SOA-C02 · topic practice

Monitoring, Logging, and Remediation practice questions

Practise AWS Certified SysOps Administrator Associate SOA-C02 Monitoring, Logging, and Remediation practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Monitoring, Logging, and Remediation

What the exam tests

What to know about Monitoring, Logging, and Remediation

Monitoring, Logging, and Remediation questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Monitoring, Logging, and Remediation exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Monitoring, Logging, and Remediation questions

20 questions · select your answer, then reveal the explanation

A company uses AWS CloudTrail to log API calls across all regions. The SysOps administrator notices that logs for a specific region are missing from the centralized S3 bucket. What is the most likely cause?

A SysOps team needs to monitor application logs in Amazon CloudWatch Logs for specific error codes and automatically invoke an AWS Lambda function for remediation within 5 minutes of an error occurring. Which solution involves the least operational overhead?

A company uses an Amazon S3 bucket to store sensitive data. The SysOps administrator needs to be notified within 15 minutes if any object in the bucket becomes publicly accessible. Which solution will meet this requirement with the least operational overhead?

A SysOps administrator is troubleshooting an application that runs on AWS Lambda. The application occasionally fails with timeout errors. The administrator needs to identify the exact lines of code that are causing the delays. Which AWS service or feature should be used to gather this information?

Question 5mediummultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance fleet and send an alert when the average CPU utilization exceeds 80% for 10 consecutive minutes. The administrator also wants to automatically stop the instance if the CPU utilization remains above 90% for 30 minutes to prevent runaway costs. Which combination of AWS services should be used?

A SysOps administrator manages an application that runs on Amazon EC2 instances and stores critical data in Amazon Elastic Block Store (EBS) volumes. The administrator needs to monitor the EBS volumes for any performance bottlenecks. The key metric of interest is the average number of I/O operations per second (IOPS) that are waiting to be completed. Which Amazon CloudWatch metric should the administrator examine?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator manages an Amazon RDS for MySQL instance that handles a critical web application. During peak traffic, the number of database connections exceeds 500 for more than 15 minutes, leading to connection timeouts. The administrator wants to automatically increase the DB instance size when the connection count remains high, and decrease it when the load drops, to balance performance and cost. Which combination of AWS services should be used to achieve this automation with the least operational overhead?

A company uses Amazon CloudFront to serve content from a custom origin. A SysOps administrator needs to detect IP addresses that generate a high rate of HTTP 403 (Forbidden) errors, which may indicate malicious bots attempting to access restricted content. The administrator wants to automatically add these IP addresses to a AWS WAF IP set to block them. Which solution meets this requirement with the least operational overhead?

A SysOps administrator manages an Application Load Balancer (ALB) that distributes traffic to an Auto Scaling group of EC2 instances. The administrator needs to receive a notification whenever the number of unhealthy targets in the ALB target group exceeds a threshold of 2 for at least 5 consecutive minutes. Which solution meets this requirement with the least operational overhead?

Question 10mediummultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator needs to monitor AWS CloudTrail logs for any calls to the 'CreateUser' API in AWS Identity and Access Management (IAM). When such an API call is detected, the administrator wants to receive a notification within a few minutes and also log the event to a central log group in Amazon CloudWatch Logs. The solution should use minimal custom code. Which combination of services should be used?

A SysOps administrator needs to monitor the health of an Amazon RDS for MySQL DB instance. The administrator wants to receive an alert when the database connection count exceeds a threshold of 500 for more than 5 minutes. Which AWS service should be used to create this alert?

Question 12mediummultiple choice
Read the full NAT/PAT explanation →

A company runs a web application on Amazon EC2 instances. The application logs are sent to Amazon CloudWatch Logs. The SysOps administrator needs to monitor the logs for an increasing number of HTTP 500 errors. The administrator wants to create a metric filter that will count the number of lines containing 'HTTP 500' in the log group. Which syntax should the administrator use for the metric filter pattern?

A SysOps administrator needs to view a graph of the average CPU utilization of an Auto Scaling group over the past 24 hours. The administrator wants to share this graph with the team via a link that does not require AWS console login. Which AWS service should be used to create and share this graph?

Question 14mediummultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator needs to automatically restart an Amazon RDS DB instance when the 'DatabaseConnections' metric exceeds a threshold of 200 for 5 consecutive minutes. The administrator wants a solution that uses minimal custom code and leverages AWS managed services. Which combination of services should be used?

Question 15easymultiple choice
Read the full NAT/PAT explanation →

A company uses Amazon CloudWatch to monitor its Amazon EC2 instances. The SysOps administrator wants to receive an email notification when any EC2 instance's CPUUtilization metric exceeds 90% for 5 consecutive minutes. Which combination of services should be used to meet this requirement with the least operational overhead?

A SysOps administrator needs to monitor Amazon S3 for object-level operations such as PUT and DELETE events in a specific bucket. The administrator wants these events to be sent to an Amazon SQS queue for downstream processing by an application. Which solution should be used to achieve this with the least operational overhead?

Question 17mediummultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator needs to monitor the CPU utilization of an Amazon EC2 instance and receive an email notification when the metric exceeds 90% for 5 consecutive minutes. The solution should use the least operational overhead. Which combination of AWS services should be used?

A company uses AWS CloudTrail to log API activity. The SysOps administrator needs to receive an email notification whenever a new IAM user is created. Which AWS services should be used together to meet this requirement with the least operational overhead?

Question 19easymultiple choice
Read the full NAT/PAT explanation →

A company uses Amazon CloudWatch Logs to store application logs. The SysOps administrator needs to detect when the number of log entries containing the string 'ERROR' exceeds 100 in any 5-minute window. When this threshold is breached, an email should be sent to the operations team. Which combination of AWS services should be used with the least operational overhead?

Question 20hardmultiple choice
Read the full NAT/PAT explanation →

A SysOps administrator monitors a custom business metric published to Amazon CloudWatch. The metric exhibits irregular spikes that are not predictable. The administrator needs to be alerted when the metric deviates significantly from its normal pattern. Which CloudWatch feature should be used to set up the alarm with the least manual tuning?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Monitoring, Logging, and Remediation sessions

Start a Monitoring, Logging, and Remediation only practice session

Every question in these sessions is drawn from the Monitoring, Logging, and Remediation domain — nothing else.

Related practice questions

Related SOA-C02 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the SOA-C02 exam test about Monitoring, Logging, and Remediation?
Monitoring, Logging, and Remediation questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Monitoring, Logging, and Remediation questions in a focused session?
Yes — the session launcher on this page draws every question from the Monitoring, Logging, and Remediation domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other SOA-C02 topics?
Use the topic links above to move to related areas, or go back to the SOA-C02 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the SOA-C02 exam covers. They are not copied from any real exam or dump site.