CloudWatch & Monitoring & Alerting

Question 1

You have de­ployed an ap­pli­ca­tion on an Ama­zon
EC2 in­stance in a pri­vate sub­net with­in a VPC. The
sub­net does not have In­ter­net con­nec­tiv­i­ty. You
need to write ap­pli­ca­tion logs to Cloud­Watch logs
via the CWA­gent what must be con­fig­ured to al­low
this to work

Answer 1

An in­stance role on the EC2 in­stance and An In­ter­face end­point in the VPC

Question 2

Which feature of CloudWatch Logs allows you to generate an alarm based on patterns within a Log Group

Answer 2

Metric filter

Question 3

Which of the following statements is ALWAYS true for CloudWatch Logs

Answer 3

Permission and retention are defined on a Log Group

Question 4

Which two products can be used together for real time processing of CloudWatch Logs

Answer 4

Subscription + Lambda

Question 5

Which of the following are valid Alarm states within CloudWatch? (choose all that apply)

Answer 5

OK
Alarm
Insufficient data

Question 6

What types of information is logged by VPC flow logs? (Choose all that apply)

Answer 6

Packet SRC and DST
Date and time
Ports
Allow or Deny

Question 7

Which of the following is the correct structure within CloudWatch Logs

Answer 7

Log Groups -> Log Streams -> Log events

Question 8

Which of the following options is the MINIMUM required to log processing_running within an EC2 Instance

Answer 8

EC2 instance role with CW permissions
CW agent install(with configuration)

Question 9

Which of the following options are enabled via installing the CWAgent

Answer 9

Injecting Detailed and Custom metrics from EC2 instance
Logging system, app and cust logs into CW logs

Question 10

Which of the following are valid locations for VPC Flow Logging (choose all that apply)

Answer 10

ENI
Subnet
VPC

Question 11

A company has several applications and workloads running on AWS that are managed by various teams. The SysOps Administrator has been instructed to configure alerts to notify the teams in the event that the resource utilization exceeded the defined threshold.

Which of the following is the MOST suitable AWS service that the Administrator should use?

Answer 11

AWS Budgets

AWS Cost Explorer is incorrect because it only lets you visualize, understand, and manage your AWS costs and usage over time. You cannot define any threshold using this service, unlike AWS Budgets.

Question 12

A pharmaceutical company has a hybrid cloud architecture. The company has a fleet of EC2 instances in their VPC and a group of servers on their on-premises data center. The SysOps Administrator is instructed by the manager to set up a unified dashboard monitoring system for both the EC2 instances as well as the on-premises servers.

Which of the following options should the Administrator do to satisfy the given requirement? (Select TWO.)

Answer 12

– Set up the metrics dashboard in CloudWatch.
– Install the CloudWatch Agent to both Amazon EC2 Instances and On-Premises servers.

Question 13

A large technology company, which is heavily using AWS for its cloud-based applications to serve its clients, has both private and public application servers that are hosted in over 1000 EC2 Instances. To ensure security, the SysOps Administrator needs to ensure that public SSH is always disabled for the private servers.

Which of the following options would be the best way to ensure this security check is in place?

Answer 13

Use AWS Config Rules to check all the configuration of the Security Groups.

NOT Use Amazon Inspector to check all the configuration of the Security Groups is incorrect because Amazon Inspector is a security assessment service that helps improve the security and compliance of applications deployed on AWS

Question 14

A startup is using Amazon CloudWatch to monitor the workload of its website running on an EC2 instance. The CloudWatch Logs Agent has been set up on the instance to publish application logs. Despite having full access to the AWS account, the administrator is still unable to view the logs in the CloudWatch Logs Console.

Which solution would most likely solve the issue?

Answer 14

Attach an IAM role with sufficient CloudWatch Logs permission to the instance profile of the EC2 instance

NOT Create a connection between CloudWatch Logs and the instance using an interface VPC endpoint is incorrect. This only needs to be done when you want your instances to communicate with the CloudWatch service privately.

Question 15

A Junior DevOps Engineer needs to monitor an ELB for one of the web applications and asked you where to find the information such as the client’s IP address, latencies, request paths, and server responses. Which of the following options would you recommend to get the above information?

Answer 15

ELB Access Logs

NOT VPC Flow logs

Question 16

A SysOps Administrator needs to produce regular reports and statistics on EC2 resource consumption across different regions. In an upcoming meeting, the Administrator is asked to present these findings to the CTO and Data Analytics team. Aggregating these statistics would detail a lot of information on resource consumption with ease.

What is the procedure for viewing aggregation statistics in CloudWatch?

Answer 16

Use CloudWatch Metric Math to query metrics and apply mathematical operations on these metrics.

Question 17

A company needs to ensure the safety of its employees by measuring the temperature of their facility every 5 minutes using smart sensors. They want to send the custom data metrics of their application to CloudWatch to view the data graphs visually.

Which of the below statements is true regarding the scenario above?

Answer 17

You can use AWS CLI or API to upload the data metrics to CloudWatch.

Question 18

A money transfer mobile app is heavily using RESTful web services, which is hosted in an Auto Scaling group of Spot EC2 instances across multiple Availability Zones and a Load Balancer. You are setting up the monitoring system and you know that the web services currently utilize a lot of memory in order to function properly.

Which of the following should you implement to properly monitor the memory usage of the EC2 instances?

Answer 18

Set up and install the CloudWatch agent on all EC2 instances. Set up a custom metric to view the various memory utilization metrics of each EC2 instance such as mem_available, mem_cached, mem_active and many others.

Question 19

A global technology company has a cloud architecture that uses various VPCs across multiple regions. To monitor their entire system, you were instructed to aggregate the CPU Utilization of their Reserved EC2 instances running in all of their VPCs.

How can you implement this requirement in the easiest way possible with minimal additional costs? (Select TWO.)

Answer 19

– Set up a CloudWatch dashboard. Add a widget and choose Math expression under Graph Metric to query and aggregate the CPU Utilization of all Reserved EC2 instances in all regions.

– Enable detailed monitoring for all EC2 instances.

NO OPTION to select Cross-Region under Graph Metric

Question 20

A RegTech startup plans to utilize machine learning to improve its financial regulatory processes. They have a fleet of Spot EC2 instances with an Application Load Balancer to host their online customer portal. There is a requirement to produce a report that provides a list of IP addresses that are accessing their portal, including the API request logs that went through all of their AWS resources.

Which of the following options could help the SysOps Administrator achieve this requirement? (Select TWO.)

Answer 20

– Amazon VPC Flow Logs and AWS CloudTrail

– AWS ELB Access Logs and AWS CloudTrail

NOT AWS CloudTrail and AWS Config are incorrect because AWS Config is simply a service used for configuration management and not for tracking incoming traffic to your VPC.

Question 21

The billing report of your AWS expenses is currently being generated monthly. To ensure proper financial monitoring, the accounting department of the company instructed you to provide them a way to get billing updates more than once a month. They will be using a spreadsheet application to view and analyze the billing data.

Which of the following is the MOST suitable solution that you should implement for this scenario?

Answer 21

configure your AWS Cost and Usage Report to generate and publish billing reports in CSV format to an S3 bucket every day.

NOT Use a combination of Lambda and CloudWatch Alarms to generate billing reports by querying the AWS Cost Explorer API every week. Utilize AWS Glue to convert the data output to a CSV format
(UNNECESSARY WORK)

Question 22

A SysOps Administrator configured CloudWatch monitoring on an On-Demand, EBS-backed EC2 instance which is deployed on ap-southeast-1 region. Which of the following metrics will always show a value of 0?

Answer 22

DiskReadOps is the metric that counts the completed read operations from all instance store volumes available to the instance in a specified period of time. To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.
If there are NO INSTANCE STORE VOLUMES, either the value is 0 or the metric is not reported. The same behavior also applies to DiskWriteOps, DiskReadBytes, and DiskWriteBytes.

Question 23

A financial firm is hosting their mission critical system in AWS. As their Lead Systems Administrator, you are responsible for properly monitoring the status of their cloud resources and setting up an alert system so that you and the Operations team are notified for any technical issues. Since the system is critical to the day-to-day operations of the business, you also need to be notified of any issues that occur in the underlying hardware that hosts the AWS resources.

Which of the following is the best way to achieve this?

Answer 23

Use the Personal Health Dashboard which provides information about AWS Health events that can affect your account.

NOT Setting up a Service Health Dashboard that will automatically send alerts for any system issues is incorrect because the Service Health Dashboard monitors the entire health of the services provided by AWS in a global scale and not just your account.

Question 24

An IT Consulting company has a VPC in the us-east-1 (N. Virginia) region for its business operations. Last month, the entire us-east-1 AWS region went down which totally rendered all of the cloud systems unavailable and eventually resulted in a financial loss. To prevent this from happening again, the CTO instructed the SysOps Administrator to set up a notification system that provides alerts via their Slack messaging channel when AWS is experiencing events that may impact their cloud resources.

Which of the following options should the Administrator implement to meet this requirement?

Answer 24

Use AWS Health Events with Amazon EventBridge and a Lambda function to send a notification to a Slack channel when an event occurs.

NOT Use a combination of CloudWatch Alarms and SNS to send a notification to a Slack channel when an event occurs is incorrect because CloudWatch only monitors the health of the resources that you own based on certain metrics but it does not check the underlying hardware that hosts the AWS resources.

Question 25

A FinTech startup is running a cryptocurrency exchange platform hosted in several EC2 instances behind an Application Load Balancer. The application stack is deployed using CloudFormation and each EC2 instance has a running AWS Systems Manager (SSM) agent. There was a recent incident in which the platform was down for a few hours because the instances have reached the maximum disk space allocated.

What should the SysOps Administrator do to prevent this issue from happening again?

Answer 25

Download and install the Amazon CloudWatch agent on all Amazon EC2 Instances using the AWS Systems Manager (SSM) agent. Configure the CloudWatch agent to collect the disk metrics and set up a CloudWatch alarm that will notify the IT Operations team if disk space is running low.

NOT Integrate AWS Health events with Amazon EventBridge to automatically filter and collect the disk space utilization data of all EC2 instances. Set up an SNS topic to notify the IT Operations team is incorrect because AWS Health just provides ongoing visibility into the state of your AWS resources, services, and accounts. The AWS Health only tracks the availability of the services that you are using and doesn’t go into the details of checking the disk space utilization data. A better solution here is to download and install the CloudWatch agent instead.

Question 26

A financial regulatory firm has several CloudTrail log files. Due to the sensitivity of their data, you need to ensure that files are not tampered with at any given point in time. You should be able to verify whether a log file was modified after CloudTrail delivered it.

How can you ensure that this requirement is fulfilled?

Answer 26

Enable log file integrity validation for the log files.