PAS-C01 CloudWatch Logs Insights Practice Question
This PAS-C01 practice question tests your understanding of operations and maintenance. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: cloudWatch Logs Insights. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
Refer to the exhibit.
CloudWatch Logs Insights query:
fields @timestamp, @message
| filter @message like /ERROR/
| stats count() by @logStream
| sort count() desc
| limit 10
An SAP administrator runs the above CloudWatch Logs Insights query on an application log group. The query returns no results even though the administrator knows there are ERROR messages in the logs. What is the most likely cause?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue: "most likely"
Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Exhibit
Refer to the exhibit.
CloudWatch Logs Insights query:
fields @timestamp, @message
| filter @message like /ERROR/
| stats count() by @logStream
| sort count() desc
| limit 10
A
The query uses a regex pattern that is not supported by CloudWatch Logs Insights.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field.
The correct answer is D. CloudWatch Logs Insights uses the @message field to filter log events. When logs are in JSON format, the error string may be nested within a JSON field, and the plain text search for 'ERROR' on @message will not match if the @message contains the entire JSON object. Instead, the query should parse JSON fields using 'filter ispresent' or filter on specific parsed fields. Option A is incorrect because CloudWatch Logs Insights supports regex patterns with '/pattern/'. Option B is incorrect because 'like' is not a valid operator; the correct operator for pattern matching is 'like' as a keyword, but regex is supported. Option C is incorrect because the time range could affect results but is not the most likely cause if errors are known to exist.
Key principle: CloudWatch Logs Insights
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
The query uses a regex pattern that is not supported by CloudWatch Logs Insights.
Why it's wrong here
CloudWatch Logs Insights supports regex.
✗
The query syntax is incorrect; the filter should use 'like' instead of '/.../'.
Why it's wrong here
The syntax is valid; filter with /.../ is regex.
✗
The time range is set to a period when no ERROR messages were logged.
Why it's wrong here
The administrator knows errors exist, so the time range should include them.
✓
The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field.
Why this is correct
If logs are JSON, @message contains the entire JSON string; the filter may need to target a specific field.
Clue confirmation
The clue word "most likely" in the question point toward this answer.
Related concept
CloudWatch Logs Insights
Common exam traps
Common exam trap: answer the scenario, not the keyword
Many certification questions include familiar terms but test a specific constraint. Read the exact wording before choosing an answer that is generally true but wrong for this case.
Detailed technical explanation
How to think about this question
Treat this as a scenario question. Identify the problem, the constraint, and the best action. Then compare each option against those facts.
KKey Concepts to Remember
CloudWatch Logs Insights
@message field
JSON log parsing
Filter and regex in CloudWatch Logs Insights
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
CloudWatch Logs Insights
Real-world example
How this comes up in practice
A media company stores terabytes of video archives that are accessed once a year for audit purposes. Moving these objects to a cold storage tier (Azure Archive, S3 Glacier, or Google Nearline) costs a fraction of hot storage. Questions like this test whether you understand storage tiers, access frequency tradeoffs, and retrieval latency requirements.
What to study next
Got this wrong? Here's your next step.
Review cloudWatch Logs Insights, then practise related PAS-C01 questions on the same topic to reinforce the concept.
Operations and Maintenance — This question tests Operations and Maintenance — CloudWatch Logs Insights.
What is the correct answer to this question?
The correct answer is: The log events are not in plain text; they are in JSON format and the ERROR string is within a JSON field. — The correct answer is D. CloudWatch Logs Insights uses the @message field to filter log events. When logs are in JSON format, the error string may be nested within a JSON field, and the plain text search for 'ERROR' on @message will not match if the @message contains the entire JSON object. Instead, the query should parse JSON fields using 'filter ispresent' or filter on specific parsed fields. Option A is incorrect because CloudWatch Logs Insights supports regex patterns with '/pattern/'. Option B is incorrect because 'like' is not a valid operator; the correct operator for pattern matching is 'like' as a keyword, but regex is supported. Option C is incorrect because the time range could affect results but is not the most likely cause if errors are known to exist.
What should I do if I get this PAS-C01 question wrong?
Review cloudWatch Logs Insights, then practise related PAS-C01 questions on the same topic to reinforce the concept.
Are there clue words in this question I should notice?
Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
What is the key concept behind this question?
CloudWatch Logs Insights
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This PAS-C01 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PAS-C01 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.