DOP-C02 Monitoring and Logging • Complete Question Bank
Complete DOP-C02 Monitoring and Logging question bank — all 0 questions with answers and detailed explanations.
A company runs a production web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The application is deployed across three Availability Zones. The DevOps team recently noticed that the application's error rate is spiking periodically, but they cannot correlate the spikes with any known deployments or changes. The team has enabled detailed CloudWatch metrics for the ALB and EC2, and they are using CloudWatch Logs for application logs. They also have AWS X-Ray enabled for tracing.
The team observes that during error spikes, the ALB's 5XX count increases, but the EC2 instance-level CPU and memory metrics remain normal. The application logs show 'Connection timed out' errors. The team suspects the issue is related to network connectivity but is not sure.
Which course of action should the DevOps team take to identify the root cause of the periodic error spikes?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Monitoring for AWS resources and applications
Records API activity for governance and audit
Traces and analyzes requests through distributed applications
Centralized log storage and analysis
Canary monitors to check endpoints and flows
Drag a concept onto its matching description — or click a concept then click the description.
Maximum limits on resources per account
Shows events and changes affecting your AWS resources
Monitors a metric and performs actions based on thresholds
Provides recommendations for cost, performance, security, and fault tolerance
Recommends optimal AWS compute resources for workloads
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:PutLogEvents",
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:MyAppLogs:*"
}
]
}Refer to the exhibit. CloudWatch Logs Insights query: fields @timestamp, @message | filter @message like /ERROR/ | stats count() by bin(5m) | sort @timestamp desc | limit 20
CloudWatch Logs Insights query: fields @timestamp, @message | filter @message like /ERROR/ | stats count() by @timestamp | sort @timestamp desc | limit 20
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:MyAppLogs:*"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
}
]
}Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:PutLogEvents",
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-function:*"
}
]
}
```Refer to the exhibit.
```
2023-03-15T10:00:00.000Z ERROR Invoke Error { "errorMessage": "Timeout", "errorType": "FunctionTimeout" }
2023-03-15T10:00:00.500Z END RequestId: abc123
2023-03-15T10:00:00.500Z REPORT RequestId: abc123 Duration: 3000.00 ms Billed Duration: 3000 ms Memory Size: 128 MB Max Memory Used: 64 MB Init Duration: 200.00 ms
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:MyAppLogs:*"
}
]
}
```Refer to the exhibit.
```
Resources:
MyLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
Role: !GetAtt LambdaExecutionRole.Arn
Code:
ZipFile: |
exports.handler = async (event) => {
console.log(JSON.stringify(event));
return { statusCode: 200 };
};
Runtime: nodejs18.x
TracingConfig:
Mode: Active
LambdaExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
```Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:MyAppLogs:*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/my-function:*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData"
],
"Resource": "*"
}
]
}CloudWatch Logs Insights query: fields @timestamp, @message | filter @logStream = 'prod-app-server-1' | filter @message like /ERROR/ | stats count() by bin(5m) | sort @timestamp desc | limit 20 Sample output: | @timestamp (5m bin) | count() | | 2025-03-15 14:55:00 | 12 | | 2025-03-15 14:50:00 | 8 | | 2025-03-15 14:45:00 | 3 | | 2025-03-15 14:40:00 | 1 |
CloudWatch Alarm configuration (JSON):
{
"AlarmName": "HighCPU",
"AlarmDescription": "Alarm when CPU exceeds 90% for 5 minutes",
"ActionsEnabled": true,
"OKActions": ["arn:aws:sns:us-east-1:123456789012:MyTopic"],
"AlarmActions": ["arn:aws:sns:us-east-1:123456789012:MyTopic"],
"InsufficientDataActions": [],
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": 300,
"EvaluationPeriods": 2,
"Threshold": 90.0,
"ComparisonOperator": "GreaterThanThreshold"
}AWS Config advanced query:
SELECT
resourceId,
resourceType,
configuration.instanceType,
configuration.imageId,
relationships
WHERE
resourceType = 'AWS::EC2::Instance'
AND configuration.instanceType LIKE 't2.%'
AND configuration.imageId NOT IN (
SELECT resourceId
FROM aws_config_resource_relation
WHERE resourceType = 'AWS::EC2::Image'
AND tags.id = 'approved'
)CloudTrail log entry (JSON):
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"arn": "arn:aws:sts::123456789012:assumed-role/AdminRole/JohnDoe",
"accountId": "123456789012",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAEXAMPLEID",
"arn": "arn:aws:iam::123456789012:role/AdminRole",
"accountId": "123456789012",
"userName": "AdminRole"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2025-03-15T14:30:00Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2025-03-15T14:35:00Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "TerminateInstances",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.50",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678"}]
}
},
"responseElements": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678", "currentState": {"code": 32, "name": "shutting-down"}}]
}
}
}VPC Flow Logs record (space-separated): 2 123456789012 eni-12345 10.0.1.5 10.0.2.10 443 12345 6 10 5000 1625256000 1625256060 ACCEPT OK 2 123456789012 eni-12345 10.0.2.10 10.0.1.5 56789 443 6 20 10000 1625256000 1625256060 ACCEPT OK 2 123456789012 eni-12345 10.0.1.5 203.0.113.1 443 80 6 5 250 1625256000 1625256060 REJECT OK