You are a system administrator and you need to view the metrics that are available in the Amazon EC2 instance namespace. What command can you type into the Amazon CLI?
Where can you look up metrics that are available in Amazon CloudWatch?
How can you access Amazon CloudWatch?
Which service can use Amazon CloudWatch alarms to increase or decrease capacity based on compute load (CPU utilization, etc.)?
Which of the following are valid alarm states for Amazon CloudWatch? (Choose three.)
You have been asked to create Amazon CloudWatch alarms for each of your organization’s 600 servers, which all reside within the same region. Assuming you create five alarms per server, will you be able to create alarms for each of the servers?
You are a system administrator at your company, and you have been asked to check why an existing Amazon CloudWatch alarm is showing INSUFFICIENT_DATA for one of your established servers. What is the best explanation for why this is occurring?
You are a system administrator at your company, and you have been asked to check why a new Amazon CloudWatch alarm is showing INSUFFICIENT_DATA for one of your established servers. What is the best explanation for why this is occurring?
Your bosses have come to you and have asked you if there is a way for them to get real-time notifications if a certain Amazon CloudWatch alarm is triggered. What should your bosses do to ensure that they can get real-time notifications? The answer should minimize administrative overhead.
You need to set up an Amazon CloudWatch alarm that will trigger after four failed evaluations of the alarm metrics in a 5-minute period. What do you need to set the evaluation period and the data points to alarm to so that you get the desired result?
Your boss has asked you to ensure that the 5-minute data points from CloudWatch are available for at least 60 days. What do you need to change within Amazon CloudWatch to ensure that you have at least 60 days’ worth of 5-minute data points?
What is a namespace in Amazon CloudFront?
In which Amazon CloudWatch namespace would the metrics for EC2 be located?
In which Amazon CloudWatch namespace would the metrics for an Application Load Balancer be located?
You have been asked to retrieve some statistics from Amazon CloudWatch for a production server that is having issues. Your organization uses dimensions to further identify custom metrics. You know that the published dimension for the metric contains the following:
Dimensions: Server=Production, Site=Location1
Which of the following could be used to retrieve the statistics that you need?
Which of these Amazon EC2 metrics require that an agent be installed on the server so that Amazon CloudWatch can gather the statistics for the system?
When using Amazon CloudWatch, there are two types of health checks used for EC2 instances. Which of the following options are valid status checks? (Choose two.)
You are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
You are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
You are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
You want to check the status of your Amazon EC2 instances. What is the command that you would enter into the AWS CLI to check the status of your instances?
You have been asked to ensure that some of your organization’s junior system administrators can access Amazon CloudWatch to look at metrics. They have very limited credentials currently. Which policy can they be given that will enable them to view CloudWatch metrics without granting them additional access to the other AWS services?
Your boss has asked you to ensure that your Amazon EC2 instances have metrics being measured every 5 minutes. What type of monitoring should you use?
Your boss has asked you to ensure that your Amazon EC2 instances have metrics being measured every minute. What type of monitoring should you use?
You want to be able to store all of your log files from on-premises systems and AWS systems. Which AWS solution will allow you to store all of your log files in one place that will allow Amazon CloudWatch to monitor them?
You are wanting to move some Solaris servers to AWS from your on-prem datacenter and you would like to take advantage of CloudWatch Logs. Will you be able to install the agent for Linux on your Solaris servers?
You want to ensure that you are able to update your Amazon CloudWatch Logs agent on your Red Hat Linux servers without having to manually copy and install the update package. How can you accomplish this task with the least amount of administrative overhead?
You have chosen to update an existing server’s Amazon CloudWatch agent using the Red Hat Package Manager (RPM). When the agent was first installed, a Python script was used. Since the update through RPM, you are no longer receiving logs in Amazon CloudWatch. When you check the server, you find that the configuration has changed. What is the most likely cause?
Which is a type of log that you can get from the Amazon CloudWatch Logs agent for Windows?
Which is a type of log that you can get from the Amazon CloudWatch Logs agent for Windows?
The Amazon CloudWatch Logs agent for Windows has been installed on an EC2 instance running Windows Server 2016. You look for the EC2Config service but can’t find it running. Logs are flowing into Amazon CloudWatch, but why do you not see the EC2Config service as you would on other older servers?
You work for a hospital and must ensure that your log data is encrypted at all times. Does Amazon CloudWatch meet this requirement?
Your supervisor has asked you if there is a way to create reports with billing data so that they can view billing by usage, or the cost per individual log group. What should you tell your boss?
How many tags can you have in an Amazon CloudWatch log group?
Your accounting department wants to know if there is a way to identify resources in Amazon CloudWatch so that they can bill back to the individual departments that are utilizing AWS resources. What is the best method you can tell your accounting department to use?
Your security team has contacted you with concerns regarding the activity of a user in the AWS Management Console. Which service allows you to view all of the activity that was generated under their account?
By default, where are AWS CloudTrail trails stored?
How do Amazon CloudWatch and AWS CloudTrail work together?
Which type of monitoring is free and updates in 5-minute periods in Amazon CloudWatch?
Which type of monitoring updates in 1-minute periods for an additional charge in Amazon CloudWatch?
How would you enable Amazon CloudWatch detailed monitoring via the AWS CLI?
How would you disable Amazon CloudWatch detailed monitoring via the AWS CLI?
Your boss wants to know how many read operations are happening across your Amazon EC2 instances. Which type of statistic will be most useful to give your boss the information they want?
Your boss wants to know the average number of read operations that are happening across your Amazon EC2 instances. Which type of statistic will be most useful to give your boss the information they want?
Your boss wants to know the highest number of read operations that have occurred across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
Your boss wants to know the lowest number of read operations that have occurred across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
Your boss wants to know the total number of read operations metrics that have been gathered from across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
Which steps are necessary to be able to aggregate statistics across multiple instances? (Choose two.)
Which are ways that you can choose to filter which statistics you want to view? (Choose three.)
When an alarm is triggered in Amazon CloudWatch, your boss wants the Amazon EC2 instance to self-heal. How can you automatically reboot an Amazon EC2 instance when it is having issues?
When an alarm is triggered in Amazon CloudWatch that appears to be reporting hardware failure, your boss wants the Amazon EC2 instance to recover itself. How can you recover an Amazon EC2 instance when it is on a host that is having hardware issues?
Your organization has development workloads that run on Amazon EC2 instances. Your boss has asked you to determine the best method to ensure that the development instances are not left running when they are not in use. What is the best method to accomplish this goal?
When is a good time to use the Terminate alarm action?
Your boss would like to view previous Amazon CloudWatch alarms. Where can these be viewed?
Your boss has come to you asking if there is an easy way to view the usage each month to see how much their assets in AWS are going to cost. Where can they go to see this information?
Your security team has asked you if there is a way to report on anyone who made changes in AWS Billing and Cost Management using the root credentials. What should you tell them?
Your organization is just getting started using AWS. It has opted to use the AWS Free Tier to do a proof of concept. Your boss wants to ensure that they will get an alert if they will exceed what the AWS Free Tier provides. What is the best way to give them the alert they need with the least amount of administrative overhead?
You are the system administrator in charge of getting your organization’s AWS environment set up. You want to enable billing alerts, but when you log in with your IAM account, you are unable to do so. Why can’t you create the billing alert?
What are the valid statuses you can get from the Amazon EC2 health checks? (Choose two.)
You don’t like the status checks and the alerting done from the status checks that exist on Amazon EC2. You want to disable the status checks in favor of another solution. How can you disable the Amazon EC2 status checks?
How can you view the status checks for your organization’s Amazon EC2 instances? (Choose two.)
Where should you create an alarm for a failed Amazon EC2 status check failure?
How long are statistics retained in Amazon CloudWatch?
Which product would you use to monitor all API calls including activities performed on the AWS Management Console against Amazon EC2 and Amazon EBS?
Where do the trails from AWS CloudTrail store their data?
Your boss has asked you if there is a way to validate that all of the AWS services that you rely on are up and operational. What should your answer be?
Your boss has asked you if there is a way to get a personalized view of all the AWS services that you rely on to confirm that they are up and operational. What should your answer be?
You log into the Personal Health Dashboard. You see a notification that there is a “Route53 operational issue.” You begin getting calls saying that customers aren’t able to reach your website. Could these two issues be related?
Your boss has approached you about giving access to only a specific set of Amazon EC2 instances in Amazon CloudWatch. How would you accomplish this in AWS IAM?
You have been tasked by your boss to ensure that you receive alerts when a particular event ID occurs on both your on-premises systems and your Amazon EC2 instances. Which product would allow you to collect the logs in a single place, filter on the event ID, and send an alert?
Your boss wants to leverage your existing investment in AWS as much as possible and has asked you to implement a real-time performance and availability monitoring solution that will cover both your on-premises systems and your resources in the AWS cloud. What should you suggest?
You have strict regulatory requirements on log retention. You need to find a solution that will allow you to collect logs and store them at a lower cost. What would be the best solution to meet this need?
Your security team has mandated that you need to avoid using service accounts unless absolutely necessary because of the overhead in managing password rotation. You want to deploy the Amazon CloudWatch Logs agent. What could you use to authenticate the agent that is not a service account?
Your security team has mandated that you need to avoid using service accounts unless absolutely necessary because of the overhead in managing password rotation. You want to deploy the Amazon CloudWatch Logs agent. What could you use to authenticate the agent that is not a service account?
Your operations center has asked if there is a better way to analyze and visualize the data that has been made available to them with Amazon CloudWatch. What would you recommend?
Your security team wants to minimize the amount of metrics that are kept in Amazon CloudWatch. They have asked you to delete the older metrics. How will you accomplish this?
You have an application that you need to monitor. As it is critical to the business, you have been asked if you can create a metric that can record data every second. You also need to be able to retrieve it every second. How can you accomplish this?
Your boss has asked you if you can get pre-built metrics at a 1-second sampling rate as you can with your custom metrics. What should your response be?
How would you set a custom metric to use high resolution?
Your boss wants to use high-resolution metrics because they want to be able to get data every 15 seconds. They are concerned about additional cost from using high-resolution metrics. What should you tell your boss?
You have installed the Amazon CloudWatch Logs agent on a set of Amazon EC2 systems. They are sending logs to Amazon CloudWatch every 5 seconds, but you would prefer that happened every 15 seconds instead. What can you do?
You have begun sending system logs into Amazon CloudWatch. You want to ensure that you see any logs that contain the word error in them. How would you achieve this?
You work for a financial institution and you need to parse your log data for account numbers. You have a regex query built that has been used in other solutions. How can you parse your log data for the regex that will find account numbers?
You have created some high-resolution custom metrics and want to ensure that Amazon CloudWatch will trigger an alarm no more than 10 seconds after an incident occurs. How can this be accomplished?
You have created an Amazon CloudWatch alarm for your Amazon EC2 instances and it is constantly in the ALARM state. None of your systems are having any issues. How can you resolve the issue?
Your Operations Center would like to create a dashboard to track Amazon CloudWatch alarms. What would be the best solution?
You want to view how well your systems and resources in AWS are doing at any point in time. You have systems in multiple regions. How do you get a dashboard-like experience for your availability and performance data?
Your security team has asked you to ensure that API calls are being logged. You know that you can use AWS CloudTrail to accomplish this. What do you need to do next?
Your security team has asked you to ensure that all API calls are being logged. You know that you can use AWS CloudTrail to accomplish this. What do you need to do next?
Your security team wants to ensure that all activity within the AWS Management Console is recorded. What is the best solution that meets this goal?
You are the system administrator for a rapidly growing company. While you only have resources in one region currently, you know that you will expand into other regions soon. How can you ensure that API calls are captured automatically for any new regions that are added? (Choose two.)
Your boss wants you to create two separate trails in Amazon CloudWatch, one for management and one for data. Can you create the trails in the way that your boss wants you to?
Your security team has required that you encrypt your AWS CloudTrail log files. What do you need to do to ensure that they are encrypted and only accessible to those who need to review them?
Your security team has made the requirement that controls need to be implemented to prevent accidental deletion of AWS CloudTrail log files. What is the best solution for this?
Your legal team has asked you to ensure that AWS CloudTrail log files are only retained for 90 days. What can you do to meet their needs?
Your developers are checking an AWS CloudTrail log file troubleshooting their work. They are complaining that API calls they are making are not showing up until 15 minutes later. What can you do to remediate this issue?
You look in your S3 bucket where AWS CloudTrail stores its log files and you notice that there are no log files during the late evening hours. What is the most likely cause for the missing log files?
Your security team has asked for you to provide a way to validate that AWS CloudTrail log files have not been modified since being placed in the S3 bucket. What can you do to prove that the files have not been changed with the least amount of administrative effort?
Your security team wants to ensure that AWS resources are built according to the organizational standards that have been set. How can you prove to your security team that your systems are using the desired configurations?
Your legal department wants to know anytime a configuration change is made on one of their systems. They want to receive a notification when the change is made. How can you ensure that the legal department is aware of any changes made to their server?
One of your critical applications just suffered an outage. It is suspected that a change caused the outage but there is no scheduled change in your change management calendar. How can you figure out who made the change and what the change was?
You are the system administrator in charge of your organization’s AWS resources. You work for a hospital and have been asked by the internal audit team for a report that proves that you have implemented the proper controls to maintain HIPAA compliance. How can you do this within AWS?
You are the system administrator for your organization in charge of its AWS infrastructure. You have configured the desired configurations for your systems. You want to ensure that systems are never out of compliance. Can you prevent users from making changes with AWS Config?
You have multiple accounts under AWS Organizations. You want to combine the results of AWS Config under AWS Organizations. How can you do this?
You have multiple accounts under AWS Organizations. You want to combine the results of AWS Config under one of the regions that most of your resources reside in. How can you do this?
You want to ensure that AWS Config is enabled for all three regions that your organization is using. How would you enable AWS Config for all three regions?
Your security team has asked you to make sure that any changes to the desired configurations in AWS Config are monitored so that they know who made the change. Which product can be used to achieve this request?
You currently have 145 individual AWS Config rules built for your organization’s environment. You need to make 10 more rules for new criteria that your legal team wants you to monitor for. Will you be able to create 10 more rules?
Your boss wants you to set up a periodic rule in AWS Config, and they want it to run every 6 hours. How should you respond to this request?
You are not using AWS Organizations, but you want to aggregate your AWS Config data from all of your other accounts. Besides setting up AWS Config and the aggregator, what else do you need to do?
A resource has been reported as noncompliant by AWS Config and a notification has been sent. When the rules are run again, the resource is still noncompliant, but you didn’t get a notification. Why is this?
You have AWS Config configured in your AWS account. You have added a security group to an Amazon EC2 instance. Which resources will have changes recorded in AWS Config?
Your Operations Center team would like to know what kinds of things AWS Config can record. What should you include in your response?
Which account is used in AWS Organizations to create an organization, invite new AWS accounts, and remove AWS accounts?
You have a new person in Accounting who is in charge of paying for your AWS account charges. They have asked you if there is a way to see what the charges are so far. Where should you tell them to go?
You have been asked by your manager to create a report that will forecast how much AWS is going to cost your organization over the next three months. You have been using AWS for six months. Which tool will provide this information?
Your accounting department likes the view that the Billing and Cost Management Dashboard gives them, but they don’t want to have to go to each individual AWS account to view billing for the entire organization. What should you implement to allow them to view billing for the entire organization?
Your boss wants to view the current amount due on your AWS account. Where should you tell your boss to look?
Your boss wants to view the forecasted amount due on your AWS account. Where should you tell your boss to look?
Your accounting department wants to know if there are ways to save on costs for EC2 instances. When they view the Reservation Recommendations screen in AWS Cost Explorer, they get a message saying that there are no recommendations available at this time. What is a possible cause of this error?
Which services does AWS Trusted Advisor not provide?
You want to use AWS Trusted Advisor to monitor how well you are setting things up in your organization’s AWS account. When you log in, you are disappointed to see only seven checks. How can you get access to all of the checks within AWS Trusted Advisor? (Choose two.)
Which of the following is a category that AWS Trusted Advisor checks?
Which of the following is a category that AWS Trusted Advisor checks?
Which of the following is a category that AWS Trusted Advisor checks?
Which of the following is a category that AWS Trusted Advisor checks?
Which of the following is a category that AWS Trusted Advisor checks?
Trusted Advisor continuously alerts on one of your resources and your boss has asked you to ensure that AWS Trusted Advisor no longer alerts on that resource. How can you accomplish this?
You have remediated an issue that was being reported by AWS Trusted Advisor. You have hit refresh multiple times in the past minute but nothing has changed. What is the most likely cause?
You try to create an elastic IP address and you get a message that states that your service limit has been reached. Where can you go to verify that this is the case?
You try to create an elastic IP address and you get a message that states that your service limit has been reached. You have verified in AWS Trusted Advisor that the service limit has indeed been reached. How can you resolve the issue? (Choose two.)
Your organization’s accounting department is looking at reservation recommendations but is not seeing any. You use spot instances to support batch jobs that can be easily interrupted. How can you explain to your accounting department why they are not seeing any recommendations?
Your security department wants an easy way to monitor the overall security posture of your AWS environment. Which tool should you recommend to them?
Your security department wants to know which processes are running on open ports. How can you give them this information? (Choose two.)
Your security department has asked you for a report that includes how well your systems are lining up with CIS benchmarks. How can you provide them with this report?
You have just begun using Amazon Inspector to analyze your systems. You get a call stating that Amazon Inspector is causing performance impacts; however, you do not have the agent installed, and you don’t currently have an assessment running. What should your response be?
You have been asked to create your own rules packages for Amazon Inspector assessment templates to use. How do you create a rules package?
You have been asked to scan your application servers for a vulnerable version of software. The software was installed using Ansible. When you look at the scan, you don’t see the application listed. What is the most likely cause?
You have been asked to provide a basic report based on the findings of Amazon Inspector for the executives of your organization. What type of report should you run from Amazon Inspector?
You have been asked to provide a detailed report based on the findings of Amazon Inspector for the members of the security team in your organization. What type of report should you run from Amazon Inspector?
Your security team has come to you and asked if AWS has a solution that will allow them to monitor network traffic for threats. How should you respond?
Which AWS service identifies threats throughout your AWS account by analyzing VPC Flow Logs, DNS logs, and CloudTrail events?
Which AWS services classifies data in S3 and catalogs the normal behaviors from users who are accessing that data?
Which of these is not something that Amazon GuardDuty monitors for?
Your security team wants to be notified when Amazon GuardDuty finds a threat on the network. Which products can be used with Amazon GuardDuty to send them alerts? (Choose two.)
You have been asked by your organization’s CISO how long Amazon GuardDuty will retain the findings that it has alerted on as your organizational standard is 90 days. What should you tell the CISO?
You have a lot of sensitive data in your S3 buckets and you have been asked if there is a solution to classify sensitive data and then monitor it for usage. Which product would fit the criteria?
You want to see how well your environment compares to the five pillars of the Well-Architected Framework. Which tool could you use to get a report regarding how well your workloads fit into the AWS Well-Architected Framework?
You want to be able to monitor what software is installed and add licenses to installed software across your on-prem systems and your AWS systems. Which products will allow you to do this? (Choose two.)
You are using AWS License Manager to monitor license usage in your account. You want to be able to manage licensing in all of the AWS accounts in your organization. What is the most efficient way to manage your licenses?
Which of these is a use case for Amazon CloudWatch?
Which of these is a use case for Amazon CloudWatch?
Which of these is a use case for Amazon CloudWatch?
Which of these is a use case for Amazon CloudWatch?
Your boss wants to be able to search for specific data from an event field and have those queries appear on an Amazon CloudWatch Dashboard. Since you have queries built in regex already, how would you use the regex queries to search for the data from an event field?
Which product allows you to take Amazon CloudWatch logs and use interactive queries and visualizations with the data in addition to creating Amazon CloudWatch Dashboards?
Which open-source solutions are popular for gathering custom application metrics for Amazon CloudWatch?
Your monitoring team has asked you if there is a way to integrate Amazon CloudWatch graphs into their existing solution so that they can see on-prem and AWS systems from the same source. What should you tell them to use?
What is a common use case for AWS CloudTrail?
What is a common use case for AWS CloudTrail?
What is a common use case for AWS CloudTrail?
What is a common use case for AWS CloudTrail?
Which data event type in AWS CloudTrail allows you to see when an AWS Lambda function was executed and who executed it?
For regulatory purposes, you need to ensure that AWS CloudTrail trail data is stored for one year with easy access, and then you want the trail data to be deleted. Which solution provides the correct response with the least amount of administrative effort?
Name one of the benefits of using AWS Systems Manager?
Name one of the benefits of using AWS Systems Manager?
Name one of the benefits of using AWS Systems Manager?
Name one of the benefits of using AWS Systems Manager?
Name one of the benefits of using AWS Systems Manager?
What is the benefit of the Run Command in AWS Systems Manager?
What is the benefit of the Session Manager in AWS Systems Manager?
What is the benefit of the Patch Manager in AWS Systems Manager?
What is the benefit of the State Manager in AWS Systems Manager?
What is the benefit of the Parameter Store in AWS Systems Manager?
Your boss would like to have a single “source of truth” to run queries against the data from the AWS services you use. Is there a way to accomplish this within AWS?
Which AWS product allows you to analyze the data within Amazon S3 and run queries against it?
Your boss wants to be able to not only analyze the data from the various services you use in AWS but also visualize that data. Which two services will allow you to analyze the data from the AWS services and visualize the data as well? (Choose two.)
You need a location where you can store persistent metadata related to Amazon S3. Which AWS service will allow you to accomplish this task?
Your boss wants to be able to use visualizations within Amazon QuickSight, and to be able to use Active Directory security groups with the least amount of administrative effort. You are using AWS Directory Service already. Which edition of Amazon QuickSight should you choose?
How is Amazon QuickSight billed?
What is one of the benefits of Amazon Athena?
What is one of the benefits of Amazon Athena?
How is Amazon Athena billed?
What is one of the benefits of Amazon Athena?
What is a common use case for AWS Config?
What is a common use case for AWS Config?
What is a common use case for AWS Config?
What is a common use case for AWS Config?
What is a common use case for AWS Config?
What is a common use case for Amazon Inspector?
What is a common use case for Amazon Inspector?
What is a common use case for Amazon Inspector?
What is a common use case for Amazon Inspector?
What is a common use case for Amazon Inspector?
What is a common use case for Amazon Inspector?
Which of these responses is a benefit of Amazon GuardDuty?
Which of these responses is a benefit of Amazon GuardDuty?
Which of these responses is a benefit of Amazon GuardDuty?
Your security department has approached you wanting to have a centralized view of all identified network threats in your AWS environment. What would be the best product to give them that visibility?
Your security department has approached you about monitoring suspicious user activity in AWS. What would be the best product to give them that visibility?
Which product provides the fastest performance when you need to run a large report that includes complex queries?
Which AWS product is best suited to replace an on-premises data lake using Hadoop?
You need to be able to run ad hoc queries against data in Amazon S3. Which product is best suited for this task?
You are using Amazon Kinesis Firehouse to collect a large amount of data in real time. How can you analyze the data if it is stored in Amazon S3 in a cost-effective manner?
What is a benefit provided by Amazon Macie?
What is a benefit provided by Amazon Macie?