Knowledge Check: Management Fundamentals (CLF-C01) Flashcards
Which statement is true about AWS Config and regions?
A. AWS Config is a region-specific service, meaning it has to be configured in every region you wish to use it.
B. AWS Config is a global service, once enabled it will work across all supported regions automatically.
C. AWS Config can only be used in one region at a time.
D. AWS Config is not enabled at a regional level.
A. AWS Config is a region-specific service, meaning it has to be configured in every region you wish to use it.
Explanation
AWS Config is region-specific, meaning that if you have resources in multiple regions, then you will have to configure AWS Config for each Region you want to record resource changes. When doing so, you can specify different options for each Region. For example, you could configure Config in one Region to record all supported resources across all services within that Region, and add a predefined AWS Managed Config rule that will check if EBS volumes are encrypted. In another region, you could select only to record a specific type of resource, such as Security Groups with no predefined rules allocated.
Where does AWS Config record resource change information and relevant metadata related to the change?
A. In a Configuration Item
B. In an AWS Config rule
C. In a CloudTrail log
D. In a Conformance Pack
A. In a Configuration Item
Explanation
AWS Config can capture resource changes. So any change to a resource supported by Config can be recorded, which will record what change along with other useful metadata all held within a file known as a configuration item, a CI.
It can act as a resource inventory. AWS Config can discover supported resources running within your environment, allowing you to see data about that resource type.
Which three AWS Config components use configuration items? (Choose 3 answers)
A. Configuration history
B. Configuration snapshots
C. Configuration streams
D. Config rules
A. Configuration history
B. Configuration snapshots
C. Configuration streams
Explanation
Configuration items are used by other features and components of AWS Config, such as:
Configuration History - Configuration items are used to look up all changes that have been made to a resource Configuration Streams - Configuration items are sent to an SNS Topic to enable analysis of the data Configuration Snapshots - Configuration items are used to create a point in time snapshot of all supported resources
In Amazon CloudTrail, each API call represents ________.
A. programmatic requests initiated using an SDK
B. a new event related to an object
C. a call made using the AWS command-line interface
D. requests to delete objects
B. a new event related to an object
Explanation
In object-level logging, each API call represents a new event within a log file related to a particular object and its log file, programmatic requests, AWS command-line interface calls, and requests to delete objects are types of new events.
What is the primary function of AWS CloudTrail?
A. To track and record API requests made in AWS
B. To notify you regardingconfiguration changes toyour AWS resources
C. To monitor resource performance against specific service thresholds
D. To provide feedback on your AWS cloud environment’s configuration based on best practices
A. To track and record API requests made in AWS
Explanation;
CloudTrail is a service that has a primary function to record and track all AWS API requests made. These API calls can be programmatic requests initiated from a user using an SDK, the AWS Command Line Interface, from within the AWS management console, or even from a request made by another AWS service.
New CloudTrail log files are typically created every ________________.
A. minute
B. five minutes
C. ten minutes
D. sixty minutes
B. five minutes
Explanation
For greater management, new log files are typically created every 5 minutes which are then delivered and stored within an S3 Bucket that is defined by you during your CloudTrail configuration. This allows you to easily go back and review the history of all API requests. There is also an option to have these logs delivered to a CloudWatch Logs log file as well.
_____ are a fundamental concept in Amazon CloudWatch; they represent a time-ordered set of data, and each AWS service sends these to CloudWatch.
A. Namespaces
B. Statistics
C. Metrics
D. Dimensions
C. Metrics
Explanation
Metrics are the fundamental concept in CloudWatch. A metric represents a time-ordered set of data points that are published to CloudWatch. AWS services send metrics to CloudWatch, and you can send your own custom metrics to CloudWatch. You can add the data points in any order, and at any rate you choose. You can retrieve statistics about those data points as an ordered set of time-series data. Metrics are uniquely defined by a name, a namespace, and one or more dimensions.
What is the primary function of AmazonCloudWatch?
A. To notify you regardingconfiguration changes toyour AWS resources
B. To monitor your AWS resources’ performance against specific metrics and thresholds
C. To track and record API requests made in AWS
D. To provide feedback on your AWS cloud environment’s configuration based on best practices
Explanation
B. To monitor your AWS resources’ performance against specific metrics and thresholds
Explanation
The primary function of Amazon CloudWatch is to provide a means of monitoring theresources that you’re running within AWS via a series of metrics, which are individual to each service that you are using. This allows you to quickly react to events, and diagnose, and dynamically adjust any availability or scalability issue that you might be experiencing.
Amazon CloudWatch _____ allow you to implement automatic actions based on specific thresholds that you can configure related to each metric.
A. anomaly detections
B. rules
C. alarms
D. events
C. alarms
Explanation:
Amazon CloudWatch alarms tightly integrate with the metrics that I just discussed and they allow you to implement automatic actions based on specific thresholds that you can configure related to each metric.
Which Amazon CloudWatch feature allows CloudWatch to implement machine learning algorithms against your metric data to help detect any activity that sits outside of the normal baseline parameters?
A. CloudWatch Alarms
B. CloudWatch Anomaly Detection
C. Amazon EventBridge
D. CloudWatch Logs
B. CloudWatch Anomaly Detection
Explanation
CloudWatch metrics also allow you to enable a feature known as anomaly detection. This allows CloudWatch to implement machine learning algorithms against your metric data to help detect any activity that sits outside of the normal baseline parameters that are generally expected.
Which Amazon CloudWatch feature provides a means of connecting your own applications to a variety of different targets, allowing you to implement a level of real-time monitoring?
A. CloudWatch Alarms
B. CloudWatch Anomaly Detection
C. Amazon EventBridge
D. CloudWatch Logs
C. Amazon EventBridge
Explanation
CloudWatch EventBridge provides a means of connecting your own applications to a variety of different targets, typically AWS services, to allow you to implement a level of real-time monitoring, allowing you to respond to events that occur in your application as they happen.
What are the benefits of CloudTrail integration with CloudWatch Logs?
A. It enables you to receive SWF notifications of API activity captured by CloudTrail.
B. It enables you to receive SNS notifications of API activity captured by CloudTrail.
C. It enables you to receive SES notifications of API activity captured by CloudTrail.
D. It enables you to receive SQS notifications of API activity captured by CloudTrail.
B. It enables you to receive SNS notifications of API activity captured by CloudTrail.
Explanation
CloudTrail integration enables you to receive SNS notifications of API activity captured by CloudTrail. For example, you can create CloudWatch alarms to monitor API calls that create, modify and delete Security Groups and Network ACLs.
Which of the following tasks can AWS Config help you accomplish?
A. Manage and maintain compliance
B. Track resource metrics
C. Automatically delete non-compliant resources
D. Log all API calls to your resources
A. Manage and maintain compliance
Explanation
AWS Config can:
Enforce rules that check the compliance of your resource against specific controls: Predefined and custom rules can be configured within AWS Config, allowing you to check resources compliance against these rules Act as a resource inventory: AWS Config can discover supported resources running within your environment allowing you to see data about that resource type
The other choices include services offered by AmazonCloudWatch and Amazon CloudTrail.
Store configuration history for individual resources: The service will record and hold all existing changes that have happened against the resource, providing a useful historical record of changes
Which CloudWatch feature allows you to derive additional information and create visualizations from resources such as CloudWatch logs, ECS clusters, or Lambda functions?
A. CloudWatch Insights
B. CloudWatch Logs
C. CloudWatch EventBridge
D. CloudWatch Anomaly Detection
A. CloudWatch Insights
Explanation
There are now 3 different types of insights within CloudWatch, there are Log Insights, Container Insights, and Lambda Insights.
But what exactly are insights? Well as the name suggests, they provide the ability to get more information from the data that CloudWatch is collecting. So let’s look at each of these at a high level to understand the role that they perform, starting with Log Insights.
This is a feature that can analyze your logs that are captured by CloudWatch Logs at scale in seconds using interactive queries delivering visualizations that can be represented as bar, line, pie, or stacked area charts. The versatility of this feature allows you to work with any log file formats that AWS services or your applications might be using.
Using a flexible approach, you can use Log insights to filter your log data to retrieve specific data allowing you to gather insights that you are interested in. Also using the visual capabilities of the feature, it can display them in a visual way.