Monitoring, Logging, and Remediation

A company uses AWS CloudTrail to log API calls across all regions. The SysOps administrator notices that logs for a specific region are missing from the centralized S3 bucket. What is the most likely cause?

A SysOps team needs to monitor application logs in Amazon CloudWatch Logs for specific error codes and automatically invoke an AWS Lambda function for remediation within 5 minutes of an error occurring. Which solution involves the least operational overhead?

A company uses an Amazon S3 bucket to store sensitive data. The SysOps administrator needs to be notified within 15 minutes if any object in the bucket becomes publicly accessible. Which solution will meet this requirement with the least operational overhead?

A SysOps administrator is troubleshooting an application that runs on AWS Lambda. The application occasionally fails with timeout errors. The administrator needs to identify the exact lines of code that are causing the delays. Which AWS service or feature should be used to gather this information?

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance fleet and send an alert when the average CPU utilization exceeds 80% for 10 consecutive minutes. The administrator also wants to automatically stop the instance if the CPU utilization remains above 90% for 30 minutes to prevent runaway costs. Which combination of AWS services should be used?

A SysOps administrator manages an application that runs on Amazon EC2 instances and stores critical data in Amazon Elastic Block Store (EBS) volumes. The administrator needs to monitor the EBS volumes for any performance bottlenecks. The key metric of interest is the average number of I/O operations per second (IOPS) that are waiting to be completed. Which Amazon CloudWatch metric should the administrator examine?

A SysOps administrator manages an Amazon RDS for MySQL instance that handles a critical web application. During peak traffic, the number of database connections exceeds 500 for more than 15 minutes, leading to connection timeouts. The administrator wants to automatically increase the DB instance size when the connection count remains high, and decrease it when the load drops, to balance performance and cost. Which combination of AWS services should be used to achieve this automation with the least operational overhead?

A company uses Amazon CloudFront to serve content from a custom origin. A SysOps administrator needs to detect IP addresses that generate a high rate of HTTP 403 (Forbidden) errors, which may indicate malicious bots attempting to access restricted content. The administrator wants to automatically add these IP addresses to a AWS WAF IP set to block them. Which solution meets this requirement with the least operational overhead?

A SysOps administrator manages an Application Load Balancer (ALB) that distributes traffic to an Auto Scaling group of EC2 instances. The administrator needs to receive a notification whenever the number of unhealthy targets in the ALB target group exceeds a threshold of 2 for at least 5 consecutive minutes. Which solution meets this requirement with the least operational overhead?

A SysOps administrator needs to monitor AWS CloudTrail logs for any calls to the 'CreateUser' API in AWS Identity and Access Management (IAM). When such an API call is detected, the administrator wants to receive a notification within a few minutes and also log the event to a central log group in Amazon CloudWatch Logs. The solution should use minimal custom code. Which combination of services should be used?

A SysOps administrator needs to monitor the health of an Amazon RDS for MySQL DB instance. The administrator wants to receive an alert when the database connection count exceeds a threshold of 500 for more than 5 minutes. Which AWS service should be used to create this alert?

A company runs a web application on Amazon EC2 instances. The application logs are sent to Amazon CloudWatch Logs. The SysOps administrator needs to monitor the logs for an increasing number of HTTP 500 errors. The administrator wants to create a metric filter that will count the number of lines containing 'HTTP 500' in the log group. Which syntax should the administrator use for the metric filter pattern?

A SysOps administrator needs to view a graph of the average CPU utilization of an Auto Scaling group over the past 24 hours. The administrator wants to share this graph with the team via a link that does not require AWS console login. Which AWS service should be used to create and share this graph?

A SysOps administrator needs to automatically restart an Amazon RDS DB instance when the 'DatabaseConnections' metric exceeds a threshold of 200 for 5 consecutive minutes. The administrator wants a solution that uses minimal custom code and leverages AWS managed services. Which combination of services should be used?

A company uses Amazon CloudWatch to monitor its Amazon EC2 instances. The SysOps administrator wants to receive an email notification when any EC2 instance's CPUUtilization metric exceeds 90% for 5 consecutive minutes. Which combination of services should be used to meet this requirement with the least operational overhead?

A SysOps administrator needs to monitor Amazon S3 for object-level operations such as PUT and DELETE events in a specific bucket. The administrator wants these events to be sent to an Amazon SQS queue for downstream processing by an application. Which solution should be used to achieve this with the least operational overhead?

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and receive an email notification when the metric exceeds 90% for 5 consecutive minutes. The solution should use the least operational overhead. Which combination of AWS services should be used?

A company uses AWS CloudTrail to log API activity. The SysOps administrator needs to receive an email notification whenever a new IAM user is created. Which AWS services should be used together to meet this requirement with the least operational overhead?

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to detect when the number of log entries containing the string 'ERROR' exceeds 100 in any 5-minute window. When this threshold is breached, an email should be sent to the operations team. Which combination of AWS services should be used with the least operational overhead?

A SysOps administrator monitors a custom business metric published to Amazon CloudWatch. The metric exhibits irregular spikes that are not predictable. The administrator needs to be alerted when the metric deviates significantly from its normal pattern. Which CloudWatch feature should be used to set up the alarm with the least manual tuning?

A SysOps administrator needs to monitor the application logs of a web server and receive an email notification when the number of 'ERROR' log entries exceeds 100 in a 5-minute window. The logs are already being sent to Amazon CloudWatch Logs. Which combination of AWS services should be used to meet this requirement with the least operational overhead?

A SysOps administrator configures AWS CloudTrail to log all management events in a company's AWS account. The administrator needs to ensure that CloudTrail logs are not deleted for at least 5 years to meet compliance requirements. Which configuration should the administrator apply?

A SysOps administrator needs to monitor the disk usage on Amazon EC2 instances running Linux. The administrator wants to collect disk utilization metrics every 5 minutes and set up an alarm when disk usage exceeds 80%. Which solution meets these requirements?

A SysOps administrator needs to monitor memory utilization of an Amazon EC2 instance. The default Amazon CloudWatch metrics for EC2 do not include memory utilization. Which solution should the administrator implement to collect memory metrics and set alarms?

A SysOps administrator needs to monitor application logs stored in Amazon CloudWatch Logs for the term 'CRITICAL'. When more than 5 'CRITICAL' entries appear in a 5-minute window, the administrator wants to automatically restart the underlying Amazon EC2 instance. Which solution should the administrator implement?

A company runs containerized applications on Amazon ECS using the Fargate launch type. The SysOps administrator needs to monitor CPU and memory utilization at the task level. Which AWS service provides pre-built dashboards and metrics for this purpose?

A SysOps administrator needs to monitor the CPU utilization of an Amazon RDS DB instance and receive an alarm when CPU utilization exceeds 80% for 5 consecutive minutes. Which AWS service should be used to create this alarm?

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps administrator needs to monitor the application's HTTP 5xx error rate and set an alarm when the error rate exceeds 5% over a 5-minute period. The alarm must trigger an Amazon SNS notification. Which metric should be used for the alarm?

A SysOps administrator needs to monitor a custom application metric 'OrdersPerMinute' published to Amazon CloudWatch. The metric should trigger an alarm when the count exceeds 100 for more than 2 consecutive data points, but only during business hours (9 AM to 5 PM weekdays). The alarm must evaluate the metric as a rate per minute. How should the administrator configure the alarm?

An application writes error logs to Amazon CloudWatch Logs. The SysOps administrator needs to monitor for the occurrence of the string 'ERROR' in the logs and trigger an Amazon SNS notification if more than 10 errors occur within a 5-minute window. The administrator also wants to visualize the error count over time. Which approach should be used to meet these requirements with the least operational overhead?

A company runs a web application on Amazon EC2 instances. The SysOps administrator needs to monitor two metrics: high CPU utilization (greater than 90%) and high memory utilization (greater than 85%). An alarm should trigger when both conditions are true simultaneously for a period of 5 minutes. Which CloudWatch feature should the administrator use to create this alarm?

A web application publishes a custom metric 'FailedLoginAttempts' to Amazon CloudWatch. The SysOps administrator needs to be notified via Amazon SNS when the number of failed login attempts exceeds 100 within a 5-minute period. Which AWS service or feature should be used to create this notification?

A company runs a REST API on Amazon EC2 instances behind an Application Load Balancer. The SysOps administrator needs to monitor the API endpoint from multiple geographic locations and receive an alarm if the p90 latency exceeds 2 seconds for two consecutive checks. The solution must use AWS managed services and not require custom code running on EC2. Which approach should the administrator use?

A company runs a multi-tier application that uses an Amazon RDS for PostgreSQL database. The SysOps administrator needs to monitor the database for performance anomalies, such as sudden spikes in connections or query latencies. The administrator wants to receive alerts when metrics deviate from their expected baseline. The solution must automatically adjust to changes in normal behavior over time, such as seasonal patterns. Which AWS service or feature should the administrator use?

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and send an alert when it exceeds 90% for 5 consecutive minutes. Which combination of AWS services should the administrator use to meet this requirement?

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to count the occurrences of the string 'ERROR' in the logs and trigger an Amazon SNS notification when more than 10 errors occur within a 5-minute window. Which steps should the administrator take?

A company uses AWS CloudTrail to record all API activity. The SysOps administrator needs to be alerted in real time when an IAM user creates a new access key. Which combination of AWS services should be used to create this alert?

A company needs to continuously scan Amazon EC2 instances for software vulnerabilities and unintended network exposure. Which AWS service should be used?

A SysOps administrator needs to monitor Amazon EC2 instances for disk space usage. Disk space metrics are not available by default in Amazon CloudWatch. The administrator wants to collect disk space metrics from all EC2 instances across multiple AWS accounts and aggregate them in a single CloudWatch dashboard. Which combination of steps should the administrator take?

A SysOps administrator needs to create a custom Amazon CloudWatch metric to track the number of active user sessions from application logs. The administrator wants to publish this metric to CloudWatch and set an alarm when the count exceeds a threshold. Which solution should be used?

A SysOps administrator needs to receive an email notification when an IAM user's console login fails. Which AWS service should be used to set up this notification?

A SysOps administrator needs to audit all API calls made in an AWS account for compliance and security analysis. The logs must be stored securely for at least one year. Which AWS service should the administrator enable?

A SysOps administrator needs to monitor application logs in Amazon CloudWatch Logs for the occurrence of the string 'ERROR'. The administrator wants to create a custom metric that counts the number of 'ERROR' occurrences per 5-minute window and trigger an Amazon CloudWatch alarm when the count exceeds 10. Which action should the administrator take to create the custom metric?

A SysOps administrator manages Amazon EC2 instances in multiple AWS accounts. The administrator needs to collect and analyze network traffic logs to identify the top IP addresses generating the most traffic to the instances. The administrator must centralize this analysis in a single monitoring account that has cross-account access to the logs. Which combination of AWS services should the administrator use?

An application logs user authentication attempts to Amazon CloudWatch Logs. The SysOps administrator needs to create a custom metric that counts the number of failed authentication attempts every 5 minutes and trigger an alarm when the count exceeds 5. Which combination of actions should the administrator take?

A company uses AWS Organizations with multiple accounts. The SysOps administrator needs to centralize the monitoring of all API calls made in any account for security analysis. The solution must collect logs from all accounts, both existing and future, and deliver them to a centralized S3 bucket in the management account. Which AWS service should the administrator use?

A SysOps administrator needs to analyze application logs stored in Amazon CloudWatch Logs to find specific error patterns across multiple log groups. The administrator wants to run queries to filter and parse the logs. Which feature should the administrator use?

A SysOps administrator manages multiple AWS accounts and wants to create a single Amazon CloudWatch dashboard that displays real-time metrics from all accounts in one view. The administrator needs to avoid managing separate dashboards for each account. Which solution should the administrator implement?

A SysOps administrator needs to detect unauthorized changes to security groups and automatically notify the operations team. Which two AWS services should be part of the solution? (Choose 2.)

A SysOps administrator needs to monitor memory utilization on an Amazon EC2 instance. Memory metrics are not available by default in Amazon CloudWatch for EC2 instances. Which action should the administrator take to collect memory utilization metrics?