Monitoring

Question 1

Differences between the CloudWatch applications? (Logs, Alarms, Events)

Answer 1

Logs: cotains log files, can set alarm and react to changes in AWS resources - can be viewed in real time
Alarms: Monitors a single metric and perfoms actions of it
Events: near real time stream of system events

Question 2

What is free of charge in monitoring?

Answer 2

3 Dashboards
Basic monitoring for EC2 instances
Metrics for EBS, ELB and RDS
50 metrics, 10 alarms 1 mio. API requests
5min Refresh Rate

Question 3

Is CloudWatch inter-regional?

Answer 3

Metrics are only available for one region

Question 4

Ways to create custom metrics

Answer 4

PutMetricData API
monitoring scripts for Win. / Linux
Applications from the AWS Partner Network

Question 5

How is the retention for the metrics (outside of Cloudwatch Logs)

Answer 5

1 min for 15 days
5 min for 63 days
1 hr for 455 days

Metrics cannot be deleted - they expire after 15month if no data is incoming

Question 6

What are the reasons for a system status checks to fail?

Answer 6

Loss of network connectivity
Loss of system power
Software issues of host system
Hardware issues of the host

Question 7

What are the reasons for instance status failures?

Answer 7

Network configuration issues
Incorrect configurations of the OS
Exhausted memory
Corrupt file system
Kernel issues

Question 8

What is the purpose of CloudWatch Alarms?

Answer 8

Initiate automatic action in response to a predefined condition of a single metric

Question 9

What are the status of CloudWatch Alarms?

Answer 9

OK
ALARM
INSUFFICIENT_DATA

Question 10

When are events created?

Answer 10

Change in AWS resource status (for example EC2 instance stopping)
Events sent by CloudTrail, user login e.g.
Issued by a scheduled (cron) basis

Question 11

What is the Cost Explorer?

Answer 11

Review of the costs of the last 13 month and a forecast of the next 3
It also generates detailed CSV reports

Question 12

How are inter-regional Trails managed?

Answer 12

All trails are applied to all regions by default, but it is not one trail but a copy to all regions

Question 13

What can be done with AWS Config?

Answer 13

Create snapshot of current environments
Historical configurations
Notifications then resources change
See relations between resources

Question 14

What is the maximum number of months of history that AWS Cost Explorer displays?

Answer 14

13 months

Question 15

What are the basic metrics of EC2?

Answer 15

CPUCreditBalace
CPUUtilization
Network In / Network Out

Question 16

What are the basic metrics of EBS?

Answer 16

Volume IdleTime
V. ReadBytes / ReadOps
V WriteByte / WriteOps

Question 17

What are the basic metrics of an ALB?

Answer 17

Active Connections
Rejected Connections
(Un)HealthyHostCounts
Status Codes
RequestCounts

Question 18

What are the basic metrics of RDS?

Answer 18

CPUUtilization
ReadIOPS / WriteIOPS
Free Space
Active DB Connections

Question 19

What is the definition of a custom metric?

Answer 19

• Anything generated inside the OS
• Coming from outside the resources - as long as it has access to the CloudWatch Service API
• Application Metrics like RAM or Disk Space

Question 20

What is needed to push custom metrics?

Answer 20

CloudWatch Agent or scripts/SDK

Appropriate IAM access

Question 21

What action should be taken if an EC2 instance (behind a ASG) is in an alarm state?

Answer 21

Terminate the instance - the auto scaling group will boot another one

Question 22

What are the EBS Volume Status Checks? (non prov. IOPS)

Answer 22

oka
warning
impared
insufficient-data

Question 23

What are (some) RDS status checks?

Answer 23

Available
Backing Up
Creating / Deleting
Failed
Mainenance
Rebooting

Question 24

Which arichtectural choice improve network performance?

Answer 24

Single AZ
Placement Groups
Enhances Networking
Keeping Traffic in the VPC

Question 25

What can be performance bottlenecks and how to get notified?

Answer 25

Undersized NAT instances
Undersized RDS instances
Undersized EC2 instances
Old EC2 instance types
Underprovisioned EBS volumes
Static assets from EC2

The Trusted Advisor report can locate bottlenecks

Question 26

List Cloud Watch Event Targets

Answer 26

SNS Topics
EC2 Instances
Lambda functions
Kinesis Data Streams
ECS tasks
System Manager commands
AWS Batch jobs
CodePipeline for deployments
Inspector for assessments

Question 27

What services have built-in CloudWatch Log support? (Store the logs in CW)

Answer 27

Route53
CloudTrail
Lambda
API Gateway

Question 28

What are services for CloudWatch Logs Custom Sources?

Answer 28

EC2 Applications
On-Premis Service
Other cloud resources

Question 29

What are the steps to install the CloudWatch Logs Agent

Answer 29

Single command install
Configure configureation file
Take and push the Metric

Question 30

What are the options to automate the install of the CloudWatch Logs Agent?

Answer 30

Include in AMI
Include in EC2 user-data
Include in configuration management tool like Ansible or Chef
Via the AWS Systems Manager Agent command

Question 31

What services log in S3 Buckets

Answer 31

S3
CloudFront
ELB

Question 32

In what logs can CloudTrail put its logs?

Answer 32

Logs in S3 and CloudWatch Logs

Question 33

What are the intervals for tracking metrics in Cloudwatch?

Answer 33

5min for basic

1min for details

Question 34

What are the host level metrics tracked in Cloudwatch?

Answer 34

CPU
Network
Disk
Status Checks

Question 35

What the general difference between basic and custom metric?

Answer 35

basis: AWS has knowledge
custom: AWS has no knowledge

Question 36

How long are metrics kept in CLoudWatch Logs?

Answer 36

Indefinitely or a custom duration

Question 37

What are ELB access logs?

Answer 37

Optional loggin for load balancers. Stores logging information in S3.
Captures IP, latency, requests and Server response.

It can be used for example to trace requests to ec2 instances that have been terminated in the meantime.

Question 38

What should be monitored for ElastiCache?

Answer 38

CPU Utilization
Evictions
Swap Usage
Concurrent Connections

Question 39

How to create a CloudWatch dashboard across regions?

Answer 39

Just create it in one region, it will be available in other regions as well (with the data from the region the widget is created from)

Question 40

What is the purpose of AWS Organizations?

Answer 40

• Manage policies across accounts
• Control access to Services (Using SCPs)
• Account management (Creation and Managing)
• Consolidate Billing

Question 41

What has precedence: an SCP or IAM policy?

Answer 41

A deny in an SCP will overrule an allow in an IAM Policy

Question 42

What is the tree structure of AWS Organizations?

Answer 42

Root
Organizational Unit(s)
AWS Accounts

Question 43

What are Resource Groups?

Answer 43

AWS Service to group resources based on tags.

Those can be used for example to automate / bulk tasks with the AWS System Manager

Question 44

What are Cost Allocations Tags and how to use them?

Answer 44

You can select the Tags that are relevant for Billing such as Department or Team.
These can be used in the Cost Explorer and Billing/Cost Management Console

Question 45

What are the three parts of configurations in AWS Config?

Answer 45

Configuration Items: Point in time attributes
Configuration Snapshots: Collection of the Items
Configuration Streams: Stream of Item changes

Question 46

Is AWS Config inter-regional?

Answer 46

No, every region has its own data

But you can aggregate the resgions/accounts

Question 47

AWS Config: What are compliance checks and how to use them?

Answer 47

Config can check against a set of rules (about 40), for example, if unrestricted ssh access is allowed somewhere.
The check can be triggered periodically or when a configuration has changed.
To enable AWS config to do these checks it needs a role with read access to the resources and write access to S3 and SNS

Question 48

Where can you find the Service Health Dashboard?

Answer 48

status.aws.amazon.com

Question 49

What is the Personal Health Dashboard?

Answer 49

Global Dashboard to indicate how problems in AWS would affect services in the own account

Question 50

What is needed for metrics to be tracked on On-Premise servers?

Answer 50

SSM agent

CloudWatch agent

Question 51

What is the AWS FlowLog?

Answer 51

• All VPCs monitored must be in the same account
• Not monitored: Metadata, DHCP, traffic to reserved IPs
• Data logged in CloudWatch (FlowLog needs permission to write)
• Can be streamed to Lambda or ElasticSearch

Question 52

What are AWS Config Rules?

Answer 52

Checks for (non) compliant settings in services, for example open SSH ports in Security Groups or cloudtrail being enabled

Question 53

Does AWS Config span multiple regions?

Answer 53

No, they need to be configured separately

or include global services like S3

Question 54

How are logs from AWS Config stored?

Answer 54

In a S3 bucket (same or different account)

[BUCKET]/[OPTIONAL PREFIX]/AWSlogs/[ID]/config/[REGION]

Question 55

How to get notified when a AWS Config rule is broken?

Answer 55

Create and subscribe to an SNS topic

Question 56

What permissions are needed for AWS Config to work?

Answer 56

Config needs a role that has read-only access to the ressources and write access to the S3 bucket

Question 57

What are the (two) trigger types in AWS Config?

Answer 57

Perioc (duration can be set - per default 24h)
on configuration change

NOTE: some rules cannot be set to on or both of the trigggers

Question 58

How to install the CloudWatch Logging Agent?

Answer 58

1) Create a role and attach it to the instance
2) Download and install the agent on the instance
3) Configure and start the agent

Question 59

How can a second account assume a role in another account?

Answer 59

• Create the role in the primary account

- In the secondary account create a policy with the action sts:AssumeRole and link the first role as the Resource

Question 60

What are S3 Access Logs?

Answer 60

Logs events made for the buckets and its objects.

Not enabled per default.

Question 61

What is the standard bucket name strucutre for CloudFront Logs?

Answer 61

[bucketname].s3.amazonaws.com/[optionalprefix]/[distributionid]/[YYY-MM-DD-HH].[uniqueid].gz

Question 62

What are the limitations of VPC Flow Logs?

Answer 62

• You can only see VPC from your own account (if peered)

- Flow logs cannot be edited after creation

Question 63

Which traffic is not caputed by the Flow Logs?

Answer 63

• DHCP
• Amazon DNS Servers
• Router
• Metadata IPs (169.254.169.254/.123)
• Activation Servers
• Traffic between Network Load Balancer Interface and Endpoint Network Interface

Question 64

Is the CloudWatch alarm for estimated charges limited to one Region?

Answer 64

No, it says US-East, but is summed up for alle regions

Question 65

What are Cost Allocation Tags?

Answer 65

Selection of tags that are used for cost reporting.

Needs to be enabled first, then the tags can be selected.

Question 66

How can Tags be used for security?

Answer 66

Tags can be used in IAM policies to ensure a resource has the needed tag

Question 67

What are Resource Groups?

Answer 67

A group of resources based on one or many tag (and value) combinations.
Can be used in IAM, since after creation a ARN is present.

Question 68

Does AWS Config span regions?

Answer 68

No, the settings must be done for every region that config will be used

Question 69

Inspector: With which service does AWS Inspector work with?

Answer 69

EC2

Question 70

CloudWatch: What is a composite alarm?

Answer 70

Alarm states of other alarms that you have created. The composite alarm goes into ALARM state only if all conditions of the rule are met.

Question 71

CloudWatch: What are Periods, Evaluation Periods and Datapoints to Alarm?

Answer 71

Period: Duration that will be checked
Evaluation Period: umber of the most recent periods, or data points, to evaluate
Datapoints to Alarm: number of data points within the Evaluation Periods that must be breaching to cause the alarm to go to the ALARM state

Question 72

CloudWatch: How can missing data points be handled?

Answer 72

notBreaching – Missing data points are treated as “good” and within the threshold,

breaching – Missing data points are treated as “bad” and breaching the threshold

ignore – The current alarm state is maintained

missing – If all data points in the alarm evaluation range are missing, the alarm transitions to INSUFFICIENT_DATA.

Question 73

CloudWatch: Anomaly Detection

Answer 73

Mines past metric data and creates a model of expected values.
You can choose whether the alarm is triggered when the metric value is above the band of expected values, below the band, or either above or below the band.

Question 74

CloudWatch: What is necessary for CW to start, stop, terminate EC2 instances?

Answer 74

To set up a CloudWatch alarm action that can reboot, stop, or terminate an instance, you must use a service-linked IAM role, AWSServiceRoleForCloudWatchEvents.

The AWSServiceRoleForCloudWatchEvents IAM role enables AWS to perform alarm actions on your behalf.

Question 75

CloudWatch: How to recover an instance using CloudWatch?

Answer 75

When the StatusCheckFailed_System alarm is triggered, and the recover action is initiated, you will be notified by the Amazon SNS topic that you chose when you created the alarm and associated the recover action. During instance recovery, the instance is migrated during an instance reboot, and any data that is in-memory is lost.

The recover action can be used only with StatusCheckFailed_System, not with StatusCheckFailed_Instance.

It is not supported and does not work with instances with Instance Store volumes

Question 76

CloudWatch: What is a billing alert?

Answer 76

It is possible to set up an alarm in CW, that will sound when a given threshold is reached.

It triggers only when actual billing exceeds the threshold. It doesn’t use projections based on your usage so far in the month.

Question 77

CloudWatch: Can you use CW cross-account / cross-regional?

Answer 77

Yes, by sharing with single accounts or the entire organisation

Question 78

CloudWatch: What can be done with the CloudWatch Agent?

Answer 78

• Collect more system-level metrics from Amazon EC2 instances
• Send data from on-premise instances
• Can be installed manually or wir the SSM

Question 79

CloudWatch: What are High Resolution Custom Metrics?

Answer 79

Allows push push data to the log down to 1 sec - therefore Alarms can be triggered down to 10sec.

Question 80

Trusted Advisor: What are the four categories that TA helps with?

Answer 80

Cost Optimization
Fault Tolerance
Performance
Security

Question 81

Trusted Advisor: How are the data refreshed?

Answer 81

Automatically after 24h hours

Manually every 5min for all or selected checks

Question 82

Trusted Advisor: What are the three types of results of a check?

Answer 82

No action necessary
Investigation recommended
Action recommended

Question 83

Inspector: What is the purpose of the AWS Inspector?

Answer 83

For EC2 Instances
Helps to identifiy security vulnerbilities based in hundreds of best pracitices
For it to work an agent has to be installed on the instance

Question 84

What is needed to get metrics from an ELB?

Answer 84

Nothing, AWS will automatically send metrics from an ELB

Question 85

What are ELB access logs?

Answer 85

Optional feature (disabled per default)

Will list:

• IP address
• Latency
• Request path
• Server response codes

Question 86

What is Request Tracing?

Answer 86

For requests coming to the ELB, AWS adds the X-Amzn-Trace-Id to the header, which can be used to analyze the traffic from the client to the system.

Needs the ALB (not NLB or Classic LB)

Question 87

If an instance has the tag name MyInstance and the tag Name AlsoMyInstance, which one will be shown the the Name column of the overview page?

Answer 87

AlsoMyInstance

Tags are case sensitive and the overview page listens to “Name”

Question 88

What are the two types of Resource Groups?

Answer 88

Tag based

CloudFormation stack based

Question 89

How to use Tags in the Cost Explorer?

Answer 89

(if organized in an Organisational Unit -> log in as root)
Select the Tags
Activate the Tags
Use Tag in the Explorer

Question 90

Which service does Systems Manager integrate with to give you visibility of the overall health of your AWS infrastructure?

Answer 90

CloudWatch

Question 91

By default, how frequently are ELB metrics published to CloudWatch?

Answer 91

If there are requests flowing through the load balancer, Elastic Load Balancing measures and sends its metrics in 60-second intervals. If there are no requests flowing through the load balancer or no data for a metric, the metric is not reported.

Question 92

CloudTrail: How long are the trails stored by default and where?

Answer 92

In a non visible S3 Bucket fpr 7 days.

If longer duration is needed an own bucket can be selected

Question 93

CloudTrail: What are digest files?

Answer 93

Hash value that verifies the integrity of the logs.

Question 94

Flow Log: What are the attributes in a log entry?

Answer 94

version
account-id
interface-id
srcaddr
dstaddr
srcport
dstport
protocol
packets
bytes
start
end
action
log-status

First Source, then Destination (both for port and IP)

Question 95

Flow Log: Where can you send/save the data to?

Answer 95

Cloud Watch Logs

S3

Question 96

You would like to run a Lambda function at the same time every night. How could this be done?

Answer 96

Schedule an event in CloudWatch to trigger the function

Question 97

What is the use-case for AWS X-Ray?

Answer 97

X-Ray can be used for adding code tracing support for both monolithic application code (e.g. a large Django monolithic project) and serverless (Lambda function) code.

Question 98

Is it possible to use CloudWatch metrics to trigger auto-scaling based on SQS queue size?

Answer 98

yes

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html

Question 99

What is Request Tracing?

Answer 99

Used by the load balancer, Request Tracing can be used to track HTTP requests from clients to targets.
Tracked with the X-Amzn-Trace-Id parameter in the header.

Question 100

CloudWatch Events:

What is the “target” and what services can be used?

Answer 100

The target is the action that is taken place when the event occurs, such as:
calling a lambda function, 
sending an E-Mail with SNS
deploying Code or
activate a command in SSM

Question 101

What can be the destinations for a VPC Flow Log?

Answer 101

S3 or CloudWatch Log Group

Question 102

What are “units”?

Answer 102

Every metric has a unit, per default it is “none”

Question 103

What is Aggregation?

Answer 103

When there are multiple data points published at the same timestamp, namespace / dimension AWS aggregates them for better visibility.
Only available for detailed monitoring and not across regions

Question 104

How to get the status of all instances (cli)

Answer 104

aws ec2 describe-instance-status

Question 105

CloudWatch: How to allow a user to only access certain EC2 instances to monitor

Answer 105

This is not possible

Question 106

What are the (three) conditions, when an alarm is triggered?

Answer 106

• Reached a particular value
• stays over a threshold for a consecutive times
• stays on a consistent value multiple periods

Question 107

What happens for Auto Scaling Groups / SNS when an alarm is triggered?

Answer 107

ASG: Will fire the event every time until the alarm is gone
SNS: Will only fire once

Question 108

ElastiCache: What should be done if CPUUtilization is high?

Answer 108

Memcached: implement larger instance type or add more nodes
Redis: Add read replicas

Question 109

ElastiCache: What should be done if the SwapUsage goes over 50mb?

Answer 109

Memached: Increase ConnectionOverhead
Redis: no recommendations atm

Question 110

ElastiCache: What should be done if data is evicted?

Answer 110

Memcached: Scale up cluster or add nodes
Redis: Scale up cluster

Question 111

ELB: What is the metric to track (un)healthy hosts?

Answer 111

HealthyHostCount

Question 112

ELB: What are the SpilloverCount and the SurgeQueueLength?

Answer 112

SpilloverCount: Dropped requests because the surge queue is full
SurgeQueueLength: Count of requests that can wait to be handled

Question 113

CloudWatch Events: When are events created? (four)

Answer 113

• AWS resource changed (instance stopped e.g.)
• Events from CloudTrail (failed login attempt)
• Code from applications that should be processed in CW Events
• On a scheduled basis

Question 114

CloudWatch Events: What can be done to have a recurring Event-Check done?

Answer 114

Set up a scheduled (cron like) event

Question 115

CloudWatch Logs: What is a Log Group?

Answer 115

Stream of data from multiple resources, such as a group of EC2 instances

Question 116

CloudWatch Logs: What is the Retention Policy?

Answer 116

How long events are kept in the logs.

From 1 day to 10years (option to keep them always)

Question 117

What service can monitor costs and how to alert the customer?

Answer 117

Costs can be monitored with CloudsWatch in a billing alert, which can send a notification when the usage exceeds the limit.
Billing alerts can be created in the AWS Billing and Cost Management console

Question 118

How to encrypt CloudTrail log files?

Answer 118

By default they are encrypted

Question 119

Config: How to set up a custom rule?

Answer 119

The check will be created in AWS Config and will run as a custom Lambda function on change or in periodic intervals.

Question 120

CloudWatch Events: What are the three components?

Answer 120

Events, Rules and Targets

Question 121

What command can you type into the Amazon CLI to retrieve the Amazon EC2 instance namespace?

Answer 121

aws cloudwatch list-metrics –namespace AWS/EC2.

Question 122

CloudWatch: How can you access Amazon CloudWatch? (four)

Answer 122

Amazon CloudWatch Console
AWS CLI
CloudWatch API
AWS SDK

Question 123

CloudWatch: How many Alarms can you have in a region?

Answer 123

5000

Question 124

CloudWatch: What are:

• Data Point
• Data Points to Alarm
• Evaluation Points
• Evaluation interval

Answer 124

Data Points: Metric to be checked
DP to Alarm: How many checks in on interval should be failed in order to raise the alarm (3 e.g)
Evaluation Point: How often should be checked (1min e.g.)
Evaluation interval: How long in total should be checked? (5min e.g.)

Question 125

CloudWatch: What is a namespace in Amazon CloudWatch?

Answer 125

A logical grouping of Amazon CloudWatch metrics

Question 126

CloudWatch: What are the supported Linux Distributions for the CLoudwatch Agent?

Answer 126

Amazon Linux
Ubuntu
Red Hat
Debian

Question 127

CloudWatch: What (two) types of logs can be send from a Windows Server?

Answer 127

IIS Logs

System Logs

Question 128

CloudWatch: How to install the CW Agent on a Windows 2016 Server?

Answer 128

Via the Systems Manager

The EC2 Config Service does not exist anymore.

Question 129

CloudWatch: How is data encrypted?

Answer 129

Log data is encrypted in transit and at rest within Amazon CloudWatch. This requires
no special configuration on the part of a system administrator

Question 130

Is there a way to create reports with billing data

by usage, or the cost per individual log group?

Answer 130

Yes, using “detailed billing”

Question 131

How many tags can you have in an Amazon CloudWatch log group?

Answer 131

50

Question 132

CloudWatch: How would you enable / disable Amazon CloudWatch detailed monitoring via the AWS CLI?

Answer 132

aws ec2 monitor-instances –instance-ids

aws ec2 unmonitor-instances –instance-ids

Question 133

CloudWatch: How to get the total number of metrics tracked in a span of time?

Answer 133

SampleCount can give you the total number of metrics that are being used in a
statistical calculation. This can be helpful if you are trying to determine sample size

Question 134

CloudWatch: Which two steps are necessary to be able to aggregate statistics across multiple instances?

Answer 134

• Enable detailed monitoring.

- Choose the Amazon EC2 namespace and select Across All Instances.

Question 135

How to get alerted when the use of resources goes out of AWS Free Tier?

Answer 135

Set up an AWS Free Tier alert in AWS Budgets

Question 136

Where should you create an alarm for a failed Amazon EC2 status check failure?

Answer 136

Amazon EC2 Console

Question 137

Amazon EC2 Console: For what metrics can you use High - Resolution metrics?

Answer 137

Custom Metrics (not pre-built metrics)

Question 138

CloudTrail: How to automatically push the calls to new regions? (two)

Answer 138

• Select Yes to apply to all regions in the trail configuration page.
• In the CLI, you set the parameter IsMultiRegionTrail to True.

Question 139

CloudTrail: Your boss wants you to create two separate trails in Amazon CloudWatch, one for
management and one for data.
Is this possible?

Answer 139

Yes, you can create two separate trails and separate management activity from data
activity.

Question 140

Config: What are the periodic steps you can set up?

Answer 140

You can set periodic rules to run every 1, 3, 6, 12, or 24 hours

Question 141

. Which account is used in AWS Organizations to create an organization, invite new AWS
accounts, and remove AWS accounts?

Answer 141

master

Question 142

How can you get access to all of the checks within AWS Trusted Advisor?

Answer 142

Upgrade to Business-level support or

Upgrade to Enterprise-level support.

Question 143

Trusted Advisor continuously alerts on one of your resources.
Ensure that AWS Trusted Advisor no longer alerts on that resource. How can you
accomplish this?

Answer 143

Add an exclusion for reporting the resource at the resource level.

Question 144

Inspector: What type of software can be checked by inspector?

Answer 144

Amazon Inspector can only find applications installed by the operating system’s
package manager. It can’t find applications installed by automation software like Chef,
Puppet. or Ansible

Question 145

Inspector: What are the two report types?

Answer 145

Findings Report

Full Report

Question 146

What is the purpose of AWS GuardDuty?

Answer 146

Amazon GuardDuty allows you to monitor for threats by analyzing AWS CloudTrail
events, VPC Flow Logs, and DNS logs

Question 147

Which AWS services classifies data in S3 and catalogs the normal behaviors from users
who are accessing that data?

Answer 147

Amazon Macie

Question 148

Guard Duty: How long are findings stored?

Answer 148

90 days

Question 149

With which tool can you query logs using regex?

Answer 149

Amazon CloudWatch Logs Insights

Question 150

Which tool allows to display metric charts on a website or third party tool?

Answer 150

Amazon CloudWatch snapshot graphs

Question 151

What ist needed for the Run Command in AWS Systems Manager?

Open Ports / Remote Access?

Answer 151

Open Ports

Question 152

What ist needed for the Session Manager AWS Systems Manager?

Open Ports / Remote Access?

Answer 152

Session Manager within AWS Systems Manager allows remote console sessions via an
interactive web browser with no need to open inbound ports or use bastion hosts to access
your systems

Question 153

What are the editions for QuickSight and how are they billed?

Answer 153

• Pay-per-session
• Enterprise and Standard
  The Enterprise
  Edition will support Active Directory groups from AWS Directory Service.
  The Standard
  edition allows you to invite IAM users, or users directly with an email address.

Question 154

What is a benefit provided by Amazon Macie?

Answer 154

Visibility into the locations where you store data

Question 155

You want to use CloudWatch to find the average CPU utilization for an instance over
a 30-minute period. The metric is updated every 5 minutes. Which statistic and period
should you use?

Answer 155

The Average statistic with a 30-minute period