AWS Certified Solutions Architect Study Guide - Chapter 7
6. You update a custom CloudWatch metric with the timestamp of 15:57:08 and a value of 3. You then update the same metric with the timestamp of 15:57:37 and a value of 6. Assum¬ing the metric is a high-resolution metric, which of the following will CloudWatch do? A. Record both values with the given timestamp. B. Record the second value with the timestamp 15:57:37, overwriting the first value. C. Record only the first value with the timestamp 15:57:08, ignoring the second value. D. Record only the second value with the timestamp 15:57:00, overwriting the first value.
A. CloudWatch can store high-resolution metrics at subminute resolution. Therefore, updating a metric at 15:57:08 and again at 15:57:37 will result in CloudWatch storing two separate data points. Only if the metric were regular resolution would CloudWatch over¬write an earlier data point with a later one. Under no circumstances would CloudWatch ignore a metric update.
15. In a CloudWatch alarm, what does the EC2 recover action do to the monitored instance? A. Migrates the instance to a different host B. Reboots the instance C. Deletes the instance and creates a new one D. Restores the instance from a snapshot
A. The recover action is useful when there's a problem with an instance that requires AWS involvement to repair, such as a hardware failure. The recover action migrates the same instance to a new host. Rebooting an instance assumes the instance is running and entails the instance remaining on the same host. Recovering an instance does not involve restoring any data from a snapshot, as the instance retains the same EBS volume(s).
1. You've configured CloudTrail to log all management events in all regions. Which of the following API events will CloudTrail log? (Choose all that apply.) A. Logging into the AWS Console B. Creating an S3 bucket from the web console C. Uploading an object to an S3 bucket D. Creating a subnet using the AWS CLI
B, D. Creating a bucket and subnet are API actions, regardless of whether they're per¬formed from the web console or AWS CLI. Uploading an object to an S3 bucket is a data event, not a management event. Logging into the AWS console is a non-API management event.
12. Two days ago, you created a CloudWatch alarm to monitor the VolumeReadOps on an EBS volume. Since then, the alarm has remained in an INSUFFICIENT_DATA state. What are some possible reasons for this? (Choose all that apply.) A. The data points to monitor haven't crossed the specified threshold. B. The EBS volume isn't attached to a running instance. C. The evaluation period hasn't elapsed. D. The alarm hasn't collected enough data points to alarm.
B, D. If an EBS volume isn't attached to a running instance, EBS won't generate any met¬rics to send to CloudWatch. Hence, the alarm won't be able to collect enough data points to alarm. The evaluation period can be no more than 24 hours, and the alarm was created two days ago, so the evaluation period has elapsed. The data points to monitor don't have to cross the threshold for CloudWatch to determine the alarm state.
19. Which of the following metric math expressions can CloudWatch graph? (Choose all that apply.) A. AVG(m1)-ml B. AVG(m1) C. METRICS()/AVG(m1) D. m1/m2
C, D. CloudWatch can graph only a time series. METRICS()/AVG(m1) and m1/m2 both return a time series. AVG(m1)-ml and AVG(m1) return scalar values and can't be graphed directly.
14. You've configured an alarm to monitor a metric in the AWS/EC2 namespace. You want CloudWatch to send you a text message and reboot an instance when an alarm is breaching. Which two actions should you configure in the alarm? (Choose two.) A. SMS action B. Auto Scaling action C. Notification action D. EC2 action
C, D. CloudWatch can use the Simple Notification Service to send a text message. Cloud-Watch refers to this as a Notification action. To reboot an instance, you must use an EC2 Action. The Auto Scaling action will not reboot an instance. SMS is not a valid Cloud-Watch alarm action.
5. Which type of monitoring sends metrics to CloudWatch every five minutes? A. Regular B. Detailed C. Basic D. High resolution
C. Basic monitoring sends metrics every five minutes, while detailed monitoring sends them every minute. CloudWatch can store metrics at regular or high resolution, but this affects how the metric is timestamped, rather than the frequency with which it's delivered to CloudWatch.
3. Sixty days ago, you created a trail in CloudTrail to log read-only management events. Subsequently someone deleted the trail. Where can you look to find out who deleted it? A. The IAM user log B. The trail logs stored in S3 C. The CloudTrail event history in the region where the trail was configured D. The CloudTrail event history in any region
C. CloudTrail stores 90 days of event history for each region, regardless of whether a trail is configured. Event history is specific to the events occurring in that region. Because the trail was configured to log read-only management events, the trail logs would not contain a record of the trail's deletion. They might contain a record of who viewed the trail, but that would be insufficient to establish who deleted it. There is no such thing as an IAM user log.
2. You've configured CloudTrail to log all read-only data events. Which of the following events will CloudTrail log? A. Viewing all S3 buckets B. Uploading a file to an S3 bucket C. Downloading a file from an S3 bucket D. Creating a Lambda function
C. Data events include S3 object-level activity and Lambda function executions. Down¬loading an object from S3 is a read-only event. Uploading a file to an S3 bucket is a write-only event and hence would not be logged by the trail. Viewing an S3 bucket and creating a Lambda function are management events, not data events.
7 How long does CloudWatch retain metrics stored at one-hour resolution? A. 15 days B. 3 hours C. 63 days D. 15 months
D. Metrics stored at one-hour resolution age out after 15 months. Five-minute resolutions are stored for 63 days. One-minute resolution metrics are stored for 15 days. High-resolution metrics are kept for 3 hours.
11. You created a trail to log all management events in all regions and send the trail logs to CloudWatch logs. You notice that some recent management events are missing from the log stream, but others are there. What are some possible reasons for this? (Choose all that apply.) A. The missing events are greater than 256 KB in size. B. The metric filter is misconfigured. C. There's a delay between the time the event occurs and the time CloudTrail streams the event to CloudWatch. D. The TAM role that CloudTrail assumes is misconfigured.
A, C. CloudTrail will not stream events greater than 256 KB in size. There's also a normal delay, typically up to 15 minutes, before an event appears in a CloudWatch log stream. Metric filters have no bearing on what log events get put into a log stream. Although a mis¬configured or missing IAM role would prevent CloudTrail from streaming logs to Cloud-Watch, the question indicates that some events are present. Hence, the IAM role is correctly configured.
10. The CloudWatch Agent on an instance has been sending application logs to a CloudWatch log stream for several months. How can you remove old log events without disrupting delivery of new log events? (Choose all that apply.) A. Delete the log stream. B. Manually delete old log events. C. Set the retention of the log stream to 30 days. D. Set the retention of the log group to 30 days.
A, D. Every log stream must be in a log group. The retention period setting of a log group controls how long CloudWatch retains log events within those streams. You can't manually delete log events individUally, but you can delete all events in a log stream by deleting the stream. You can't set a retention period on a log stream directly.
8. You want to use CloudWatch to graph the exact data points of a metric for the last hour. The metric is stored at five-minute resolution. Which statistic and period should you use? A. The Sum statistic with a five-minute period B. The Average statistic with a one-hour period C. The Sum statistic with a one-hour period D. The Sample count statistic with a five-minute period
A. To graph a metric's data points, specify the Sum statistic and set the period equal to the metric's resolution, which is in this case is five minutes. Graphing the Sum or Average sta¬tistic over a one-hour period will not graph the metric's data points but rather the Sum or Average of those data points over a one-hour period. Using the Sample count statistic over a five-minute period will yield a value of one for each period, since there's only one data point per period.
17. Which of the following may be included in an AWS Config delivery channel? (Choose all that apply.) A. A CloudWatch log stream B. The delivery frequency of the configuration snapshot C. An S3 bucket name D. An SNS topic ARN
B, C, D. The delivery channel must include an S3 bucket name and may specify an SNS topic and the delivery frequency of configuration snapshots. You can't specify a Cloud-Watch log stream.
9. Which CloudWatch resource type stores log events? A. Log group B. Log stream C. Metric filter D. CloudWatch Agent
B. CloudWatch uses a log stream to store log events from a single source. Log groups store and organize log streams but do not directly store log events. A metric filter extracts met¬rics from logs but doesn't store anything. The CloudWatch agent can deliver logs to Cloud-Watch from a server but doesn't store logs.
4. What uniquely distinguishes two CloudWatch metrics that have the same name and are in the same namespace? A. The region B. The dimension C. The timestamp D. The data point
B. CloudWatch uses dimensions to uniquely identify metrics with the same name and namespace. Metrics in the same namespace will necessarily be in the same region. The data point of a metric and the timestamp that it contains are not unique and can't be used to uniquely identify a metric.
20. You've configured an AWS Config rule to check whether CloudTrail is enabled. What could prevent AWS Config from evaluating this rule? A. Turning off the configuration recorder B. Deleting the rule C. Deleting the configuration history for CloudTrail D. Failing to specify a frequency for periodic checks
B. Deleting the rule will prevent AWS Config from evaluating resources' configurations against it. Turning off the configuration recorder won't prevent AWS Config from evaluat¬ing the rule. It's not possible to delete the configuration history for a resource from AWS Config. When you specify a frequency for periodic checks, you must specif a valid fre¬quency, or else AWS Config will not accept the configuration.
16. You learn that an instance in the us-west-1 region was deleted at some point in the past. To find out who deleted the instance and when, which of the following must be true? A. The AWS Config configuration recorder must have been turned on in the region at the time the instance was deleted. B. CloudTrail must have been logging write-only management events for all regions. C. CloudTrail must have been logging IAM events. D. The CloudWatch log stream containing the deletion event must not have been deleted.
B. If CloudTrail were logging write-only management events in the same region as the instance, it would have generated trail logs containing the deletion event. Deleting a log stream containing CloudTrail events does not delete those events from the trail logs stored in S3. Deleting an EC2 instance is not an IAM event. If AWS Config were tracking changes to EC2 instances in the region, it would have recorded a timestamped configuration item for the deletion, but it would not include the principal that deleted the instance.
13. You want a CloudWatch alarm to change state when four consecutive evaluation periods elapse with no data. How should you configure the alarm to treat missing data? A. As Missing B. Breaching C. Not Breaching D. Ignore E. As Not Missing
B. To have CloudWatch treat missing data as exceeding the threshold, set the Treat Miss¬ing Data As option to Breaching. Setting it to Not Breaching will have the opposite effect. Setting it to As Missing will cause CloudWatch to ignore the missing data and behave as if those evaluation periods didn't occur. The Ignore option causes the alarm not to change state in response to missing data. There's no option to treat missing data as Not Missing.
18. You configured AWS Config to monitor all of your resources in the us-east-1 region. After making several changes to the AWS resources in this region, you decided you want to delete the old configuration items. How can you accomplish this? A. Pause the configuration recorder. B. Delete the configuration recorder. C. Delete the configuration snapshots. D. Set the retention period to 30 days and wait for the configuration items to age out.
D. You can't delete configuration items manually, but you can have AWS Config delete them after no less than 30 days. Pausing or deleting the configuration recorder will stop AWS Config from recording new changes but will not delete configuration items. Deleting configuration snapshots, which are objects stored in S3, will not delete the configuration items.
