CloudWatch & Monitoring & Alerting Flashcards
You have deployed an application on an Amazon
EC2 instance in a private subnet within a VPC. The
subnet does not have Internet connectivity. You
need to write application logs to CloudWatch logs
via the CWAgent what must be configured to allow
this to work
An instance role on the EC2 instance and An Interface endpoint in the VPC
Which feature of CloudWatch Logs allows you to generate an alarm based on patterns within a Log Group
Metric filter
Which of the following statements is ALWAYS true for CloudWatch Logs
Permission and retention are defined on a Log Group
Which two products can be used together for real time processing of CloudWatch Logs
Subscription + Lambda
Which of the following are valid Alarm states within CloudWatch? (choose all that apply)
OK
Alarm
Insufficient data
What types of information is logged by VPC flow logs? (Choose all that apply)
Packet SRC and DST
Date and time
Ports
Allow or Deny
Which of the following is the correct structure within CloudWatch Logs
Log Groups -> Log Streams -> Log events
Which of the following options is the MINIMUM required to log processing_running within an EC2 Instance
EC2 instance role with CW permissions
CW agent install(with configuration)
Which of the following options are enabled via installing the CWAgent
Injecting Detailed and Custom metrics from EC2 instance
Logging system, app and cust logs into CW logs
Which of the following are valid locations for VPC Flow Logging (choose all that apply)
ENI
Subnet
VPC
A company has several applications and workloads running on AWS that are managed by various teams. The SysOps Administrator has been instructed to configure alerts to notify the teams in the event that the resource utilization exceeded the defined threshold.
Which of the following is the MOST suitable AWS service that the Administrator should use?
AWS Budgets
AWS Cost Explorer is incorrect because it only lets you visualize, understand, and manage your AWS costs and usage over time. You cannot define any threshold using this service, unlike AWS Budgets.
A pharmaceutical company has a hybrid cloud architecture. The company has a fleet of EC2 instances in their VPC and a group of servers on their on-premises data center. The SysOps Administrator is instructed by the manager to set up a unified dashboard monitoring system for both the EC2 instances as well as the on-premises servers.
Which of the following options should the Administrator do to satisfy the given requirement? (Select TWO.)
– Set up the metrics dashboard in CloudWatch.
– Install the CloudWatch Agent to both Amazon EC2 Instances and On-Premises servers.
A large technology company, which is heavily using AWS for its cloud-based applications to serve its clients, has both private and public application servers that are hosted in over 1000 EC2 Instances. To ensure security, the SysOps Administrator needs to ensure that public SSH is always disabled for the private servers.
Which of the following options would be the best way to ensure this security check is in place?
Use AWS Config Rules to check all the configuration of the Security Groups.
NOT Use Amazon Inspector to check all the configuration of the Security Groups is incorrect because Amazon Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS
A startup is using Amazon CloudWatch to monitor the workload of its website running on an EC2 instance. The CloudWatch Logs Agent has been set up on the instance to publish application logs. Despite having full access to the AWS account, the administrator is still unable to view the logs in the CloudWatch Logs Console.
Which solution would most likely solve the issue?
Attach an IAM role with sufficient CloudWatch Logs permission to the instance profile of the EC2 instance
NOT Create a connection between CloudWatch Logs and the instance using an interface VPC endpoint is incorrect. This only needs to be done when you want your instances to communicate with the CloudWatch service privately.
A Junior DevOps Engineer needs to monitor an ELB for one of the web applications and asked you where to find the information such as the client’s IP address, latencies, request paths, and server responses. Which of the following options would you recommend to get the above information?
ELB Access Logs
NOT VPC Flow logs