Monitoring and Reporting

Question 1

How many CLOUDWATCH alarm metrics can a single region has?

Answer 1

5000

Question 2

To trigger CloudWatch alarm after 4 failed evaluations of metrics in 5-minute period. What value to set for ‘evaluation period’ and ‘data points’?

Answer 2

Evaluation period = 1 minute
Data Points = 4

Question 3

How long are the following interval CloudWatch metrics saved?
1-minute intervals,
5-minute intervals,
1-hour intervals

Answer 3

1 minute = 15 days,
5 minutes = 63 days,
1 hour = 455 days

Question 4

What is the namespace for an ALB?

Answer 4

AWS/ApplicationELB

Question 5

Name the two types of health check for EC2 instances.

Answer 5

System status check,
Instance status check

Question 6

What is the CLI command to check status of EC2 instance?

Answer 6

aws ec2 describe-instance-status

Question 7

What Type of Cloudwatch monitoring provides metrics every 5 minutes?

Answer 7

Basic Monitoring

Question 8

What AWS solution allows you to store all log files from on-premises and AWS systems in one place and allow CloudWatch to monitor them?

Answer 8

Amazon CloudWatch Logs.
(not S3!)

Question 9

What versions of Unix and Linux are supported with CloudWatch Logs agent?

Answer 9

Solaris is NOT supported!

Question 10

What do you know about updating CloudWatch Logs agent in REDHAT?

What do you know about updating CloudWatch Logs agent in REDHAT?

Answer 10

Updating via RPM could change configurations and cause configuration issues.

Question 11

What is EC2Config?

Answer 11

The old version of Systems Manager SSM

Question 12

How to configure encryption for CloudWatch Logs?

Answer 12

No special settings requires. Logs are encrypted at rest and in-transit.

Question 13

What is the CLI command to use CloudWatch to monitor/unmonitor instances?

Answer 13

aws ec2 monitor-instances –…
aws ec2 unmonitor-instances –…

Question 14

What are ways to filter which statistics to view in CloudWatch?

Answer 14

By specific Instance,
By ASG,
By AMI

Question 15

What alarm action in CloudWatch can be use to recover EC2 instances?

Answer 15

Set the alarm action to “RECOVER” the instance.

Question 16

Which Service allows you to set free tier alert?

Answer 16

AWS Budgets

Question 17

How to enable billing-alerts?

Answer 17

Only the “root” user can enable billing alerts.

Question 18

What status is given to failed EC2 health checks?

Answer 18

IMPAIRED

Question 19

How can you view the status check for EC2 instances?

Answer 19

Via EC2 Console or via CLI

Question 20

Where should you create an alarm for a failed EC2 status check failure?

Answer 20

In the EC2 Console.
Status check alarms cannot be done in CloudWatch!

Question 21

What service to use in order to get a personalized view of all services?

Answer 21

Personal Health Dashboard

Question 22

How to give permissions to a specific set of EC2 instances?

Answer 22

That is not possible . IAM does not give permissions to specific resources.

Question 23

What can be used to authenticate CloudWatch Logs agent instead of username and password?

Answer 23

Access Keys or IAM roles.
You cannot use IAM.

Question 24

How to delete CloudWatch Metrics?

Answer 24

Not possible , not even with the user account.

Question 25

High resolutions metrics:
1. Can it be applied on all metrics?
2. How to set it?
3. Does it cost more than Standard resolution?

Answer 25

1. Can only be applied to custom-metrics.
2. Use PutMetricRequest API. Set ‘StorageResolution’ field.
3. It costs the same.

Question 26

How to ensure that I see the word ‘error’ in CloudWatch logs?

Answer 26

Use metric filters

Question 27

How to parse log data to find account numbers by using Regex expression?

Answer 27

Kinesis

Question 28

Is it possible to create CloudWatch alarm for under a minute?

Answer 28

Yes for custom metrics. Use high-resolution alarm.

Question 29

What configuration is required to enable logging of API calls in CloudTrail?

Answer 29

By default CloudTrail is enabled and logging basic API calls. For ‘All’ API calls, it is necessary to configure a ‘trail’.

Question 30

Can we put management and data traffic in separate CloudTrail trails?

Answer 30

Yes, we can create up to 5 trails.

Question 31

How to encrypt CloudTrail logs and control access?

Answer 31

They are Encrypted by default (SSE-S3).
Use Bucket Policies or IAM to control access

Question 32

How to prevent Accidental deletions?

Answer 32

MFA

Question 33

When will API calls show up in CloudTrail S3 logs?

Answer 33

After 15 minutes.
There is no way to change this.

Question 34

If a Critical app suffered an outage. How can we know who made what change?

Answer 34

AWS Config to view config. history,
CloudTrail to see who made the change.

Question 35

How to combine results of AWS Config under one region?

Answer 35

Instead of creating an aggregator in Organisations, we can create in a region.

Question 36

How to enable AWS Config for multiple regions?

Answer 36

Enable it in each region.

Question 37

What is required after setting up Config and creating an aggregator?

Answer 37

Authorize the aggregator account in each AWS account.

Question 38

When are AWS Config notifications sent if a resource is reported as non-complaint?

Answer 38

When the status changes.

Question 39

Which AWS account is used to create an organization?

Answer 39

master account (not root!)

Question 40

What is the best service to monitor the overall services posture?

Answer 40

AWS Inspector

Question 41

How to create a report against CIS benchmarks?

Answer 41

Use AWS Inspector to run assessment template containing the CIS rules!

Question 42

Service to identify threats by analyzing flow logs, DNS logs and ClouTrail event?

Answer 42

GuardDuty

Question 43

Services classifies data in S3 and catalogs the normal behaviour of users?

Answer 43

Macie

Question 44

What does/does not GuardDuty monitors?

Answer 44

Instance compromise, Account compromise, Reconnaissance activity.
NOT: DDoS

Question 45

Is Log Storage or Log Analytics a use case for CloudWatch?

Answer 45

Log Analytics is.

Question 46

What open source solutions are popular for gathering custom application metrics for CloudWatch?

Answer 46

StatsD and collectd

Question 47

What tool to use to integrate CloudWatch graphs with on-prem tool?

Answer 47

CloudWatch snapshot graphs.

Question 48

What are available versions of CloudWatch QuickSight?

Answer 48

Standard & Enterprise

Question 49

Which Service can help to improve Change management capabilities?

Answer 49

CONFIG

Question 50

Which Service assess your environments against security best practices?

Answer 50

Inspector

Question 51

Which service helps identify threats on the network?

Answer 51

GuardDuty

Question 52

Which service helps to respond to network threats?

Answer 52

GuardDuty