Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsSOA-C02DomainsMonitoring, Logging, and Remediation
SOA-C02Free — No Signup

Monitoring, Logging, and Remediation

Practice SOA-C02 Monitoring, Logging, and Remediation questions with full explanations on every answer.

302questions

Start practicing

Monitoring, Logging, and Remediation — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

SOA-C02 Domains

Monitoring, Logging, and RemediationReliability and Business ContinuityDeployment, Provisioning, and AutomationSecurity and ComplianceNetworking and Content DeliveryCost and Performance Optimization

Practice Monitoring, Logging, and Remediation questions

10Q20Q30Q50Q

SOA-C02 Monitoring, Logging, and Remediation questions (showing 300 of 302)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A company uses AWS CloudTrail to log API calls across all regions. The SysOps administrator notices that logs for a specific region are missing from the centralized S3 bucket. What is the most likely cause?

2

A SysOps team needs to monitor application logs in Amazon CloudWatch Logs for specific error codes and automatically invoke an AWS Lambda function for remediation within 5 minutes of an error occurring. Which solution involves the least operational overhead?

3

A company uses an Amazon S3 bucket to store sensitive data. The SysOps administrator needs to be notified within 15 minutes if any object in the bucket becomes publicly accessible. Which solution will meet this requirement with the least operational overhead?

4

A SysOps administrator is troubleshooting an application that runs on AWS Lambda. The application occasionally fails with timeout errors. The administrator needs to identify the exact lines of code that are causing the delays. Which AWS service or feature should be used to gather this information?

5

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance fleet and send an alert when the average CPU utilization exceeds 80% for 10 consecutive minutes. The administrator also wants to automatically stop the instance if the CPU utilization remains above 90% for 30 minutes to prevent runaway costs. Which combination of AWS services should be used?

6

A SysOps administrator manages an application that runs on Amazon EC2 instances and stores critical data in Amazon Elastic Block Store (EBS) volumes. The administrator needs to monitor the EBS volumes for any performance bottlenecks. The key metric of interest is the average number of I/O operations per second (IOPS) that are waiting to be completed. Which Amazon CloudWatch metric should the administrator examine?

7

A SysOps administrator manages an Amazon RDS for MySQL instance that handles a critical web application. During peak traffic, the number of database connections exceeds 500 for more than 15 minutes, leading to connection timeouts. The administrator wants to automatically increase the DB instance size when the connection count remains high, and decrease it when the load drops, to balance performance and cost. Which combination of AWS services should be used to achieve this automation with the least operational overhead?

8

A company uses Amazon CloudFront to serve content from a custom origin. A SysOps administrator needs to detect IP addresses that generate a high rate of HTTP 403 (Forbidden) errors, which may indicate malicious bots attempting to access restricted content. The administrator wants to automatically add these IP addresses to a AWS WAF IP set to block them. Which solution meets this requirement with the least operational overhead?

9

A SysOps administrator manages an Application Load Balancer (ALB) that distributes traffic to an Auto Scaling group of EC2 instances. The administrator needs to receive a notification whenever the number of unhealthy targets in the ALB target group exceeds a threshold of 2 for at least 5 consecutive minutes. Which solution meets this requirement with the least operational overhead?

10

A SysOps administrator needs to monitor AWS CloudTrail logs for any calls to the 'CreateUser' API in AWS Identity and Access Management (IAM). When such an API call is detected, the administrator wants to receive a notification within a few minutes and also log the event to a central log group in Amazon CloudWatch Logs. The solution should use minimal custom code. Which combination of services should be used?

11

A SysOps administrator needs to monitor the health of an Amazon RDS for MySQL DB instance. The administrator wants to receive an alert when the database connection count exceeds a threshold of 500 for more than 5 minutes. Which AWS service should be used to create this alert?

12

A company runs a web application on Amazon EC2 instances. The application logs are sent to Amazon CloudWatch Logs. The SysOps administrator needs to monitor the logs for an increasing number of HTTP 500 errors. The administrator wants to create a metric filter that will count the number of lines containing 'HTTP 500' in the log group. Which syntax should the administrator use for the metric filter pattern?

13

A SysOps administrator needs to view a graph of the average CPU utilization of an Auto Scaling group over the past 24 hours. The administrator wants to share this graph with the team via a link that does not require AWS console login. Which AWS service should be used to create and share this graph?

14

A SysOps administrator needs to automatically restart an Amazon RDS DB instance when the 'DatabaseConnections' metric exceeds a threshold of 200 for 5 consecutive minutes. The administrator wants a solution that uses minimal custom code and leverages AWS managed services. Which combination of services should be used?

15

A company uses Amazon CloudWatch to monitor its Amazon EC2 instances. The SysOps administrator wants to receive an email notification when any EC2 instance's CPUUtilization metric exceeds 90% for 5 consecutive minutes. Which combination of services should be used to meet this requirement with the least operational overhead?

16

A SysOps administrator needs to monitor Amazon S3 for object-level operations such as PUT and DELETE events in a specific bucket. The administrator wants these events to be sent to an Amazon SQS queue for downstream processing by an application. Which solution should be used to achieve this with the least operational overhead?

17

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and receive an email notification when the metric exceeds 90% for 5 consecutive minutes. The solution should use the least operational overhead. Which combination of AWS services should be used?

18

A company uses AWS CloudTrail to log API activity. The SysOps administrator needs to receive an email notification whenever a new IAM user is created. Which AWS services should be used together to meet this requirement with the least operational overhead?

19

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to detect when the number of log entries containing the string 'ERROR' exceeds 100 in any 5-minute window. When this threshold is breached, an email should be sent to the operations team. Which combination of AWS services should be used with the least operational overhead?

20

A SysOps administrator monitors a custom business metric published to Amazon CloudWatch. The metric exhibits irregular spikes that are not predictable. The administrator needs to be alerted when the metric deviates significantly from its normal pattern. Which CloudWatch feature should be used to set up the alarm with the least manual tuning?

21

A SysOps administrator needs to monitor the application logs of a web server and receive an email notification when the number of 'ERROR' log entries exceeds 100 in a 5-minute window. The logs are already being sent to Amazon CloudWatch Logs. Which combination of AWS services should be used to meet this requirement with the least operational overhead?

22

A SysOps administrator configures AWS CloudTrail to log all management events in a company's AWS account. The administrator needs to ensure that CloudTrail logs are not deleted for at least 5 years to meet compliance requirements. Which configuration should the administrator apply?

23

A SysOps administrator needs to monitor the disk usage on Amazon EC2 instances running Linux. The administrator wants to collect disk utilization metrics every 5 minutes and set up an alarm when disk usage exceeds 80%. Which solution meets these requirements?

24

A SysOps administrator needs to monitor memory utilization of an Amazon EC2 instance. The default Amazon CloudWatch metrics for EC2 do not include memory utilization. Which solution should the administrator implement to collect memory metrics and set alarms?

25

A SysOps administrator needs to monitor application logs stored in Amazon CloudWatch Logs for the term 'CRITICAL'. When more than 5 'CRITICAL' entries appear in a 5-minute window, the administrator wants to automatically restart the underlying Amazon EC2 instance. Which solution should the administrator implement?

26

A company runs containerized applications on Amazon ECS using the Fargate launch type. The SysOps administrator needs to monitor CPU and memory utilization at the task level. Which AWS service provides pre-built dashboards and metrics for this purpose?

27

A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS DB instance and receive an alarm when CPU utilization exceeds 80% for 5 consecutive minutes. Which AWS service should be used to create this alarm?

28

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps administrator needs to monitor the application's HTTP 5xx error rate and set an alarm when the error rate exceeds 5% over a 5-minute period. The alarm must trigger an Amazon SNS notification. Which metric should be used for the alarm?

29

A SysOps administrator needs to monitor a custom application metric 'OrdersPerMinute' published to Amazon CloudWatch. The metric should trigger an alarm when the count exceeds 100 for more than 2 consecutive data points, but only during business hours (9 AM to 5 PM weekdays). The alarm must evaluate the metric as a rate per minute. How should the administrator configure the alarm?

30

An application writes error logs to Amazon CloudWatch Logs. The SysOps administrator needs to monitor for the occurrence of the string 'ERROR' in the logs and trigger an Amazon SNS notification if more than 10 errors occur within a 5-minute window. The administrator also wants to visualize the error count over time. Which approach should be used to meet these requirements with the least operational overhead?

31

A company runs a web application on Amazon EC2 instances. The SysOps administrator needs to monitor two metrics: high CPU utilization (greater than 90%) and high memory utilization (greater than 85%). An alarm should trigger when both conditions are true simultaneously for a period of 5 minutes. Which CloudWatch feature should the administrator use to create this alarm?

32

A web application publishes a custom metric 'FailedLoginAttempts' to Amazon CloudWatch. The SysOps administrator needs to be notified via Amazon SNS when the number of failed login attempts exceeds 100 within a 5-minute period. Which AWS service or feature should be used to create this notification?

33

A company runs a REST API on Amazon EC2 instances behind an Application Load Balancer. The SysOps administrator needs to monitor the API endpoint from multiple geographic locations and receive an alarm if the p90 latency exceeds 2 seconds for two consecutive checks. The solution must use AWS managed services and not require custom code running on EC2. Which approach should the administrator use?

34

A company runs a multi-tier application that uses an Amazon RDS for PostgreSQL database. The SysOps administrator needs to monitor the database for performance anomalies, such as sudden spikes in connections or query latencies. The administrator wants to receive alerts when metrics deviate from their expected baseline. The solution must automatically adjust to changes in normal behavior over time, such as seasonal patterns. Which AWS service or feature should the administrator use?

35

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and send an alert when it exceeds 90% for 5 consecutive minutes. Which combination of AWS services should the administrator use to meet this requirement?

36

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to count the occurrences of the string 'ERROR' in the logs and trigger an Amazon SNS notification when more than 10 errors occur within a 5-minute window. Which steps should the administrator take?

37

A company uses AWS CloudTrail to record all API activity. The SysOps administrator needs to be alerted in real time when an IAM user creates a new access key. Which combination of AWS services should be used to create this alert?

38

A company needs to continuously scan Amazon EC2 instances for software vulnerabilities and unintended network exposure. Which AWS service should be used?

39

A SysOps administrator needs to monitor Amazon EC2 instances for disk space usage. Disk space metrics are not available by default in Amazon CloudWatch. The administrator wants to collect disk space metrics from all EC2 instances across multiple AWS accounts and aggregate them in a single CloudWatch dashboard. Which combination of steps should the administrator take?

40

A SysOps administrator needs to create a custom Amazon CloudWatch metric to track the number of active user sessions from application logs. The administrator wants to publish this metric to CloudWatch and set an alarm when the count exceeds a threshold. Which solution should be used?

41

A SysOps administrator needs to receive an email notification when an IAM user's console login fails. Which AWS service should be used to set up this notification?

42

A SysOps administrator needs to audit all API calls made in an AWS account for compliance and security analysis. The logs must be stored securely for at least one year. Which AWS service should the administrator enable?

43

A SysOps administrator needs to monitor application logs in Amazon CloudWatch Logs for the occurrence of the string 'ERROR'. The administrator wants to create a custom metric that counts the number of 'ERROR' occurrences per 5-minute window and trigger an Amazon CloudWatch alarm when the count exceeds 10. Which action should the administrator take to create the custom metric?

44

A SysOps administrator manages Amazon EC2 instances in multiple AWS accounts. The administrator needs to collect and analyze network traffic logs to identify the top IP addresses generating the most traffic to the instances. The administrator must centralize this analysis in a single monitoring account that has cross-account access to the logs. Which combination of AWS services should the administrator use?

45

An application logs user authentication attempts to Amazon CloudWatch Logs. The SysOps administrator needs to create a custom metric that counts the number of failed authentication attempts every 5 minutes and trigger an alarm when the count exceeds 5. Which combination of actions should the administrator take?

46

A company uses AWS Organizations with multiple accounts. The SysOps administrator needs to centralize the monitoring of all API calls made in any account for security analysis. The solution must collect logs from all accounts, both existing and future, and deliver them to a centralized S3 bucket in the management account. Which AWS service should the administrator use?

47

A SysOps administrator needs to analyze application logs stored in Amazon CloudWatch Logs to find specific error patterns across multiple log groups. The administrator wants to run queries to filter and parse the logs. Which feature should the administrator use?

48

A SysOps administrator manages multiple AWS accounts and wants to create a single Amazon CloudWatch dashboard that displays real-time metrics from all accounts in one view. The administrator needs to avoid managing separate dashboards for each account. Which solution should the administrator implement?

49

A SysOps administrator needs to detect unauthorized changes to security groups and automatically notify the operations team. Which two AWS services should be part of the solution? (Choose 2.)

50

A SysOps administrator needs to monitor memory utilization on an Amazon EC2 instance. Memory metrics are not available by default in Amazon CloudWatch for EC2 instances. Which action should the administrator take to collect memory utilization metrics?

51

An EC2 instance runs a Java application. The operations team wants to monitor heap memory utilization in CloudWatch and set alarms when it exceeds 85 percent. EC2 does not natively publish memory metrics to CloudWatch. What is the simplest way to get this metric into CloudWatch?

52

Multiple microservices each write structured JSON logs to separate CloudWatch log groups. The operations team needs to find all ERROR-level log entries across all log groups for the past 24 hours and count errors by service name. Which approach achieves this with the least operational overhead?

53

An environment has 12 individual CloudWatch metric alarms covering CPU, memory, disk, and network. When one instance degrades, all 12 alarms fire simultaneously and send 12 separate notifications to the on-call engineer. The team wants a single notification per incident regardless of how many individual alarms trigger. What CloudWatch feature addresses this?

54

The security team requires that no S3 bucket in the account ever has public read or write ACLs enabled. They want non-compliant buckets automatically remediated within 5 minutes of detection without any manual intervention. What is the correct implementation?

55

The monitoring team needs to collect per-process CPU and memory utilization for a specific Java process (named 'app.jar') running on EC2 Linux instances. Standard EC2 metrics show aggregate CPU but not per-process details. Which CloudWatch agent configuration section enables this?

56

Drag and drop the steps to troubleshoot an unhealthy target in an Application Load Balancer target group into the correct order.

57

Drag and drop the steps to migrate an on-premises application to AWS using AWS Application Migration Service (MGN) into the correct order.

58

Match each AWS service to its primary function.

59

Match each AWS monitoring tool to its function.

60

A SysOps administrator needs to monitor the CPU utilization of an EC2 instance and receive an alert when it exceeds 80% for 10 consecutive minutes. Which AWS service should be used to set up this monitoring and alerting?

61

A company is running a web application on EC2 instances behind an Application Load Balancer. The application experiences intermittent latency spikes. The SysOps administrator needs to identify the root cause. Which set of CloudWatch metrics should be analyzed first?

62

A SysOps administrator is troubleshooting an issue where an EC2 instance is not sending logs to CloudWatch Logs. The instance has the CloudWatch agent installed, but no logs appear in the log group. The IAM role assigned to the instance has the following policy: {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:MyAppLogs:*"}]}. What is the most likely cause?

63

A company wants to ensure that it receives notifications whenever any AWS Identity and Access Management (IAM) user in the account creates a new access key. Which AWS service should be used to achieve this?

64

A SysOps administrator notices that an EC2 instance's status check fails intermittently. The instance is part of an Auto Scaling group. What is the most efficient way to automatically recover the instance?

65

A company has a CloudWatch dashboard that displays custom metrics from an application. Some metrics are missing from the dashboard, but the application is publishing them to CloudWatch. The SysOps administrator confirms the metrics are present in the CloudWatch console under the correct namespace. What could be causing the metrics to not appear on the dashboard?

66

A SysOps administrator needs to track changes to security groups in the AWS account. Which AWS service should be used to record configuration changes and provide a history of security group modifications?

67

A company is using Amazon RDS for MySQL. The SysOps administrator needs to monitor the number of database connections and set an alarm when connections exceed 80% of the maximum. Which CloudWatch metric and alarm threshold should be used?

68

A SysOps administrator is investigating a security incident where an EC2 instance was used to launch an attack. The administrator needs to determine the source IP addresses that were used to access the instance prior to the attack. Which AWS service and feature should be used to capture this information?

69

A SysOps administrator needs to monitor the CPU and memory utilization of an EC2 instance running a legacy application that cannot be modified. Which TWO methods can be used to collect this information? (Choose TWO.)

70

A company wants to receive real-time notifications when specific API calls are made in their AWS account. Which TWO services can be used together to achieve this? (Choose TWO.)

71

A SysOps administrator is troubleshooting an issue where an EC2 instance has failed a status check. The instance is still running but is unresponsive. Which THREE actions should the administrator take to diagnose and resolve the issue? (Choose THREE.)

72

A SysOps administrator needs to send a notification when an EC2 instance's CPU utilization exceeds 90% for 5 consecutive minutes. Which AWS service should be used to create the alarm?

73

A company is running a stateful web application on EC2 instances behind an Application Load Balancer (ALB). Users report intermittent errors. The SysOps admin notices that the ALB's healthy host count is fluctuating. The admin wants to improve the health check configuration to reduce false positives. Which configuration change is most likely to help?

74

A SysOps admin is troubleshooting an Auto Scaling group that fails to launch instances. The group uses a launch template with an Amazon Linux 2 AMI. The admin reviews the scaling activity history and sees: 'Launching a new EC2 instance. Status: Failed. Description: Your spot request price is lower than the minimum required Spot price.' Which change should the admin make to resolve the issue?

75

A company wants to receive a real-time notification whenever an IAM user creates a new access key. Which combination of AWS services should be used to achieve this?

76

An application running on EC2 instances sends custom metrics to CloudWatch using the PutMetricData API. The SysOps admin notices that some metrics are missing from the CloudWatch console. What is the most likely cause?

77

A SysOps admin is investigating why a CloudWatch alarm did not trigger an SNS notification when a metric breached the threshold. The alarm state is visible in the console as 'ALARM'. What is the most likely reason the notification was not sent?

78

A company needs to retain API call logs for 7 years for compliance. Which AWS service should be used to store these logs?

79

A SysOps admin notices that an EC2 instance's status check fails intermittently. The instance is part of an Auto Scaling group. What is the most appropriate first step to diagnose the issue?

80

A company uses AWS CloudFormation to deploy infrastructure. A SysOps admin wants to receive a notification when a stack update fails. Which approach is the most efficient?

81

Which TWO actions should a SysOps admin take to troubleshoot an Amazon RDS instance that is experiencing high CPU utilization? (Choose 2.)

82

Which THREE metrics from Amazon CloudWatch are most useful for diagnosing an application performance bottleneck on an EC2 instance running a web server? (Choose 3.)

83

A SysOps admin needs to set up centralized logging for multiple AWS accounts. Which TWO services should be used together to aggregate logs into a single S3 bucket? (Choose 2.)

84

A company is using CloudWatch Logs to centralize logs from multiple EC2 instances. The operations team notices that some log entries are missing from CloudWatch Logs. The CloudWatch agent is installed and running on all instances. What is the most likely cause?

85

A SysOps administrator is setting up a CloudWatch dashboard to monitor an application. The application runs on an Auto Scaling group of EC2 instances behind an Application Load Balancer. The administrator wants to track the number of healthy hosts and the request count per target group. Which two metrics should be used? (Choose TWO.)

86

Refer to the exhibit. The command returns no datapoints for CPUUtilization for the specified instance. What is the most likely reason?

87

A company wants to receive alerts when an Auto Scaling group launches or terminates instances. They already have a CloudTrail trail enabled. What is the simplest way to achieve this?

88

A SysOps administrator is troubleshooting an issue where an EC2 instance running a web server is becoming unresponsive under high load. The administrator has enabled detailed monitoring and set up CPUUtilization alarms. Which THREE additional steps could help diagnose the root cause? (Choose THREE.)

89

Refer to the exhibit. An application running on EC2 is using the AWS SDK to publish custom metrics to CloudWatch. The application fails to publish metrics. The IAM role attached to the EC2 instance has this policy. What is the issue?

90

A company has a production environment with multiple EC2 instances that send logs to CloudWatch Logs. The operations team wants to search across all log groups for a specific error pattern. What is the most efficient way to achieve this?

91

An administrator needs to be notified when the root user signs in to the AWS Management Console. Which method should be used?

92

A company uses CloudWatch Logs to store application logs. The logs must be retained for 3 years for compliance. Which TWO steps should be taken to achieve this? (Choose TWO.)

93

A SysOps administrator wants to receive an email when the average CPU utilization of an EC2 instance exceeds 90% for 5 minutes. What should the administrator create?

94

Refer to the exhibit. The alarm has been in INSUFFICIENT_DATA state for several hours. What is the most likely cause?

95

A company wants to ensure that all S3 buckets are configured with server access logging. Which TWO AWS services can be used to detect non-compliant buckets? (Choose TWO.)

96

A SysOps administrator is investigating why a CloudWatch alarm did not trigger an SNS notification. The alarm state changed to ALARM, but the notification was not sent. The SNS topic has a subscription to an email endpoint. What is the most likely cause?

97

Refer to the exhibit. The command returns no events for RunInstances during the specified time period. The administrator knows that instances were launched during that time. What is the most likely cause?

98

A company wants to be able to query application logs in near real-time using a SQL-like syntax. Which AWS service should be used?

99

A company is using Amazon CloudWatch Logs to monitor application logs from EC2 instances. The operations team wants to receive a notification when a specific error pattern appears in the logs. Which solution requires the least operational overhead?

100

A SysOps administrator is troubleshooting a slow-running application on an EC2 instance. CloudWatch metrics show high CPU utilization but low disk I/O. The instance type is t3.medium. Which action would most likely improve performance?

101

A company has enabled AWS CloudTrail in all regions and is logging to an S3 bucket. The security team needs to be alerted within minutes if any IAM user creates a new access key. What is the MOST efficient way to achieve this?

102

An application running on Amazon ECS with Fargate is experiencing intermittent failures. The application logs show connection timeouts to an RDS MySQL database. The database is in the same VPC but a different subnet. Which CloudWatch metric should be examined first to diagnose the issue?

103

A company is using AWS Lambda functions to process incoming messages from Amazon SQS. The Lambda function sometimes fails due to a transient error, and the message is not processed. The team wants to automatically retry failed messages and send them to a dead-letter queue (DLQ) after three failed attempts. Which configuration meets these requirements?

104

A SysOps administrator notices that an Amazon RDS instance's CPU utilization is consistently above 90% during peak hours. The application is read-heavy and can tolerate eventual consistency. Which action would MOST effectively reduce CPU load?

105

A company uses AWS CloudFormation to deploy infrastructure. The operations team wants to be notified when a stack update fails. What is the simplest way to achieve this?

106

An application running on Amazon EC2 instances behind an Application Load Balancer (ALB) is experiencing intermittent 5xx errors. CloudWatch metrics show that the ALB's 'HTTPCode_ELB_5XX_Count' is elevated. What is the MOST likely cause?

107

A company stores sensitive data in an S3 bucket. The security team requires that any access to the bucket from outside the corporate network be logged and immediately alerted. Which solution meets these requirements?

108

A SysOps administrator is investigating a performance issue where an Amazon RDS for MySQL instance's ReadIOPS metric is consistently high. The database is used by a web application. Which THREE actions should the administrator take to improve performance?

109

A company uses Amazon CloudWatch to monitor its AWS infrastructure. The operations team wants to receive notifications when any EC2 instance's status check fails. Which TWO steps should be taken to achieve this?

110

A company needs to monitor the CPU and memory utilization of its EC2 instances. Which TWO services can be used to collect and visualize these metrics?

111

A SysOps administrator needs to monitor the CPU utilization of an EC2 instance and receive an alert when it exceeds 80% for 10 consecutive minutes. Which AWS service should be used to configure this monitoring and alerting?

112

A company's application running on EC2 instances is experiencing intermittent errors. The SysOps team needs to collect and analyze application logs from all instances centrally. The logs must be stored durably and searchable with minimal latency. Which solution meets these requirements?

113

An application running on EC2 instances behind an Application Load Balancer (ALB) sends custom metrics to CloudWatch. The team wants to set an alarm that triggers when the error rate exceeds 5% over a 5-minute period. The alarm must evaluate the metric every minute. Which configuration is required?

114

A SysOps administrator needs to track changes made to an Amazon S3 bucket policy and receive notifications when changes occur. Which AWS service should be used?

115

A company has a fleet of EC2 instances that are part of an Auto Scaling group. The SysOps team wants to automatically replace any instance that fails the status check for 2 consecutive minutes. Which configuration should be used?

116

A SysOps administrator is troubleshooting an application that runs on EC2 instances behind an ALB. Users report intermittent 503 errors. The administrator checks the ALB access logs and finds entries with 'elb_status_code' 503 and 'target_status_code' '-'. What is the most likely cause?

117

A company wants to monitor the number of messages in an Amazon SQS queue and scale the number of EC2 instance consumers based on queue depth. Which combination of AWS services should be used?

118

A SysOps administrator needs to ensure that an Amazon RDS instance automatically reboots if it becomes unavailable due to an operating system crash. The instance is a Multi-AZ deployment. What is the correct approach?

119

An application writes logs to a file on an EC2 instance. The SysOps team needs to send these logs to Amazon CloudWatch Logs in real time. The logs must be encrypted at rest in CloudWatch Logs using a customer-managed KMS key. Which steps are required?

120

Which TWO AWS services can be used to monitor the performance of an Amazon RDS database and set alarms based on metrics?

121

Which THREE actions can be taken to remediate an EC2 instance that has been compromised according to security best practices? (Select THREE.)

122

Which TWO options are valid ways to send custom metrics to Amazon CloudWatch?

123

Refer to the exhibit. A SysOps administrator runs the 'list-metrics' command for CPUUtilization. Based on the output, what can the administrator conclude?

124

Refer to the exhibit. An IAM policy is attached to an EC2 instance role. The application on the instance attempts to write logs to a log group named 'MyAppLogs' in CloudWatch Logs but fails. What is the likely cause?

125

Refer to the exhibit. A SysOps administrator reviews the CloudWatch alarm configuration. The alarm is in ALARM state. Which statement accurately describes the alarm's behavior?

126

A company is using AWS CloudTrail to log API activity. They need to ensure that log files are protected from unauthorized modification and can be used to verify the integrity of log files. Which AWS feature should be enabled?

127

A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS for PostgreSQL instance and receive an alert if the usage exceeds 80% for 5 consecutive minutes. The database is in a production environment. What is the MOST efficient way to achieve this?

128

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps team needs to capture detailed HTTP request-level data, including headers and payload, for troubleshooting purposes. The data should be stored in Amazon S3 for analysis. Which solution meets these requirements with the LEAST operational overhead?

129

A company has an Auto Scaling group of EC2 instances that are critical for production. The SysOps administrator needs to be notified immediately when any instance in the group enters the 'InService' state after a scale-out event. Which approach should be used?

130

A SysOps administrator suspects that an Amazon Linux 2 EC2 instance has been compromised. The instance is part of an Auto Scaling group and is currently running. The administrator needs to preserve the root volume for forensic analysis while minimizing the impact to the application. Which action should the administrator take FIRST?

131

A company uses Amazon CloudWatch Logs to collect logs from multiple EC2 instances. The SysOps administrator needs to create a metric filter that counts the number of ERROR-level log entries per hour and triggers an alarm when the count exceeds 100 in any 5-minute period. Which metric filter pattern should be used?

132

A company uses AWS CloudTrail to log all management events. The SysOps administrator needs to be notified when an IAM user creates a new access key. Which configuration is the MOST efficient?

133

A SysOps administrator notices that an Amazon RDS for MySQL instance's CPU utilization is consistently above 80% during business hours. The administrator wants to identify the queries causing the high load without impacting performance. Which action should be taken?

134

A company wants to visualize the geographic distribution of failed login attempts to their web application. The application runs on EC2 instances behind an ALB. They have access logs enabled for the ALB. Which service should be used to create the visualization?

135

A company is using Amazon CloudWatch Logs to centralize logs from multiple EC2 instances. The SysOps administrator needs to ensure that log data is encrypted at rest and in transit. Which TWO actions should the administrator take? (Choose TWO.)

136

A company runs a critical application on Amazon EC2 instances in an Auto Scaling group. The SysOps administrator needs to detect and automatically replace an instance that is not responding to health checks. Which THREE steps should the administrator take? (Choose THREE.)

137

A SysOps administrator is creating a monitoring solution for a web application that uses an Application Load Balancer (ALB) and an Auto Scaling group of EC2 instances. The administrator wants to monitor the average request count per minute and the number of healthy hosts. Which TWO CloudWatch metrics should the administrator use? (Choose TWO.)

138

A company is using Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The operations team needs to receive an alert when the number of healthy hosts drops below 50% of the desired capacity for more than 5 minutes. Which CloudWatch metric and alarm configuration should be used?

139

A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS for MySQL DB instance. The administrator wants to receive a notification when the average CPU utilization exceeds 80% for 10 consecutive minutes. Which steps should the administrator take to set up this monitoring?

140

A company is running a critical application on Amazon EC2 instances. The application performance has degraded over the past week. The SysOps administrator suspects a memory leak. The administrator needs to collect detailed memory usage metrics every minute and store them for 30 days. Which solution is the MOST cost-effective and operationally efficient?

141

A SysOps administrator is troubleshooting an issue where an Amazon EC2 instance running Amazon Linux 2 is not sending logs to CloudWatch Logs. The CloudWatch agent is installed and configured. Which step should the administrator take FIRST to diagnose the issue?

142

A company uses Amazon CloudWatch to monitor its AWS resources. The operations team needs to receive email notifications when the root user performs any action in the AWS account. Which combination of services should the SysOps administrator use to meet this requirement?

143

An organization has a production AWS environment with multiple VPCs and hundreds of EC2 instances. The security team wants to be alerted when any security group is modified. Which approach should a SysOps administrator use to meet this requirement with minimal overhead?

144

A SysOps administrator notices that an Amazon RDS instance's CPU utilization is consistently above 90% during peak hours. The administrator needs to investigate which queries are consuming the most CPU. Which action should the administrator take?

145

A company has an Amazon S3 bucket that stores critical data. The security team wants to be notified whenever an object in the bucket is deleted. Which solution should the SysOps administrator implement?

146

A SysOps administrator is managing a fleet of EC2 instances in an Auto Scaling group. The instances are behind an Application Load Balancer. The administrator notices that the 'SurgeQueueLength' metric for the ALB is frequently high. What does this indicate, and what is the BEST remediation action?

147

A SysOps administrator needs to monitor the disk space utilization on a fleet of EC2 instances running Windows Server. Which TWO steps should the administrator take to collect and visualize this data? (Choose TWO.)

148

A company is using AWS Organizations to manage multiple accounts. The security team wants to ensure that all API calls across all accounts are logged and retained for at least 7 years. Which THREE steps should the SysOps administrator take to meet this requirement? (Choose THREE.)

149

A SysOps administrator is investigating a performance issue with an Amazon RDS for PostgreSQL instance. The administrator has enabled Performance Insights. Which TWO metrics from Performance Insights can help identify the root cause of a sudden increase in database load? (Choose TWO.)

150

A SysOps administrator is responsible for a multi-tier web application running on AWS. The application consists of an Application Load Balancer (ALB), an Auto Scaling group of EC2 instances, and an Amazon RDS for MySQL database. Recently, the operations team has been receiving alerts from CloudWatch that the ALB's 'HTTPCode_Target_5XX_Count' metric is spiking periodically. The team has also noticed that the database CPU utilization is high during these spikes. The application logs show that some requests are timing out. The administrator needs to identify the root cause and implement a remediation. After reviewing the architecture, the administrator rules out the database as the bottleneck because the database connections are pooled and the query response times are normal. The administrator suspects that the issue is related to the application server's health. Which course of action should the administrator take to diagnose and resolve the issue?

151

Refer to the exhibit. A SysOps administrator runs this CloudWatch Logs Insights query against an application log group. The query returns no results, even though the administrator knows that errors occurred in the last hour. What is the most likely cause?

152

A company uses Amazon RDS for MySQL and wants to monitor the number of database connections in real time. Which CloudWatch metric should the SysOps administrator use?

153

An organization uses AWS CloudTrail to log API calls across multiple accounts in AWS Organizations. The logs are delivered to a central S3 bucket. The security team wants to receive near-real-time notifications whenever an IAM user creates a new access key. Which solution is the MOST operationally efficient?

154

A SysOps administrator notices that an Amazon EC2 instance's CPU utilization is consistently above 90% during business hours. The instance is part of an Auto Scaling group with a simple scaling policy based on average CPU utilization. However, the Auto Scaling group is not launching new instances. What is the most likely cause?

155

Refer to the exhibit. A SysOps administrator created this IAM policy for an application that sends custom metrics to CloudWatch and writes logs to CloudWatch Logs. The application reports that it cannot publish logs. What is the most likely reason?

156

A company wants to monitor the health of its web application running on EC2 instances behind an Application Load Balancer (ALB). Which CloudWatch metric from the ALB can indicate that requests are failing due to server errors?

157

A SysOps administrator is troubleshooting an issue where an Amazon RDS DB instance's storage space is running out. The administrator has enabled CloudWatch alarms for FreeStorageSpace, but the alarm did not trigger before the storage was exhausted. What is the most likely reason?

158

A company uses AWS CloudFormation to deploy its infrastructure. The SysOps administrator needs to be notified if a stack creation fails. Which method is the most efficient way to achieve this?

159

A SysOps administrator is managing a fleet of EC2 instances that run a batch processing job. The job is completed when a certain metric in CloudWatch reaches a value. Currently, the administrator manually checks the metric and terminates the instances. Which AWS service can automate the termination of the instances when the metric threshold is breached?

160

A SysOps administrator is setting up centralized logging for multiple AWS accounts using CloudWatch Logs. Which TWO actions should the administrator take to ensure that logs from all accounts are aggregated in a single account?

161

An organization uses Amazon CloudWatch Synthetics canaries to monitor its web application endpoints. A SysOps administrator needs to be alerted when a canary run fails. Which THREE steps are required to set up this alerting?

162

A SysOps administrator is investigating a security incident where an unauthorized user accessed an S3 bucket. Which TWO AWS services can the administrator use to collect and analyze the relevant logs?

163

A company runs a critical web application on EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The application experiences intermittent latency spikes. The SysOps administrator has enabled detailed CloudWatch metrics on the ALB and the EC2 instances. The administrator notices that during the latency spikes, the ALB's TargetResponseTime metric increases, but the EC2 instance's CPU utilization and memory usage remain normal. The administrator also observes that the number of concurrent connections to the ALB spikes during these periods. Which action should the administrator take to identify the root cause?

164

A company uses AWS CloudFormation to deploy a multi-tier application. The stack includes an Application Load Balancer, Auto Scaling group, and RDS database. The SysOps administrator receives a notification that a stack update has failed. The administrator wants to investigate the failure and understand which resource caused the issue. The stack is in the UPDATE_ROLLBACK_IN_PROGRESS state. What should the administrator do to identify the failed resource?

165

A SysOps administrator is managing an AWS environment with multiple VPCs connected via a transit gateway. The administrator needs to monitor network traffic between VPCs for security analysis. The administrator wants to capture metadata about IP traffic going through the transit gateway. The logs should be centralized in a single S3 bucket and retained for 90 days. Which solution should the administrator implement?

166

A SysOps administrator is troubleshooting an issue where an EC2 instance running a web server is unreachable. The instance passes status checks and is in a healthy state. Security groups and network ACLs are configured correctly. CloudWatch metrics show CPU utilization is 5%. The administrator can SSH into the instance but cannot connect to the web server on port 443. What is the most likely cause?

167

A company uses CloudWatch Logs to collect application logs from EC2 instances. The logs are critical for troubleshooting. The operations team notices that some log entries are missing during peak hours. The CloudWatch Logs agent is configured with a batch size of 1 MB and a batch timeout of 10 seconds. Which TWO actions should the administrator take to reduce the chance of missing log events?

168

A SysOps administrator sets up an alarm to monitor the CPU utilization of an Auto Scaling group. The alarm should trigger a scaling policy when CPU exceeds 80% for 5 consecutive minutes. The alarm state remains 'INSUFFICIENT_DATA' even though instances are running. Which THREE are possible causes?

169

An IAM policy is attached to an EC2 instance role to allow sending logs to CloudWatch Logs. The application running on the instance fails to send logs to the log group 'MyAppLogGroup'. Which change is required to fix the issue?

170

A company wants to receive a notification when the root account is used to perform any action in the AWS account. Which service should be used to monitor this?

171

A company uses AWS CloudFormation to deploy infrastructure. The operations team wants to be notified when a stack enters a ROLLBACK_IN_PROGRESS state. Which TWO methods can achieve this?

172

A SysOps administrator is troubleshooting a Lambda function that is not processing messages from an SQS queue. The function is subscribed to the queue via an event source mapping. The function has a reserved concurrency of 0. Which TWO actions will resolve the issue?

173

A company hosts a web application on multiple EC2 instances behind an Application Load Balancer (ALB). The SysOps administrator receives a report that the application is experiencing intermittent 503 errors. The ALB target group health checks are configured to check the /health endpoint every 30 seconds with a healthy threshold of 2 and an unhealthy threshold of 2. The administrator checks the ALB metrics and notices that the number of healthy hosts occasionally drops to zero. The EC2 instances are normal and the application logs show no errors. What is the most likely cause and solution?

174

A company uses Amazon RDS for MySQL with Multi-AZ deployment. The SysOps administrator notices that the DB instance's CPU utilization spikes to 100% every few minutes. CloudWatch alarms have been set to trigger when CPU exceeds 90% for 5 minutes, but no alarm state changes are observed. The administrator checks the CloudWatch metrics and sees that the CPU utilization metric shows periodic spikes but they last only 2-3 minutes each. What is the most likely cause and what should the administrator do to receive notifications?

175

A SysOps administrator manages a fleet of EC2 instances that run a batch processing job. The job runs every hour and takes about 45 minutes to complete. The administrator wants to be notified if any job takes longer than 1 hour. Currently, the administrator uses CloudWatch Logs to capture job start and end times from application logs. The job writes a log message at start with 'JOB_START' and at end with 'JOB_END'. The administrator wants to create a metric filter that counts jobs that exceed 1 hour. However, the administrator is unsure how to achieve this with CloudWatch Logs. What should the administrator do?

176

A company uses Amazon S3 to store sensitive data. The SysOps administrator needs to ensure that any attempt to upload an object with server-side encryption disabled is immediately detected and the administrator is notified. The administrator has enabled AWS CloudTrail and is logging S3 data events. Which approach should the administrator use to achieve this?

177

A SysOps administrator is troubleshooting a slow web application running on EC2 instances behind an ALB. The application uses an RDS MySQL database. The administrator checks CloudWatch metrics and sees that the ALB's latency is high, the RDS CPU is high, and the EC2 CPU is moderate. The application team reports that the database queries are slow. The administrator suspects that the database is the bottleneck. However, the RDS instance is already a db.r5.large and the administrator wants to avoid increasing instance size due to cost. What should the administrator do to improve performance without increasing instance size?

178

A company uses AWS CloudFormation to deploy a VPC with public and private subnets. The stack creation fails with the error 'The maximum number of VPCs has been reached.' The SysOps administrator needs to deploy the stack as soon as possible. What should the administrator do?

179

A company uses Amazon CloudWatch Logs to store application logs. The security team needs to be alerted when any log group contains a specific error pattern. The solution must minimize latency and operational overhead. What should a SysOps administrator do?

180

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and receive an alert if it exceeds 80% for 10 consecutive minutes. The instance is in a VPC with no Internet access. What is the MOST efficient way to meet these requirements?

181

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps administrator notices that the application's response time is increasing during peak hours. The administrator wants to set up a CloudWatch dashboard that displays the average latency of requests across all instances and the number of healthy hosts. Which metrics should be used?

182

A SysOps administrator is troubleshooting an Amazon RDS for MySQL instance that is experiencing high CPU utilization. The administrator wants to identify the specific queries consuming the most CPU. What is the MOST efficient way to achieve this?

183

A company hosts a static website on Amazon S3 and uses Amazon CloudFront for content delivery. The marketing team wants to know how many users visit the website each day, including the geographic distribution. Which solution requires the LEAST operational overhead?

184

A SysOps administrator is monitoring an Amazon ECS cluster running Fargate tasks. The administrator wants to receive a notification when any task fails to start due to insufficient memory. Which combination of actions should be taken? (Choose TWO.)

185

A company uses AWS CloudFormation to deploy its infrastructure. The SysOps administrator needs to be notified when a stack creation fails. Which solution meets this requirement with the LEAST effort?

186

A SysOps administrator needs to centrally collect operating system-level metrics from a fleet of Amazon EC2 instances running Amazon Linux 2. The metrics should include memory usage and disk I/O. Which solution should the administrator implement?

187

A company has an S3 bucket that stores sensitive data. The security team requires an alert whenever an object in the bucket is deleted. What is the MOST efficient way to achieve this?

188

A SysOps administrator is troubleshooting a slow-running Amazon RDS for PostgreSQL instance. The administrator suspects that a specific query is causing high I/O. Which tools should be used together to identify the query and its I/O impact? (Choose THREE.)

189

A company wants to automatically remediate an Amazon EC2 instance that becomes unresponsive by rebooting it. The solution should use AWS managed services to minimize custom code. Which combination should a SysOps administrator use? (Choose TWO.)

190

A SysOps administrator needs to track changes to IAM policies in the AWS account for auditing purposes. Which service should be used?

191

A SysOps administrator is troubleshooting an application that intermittently fails to connect to an RDS database. The error logs show 'Too many connections'. What CloudWatch metric should the administrator monitor to proactively detect this issue?

192

A company uses CloudWatch Logs to store application logs from EC2 instances. The SysOps team needs to search for specific error patterns across all log groups. What is the most efficient way to perform this search?

193

An application running on EC2 instances behind an Application Load Balancer (ALB) is experiencing increased latency. The SysOps administrator checks CloudWatch and sees that the ALB's TargetResponseTime is high, but the backend EC2 instance's CPUUtilization and MemoryUtilization are low. What is the most likely cause?

194

A company wants to receive an email notification when an EC2 instance's status check fails. What AWS service should be used?

195

A SysOps administrator needs to ensure that all S3 buckets in the account have server access logging enabled. The administrator wants to be notified if a bucket is created without logging. What is the most efficient solution?

196

An application running on Amazon ECS (Fargate) is experiencing intermittent failures. The logs show 'CannotPullContainerError: error pulling image configuration: download failed after attempts=6'. The SysOps team has verified that the image exists in Amazon ECR and the task role has permissions to pull from ECR. What is the most likely cause?

197

A SysOps administrator wants to receive alerts when the root user performs an action in the AWS account. Which service should be used?

198

An organization wants to ensure that all changes to an S3 bucket policy are logged and immediately trigger a notification to the security team. What is the most efficient way to achieve this?

199

A SysOps administrator is troubleshooting a slow-running RDS MySQL instance. The administrator notices that the ReadIOPS metric is consistently high, but the WriteIOPS is low. The instance type is db.m5.large with 300 GB of General Purpose SSD (gp2). What is the most likely cause?

200

A SysOps administrator is configuring a CloudWatch dashboard to monitor an application. Which TWO of the following are valid widget types that can be added to a CloudWatch dashboard?

201

A company is using Amazon CloudWatch Logs to collect logs from multiple AWS services. The SysOps administrator needs to query logs across multiple log groups in real-time. Which THREE of the following are capabilities of CloudWatch Logs Insights?

202

A SysOps administrator is setting up monitoring for an Amazon RDS instance. Which TWO metrics are available by default in Amazon CloudWatch for RDS?

203

Refer to the exhibit. A SysOps administrator runs the CloudWatch Logs Insights query shown. What does this query do?

204

Refer to the exhibit. A SysOps administrator creates the CloudWatch Alarm shown. However, the alarm never enters ALARM state even though the CPU utilization of the EC2 instance is consistently above 90%. What is the most likely reason?

205

Refer to the exhibit. A SysOps administrator runs the command shown to investigate a CloudWatch alarm named 'HighCPU'. What does the output indicate?

206

A SysOps administrator is troubleshooting an issue where an EC2 instance's CPU utilization is consistently above 90%, but no CloudWatch alarm is triggered. The alarm is configured to monitor the 'CPUUtilization' metric with a threshold of 80% for 2 consecutive periods of 5 minutes. What is the most likely cause?

207

An application running on EC2 instances in an Auto Scaling group is experiencing intermittent errors. The errors correlate with periods of high memory usage. The SysOps administrator wants to set up a CloudWatch alarm to scale out when memory usage exceeds 80%. What should the administrator do to enable monitoring of memory usage?

208

A company uses AWS CloudTrail to log API activity. The security team needs to be notified immediately when an IAM user creates a new access key. Which combination of steps should a SysOps administrator take? (Choose TWO.)

209

A SysOps administrator needs to centralize logs from multiple AWS accounts into a single S3 bucket for analysis. Which solution is the MOST operationally efficient?

210

An organization is using AWS CloudFormation to deploy infrastructure. The SysOps administrator needs to receive notifications when stack creation fails. What is the simplest way to achieve this?

211

A SysOps administrator is investigating a security breach. An IAM user 'Bob' is suspected of performing unauthorized actions. The administrator needs to determine the source IP addresses from which Bob's access keys were used in the last 30 days. Which AWS service or feature should be used?

212

A company has an Auto Scaling group of EC2 instances behind an Application Load Balancer. The SysOps administrator notices that the healthy host count is lower than expected. The instances are in service, and security groups allow traffic. What is a likely cause?

213

A SysOps administrator wants to be alerted when an EC2 instance's status check fails. The instance is part of an Auto Scaling group. What is the BEST approach?

214

An application running on EC2 instances sends custom metrics to CloudWatch using the PutMetricData API. The metrics are not appearing in the CloudWatch console. The IAM role attached to the instances has the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudwatch:PutMetricData", "Resource": "*" } ] }. What is the most likely cause?

215

A SysOps administrator is setting up monitoring for an RDS MySQL database. The administrator needs to be notified when the database connection count exceeds 100. Which steps should be taken to achieve this? (Choose TWO.)

216

A company has a centralized logging solution where CloudTrail logs from multiple accounts are delivered to a single S3 bucket. The security team needs to be alerted when an IAM user is created in any of the accounts. Which steps should be taken? (Choose THREE.)

217

A SysOps administrator needs to track changes to security group rules in a VPC. Which AWS services can be used to monitor and log these changes? (Choose TWO.)

218

Refer to the exhibit. A Lambda function is unable to write logs to CloudWatch Logs. The IAM role attached to the Lambda function includes the policy shown. What is the issue?

219

Refer to the exhibit. A SysOps administrator runs the command and sees the output. The administrator then creates a CloudWatch alarm on the CPUUtilization metric for this instance, but the alarm state remains 'INSUFFICIENT_DATA'. What is a likely cause?

220

Refer to the exhibit. A SysOps administrator runs the command to find 'CreateKeyPair' events in January 2023 but gets an empty list. The administrator knows that key pairs were created during that time. What is the most likely reason?

221

A company is experiencing intermittent performance issues with an application running on an EC2 instance. The CloudWatch metrics show high CPU utilization but no correlation with the timing of the issue. The SysOps administrator needs to collect detailed performance data to identify the root cause. Which AWS service should the administrator use to capture network-level metrics and logs?

222

A SysOps administrator receives an alarm that an EC2 instance's status check has failed. The instance is part of an Auto Scaling group behind an Application Load Balancer. The administrator needs to ensure that the instance is automatically replaced and that the root cause is investigated. What is the MOST efficient combination of actions to achieve this?

223

A company needs to monitor for unauthorized changes to critical IAM policies. The SysOps administrator must receive notifications within minutes of any change. Which combination of AWS services should the administrator use?

224

A SysOps administrator notices that an RDS instance's CPU utilization is consistently above 80% during peak hours. The administrator wants to set up automated actions to scale the database and also notify the team. What should the administrator do?

225

An application running on EC2 instances occasionally throws 'Connection refused' errors when connecting to an RDS database. The SysOps administrator needs to determine if the issue is due to database connection limits or network security groups. Which metrics and logs should the administrator examine?

226

A SysOps administrator needs to ensure that all S3 buckets in the account are configured with server access logging. Which AWS service can evaluate the buckets and automatically remediate non-compliant buckets?

227

A company uses an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances. The administrator notices that the ALB returns 503 errors during peak traffic. The instances are healthy according to the ALB health checks. What is the MOST likely cause and what metric should the administrator check?

228

A SysOps administrator is troubleshooting an issue where an EC2 instance running a web server is not reachable from the internet. The instance has a public IP and is in a public subnet. The security group allows HTTP and HTTPS from 0.0.0.0/0. The network ACL allows all inbound and outbound traffic. What should the administrator check NEXT?

229

A company stores critical data in an S3 bucket and wants to be notified immediately when any object is deleted from the bucket. Which combination of services should the SysOps administrator use?

230

A SysOps administrator is designing a monitoring solution for a critical application running on EC2 instances. The application requires that all API calls to the environment are logged for security analysis. Which TWO services should the administrator use to meet this requirement?

231

A company is using an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. The SysOps administrator notices that the scaling is not triggering as expected. Which THREE steps should the administrator take to troubleshoot the issue?

232

A SysOps administrator wants to be alerted when the root user of the AWS account signs in. Which TWO services can be used together to achieve this?

233

Refer to the exhibit. A SysOps administrator runs the AWS CLI command shown. The output shows that the CPUUtilization average over the period is 75%. However, the administrator knows that the instance was idle for the first 15 minutes of the hour. Which explanation best describes why the average might be misleading?

234

Refer to the exhibit. An EC2 instance is running the CloudWatch Logs agent and uses the IAM policy shown. The agent is configured to send logs to the log group 'MyAppLogGroup'. However, logs are not appearing. What is the MOST likely cause?

235

Refer to the exhibit. A SysOps administrator deploys this CloudFormation stack. The EC2 instance launches and the web server starts. However, the CloudWatch alarm does not trigger even when CPU utilization exceeds 80%. What is the MOST likely reason?

236

A company uses AWS CloudTrail to log API calls in a multi-account environment. The security team wants to be alerted when an IAM user in the production account modifies a security group to allow inbound SSH from 0.0.0.0/0. Which combination of actions should be taken to meet this requirement?

237

A SysOps administrator notices that an EC2 instance's CPU utilization has been at 100% for the past hour. The administrator checks CloudWatch metrics and sees no anomalies in network or disk I/O. Which step should the administrator take to investigate further?

238

A company has an AWS Lambda function that processes files uploaded to an S3 bucket. The function fails intermittently with a timeout error. What should the SysOps administrator do to monitor and resolve this issue?

239

A company runs a critical web application on EC2 instances behind an Application Load Balancer (ALB). The SysOps administrator needs to be notified if the ALB's error rate exceeds 5% for 5 consecutive minutes. Which solution meets this requirement with the least operational overhead?

240

A SysOps administrator is troubleshooting an EC2 instance that is unresponsive. The administrator can SSH into the instance but finds that the CloudWatch agent is not sending custom metrics. The CloudWatch agent configuration file is at '/opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json'. What should the administrator check first?

241

A company wants to centrally collect and analyze logs from all AWS accounts in an organization. The logs include CloudTrail, VPC Flow Logs, and AWS Config logs. Which solution is the most scalable and cost-effective?

242

A company uses Amazon RDS for MySQL and needs to be alerted when the database's CPU utilization exceeds 80% for 10 minutes. The administrator creates a CloudWatch alarm based on the 'CPUUtilization' metric. However, the alarm does not trigger even though the metric shows values above 80%. What is the most likely cause?

243

A company has deployed a web application on EC2 instances with an Auto Scaling group. The SysOps administrator needs to automatically replace any instance that is in a 'failed' status as reported by the EC2 status checks. Which action should the administrator take?

244

A SysOps administrator receives a notification that an EC2 instance's status check has failed. The instance is part of an Auto Scaling group. What is the immediate impact on the application?

245

A company wants to monitor AWS API calls for suspicious activity. Which TWO AWS services can be used together to achieve this?

246

A SysOps administrator needs to receive alerts when an S3 bucket is publicly accessible. Which TWO AWS services can be used to monitor and detect this configuration?

247

A company uses CloudWatch Logs to monitor application logs. The SysOps administrator wants to search for specific error patterns across multiple log groups. Which THREE AWS services can be used to achieve this?

248

A SysOps administrator notices that an EC2 instance's CPU utilization has been above 90% for the past hour. The instance is part of an Auto Scaling group with a CPU utilization-based scaling policy. However, no new instances have been launched. What is the most likely cause?

249

A company has an application running on EC2 instances behind an Application Load Balancer. They want to receive an email notification when the average latency exceeds 2 seconds. Which combination of steps should the SysOps administrator take? (Select TWO.)

250

A SysOps administrator creates this IAM policy for a monitoring application. The application needs to publish custom metrics to CloudWatch and retrieve information about EC2 instances and Auto Scaling groups. The application reports that it cannot list EC2 instances. What is the most likely reason?

251

A SysOps administrator needs to monitor the memory utilization of an EC2 instance running Windows Server. Which steps are required to collect memory metrics?

252

A company runs a web application on EC2 instances behind an Application Load Balancer. The SysOps administrator creates a CloudWatch alarm on the ALB's HTTPCode_ELB_5XX_Count metric to trigger an SNS notification when there are many 5xx errors. However, the alarm remains in INSUFFICIENT_DATA state. What is a likely cause?

253

A SysOps administrator needs to ensure that all S3 buckets in the account are logged to CloudTrail for data events. The administrator enables CloudTrail with data events for S3 and selects 'All buckets' in the current account. However, after a week, they notice that some buckets are not being logged. What is the most likely reason?

254

A SysOps administrator wants to receive a notification when an EC2 instance's status check fails. Which AWS service should be used to achieve this?

255

A company has an application that writes logs to CloudWatch Logs. The SysOps administrator needs to search for a specific error pattern across multiple log groups. Which solution is the most efficient?

256

A SysOps administrator is troubleshooting an issue where an EC2 instance's CloudWatch agent is not sending memory metrics. The agent is installed and configured to collect memory metrics. The IAM role attached to the instance has the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudwatch:PutMetricData", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:ListMetrics", "Resource": "*" } ] } What is the most likely reason the memory metrics are not appearing?

257

A SysOps administrator wants to be notified when an Auto Scaling group launches a new instance. Which AWS service can be used to capture the Auto Scaling lifecycle events and send a notification?

258

A company uses AWS CloudFormation to deploy a stack that includes an EC2 instance and an S3 bucket. The SysOps administrator needs to monitor the stack for any changes to the S3 bucket's bucket policy. Which AWS service should be used?

259

A SysOps administrator examines the output of the describe-alarms command for the 'HighCPU' alarm. The alarm is in ALARM state. What action will be taken automatically?

260

A SysOps administrator needs to create a custom metric to track the number of active connections to an EC2 instance. Which steps should be taken? (Select TWO.)

261

A company wants to ensure that all IAM user changes are logged and that an alert is sent when a new IAM user is created. Which services should be used together to achieve this? (Select THREE.)

262

A SysOps administrator notices that an Amazon RDS for MySQL instance's CPU utilization has been consistently above 80% for the past hour. Which CloudWatch metric should the administrator examine to determine whether the high CPU is due to a specific SQL query?

263

A company has an application running on Amazon EC2 instances behind an Application Load Balancer (ALB). The application logs show intermittent 503 errors. The ALB access logs show that the errors occur when the target response time exceeds 30 seconds. Which configuration change should the SysOps administrator make to reduce the number of 503 errors without affecting the application's behavior?

264

A SysOps administrator needs to monitor the memory utilization of an EC2 instance running a custom application. The instance is not using the default CloudWatch metrics for memory. What should the administrator do to collect memory metrics?

265

A company uses AWS CloudTrail to log API activity. A SysOps administrator discovers that some management events are not being logged. The administrator checks the CloudTrail configuration and confirms that management events are enabled and logging is working for most events. What is the most likely cause of the missing events?

266

A SysOps administrator wants to receive a notification when an EC2 instance's status check fails. Which AWS service should the administrator use to set up an alarm based on the status check metric?

267

A SysOps administrator is troubleshooting an issue where an Amazon RDS instance's storage space is being consumed rapidly. The administrator wants to identify the specific database or table causing the storage increase. Which AWS service or feature should the administrator use to gather this information?

268

A company uses AWS Lambda functions that process data from an Amazon SQS queue. The Lambda function is failing intermittently due to timeouts. The SysOps administrator needs to be notified immediately when the function times out. What is the most efficient way to achieve this?

269

A SysOps administrator is setting up monitoring for an application that runs on Amazon ECS with Fargate launch type. The application's performance degrades when memory utilization exceeds 80%. The administrator wants to receive a notification when memory usage approaches this threshold. What should the administrator do?

270

A company has an S3 bucket that stores sensitive data. A SysOps administrator needs to detect when objects in the bucket are publicly accessible. Which AWS service should the administrator use to continuously monitor and report on public access?

271

A SysOps administrator is troubleshooting an Amazon EC2 instance that is unreachable. The instance passes the system status check but fails the instance status check. Which TWO of the following are likely causes of this issue? (Choose TWO.)

272

A SysOps administrator needs to ensure that all API calls in the AWS account are logged for auditing purposes. The administrator also wants to receive notifications when specific API calls are made. Which THREE services should the administrator use together to achieve this? (Choose THREE.)

273

A SysOps administrator wants to monitor the CPU utilization of an Amazon RDS instance and receive an alert if it exceeds 90% for 5 consecutive minutes. Which TWO AWS services are required to set up this monitoring? (Choose TWO.)

274

A company runs a critical web application on Amazon EC2 instances in an Auto Scaling group across three Availability Zones. The application uses an Application Load Balancer (ALB) for traffic distribution. The SysOps administrator has configured a CloudWatch alarm to monitor the ALB's `TargetResponseTime` metric, with a threshold of 5 seconds. The alarm triggers when the average response time exceeds 5 seconds for 2 consecutive periods. Recently, the alarm has been triggering frequently during peak hours, but the application team reports that the response time is acceptable and the application is performing normally. The administrator investigates and finds that a small number of requests are taking a very long time (over 30 seconds), skewing the average. The administrator needs to reduce the number of false alarms while still being alerted if the overall application performance degrades. Which course of action should the administrator take?

275

A SysOps administrator notices that an EC2 instance's CPU utilization is consistently above 90% during business hours. The instance is part of an Auto Scaling group with a scaling policy based on average CPU utilization. Despite high utilization, no scaling events are triggered. What is the most likely cause?

276

A company has an application running on EC2 instances that sends logs to CloudWatch Logs. The operations team wants to receive a notification when a specific error pattern appears in the logs. Which combination of steps should the team take? (Select TWO.)

277

A SysOps administrator needs to monitor the memory utilization of an EC2 instance running Amazon Linux 2. Which of the following is required to publish memory metrics to CloudWatch?

278

An application running on an EC2 instance writes logs to a local file. The operations team needs to monitor these logs in near real-time for troubleshooting. Which solution provides the most efficient way to stream these logs to CloudWatch Logs?

279

A company has a VPC with public and private subnets. An EC2 instance in a private subnet needs to send logs to CloudWatch Logs. Which steps are necessary to allow this without traversing the internet? (Select TWO.)

280

A SysOps administrator wants to be alerted when an EC2 instance is terminated unexpectedly. Which CloudWatch event should be used to trigger a notification?

281

An organization has a CloudWatch dashboard that displays metrics for multiple AWS services. The dashboard is shared with the operations team. Recently, some team members reported that the dashboard is not loading for them. Which action should the SysOps administrator take to troubleshoot the issue?

282

A company is using AWS CloudTrail to log API activity in their account. The security team needs to be alerted when an IAM user creates a new access key. Which solution meets this requirement with the least operational overhead?

283

A SysOps administrator is troubleshooting an application that runs on an EC2 instance. The application is experiencing high latency, and the administrator suspects a memory leak. Which metrics should the administrator examine first?

284

A company has a production environment with multiple EC2 instances running a web application. The SysOps administrator wants to automate the remediation of instances that fail the EC2 status check. Which approach should the administrator use?

285

A SysOps administrator needs to audit all changes to security groups in an AWS account. Which AWS service should be used to capture these changes?

286

An application is running on an EC2 instance and is experiencing intermittent connection timeouts. The SysOps administrator wants to capture network traffic to analyze the issue. Which AWS service should be used?

287

A company uses AWS Organizations to manage multiple accounts. The security team needs a centralized view of all API calls made across all accounts. Which solution should the SysOps administrator implement?

288

A SysOps administrator is investigating a security incident and needs to determine who deleted an S3 bucket. Which AWS service should be used to find this information?

289

A company has a CloudWatch alarm that monitors the CPU utilization of an EC2 instance. The alarm is set to trigger when CPU utilization exceeds 80% for 5 consecutive minutes. The alarm state is 'INSUFFICIENT_DATA'. What does this mean?

290

A SysOps administrator needs to set up monitoring for an application that runs on an EC2 instance. The application generates custom metrics that should be available for analysis in CloudWatch. Which steps are required to achieve this? (Select TWO.)

291

A company is using AWS CloudTrail to log API activity. The security team wants to be notified when an IAM user attempts to modify an S3 bucket policy. Which actions should be taken to meet this requirement? (Select THREE.)

292

A SysOps administrator needs to monitor the disk space usage on an EC2 instance running Windows Server. Which actions are required to collect this metric? (Select TWO.)

293

A company has a CloudWatch dashboard that displays metrics for several EC2 instances. The SysOps administrator wants to share the dashboard with external stakeholders who do not have AWS accounts. Which actions should the administrator take? (Select TWO.)

294

A SysOps administrator is tasked with setting up a solution that automatically terminates EC2 instances that have been running for more than 24 hours. Which steps should the administrator take? (Select THREE.)

295

A company runs a critical web application on a fleet of EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The operations team uses CloudWatch alarms to monitor the application's health. Recently, they noticed that the application's error rate has increased sporadically, but the CPU utilization and memory usage remain normal. The team suspects that the issue is related to a specific HTTP endpoint returning 5xx errors. They want to set up monitoring that will alert them when the error rate exceeds 5% of total requests over a 5-minute period. The application logs are already sent to CloudWatch Logs. Which combination of steps should the SysOps administrator take to meet this requirement?

296

A company has a production environment that includes an Amazon RDS for MySQL database. The SysOps administrator receives an alert that the database's CPU utilization has been above 90% for the past hour. The administrator checks the CloudWatch metrics and sees that the DatabaseConnections metric is also high. The application team reports that users are experiencing slow response times. The administrator wants to investigate which queries are causing the high CPU. The database is already configured to send logs to CloudWatch Logs. Which course of action should the administrator take to identify the problematic queries?

297

A company runs a web application on an EC2 instance that uses Amazon EBS volumes. The SysOps administrator notices that the instance's disk queue length is consistently high, and the application is experiencing I/O latency. The administrator wants to set up monitoring to alert when the disk queue length exceeds a threshold. Which steps should the administrator take to achieve this? The instance is already sending CloudWatch metrics.

298

A company has a multi-account AWS environment using AWS Organizations. The security team requires that all API calls made in any account be logged to a centralized S3 bucket in the management account. Additionally, the team wants to be alerted when an IAM user in any account creates a new access key. Currently, CloudTrail is enabled in each account but logs are stored locally. Which solution meets these requirements with the least operational overhead?

299

A SysOps administrator is troubleshooting an issue where an Application Load Balancer (ALB) is returning HTTP 503 errors to clients. The target group is healthy, and the instances are passing health checks. What is the most likely cause of the 503 errors?

300

Which TWO actions should a SysOps administrator take to set up centralized logging from multiple Amazon EC2 instances running Amazon Linux 2 to Amazon CloudWatch Logs?

Practice all 300 Monitoring, Logging, and Remediation questions

Other SOA-C02 exam domains

Reliability and Business ContinuityDeployment, Provisioning, and AutomationSecurity and ComplianceNetworking and Content DeliveryCost and Performance Optimization

Frequently asked questions

What does the Monitoring, Logging, and Remediation domain cover on the SOA-C02 exam?

The Monitoring, Logging, and Remediation domain covers the key concepts tested in this area of the SOA-C02 exam blueprint published by Amazon Web Services. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all SOA-C02 domains — no account required.

How many Monitoring, Logging, and Remediation questions are in the SOA-C02 question bank?

The Courseiva SOA-C02 question bank contains 300 questions in the Monitoring, Logging, and Remediation domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Monitoring, Logging, and Remediation for SOA-C02?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Monitoring, Logging, and Remediation questions for SOA-C02?

Yes — the session launcher on this page draws questions exclusively from the Monitoring, Logging, and Remediation domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your SOA-C02 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

SAA-C03DOP-C02