Courseiva

SOA-C02 · topic practice

Monitoring Logging And Remediation practice questions

Use this page to practise SOA-C02 Monitoring Logging And Remediation practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.

20 questionsDomain: Monitoring Logging And Remediation
Practice 10 questionsBrowse domain →

What the exam tests

What to know about Monitoring Logging And Remediation

Monitoring Logging And Remediation questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Practice set

Monitoring Logging And Remediation questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Full question →

A company has an Application Load Balancer (ALB) that routes traffic to targets in private subnets. The SysOps administrator needs to log detailed information about HTTP requests, including client IP, request path, and response time. Which ALB feature should be enabled?

Full question →
Question 2easymultiple choice
Full question →

A company requires that all Amazon EC2 instances launched in its AWS account must have termination protection enabled. The SysOps administrator needs to automatically remediate any instance launched without termination protection. The solution should use AWS managed services without custom scripts. Which AWS service should be used?

Full question →
Question 3mediummultiple choice
Full question →

A company has an AWS account that contains multiple Amazon S3 buckets with sensitive data. A SysOps administrator needs to ensure that all S3 buckets in the account have versioning enabled to protect against accidental deletions. The administrator wants to automatically remediate any bucket that is created without versioning enabled. Which solution should be used?

Full question →
Question 4mediummultiple choice
Full question →

A company requires that all Amazon S3 buckets in its AWS account must be encrypted using AWS KMS (SSE-KMS). The SysOps administrator needs to detect any bucket that does not have KMS encryption enabled and automatically remediate it by enabling encryption. Which AWS service should be used to implement this automated compliance enforcement?

Full question →
Question 5mediummultiple choice
Full question →

A company runs a REST API on Amazon EC2 instances behind an Application Load Balancer. The SysOps administrator needs to monitor the API endpoint from multiple geographic locations and receive an alarm if the p90 latency exceeds 2 seconds for two consecutive checks. The solution must use AWS managed services and not require custom code running on EC2. Which approach should the administrator use?

Full question →
Question 6mediummultiple choice
Full question →

A company runs a critical production database on Amazon RDS for MySQL with a Multi-AZ deployment. The database experiences a primary instance failure. The SysOps administrator needs to understand exactly how the failover process worked and why the application experienced a longer-than-expected downtime. Which AWS service or feature should the administrator use to review detailed events and actions during the failover?

Full question →
Question 7hardmultiple choice
Full question →

A company's security policy requires that all Amazon S3 buckets must be encrypted at rest with AWS Key Management Service (AWS KMS) customer managed keys. A SysOps administrator discovers that some buckets are not encrypted. Which combination of AWS services should be used to automatically detect and remediate non-compliant buckets using infrastructure as code?

Full question →
Question 8mediummultiple choice
Full question →

A company hosts a web application behind an Application Load Balancer (ALB) in us-east-1. Users in Europe report high latency. The SysOps administrator decides to use AWS Global Accelerator to improve performance by directing traffic to the closest edge location. However, the application logs require the original client IP addresses of users. The ALB currently provides the client IP via the X-Forwarded-For header, but the development team warns that Global Accelerator may change the source IP. Which configuration should the administrator choose to meet both performance and logging requirements?

Full question →
Question 9mediummultiple choice
Full question →

A company's security policy requires that all Amazon S3 buckets must be encrypted at rest using server-side encryption with Amazon S3 managed keys (SSE-S3). A SysOps administrator needs to automatically detect any bucket that does not have encryption enabled and automatically apply SSE-S3 encryption. The solution should leverage AWS managed services and minimize custom code. Which combination of AWS services should be used?

Full question →
Question 10mediummultiple choice
Full question →

A company's security policy requires that all new Amazon S3 buckets must have server-side encryption with AWS Key Management Service (SSE-KMS) enabled by default. A SysOps administrator wants to enforce this requirement for all current and future S3 buckets in the account. Which AWS service or feature should be used to automatically apply this configuration?

Full question →
Question 11hardmultiple choice
Full question →

A company runs a large number of EC2 instances across multiple accounts and regions. The finance team needs to track costs per project and department. Each EC2 instance must be tagged with a ProjectID and Department tag. A SysOps administrator needs to ensure that all newly launched EC2 instances are tagged automatically before they can be used, and that existing untagged instances are retroactively tagged. The tags must be propagated to cost reports in AWS Cost Explorer. Which combination of steps will achieve this with the least operational overhead?

Full question →
Question 12mediummultiple choice
Full question →

A company uses Amazon CloudFront to serve content from a custom origin. A SysOps administrator needs to detect IP addresses that generate a high rate of HTTP 403 (Forbidden) errors, which may indicate malicious bots attempting to access restricted content. The administrator wants to automatically add these IP addresses to a AWS WAF IP set to block them. Which solution meets this requirement with the least operational overhead?

Full question →
Question 13mediummultiple choice
Full question →

A company needs to continuously scan Amazon EC2 instances for software vulnerabilities and unintended network exposure. Which AWS service should be used?

Full question →
Question 14mediummultiple choice
Full question →

A company's security team requires that all Amazon S3 buckets are encrypted at rest using server-side encryption with Amazon S3 managed keys (SSE-S3). A SysOps administrator needs to automatically detect any S3 bucket that does not have encryption enabled and automatically apply SSE-S3 encryption. The solution should leverage AWS managed services and minimize custom code. Which combination of AWS services should be used?

Full question →
Question 15easymultiple choice
Full question →

A company runs containerized applications on Amazon ECS using the Fargate launch type. The SysOps administrator needs to monitor CPU and memory utilization at the task level. Which AWS service provides pre-built dashboards and metrics for this purpose?

Full question →
Question 16mediummultiple choice
Full question →

A company uses Amazon S3 to store sensitive customer data. A SysOps administrator needs to ensure that any S3 bucket that is incorrectly configured to allow public read access is automatically remediated within five minutes. The administrator wants to use native AWS services with minimal custom code. Which solution should be used?

Full question →
Question 17easymultiple choice
Full question →

A company's security policy requires that the AWS account root user must have multi-factor authentication (MFA) enabled. A SysOps administrator needs to continuously verify compliance and automatically notify the security team if the root user is not configured with MFA. Which AWS service can be used to create a compliance rule for this requirement?

Full question →
Question 18hardmultiple choice
Full question →

A SysOps administrator manages Amazon EC2 instances in multiple AWS accounts. The administrator needs to collect and analyze network traffic logs to identify the top IP addresses generating the most traffic to the instances. The administrator must centralize this analysis in a single monitoring account that has cross-account access to the logs. Which combination of AWS services should the administrator use?

Full question →
Question 19hardmultiple choice
Full question →

A company's security policy requires that all Amazon S3 buckets must be non-publicly accessible. The SysOps administrator needs to automatically detect any bucket that becomes publicly accessible and automatically remediate it by applying a bucket policy that blocks public access. The solution should use AWS managed services with minimal custom code. Which combination of services should be used?

Full question →
Question 20easymultiple choice
Full question →

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to count the occurrences of the string 'ERROR' in the logs and trigger an Amazon SNS notification when more than 10 errors occur within a 5-minute window. Which steps should the administrator take?

Full question →
Continue with 20-question session →

Watch out for

Common Monitoring Logging And Remediation exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Sign up freeLog in

Focused Monitoring Logging And Remediation sessions

Start a Monitoring Logging And Remediation only practice session

Every question in these sessions is drawn from the Monitoring Logging And Remediation domain — nothing else.

10 questions20 questions30 questions50 questions
Browse all Monitoring Logging And Remediation questions →Mixed SOA-C02 session

Related practice questions

Related SOA-C02 topic practice pages

Move into related areas when this topic feels solid.

SOA-C02 fundamentals practice questions

Practise SOA-C02 questions linked to SOA-C02 fundamentals.

SOA-C02 scenario practice questions

Practise SOA-C02 questions linked to SOA-C02 scenario.

SOA-C02 troubleshooting practice questions

Practise SOA-C02 questions linked to SOA-C02 troubleshooting.

Frequently asked questions

What does the SOA-C02 exam test about Monitoring Logging And Remediation?
Monitoring Logging And Remediation questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Monitoring Logging And Remediation questions in a focused session?
Yes — the session launcher on this page draws every question from the Monitoring Logging And Remediation domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SOA-C02 topics?
Use the topic links above to move to related areas, or go back to the SOA-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SOA-C02 exam covers. They are not copied from any real exam or dump site.