following should you implement to properly monitor the memory usage of the EC2 instances?

A

Set up and install the CloudWatch agent on all EC2 instances. Set up a custom metric to view the various memory utilization metrics of each EC2 instance such as mem_available, mem_cached, mem_active and many others.

19
Q

A global technology company has a cloud architecture that uses various VPCs across multiple regions. To monitor their entire system, you were instructed to aggregate the CPU Utilization of their Reserved EC2 instances running in all of their VPCs.

How can you implement this requirement in the easiest way possible with minimal additional costs? (Select TWO.)

A

– Set up a CloudWatch dashboard. Add a widget and choose Math expression under Graph Metric to query and aggregate the CPU Utilization of all Reserved EC2 instances in all regions.

– Enable detailed monitoring for all EC2 instances.

NO OPTION to select Cross-Region under Graph Metric

20
Q

A RegTech startup plans to utilize machine learning to improve its financial regulatory processes. They have a fleet of Spot EC2 instances with an Application Load Balancer to host their online customer portal. There is a requirement to produce a report that provides a list of IP addresses that are accessing their portal, including the API request logs that went through all of their AWS resources.

Which of the following options could help the SysOps Administrator achieve this requirement? (Select TWO.)

A

– Amazon VPC Flow Logs and AWS CloudTrail

– AWS ELB Access Logs and AWS CloudTrail

NOT AWS CloudTrail and AWS Config are incorrect because AWS Config is simply a service used for configuration management and not for tracking incoming traffic to your VPC.

21
Q

The billing report of your AWS expenses is currently being generated monthly. To ensure proper financial monitoring, the accounting department of the company instructed you to provide them a way to get billing updates more than once a month. They will be using a spreadsheet application to view and analyze the billing data.

Which of the following is the MOST suitable solution that you should implement for this scenario?

A

configure your AWS Cost and Usage Report to generate and publish billing reports in CSV format to an S3 bucket every day.

NOT Use a combination of Lambda and CloudWatch Alarms to generate billing reports by querying the AWS Cost Explorer API every week. Utilize AWS Glue to convert the data output to a CSV format
(UNNECESSARY WORK)

22
Q

A SysOps Administrator configured CloudWatch monitoring on an On-Demand, EBS-backed EC2 instance which is deployed on ap-southeast-1 region. Which of the following metrics will always show a value of 0?

A

DiskReadOps is the metric that counts the completed read operations from all instance store volumes available to the instance in a specified period of time. To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.
If there are NO INSTANCE STORE VOLUMES, either the value is 0 or the metric is not reported. The same behavior also applies to DiskWriteOps, DiskReadBytes, and DiskWriteBytes.

23
Q

A financial firm is hosting their mission critical system in AWS. As their Lead Systems Administrator, you are responsible for properly monitoring the status of their cloud resources and setting up an alert system so that you and the Operations team are notified for any technical issues. Since the system is critical to the day-to-day operations of the business, you also need to be notified of any issues that occur in the underlying hardware that hosts the AWS resources.

Which of the following is the best way to achieve this?

A

Use the Personal Health Dashboard which provides information about AWS Health events that can affect your account.

NOT Setting up a Service Health Dashboard that will automatically send alerts for any system issues is incorrect because the Service Health Dashboard monitors the entire health of the services provided by AWS in a global scale and not just your account.

24
Q

An IT Consulting company has a VPC in the us-east-1 (N. Virginia) region for its business operations. Last month, the entire us-east-1 AWS region went down which totally rendered all of the cloud systems unavailable and eventually resulted in a financial loss. To prevent this from happening again, the CTO instructed the SysOps Administrator to set up a notification system that provides alerts via their Slack messaging channel when AWS is experiencing events that may impact their cloud resources.

Which of the following options should the Administrator implement to meet this requirement?

A

Use AWS Health Events with Amazon EventBridge and a Lambda function to send a notification to a Slack channel when an event occurs.

NOT Use a combination of CloudWatch Alarms and SNS to send a notification to a Slack channel when an event occurs is incorrect because CloudWatch only monitors the health of the resources that you own based on certain metrics but it does not check the underlying hardware that hosts the AWS resources.

25
Q

A FinTech startup is running a cryptocurrency exchange platform hosted in several EC2 instances behind an Application Load Balancer. The application stack is deployed using CloudFormation and each EC2 instance has a running AWS Systems Manager (SSM) agent. There was a recent incident in which the platform was down for a few hours because the instances have reached the maximum disk space allocated.

What should the SysOps Administrator do to prevent this issue from happening again?

A

Download and install the Amazon CloudWatch agent on all Amazon EC2 Instances using the AWS Systems Manager (SSM) agent. Configure the CloudWatch agent to collect the disk metrics and set up a CloudWatch alarm that will notify the IT Operations team if disk space is running low.

NOT Integrate AWS Health events with Amazon EventBridge to automatically filter and collect the disk space utilization data of all EC2 instances. Set up an SNS topic to notify the IT Operations team is incorrect because AWS Health just provides ongoing visibility into the state of your AWS resources, services, and accounts. The AWS Health only tracks the availability of the services that you are using and doesn’t go into the details of checking the disk space utilization data. A better solution here is to download and install the CloudWatch agent instead.

26
Q

A financial regulatory firm has several CloudTrail log files. Due to the sensitivity of their data, you need to ensure that files are not tampered with at any given point in time. You should be able to verify whether a log file was modified after CloudTrail delivered it.

How can you ensure that this requirement is fulfilled?

A

Enable log file integrity validation for the log files.