Monitoring and Audit

Question 1

What are the type of events that are logged by CloudTrail?

Answer 1

Management Events: operations performed on AWS resources, e.g. create a Policy, create a new S3 bucket or delete one, Create a Subnet, etc..
Data Events: e.g. get or put object in S3, invoke Lambda, etc…
Insight Events: unusual activities, e.g. innacurate resource provisioning, hitting service limits, burst of IAM actions, etc…

Only Management Events are enabled by default

Question 2

Where can CloudTrail logs be stored?

Answer 2

S3 or CloudWatch Logs

Question 3

What’s the retention period of CloudTrail?

Answer 3

90 days, to retain longer, log them to S3

Question 4

You have enabled AWS Config to monitor Security Groups if there’s unrestricted SSH access to any of your EC2 instances. Which AWS Config feature can you use to automatically re-configure your Security Groups to their correct state?

Answer 4

Config Rules Remediations

Question 5

What’s the difference between AWS Personal Health Dashboard and AWS Service Health Dashboard?

Answer 5

Personal shows events that are related to your account instances
Service shows events related to general service or regional failures

Question 6

Can a CoudWatch alarm trigger an EC2 instance action?

Answer 6

Yes, an alarm can trigger an action to stop, terminate, reboot or recover an EC2 instance

Question 7

What are the default settings of CloudTrail?

Answer 7

By default only management events are logged, the logs are stored in S3 with SSE encryption and the trail applies to all regions