Section 24: AWS Monitoring & Audit

Question 1

AWS service that collects and visualizes real-time logs, metrics, and event data in automated dashboards to streamline your infrastructure and application maintenance

Answer 1

AWS CloudWatch

Question 2

AWS service that enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service

Answer 2

AWS CloudWatch Logs

Question 3

Feature of CloudWatch logs that allows you to turn log data into numerical CloudWatch metrics that you can graph or set an alarm on

Answer 3

CloudWatch Logs Metric Filters

Question 4

What are the two different types of Cloudwatch Agents in Cloudwatch?

Answer 4

CloudWatch Logs Agent
CloudWatch Unified Agent

Question 5

Which Cloudwatch Agent allows you to collect more granular information from the configured system? (e.g. CPU, RAM, Processes, etc.)

Answer 5

CloudWatch Unified Agent

Question 6

A serverless service that uses events to connect application components together, making it easier for you to build scalable event-driven applications

Answer 6

Amazon EventBridge

Question 7

A service that collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices

Answer 7

Amazon ECS CloudWatch Container Insights

Question 8

A monitoring and troubleshooting solution for serverless applications running on AWS Lambda

Answer 8

CloudWatch Lambda Insights

Question 9

A service that analyzes time-series data to help you understand who or what is impacting your system and application performance by pinpointing outliers, finding the heaviest traffic patterns, and ranking the top system processes

Answer 9

CloudWatch Contributor Insights

Question 10

A service that facilitates observability for your applications and underlying AWS resources

Answer 10

CloudWatch Application Insights

Question 11

An AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account by recording all actions as events

Answer 11

AWS CloudTrail

Question 12

What are the three different types of event types within AWS CloudTrail?

Answer 12

Management Events
Data Events
CloudTrail Insights Events

Question 13

AWS service that identifies any anomalies in the CloudTrail Events

Answer 13

CloudTrail Insights

Question 14

AWS service that continually assesses, audits, and evaluates the configurations and relationships of your resources on AWS, on premises, and on other clouds

Answer 14

AWS Config

Question 15

True/False - EC2 instances automatically push CPU and memory usage statistics to CloudWatch

Answer 15

False - RAM usage does not get pushed automatically

Question 16

You have made a configuration change and would like to evaluate the impact of it on the performance of your application. Which AWS service should you use?

Answer 16

Amazon CloudWatch

Question 17

Someone has terminated an EC2 instance in your AWS account last week, which was hosting a critical database that contains sensitive data. Which AWS service helps you find who did that and when?

Answer 17

AWS CloudTrail

Question 18

You have CloudTrail enabled for your AWS Account in all AWS Regions. What should you use to detect unusual activity in your AWS Account?

Answer 18

CloudTrail Insights

Question 19

You would like to evaluate the compliance of your resource’s configurations over time. Which AWS service will you choose?

Answer 19

AWS Config

Question 20

Someone changed the configuration of a resource and made it non-compliant. Which AWS service is responsible for logging who made modifications to resources?

Answer 20

AWS CloudTrail

Question 21

You have enabled AWS Config to monitor Security Groups if there’s unrestricted SSH access to any of your EC2 instances. Which AWS Config feature can you use to automatically re-configure your Security Groups to their correct state?

Answer 21

AWS Config Remediations

Question 22

You are running a critical website on a set of EC2 instances with a tightened Security Group that has restricted SSH access. You have enabled AWS Config in your AWS Region and you want to be notified via email when someone modified your EC2 instances’ Security Group. Which AWS Config feature helps you do this?

Answer 22

AWS Config Notifications