Question 807 of 1,733
Operations and MaintenancehardMultiple ChoiceObjective-mapped

Quick Answer

The answer is that the query returns no results because the log events are in JSON format, not plain text, so the ERROR string is nested within a JSON field rather than directly in the @message field. CloudWatch Logs Insights stores the entire raw log event in the @message field, but when logs are in JSON format, the filter `@message like /ERROR/` fails because the string is part of a structured key-value pair, not a standalone plain-text line. This is a common trap on the AWS Certified SAP on AWS Specialty PAS-C01 exam, testing your understanding of how CloudWatch Logs parses different log formats—JSON logs require parsing with functions like `parse @message '$.level'` or using the `filter` command on specific JSON fields. The exam often presents this scenario to catch candidates who assume all logs are plain text. Memory tip: think “JSON means nested—filter the field, not the message.”

PAS-C01 Operations and Maintenance Practice Question

This PAS-C01 practice question tests your understanding of operations and maintenance. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Refer to the exhibit.

CloudWatch Logs Insights query:
fields @timestamp, @message
| filter @message like /ERROR/
| stats count() by @logStream
| sort count() desc
| limit 10

An SAP administrator runs the above CloudWatch Logs Insights query on an application log group. The query returns no results even though the administrator knows there are ERROR messages in the logs. What is the most likely cause?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1hardmultiple choice
Full question →

Exhibit

Refer to the exhibit.

CloudWatch Logs Insights query:
fields @timestamp, @message
| filter @message like /ERROR/
| stats count() by @logStream
| sort count() desc
| limit 10

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field.

Option B is correct because the query filters on the @message field, but CloudWatch Logs stores the log event message in the @message field. However, if the log events are not parsed correctly (e.g., if using JSON logs), the filter may not match. Option A is wrong because the syntax is correct. Option C is wrong because the query does not use regex. Option D is wrong because time range affects the results but does not cause zero results if errors exist.

Key principle: NAT direction and interface roles matter as much as the IP address mapping. Inside/outside designation controls which traffic is translated.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The query uses a regex pattern that is not supported by CloudWatch Logs Insights.

    Why it's wrong here

    CloudWatch Logs Insights supports regex.

  • The query syntax is incorrect; the filter should use 'like' instead of '/.../'.

    Why it's wrong here

    The syntax is valid; filter with /.../ is regex.

  • The time range is set to a period when no ERROR messages were logged.

    Why it's wrong here

    The administrator knows errors exist, so the time range should include them.

  • The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field.

    Why this is correct

    If logs are JSON, @message contains the entire JSON string; the filter may need to target a specific field.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Static NAT maps one inside address to one outside address.

Common exam traps

Common exam trap: NAT rules depend on direction and matching traffic

NAT is not only about the public address. The inside/outside interface roles and the ACL or rule that matches traffic are just as important.

Detailed technical explanation

How to think about this question

NAT questions usually test address translation, overload/PAT behaviour, static mappings and whether the right traffic is being translated. Read the interface direction and address terms carefully.

KKey Concepts to Remember

  • Static NAT maps one inside address to one outside address.
  • PAT allows many inside hosts to share one public address using ports.
  • Inside local and inside global describe the private and translated addresses.
  • NAT ACLs identify traffic for translation, not always security filtering.

TExam Day Tips

  • Identify inside and outside interfaces first.
  • Check whether the scenario needs static NAT, dynamic NAT or PAT.
  • Do not confuse NAT matching ACLs with normal packet-filtering intent.

Key takeaway

NAT direction and interface roles matter as much as the IP address mapping. Inside/outside designation controls which traffic is translated.

Real-world example

How this comes up in practice

A cloud solutions architect for a retail company is evaluating services for a new workload. The correct answer here reflects best practice for the specific scenario described — not a general cloud recommendation. NAT direction and interface roles matter as much as the IP address mapping. Inside/outside designation controls which traffic is translated. Cloud exam questions reward reading the constraint carefully: the same technology can be right or wrong depending on the use case.

What to study next

Got this wrong? Here's your next step.

Review the four NAT address types (inside local, inside global, outside local, outside global), PAT port overload, and static vs dynamic NAT use cases. Then practise related PAS-C01 NAT questions on configuration and troubleshooting.

Related practice questions

Related PAS-C01 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free PAS-C01 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this PAS-C01 question test?

Operations and Maintenance — This question tests Operations and Maintenance — Static NAT maps one inside address to one outside address..

What is the correct answer to this question?

The correct answer is: The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field. — Option B is correct because the query filters on the @message field, but CloudWatch Logs stores the log event message in the @message field. However, if the log events are not parsed correctly (e.g., if using JSON logs), the filter may not match. Option A is wrong because the syntax is correct. Option C is wrong because the query does not use regex. Option D is wrong because time range affects the results but does not cause zero results if errors exist.

What should I do if I get this PAS-C01 question wrong?

Review the four NAT address types (inside local, inside global, outside local, outside global), PAT port overload, and static vs dynamic NAT use cases. Then practise related PAS-C01 NAT questions on configuration and troubleshooting.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Static NAT maps one inside address to one outside address.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 20, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This PAS-C01 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PAS-C01 exam.