Monitoring and Reporting Flashcards
How many CLOUDWATCH alarm metrics can a single region has?
5000
To trigger CloudWatch alarm after 4 failed evaluations of metrics in 5-minute period. What value to set for ‘evaluation period’ and ‘data points’?
Evaluation period = 1 minute
Data Points = 4
How long are the following interval CloudWatch metrics saved?
1-minute intervals,
5-minute intervals,
1-hour intervals
1 minute = 15 days,
5 minutes = 63 days,
1 hour = 455 days
What is the namespace for an ALB?
AWS/ApplicationELB
Name the two types of health check for EC2 instances.
System status check,
Instance status check
What is the CLI command to check status of EC2 instance?
aws ec2 describe-instance-status
What Type of Cloudwatch monitoring provides metrics every 5 minutes?
Basic Monitoring
What AWS solution allows you to store all log files from on-premises and AWS systems in one place and allow CloudWatch to monitor them?
Amazon CloudWatch Logs.
(not S3!)
What versions of Unix and Linux are supported with CloudWatch Logs agent?
Solaris is NOT supported!
What do you know about updating CloudWatch Logs agent in REDHAT?
What do you know about updating CloudWatch Logs agent in REDHAT?
Updating via RPM could change configurations and cause configuration issues.
What is EC2Config?
The old version of Systems Manager SSM
How to configure encryption for CloudWatch Logs?
No special settings requires. Logs are encrypted at rest and in-transit.
What is the CLI command to use CloudWatch to monitor/unmonitor instances?
aws ec2 monitor-instances –…
aws ec2 unmonitor-instances –…
What are ways to filter which statistics to view in CloudWatch?
By specific Instance,
By ASG,
By AMI
What alarm action in CloudWatch can be use to recover EC2 instances?
Set the alarm action to “RECOVER” the instance.
Which Service allows you to set free tier alert?
AWS Budgets
How to enable billing-alerts?
Only the “root” user can enable billing alerts.
What status is given to failed EC2 health checks?
IMPAIRED
How can you view the status check for EC2 instances?
Via EC2 Console or via CLI
Where should you create an alarm for a failed EC2 status check failure?
In the EC2 Console.
Status check alarms cannot be done in CloudWatch!
What service to use in order to get a personalized view of all services?
Personal Health Dashboard
How to give permissions to a specific set of EC2 instances?
That is not possible . IAM does not give permissions to specific resources.
What can be used to authenticate CloudWatch Logs agent instead of username and password?
Access Keys or IAM roles.
You cannot use IAM.
How to delete CloudWatch Metrics?
Not possible , not even with the user account.
High resolutions metrics:
1. Can it be applied on all metrics?
2. How to set it?
3. Does it cost more than Standard resolution?
- Can only be applied to custom-metrics.
- Use PutMetricRequest API. Set ‘StorageResolution’ field.
- It costs the same.
How to ensure that I see the word ‘error’ in CloudWatch logs?
Use metric filters
How to parse log data to find account numbers by using Regex expression?
Kinesis
Is it possible to create CloudWatch alarm for under a minute?
Yes for custom metrics. Use high-resolution alarm.
What configuration is required to enable logging of API calls in CloudTrail?
By default CloudTrail is enabled and logging basic API calls. For ‘All’ API calls, it is necessary to configure a ‘trail’.
Can we put management and data traffic in separate CloudTrail trails?
Yes, we can create up to 5 trails.
How to encrypt CloudTrail logs and control access?
They are Encrypted by default (SSE-S3).
Use Bucket Policies or IAM to control access
How to prevent Accidental deletions?
MFA
When will API calls show up in CloudTrail S3 logs?
After 15 minutes.
There is no way to change this.
If a Critical app suffered an outage. How can we know who made what change?
AWS Config to view config. history,
CloudTrail to see who made the change.
How to combine results of AWS Config under one region?
Instead of creating an aggregator in Organisations, we can create in a region.
How to enable AWS Config for multiple regions?
Enable it in each region.
What is required after setting up Config and creating an aggregator?
Authorize the aggregator account in each AWS account.
When are AWS Config notifications sent if a resource is reported as non-complaint?
When the status changes.
Which AWS account is used to create an organization?
master account (not root!)
What is the best service to monitor the overall services posture?
AWS Inspector
How to create a report against CIS benchmarks?
Use AWS Inspector to run assessment template containing the CIS rules!
Service to identify threats by analyzing flow logs, DNS logs and ClouTrail event?
GuardDuty
Services classifies data in S3 and catalogs the normal behaviour of users?
Macie
What does/does not GuardDuty monitors?
Instance compromise, Account compromise, Reconnaissance activity.
NOT: DDoS
Is Log Storage or Log Analytics a use case for CloudWatch?
Log Analytics is.
What open source solutions are popular for gathering custom application metrics for CloudWatch?
StatsD and collectd
What tool to use to integrate CloudWatch graphs with on-prem tool?
CloudWatch snapshot graphs.
What are available versions of CloudWatch QuickSight?
Standard & Enterprise
Which Service can help to improve Change management capabilities?
CONFIG
Which Service assess your environments against security best practices?
Inspector
Which service helps identify threats on the network?
GuardDuty
Which service helps to respond to network threats?
GuardDuty
