25,99 €
Mehr erfahren.
- Herausgeber: John Wiley & Sons
- Kategorie: Bildung
- Sprache: Englisch
Study and prepare for the AWS Certified SysOps Administrator Associate (SOA-C01) Exam You can prepare for test success with AWS Certified SysOps Administrator Practice Tests: Associate (SOA-C01) Exam. It provides a total of 1,000 practice questions that get you ready for the exam. The majority of questions are found within seven practice tests, which correspond to the seven AWS Certified SysOps Administrator Associate SOA-C01 Exam objective domains. Additionally, you can take advantage of an extra practice exam, or utilize an online test bank as an additional study resource. Practice tests allow you to demonstrate your knowledge and ability to: * Deploy, manage, and operate scalable and fault-tolerant systems on the service * Implement and control data flow as it goes to and from AWS * Choose the right AWS service depending upon requirements * Identify the proper use of AWS best practices during operations * Estimate AWS costs and pinpoint cost controls * Migrate workloads to Amazon Web Services As someone working to deliver cloud-based solutions, you can earn an AWS Certification to demonstrate your expertise with the technology. The certification program recognizes proficiency in technical skills and knowledge related to best practices for building cloud-based applications with AWS.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 582
Veröffentlichungsjahr: 2020
Ähnliche
AWSCertified SysOps Administrator
Practice TestsAssociate SOA-C01 Exam
Sara Perrott
Ben Piper
Copyright © 2020 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-62272-7 ISBN: 978-1-119-62282-6 (ebk.)ISBN: 978-1-119-62280-2 (ebk.)
Manufactured in the United States of America
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2020931495
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
I dedicate this book to my husband for his patience and encouragement throughout the writing process. Getting this book finished meant many missed nights in Azeroth. It's a labor of love for sure!
—Sara Perrott
I dedicate this book to my family and Jesus Christ, the Creator and Sustainer of all things (Colossians 1:16).
—Ben Piper
Acknowledgments
While a book may be a labor of love for an author, there is a fantastic team of people behind the author or authors that makes the book a reality. First off, a shoutout to our team at Wiley who put in a lot of hard work to take the book from a manuscript to the finished book in front of you now. My gratitude to our editor Kelly Talbot, who kept us on task and helped to polish the text. Another shoutout to my co-author Ben Piper for stepping in to co-author this book so that I could assist on the study guide that this book complements.
My personal thanks also to my agent Carole Jelen, and my coworkers who put up with my need to take extra personal days to finish the book.
—Sara Perrott
Special thanks as always to Kenyon Brown, Senior Content Acquisitions Editor, for the opportunity to contribute to this work. Thanks also to Sara Perrott for the invitation to co-author this book. To everyone at Wiley who patiently read and edited my questions—I know it—s not always easy! Your efforts don—t go unnoticed, so thank you. Last but not least, a big thank you to our readers for trusting us and allowing us to assist you on your learning journey.
—Ben Piper
About the Authors
Sara Perrott is an Information Security professional with a Systems and Network Engineering background. She shares her passion for all things Information Technology by teaching classes related to Windows Server, Amazon Web Services, Networking, and Virtualization as well as other classes when needed at a local community college. She enjoys speaking at public events and presented most recently at the RSA Conference in 2019. Sara also enjoys technical editing and technical proofreading and has had the pleasure to work on a few projects doing this type of work.
When Sara is not working or writing, she enjoys spending time with her husband playing World of Warcraft, building robots, and playing with her ham radio. She also loves playing with her two pugs. Sara has a website where you can see some of the things she has been up to: www.saraperrott.com. You can also follow her on Twitter (@PerrottSara) and Facebook (@PerrottSara).
Ben Piper is a cloud and networking consultant who has authored multiple AWS study guides, including the AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam, Second Edition (Sybex, 2019) and the AWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam (Sybex, 2019). He's also created more than 20 technology training courses covering Amazon Web Services and Cisco routing and switching. You can contact Ben by visiting his website: https://benpiper.com.
About the Technical Editor
Todd Montgomery has been in the networking industry for over 35 years. Todd is AWS Certified Sysops Administrator Associate certified and holds a total of five AWS certifications. Todd has spent most of his career out in the field working on-site in datacenters throughout North America and around the world. He has worked for equipment manufacturers, systems integrators, and end users of datacenter and cloud computing in the public, service provider, and government sectors. Todd currently works as a datacenter network automation engineer in Austin, Texas. He is involved in network implementation and support of emerging datacenter technologies and AWS public cloud services. Todd lives in Austin, Texas, and in his free time enjoys auto racing, general aviation, and Austin's live music venues. He can be reached at [email protected].
CONTENTS
Cover
Acknowledgments
About the Authors
About the Technical Editor
Introduction
Domain 1 Monitoring and Reporting
Domain 2 High Availability
Domain 3 Deployment and Provisioning
Domain 4 Storage and Data Management
Domain 5 Security and Compliance
Domain 6 Networking
Domain 7 Automation and Optimization
Domain 8 Practice Test
Appendix Answers to Practice Tests
Domain 1: Monitoring and Reporting
Domain 2: High Availability
Domain 3: Deployment and Provisioning
Domain 4: Storage and Data Management
Domain 5: Security and Compliance
Domain 6: Networking
Domain 7: Automation and Optimization
Domain 8: Practice Test
Index
End User License Agreement
Guide
Cover
Table of Contents
Introduction
Pages
iii
iv
v
vii
ix
xi
xvii
xviii
xix
xx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
Introduction
If you've taken an AWS certification exam before, we're sure you know that they aren't easy. AWS certification exams test you to ensure that you have obtained the knowledge needed to work in AWS.
To pass the AWS Certified SysOps Administrator - Associate exam, you are going to need to understand the various services across the AWS ecosystem that enable you to do system administration and system operations work. This book is an excellent resource for your certification journey. In addition to this book, there is an AWS Certified SysOps Administrator - Associate exam Study Guide book that goes into detail with the content that you are expected to know to ensure that you are well prepared to sit the exam. Other materials that we would recommend would be the AWS documentation (typically available as HTML and PDF) and the FAQs.
You should absolutely have hands-on experience with AWS before sitting for this exam. When you first sign up for an AWS account, you get 12 months of free tier access. This means that so long as you stick to free tier eligible items, and you don't exceed the hours or usage specified, you can practice building out your infrastructure in AWS. Practice with the console, but also practice with the AWS CLI. You don't have to be an AWS CLI expert to pass the exam, but you should be familiar enough with it to know the format of some of the more common AWS CLI commands.
We highly recommend setting aside study time to focus on a chunk of questions each night. Don't try to get through an entire domain in one sitting (especially Domain 1, it's huge!). Instead, set a goal for yourself to get through 20 to 30 questions a night and stick to it. When you have gone through the book, make sure that you register and take the free practice exams available online. This is mentioned in the section, “Interactive Online Learning Environment and Test Bank” later in this introduction.
Last but not least, take a break the night before the exam and give your brain a rest. You're almost there!
Registering and Taking the Exam
When you register for the exam, you have your choice of either PSI or Pearson Vue for your testing center. At the time of this writing, the cost for the associate exam is $150 USD. The questions will be in either multiple-choice or multiple-answer format. You have a total of 130 minutes to finish the exam.
You should arrive at the testing center early. It's a good idea to be at least 20 minutes early in case there are others checking in ahead of you. You will need to take some form of ID with you, and remember that you may not take your notes or your cell phone into the exam room with you.
Once you finish the exam, you will be given immediate feedback as to whether you passed or failed. Within a few days, you will get a more detailed message showing you which domains you did well on and which domains you didn't do as well on. If you passed, then congratulations! If not, use the feedback in the email to focus on the areas in which you didn't do as well.
Interactive Online Learning Environment and Test Bank
There are tools that have been developed to aid you in studying for the Amazon Certified SysOps Administrator - Associate exam. These tools are all available for no additional charge at
https://www.wiley.com/go/sybextestprep
Just register your book to gain access to the practice test resources in the following list.
Chapter Questions:
These are presented to you in an electronic format so that you can run through the questions on your computer or tablet.
Practice Exams:
There is one 60-question practice exam available to test your knowledge. The questions in this exam are completely different from the questions in each chapter.
Exam Objectives
The AWS Certified SysOps Administrator - Associate exam is designed with system administrators who have been working with AWS in an operational capacity for at least one year in mind. The exam candidate should have experience in deploying resources and managing existing resources as well as basic operational day-to-day tasks like troubleshooting, monitoring, and reporting.
As a general rule, before you take this exam, you should meet the following conditions:
Have at least one year of experience in system administration in AWS.
Have hands-on experience with AWS management, including the AWS Management Console, AWS CLI, and AWS SDK.
Understand networking concepts and methodologies in relation to AWS networking infrastructure.
Know how to monitor systems for performance and availability.
Understand basic security and compliance requirements and the tools within AWS that can help with auditing and monitoring.
Have the ability to translate an architectural document in a functional AWS environment.
The exam is organized into different domains, and each domain has its own chapter. In each chapter, there will be questions that focus on the various subdomains. Let's take a quick look at the chapters and what is covered in each.
Chapter 1
: Monitoring and Reporting (
Domain 1
):
This chapter may include questions on Amazon CloudWatch, AWS CloudTrail, Amazon Inspector, AWS Organizations, AWS Trusted Advisor, and AWS Cost Explorer.
Chapter 2
: High Availability (
Domain 2
):
This chapter may include questions on managed services, Auto Scaling groups and elastic load balancers and other questions related to High Availability.
Chapter 3
: Deployment and Provisioning (
Domain 3
):
This chapter may include questions on Amazon CloudFormation, AWS Elastic Beanstalk, Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), and Amazon Elastic Container Service (ECS).
Chapter 4
: Storage and Data Management (
Domain 4
):
This chapter may include questions on S3, Glacier, storage gateways, lifecycle management, and encryption.
Chapter 5
: Security and Compliance (
Domain 5
):
This chapter may include questions on Identity and Access Management (IAM), users, groups, roles, policies, Key Management Service (KMS), resource policies, CloudTrail, CloudWatch, and service control policies (SCPs).
Chapter 6
: Networking (
Domain 6
):
This chapter may include questions on Virtual Private Cloud (VPC), subnets, routing, VPC peering, security groups, network access control lists (NACLs), and Direct Connect.
Chapter 7
: Automation and Optimization (
Domain 7
):
This chapter may include questions on Amazon CloudFormation, AWS Elastic Beanstalk, Simple Systems Manager (SSM), AWS CodeCommit, CodeDeploy, and CodePipeline.
Objective Map
This table provides you with a list of each domain on the exam, the weights assigned to each domain, and the chapters where content in the domains is addressed.
Domain
Exam Percentage
Chapter
Domain 1
: Monitoring and Reporting
22%
1
1.1 Create and maintain metrics and alarms utilizing AWS monitoring services
1.2 Recognize and differentiate performance and availability metrics
1.3 Perform the steps necessary to remediate based on performance and availability metrics
Domain 2
: High Availability
8%
2
2.1 Implement scalability and elasticity based on use case
2.2 Recognize and differentiate highly available and resilient environments on AWS
Domain 3
: Deployment and Provisioning
14%
3
3.1 Identify and execute steps required to provision cloud resources
3.2 Identify and remediate deployment issues
Domain 4
: Storage and Data Management
12%
4
4.1 Create and manage data retention
4.2 Identify and implement data protection, encryption, and capacity planning needs
Domain 5
: Security and Compliance
18%
5
5.1 Implement and manage security policies on AWS
5.2 Implement access controls when using AWS
5.3 Differentiate between the roles and responsibility within the shared responsibility model
Domain 6
: Networking
14%
6
6.1 Apply AWS networking features
6.2 Implement connectivity services of AWS
6.3 Gather and interpret relevant information for network troubleshooting
Domain 7
: Automation and Optimization
12%
7
7.1 Use AWS services and features to manage and assess resource utilization
7.2 Employ cost optimization strategies for efficient resource utilization
7.3 Automate manual or repeatable process to minimize management overhead
Reader Support for This Book
How to Contact the Publisher
If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.
In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”
Domain 1Monitoring and Reporting
You are a system administrator and you need to view the metrics that are available in the Amazon EC2 instance namespace. What command can you type into the Amazon CLI?
aws cloudwatch list-instances --namespace AWS/EC2aws cloudwatch list-metrics --name AWS/EC2aws cloudwatch list-metrics --namespace AWS/EC2aws cloudwatch list-instances --name AWS/EC2Where can you look up metrics that are available in Amazon CloudWatch?
EC2 ConsoleCloudWatch ConsoleCloudTrail ConsoleTrusted Advisor ConsoleHow can you access Amazon CloudWatch?
Amazon CloudWatch ConsoleAWS CLICloudWatch APIAll of the aboveWhich service can use Amazon CloudWatch alarms to increase or decrease capacity based on compute load (CPU utilization, etc.)?
AWS LambdaAmazon S3Amazon EC2 Auto ScalingAmazon VPCWhich of the following are valid alarm states for Amazon CloudWatch? (Choose three.)
ALARMOKREADYINSUFFICIENT_DATAOFFLINEWARNINGYou have been asked to create Amazon CloudWatch alarms for each of your organization’s 600 servers, which all reside within the same region. Assuming you create five alarms per server, will you be able to create alarms for each of the servers?
Yes, because the limit is 5000 alarms per region.Yes, because the limit is 3500 alarms per region.Yes, because the limit is 10,000 alarms per region.No, you can’t create that many alarms in a single region.You are a system administrator at your company, and you have been asked to check why an existing Amazon CloudWatch alarm is showing INSUFFICIENT_DATA for one of your established servers. What is the best explanation for why this is occurring?
CloudWatch is experiencing an outage.Not enough data is available for the metric to determine whether it should be OK or ALARM.The alarm has only just been started, so it doesn’t have enough data to determine if the state should be OK or ALARM.The server is offline so no metrics are available.You are a system administrator at your company, and you have been asked to check why a new Amazon CloudWatch alarm is showing INSUFFICIENT_DATA for one of your established servers. What is the best explanation for why this is occurring?
CloudWatch is experiencing an outage.Not enough data is available for the metric to determine whether it should be OK or ALARM.The alarm has only just been started, so it doesn’t have enough data to determine if the state should be OK or ALARM.The server is offline so no metrics are available.Your bosses have come to you and have asked you if there is a way for them to get real-time notifications if a certain Amazon CloudWatch alarm is triggered. What should your bosses do to ensure that they can get real-time notifications? The answer should minimize administrative overhead.
Subscribe to an SNS topic that will send an SMS text message when the Amazon CloudWatch alarm is triggered.Write a custom AWS Lambda function that will send an email when the Amazon CloudWatch alarm is triggered.Use an SQS queue to deliver messages when an Amazon CloudWatch alarm is triggered.Use a third-party solution to send notifications via SMS text message when an Amazon CloudWatch alarm is triggered.You need to set up an Amazon CloudWatch alarm that will trigger after four failed evaluations of the alarm metrics in a 5-minute period. What do you need to set the evaluation period and the data points to alarm to so that you get the desired result?
Data points to alarm should be set to 5. Evaluation period should be set to 1 minute.Data points to alarm should be set to 4. Evaluation period should be set to 5 minutes.Data points to alarm should be set to 5. Evaluation period should be set to 5 minutes.Data points to alarm should be set to 4. Evaluation period should be set to 1 minute.Your boss has asked you to ensure that the 5-minute data points from CloudWatch are available for at least 60 days. What do you need to change within Amazon CloudWatch to ensure that you have at least 60 days’ worth of 5-minute data points?
Nothing, Amazon CloudWatch can’t retain data points that long.Nothing. By default, Amazon CloudWatch keeps 5-minute data points for 63 days.Create an archive to maintain 5-minute data points for at least 60 days.Set Amazon CloudWatch to never delete the 5-minute data points.What is a namespace in Amazon CloudFront?
A logical grouping of Amazon CloudWatch metricsA logical grouping of Amazon CloudWatch alertsA logical grouping of Amazon CloudWatch logsA logical grouping of report names for Amazon CloudWatchIn which Amazon CloudWatch namespace would the metrics for EC2 be located?
AWS/ELBAWS/EBSAWS/EC2AWS/Auto ScalingIn which Amazon CloudWatch namespace would the metrics for an Application Load Balancer be located?
AWS/ELBAWS/ApplicationELBAWS/EBSAWS/Auto ScalingYou have been asked to retrieve some statistics from Amazon CloudWatch for a production server that is having issues. Your organization uses dimensions to further identify custom metrics. You know that the published dimension for the metric contains the following:
Dimensions: Server=Production, Site=Location1
Which of the following could be used to retrieve the statistics that you need?
Server=ProductionServer=Production, Site=LocationServer=ProdServer=Production, Site=Location1Which of these Amazon EC2 metrics require that an agent be installed on the server so that Amazon CloudWatch can gather the statistics for the system?
Disk performanceNetwork utilizationMemory utilizationCPU utilizationWhen using Amazon CloudWatch, there are two types of health checks used for EC2 instances. Which of the following options are valid status checks? (Choose two.)
Performance status checkSystem status checkHealth status checkVirtual machine status checkInstance status checkYou are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
Exhausted memoryIncompatible application installedSoftware license key has expired.Wrong OS is installed.You are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
Wrong OS is installed.The filesystem is NTFS.Corrupted filesystemThe filesystem is ext4.You are a system administrator for a mid-size financial institution. You are checking the health of your company’s assets when you notice that CloudWatch is indicating that one of your EC2 instances has failed its instance status check. Which of the following is a possible cause?
IPv4 is enabled.Subnet is too large.Wrong OS is installed.Incorrect network configurationsYou want to check the status of your Amazon EC2 instances. What is the command that you would enter into the AWS CLI to check the status of your instances?
aws cloudfront check-instance-statusaws cloudfront describe-instance-statusaws ec2 check-instance-statusaws ec2 describe-instance-statusYou have been asked to ensure that some of your organization’s junior system administrators can access Amazon CloudWatch to look at metrics. They have very limited credentials currently. Which policy can they be given that will enable them to view CloudWatch metrics without granting them additional access to the other AWS services?
CloudWatchReadOnlyAccessCloudWatchMetricsAccessMetricsReadOnlyAccessAmazonEC2ReadOnlyYour boss has asked you to ensure that your Amazon EC2 instances have metrics being measured every 5 minutes. What type of monitoring should you use?
StandardBasicAdvancedDetailedYour boss has asked you to ensure that your Amazon EC2 instances have metrics being measured every minute. What type of monitoring should you use?
StandardBasicAdvancedDetailedYou want to be able to store all of your log files from on-premises systems and AWS systems. Which AWS solution will allow you to store all of your log files in one place that will allow Amazon CloudWatch to monitor them?
Amazon S3Amazon CloudWatch EventsAmazon CloudWatch LogsAmazon EBSYou are wanting to move some Solaris servers to AWS from your on-prem datacenter and you would like to take advantage of CloudWatch Logs. Will you be able to install the agent for Linux on your Solaris servers?
Yes. All versions of Unix and Linux support the Amazon CloudWatch Logs agent.Yes. Solaris is supported with the Amazon CloudWatch Logs agent.No. Solaris doesn’t support Python, which is a requirement of the Amazon CloudWatch Logs agent.No. Solaris isn’t supported with the Amazon CloudWatch Logs agent.You want to ensure that you are able to update your Amazon CloudWatch Logs agent on your Red Hat Linux servers without having to manually copy and install the update package. How can you accomplish this task with the least amount of administrative overhead?
Use wget to copy the package to the server then run it.Use the Red Hat Package Manager to install awslogs.Copy the package via FTP with an automated file transfer service.You can’t update the CloudWatch Logs agent automatically.You have chosen to update an existing server’s Amazon CloudWatch agent using the Red Hat Package Manager (RPM). When the agent was first installed, a Python script was used. Since the update through RPM, you are no longer receiving logs in Amazon CloudWatch. When you check the server, you find that the configuration has changed. What is the most likely cause?
Configuration issues are caused by updating the agent with Red Hat Package Manager because RPM has technical limitations.The Linux server needs to be restarted for the updated agent installation to take effect and start sending logs to Amazon CloudWatch.Configuration issues are caused by updating the agent with Red Hat Package Manager when it was installed by Python initially.The wrong agent installation package was used; you mistakenly ran the Debian package instead of the RPM package.Which is a type of log that you can get from the Amazon CloudWatch Logs agent for Windows?
Firmware logProprietary logsWebsiteIIS logsWhich is a type of log that you can get from the Amazon CloudWatch Logs agent for Windows?
Firmware logSystem logsWebsiteBoot diagnostics logsThe Amazon CloudWatch Logs agent for Windows has been installed on an EC2 instance running Windows Server 2016. You look for the EC2Config service but can’t find it running. Logs are flowing into Amazon CloudWatch, but why do you not see the EC2Config service as you would on other older servers?
EC2Config service is not supported for Windows Server 2016.There is an issue with the CloudWatch Logs Agent for Windows.Your installation of Windows Server 2016 needs to be updated.The CloudWatch Logs Agent didn’t actually install; the logs are getting to Amazon CloudWatch another way.You work for a hospital and must ensure that your log data is encrypted at all times. Does Amazon CloudWatch meet this requirement?
Yes, but you have to configure it when you install the log agent.No. Log data is only encrypted in transit.Yes. Log data is encrypted at rest and in transit.No. Log data is only encrypted at rest.Your supervisor has asked you if there is a way to create reports with billing data so that they can view billing by usage, or the cost per individual log group. What should you tell your boss?
Yes. AWS allows you to get this information with detailed billing.Yes. AWS allows you to get this information with basic billing.No. AWS does not allow you to get this information.No. AWS does not give you the ability to create reports in this way.How many tags can you have in an Amazon CloudWatch log group?
3550100500Your accounting department wants to know if there is a way to identify resources in Amazon CloudWatch so that they can bill back to the individual departments that are utilizing AWS resources. What is the best method you can tell your accounting department to use?
Accounting will need to manually track which department needs to get billed for various resources.You can add a prefix to all of the alert names and resource names and Accounting can search on the prefix.Tags can be used for resources and log groups in order to identify which department to bill.There is no way to track which department is using which resources.Your security team has contacted you with concerns regarding the activity of a user in the AWS Management Console. Which service allows you to view all of the activity that was generated under their account?
AWS IAMAWS Trusted AdvisorAmazon CloudWatchAWS CloudTrailBy default, where are AWS CloudTrail trails stored?
S3EBSEFSGlacierHow do Amazon CloudWatch and AWS CloudTrail work together?
Amazon CloudWatch and AWS CloudTrail don’t work together at all; they are two separate products.Amazon CloudWatch monitors performance and availability, and AWS CloudTrail feeds API activity into Amazon CloudWatch.Amazon CloudWatch uses AWS CloudTrail to send alerts to end users when a security event occurs.Amazon CloudWatch uses AWS CloudTrail to monitor costs related to alerting and monitoring.Which type of monitoring is free and updates in 5-minute periods in Amazon CloudWatch?
DetailedAdvancedBasicSimpleWhich type of monitoring updates in 1-minute periods for an additional charge in Amazon CloudWatch?
DetailedAdvancedBasicSimpleHow would you enable Amazon CloudWatch detailed monitoring via the AWS CLI?
aws ec2 monitor-instances --instance-ids<instance-id>aws ec2 watch-instances --instance-ids<instance-id>aws cloudwatch monitor-instances --instance-ids<instance-id>aws cloudwatch watch-instances --instance-ids<instance-id>How would you disable Amazon CloudWatch detailed monitoring via the AWS CLI?
aws cloudwatch unmonitor-instances --instance-ids<instance-id>aws cloudwatch nomonitor-instances --instance-ids<instance-id>aws ec2 unmonitor-instances --instance-ids<instance-id>aws ec2 nomonitor-instances --instance-ids<instance-id>Your boss wants to know how many read operations are happening across your Amazon EC2 instances. Which type of statistic will be most useful to give your boss the information they want?
AverageMaximumMinimumSumYour boss wants to know the average number of read operations that are happening across your Amazon EC2 instances. Which type of statistic will be most useful to give your boss the information they want?
AverageMaximumMinimumSumYour boss wants to know the highest number of read operations that have occurred across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
AverageMaximumMinimumSumYour boss wants to know the lowest number of read operations that have occurred across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
AverageMaximumMinimumSumYour boss wants to know the total number of read operations metrics that have been gathered from across your Amazon EC2 instances within a set span of time. Which type of statistic will be most useful to give your boss the information they want?
SampleCountSampleNumberSumWhich steps are necessary to be able to aggregate statistics across multiple instances? (Choose two.)
Choose the Amazon EC2 namespace and select Across All Instances.Enable basic monitoring.Choose the Amazon CloudWatch namespace and select Across All Instances.Enable detailed monitoring.Enable standard monitoring.Which are ways that you can choose to filter which statistics you want to view? (Choose three.)
By specific trailsBy specific instanceBy Auto Scaling groupBy Elastic Load BalancerBy AMIBy application load balancerWhen an alarm is triggered in Amazon CloudWatch, your boss wants the Amazon EC2 instance to self-heal. How can you automatically reboot an Amazon EC2 instance when it is having issues?
Set an alarm action to trigger a reboot.Set an alarm action to stop the instance.Set an alarm action to terminate the instance.Set an alarm action to recover the instance.When an alarm is triggered in Amazon CloudWatch that appears to be reporting hardware failure, your boss wants the Amazon EC2 instance to recover itself. How can you recover an Amazon EC2 instance when it is on a host that is having hardware issues?
Set an alarm action to trigger a reboot.Set an alarm action to stop the instance.Set an alarm action to terminate the instance.Set an alarm action to recover the instance.Your organization has development workloads that run on Amazon EC2 instances. Your boss has asked you to determine the best method to ensure that the development instances are not left running when they are not in use. What is the best method to accomplish this goal?
Use Amazon CloudWatch to watch for low CPU utilization. Set the alarm action to stop the instance when the alarm is triggered.Use Amazon CloudWatch to watch for low CPU utilization. Set the alarm action to terminate the instance when the alarm is triggered.Use Amazon CloudWatch to watch for high CPU utilization. Set the alarm action to stop the instance when the alarm is triggered.Use Amazon CloudWatch to watch for high CPU utilization. Set the alarm action to terminate the instance when the alarm is triggered.When is a good time to use the Terminate alarm action?
When an Amazon EC2 instance is currently not needed anymore but will be needed later.When an Amazon EC2 instance needs to be running 24x7.When an Amazon EC2 instance is not needed after finishing a job.You should never use the Terminate alarm action.Your boss would like to view previous Amazon CloudWatch alarms. Where can these be viewed?
The Alarms tab in the AWS Management ConsoleThe Alarms tab in the Amazon EC2 Management Console.The History tab in the AWS Management ConsoleThe History tab in the Amazon CloudWatch ConsoleYour boss has come to you asking if there is an easy way to view the usage each month to see how much their assets in AWS are going to cost. Where can they go to see this information?
They can view this information in the AWS Management Console.They can view this information in AWS Billing and Cost Management.They can view this information in AWS Trusted Advisor.They can’t; there is no way to monitor for this in AWS.Your security team has asked you if there is a way to report on anyone who made changes in AWS Billing and Cost Management using the root credentials. What should you tell them?
No. There isn’t a way to tell if a change was made as the root account.No. You can tell that a change was made, but you can’t tell who made the change.Yes. You can make a report in Amazon CloudWatch that will tell them if the root user was used to make changes in the AWS Billing and Cost Management Console.Yes. You can make a report in AWS CloudTrail that will tell them if the root user was used to make changes in the AWS Billing and Cost Management Console.Your organization is just getting started using AWS. It has opted to use the AWS Free Tier to do a proof of concept. Your boss wants to ensure that they will get an alert if they will exceed what the AWS Free Tier provides. What is the best way to give them the alert they need with the least amount of administrative overhead?
Set up an AWS Free Tier alert in AWS Budgets.Set up an AWS Free Tier alert in Amazon CloudWatch.Set up an AWS Free Tier alert in AWS CloudTrail.Set up a manual billing alert utilizing Amazon CloudWatch.You are the system administrator in charge of getting your organization’s AWS environment set up. You want to enable billing alerts, but when you log in with your IAM account, you are unable to do so. Why can’t you create the billing alert?
Your IAM account doesn’t have the necessary permissions; you need more access.You can’t set up billing alerts in AWS; you have to arrange them with your technical account manager.You need to be signed in with the AWS account’s root user credentials to enable billing alerts.It is not possible to set up billing alerts in AWS.What are the valid statuses you can get from the Amazon EC2 health checks? (Choose two.)
PassFailOKImpairedOfflineYou don’t like the status checks and the alerting done from the status checks that exist on Amazon EC2. You want to disable the status checks in favor of another solution. How can you disable the Amazon EC2 status checks?
You can disable them by turning off the monitoring in the Amazon EC2 instance.You can disable them by installing the Amazon CloudWatch Logs agent and then disabling them through the agent.You can’t disable them; they are part of Amazon EC2.You can’t disable them; they are part of Amazon EC2. You can disable the alerts that trigger off of the status checks.How can you view the status checks for your organization’s Amazon EC2 instances? (Choose two.)
Amazon EC2 ConsoleAWS Management ConsoleCommand LineAmazon CloudWatch ConsoleAWS CloudTrail ConsoleWhere should you create an alarm for a failed Amazon EC2 status check failure?
Amazon EC2 ConsoleAmazon CloudWatch ConsoleAWS CloudTrail ConsoleAWS Management ConsoleHow long are statistics retained in Amazon CloudWatch?
6 months12 months15 months30 monthsWhich product would you use to monitor all API calls including activities performed on the AWS Management Console against Amazon EC2 and Amazon EBS?
Amazon CloudWatchAWS CloudTrailAmazon API GatewayAWS LambdaWhere do the trails from AWS CloudTrail store their data?
Amazon EBSAmazon EFSAmazon EC2 instanceS3 bucketYour boss has asked you if there is a way to validate that all of the AWS services that you rely on are up and operational. What should your answer be?
Yes, we can check the Service Health Dashboard.Yes, we can check Amazon CloudWatch.Yes, we can check AWS CloudTrail.No, there is no way to check the AWS services.Your boss has asked you if there is a way to get a personalized view of all the AWS services that you rely on to confirm that they are up and operational. What should your answer be?
Yes. We can check the Service Health Dashboard.Yes. We can check AWS CloudTrail.Yes. We can use the Personal Health Dashboard.Yes. We can check Amazon CloudWatch.You log into the Personal Health Dashboard. You see a notification that there is a “Route53 operational issue.” You begin getting calls saying that customers aren’t able to reach your website. Could these two issues be related?
Yes. Amazon Route 53 provides DNS services. If DNS is not working properly, then customers may not be able to reach your resources.Yes. Amazon Route 53 provides caching services. If it can’t cache content, then customers may not be able to reach your resources.No. Amazon Route 53 errors wouldn’t show up in the Personal Health Dashboard.No, the issues couldn’t be related.Your boss has approached you about giving access to only a specific set of Amazon EC2 instances in Amazon CloudWatch. How would you accomplish this in AWS IAM?
You specify which Amazon EC2 instances can be accessed in an AWS IAM policy.You give permissions to the individual Amazon EC2 instances, and those permissions will carry over into Amazon CloudWatch.You can’t grant access in Amazon CloudWatch for specific resources with AWS IAM.You can create a role that will define granular permissions for individual Amazon EC2 instances in Amazon CloudWatch.You have been tasked by your boss to ensure that you receive alerts when a particular event ID occurs on both your on-premises systems and your Amazon EC2 instances. Which product would allow you to collect the logs in a single place, filter on the event ID, and send an alert?
AWS CloudTrailAmazon CloudWatch LogsAmazon EC2 LogsAmazon SNSYour boss wants to leverage your existing investment in AWS as much as possible and has asked you to implement a real-time performance and availability monitoring solution that will cover both your on-premises systems and your resources in the AWS cloud. What should you suggest?
A third-party tool like SolarWindsAWS CloudTrailAmazon SNSAmazon CloudWatch LogsYou have strict regulatory requirements on log retention. You need to find a solution that will allow you to collect logs and store them at a lower cost. What would be the best solution to meet this need?
Amazon SNSAWS CloudTrailAmazon CloudWatch LogsAmazon EBSYour security team has mandated that you need to avoid using service accounts unless absolutely necessary because of the overhead in managing password rotation. You want to deploy the Amazon CloudWatch Logs agent. What could you use to authenticate the agent that is not a service account?
Access keysAWS IAMActive DirectoryThere isn’t any option other than a service account.Your security team has mandated that you need to avoid using service accounts unless absolutely necessary because of the overhead in managing password rotation. You want to deploy the Amazon CloudWatch Logs agent. What could you use to authenticate the agent that is not a service account?
Active DirectoryAWS IAMIAM rolesThere isn’t any option other than a service account.Your operations center has asked if there is a better way to analyze and visualize the data that has been made available to them with Amazon CloudWatch. What would you recommend?
Amazon CloudWatch Logs agentAWS CloudTrailAmazon RedshiftAmazon CloudWatch Logs InsightsYour security team wants to minimize the amount of metrics that are kept in Amazon CloudWatch. They have asked you to delete the older metrics. How will you accomplish this?
You can’t delete metrics; they are retained for the life of the account.You can’t delete metrics, though metrics do expire according to a schedule.Log into the AWS Management Console with your IAM account and delete the metrics.Log into the AWS Management Console with the root account and delete the metrics.You have an application that you need to monitor. As it is critical to the business, you have been asked if you can create a metric that can record data every second. You also need to be able to retrieve it every second. How can you accomplish this?
Create a custom metric with a fast resolution.Create a custom metric with a standard resolution.Create a custom metric with a high resolution.Create a custom metric with a detailed resolution.Your boss has asked you if you can get pre-built metrics at a 1-second sampling rate as you can with your custom metrics. What should your response be?
Yes, you can use high resolution on pre-built metrics.Yes, you can use high resolution on all metrics.Yes, you can use standard resolution on all metrics.No, you can’t use high resolution for pre-built metrics.How would you set a custom metric to use high resolution?
Set MetricResolution to 1 using the PutMetricRequest API.Set StorageRetention to 1 using the PutMetricRequest API.Set StorageResolution to 1 using the PutMetricRequest API.Set MetricRetention to 1 using the PutMetricRequest API.Your boss wants to use high-resolution metrics because they want to be able to get data every 15 seconds. They are concerned about additional cost from using high-resolution metrics. What should you tell your boss?
High-resolution metrics are more expensive.High-resolution metrics are less expensive.High-resolution metrics cost the same as standard.You can’t do 15-second periods with high resolution.You have installed the Amazon CloudWatch Logs agent on a set of Amazon EC2 systems. They are sending logs to Amazon CloudWatch every 5 seconds, but you would prefer that happened every 15 seconds instead. What can you do?
Adjust the Amazon CloudWatch Logs agent to send logs every 15 seconds.You can’t adjust the 5-second time; it is the default setting.Set Amazon CloudWatch to pull the data every 15 seconds.Set AWS CloudTrail to pull the logs every 15 seconds.You have begun sending system logs into Amazon CloudWatch. You want to ensure that you see any logs that contain the word error in them. How would you achieve this?
Statistic filtersLog filtersMetric filtersError filterYou work for a financial institution and you need to parse your log data for account numbers. You have a regex query built that has been used in other solutions. How can you parse your log data for the regex that will find account numbers?
Amazon CloudWatch Metric FiltersAWS Management ConsoleAmazon CloudWatchAmazon KinesisYou have created some high-resolution custom metrics and want to ensure that Amazon CloudWatch will trigger an alarm no more than 10 seconds after an incident occurs. How can this be accomplished?
Create a high-resolution Amazon CloudWatch alarm.Create a standard Amazon CloudWatch alarm.Create a detailed Amazon CloudWatch alarm.You can’t set an Amazon CloudWatch alarm for under a minute.You have created an Amazon CloudWatch alarm for your Amazon EC2 instances and it is constantly in the ALARM state. None of your systems are having any issues. How can you resolve the issue?
Delete the alarm and then re-create it.Adjust the threshold that the alarm is set to so that it is no longer breached.Reboot the Amazon EC2 instances.Install the Amazon CloudWatch Logs agent.Your Operations Center would like to create a dashboard to track Amazon CloudWatch alarms. What would be the best solution?
Amazon CloudWatch LogsAWS CloudTrailAmazon EC2 with business analytics softwareAmazon CloudWatch DashboardsYou want to view how well your systems and resources in AWS are doing at any point in time. You have systems in multiple regions. How do you get a dashboard-like experience for your availability and performance data?
You can’t set up a dashboard that can monitor across all regions.Use Amazon CloudWatch Dashboards.Use Amazon CloudWatch Logs.Use an Amazon CloudWatch Logs agent.Your security team has asked you to ensure that API calls are being logged. You know that you can use AWS CloudTrail to accomplish this. What do you need to do next?
AWS CloudTrail is enabled, but you need to tell it what type of API calls to log.AWS CloudTrail is enabled, but you need to configure a trail to start logging API calls.Nothing; AWS CloudTrail is enabled and configured by default.You need to enable AWS CloudTrail to begin recording API calls.Your security team has asked you to ensure that all API calls are being logged. You know that you can use AWS CloudTrail to accomplish this. What do you need to do next?
AWS CloudTrail is enabled, but you need to tell it what type of API calls to log.AWS CloudTrail is enabled, but you need to configure a trail to start logging all API calls.Nothing; AWS CloudTrail is enabled and configured by default.You need to enable AWS CloudTrail to begin recording API calls.Your security team wants to ensure that all activity within the AWS Management Console is recorded. What is the best solution that meets this goal?
AWS Trusted AdvisorAmazon CloudWatch LogsAWS CloudTrailAmazon CloudWatchYou are the system administrator for a rapidly growing company. While you only have resources in one region currently, you know that you will expand into other regions soon. How can you ensure that API calls are captured automatically for any new regions that are added? (Choose two.)
Select Global from the region drop-down, then create the trail.Select the existing region in the trail configuration page.Select Yes to apply to all regions in the trail configuration page.In the CLI, you set the parameter IsMultiRegionTrail to True.You can’t automatically add new regions to an AWS CloudTrail trail.Your boss wants you to create two separate trails in Amazon CloudWatch, one for management and one for data. Can you create the trails in the way that your boss wants you to?
Yes, you can create two separate trails and separate management activity from data activity.No, you can’t put management and data traffic into separate trails or create multiple trails.No, you can’t put management and data traffic into separate trails, though you can create multiple trails.No, you can’t create multiple trails, though you can separate management and data activity.Your security team has required that you encrypt your AWS CloudTrail log files. What do you need to do to ensure that they are encrypted and only accessible to those who need to review them?
Nothing; you can’t encrypt AWS CloudTrail log files.Nothing; they are encrypted with S3 SSE by default.They are encrypted by default using S3 SSE; you can use S3 bucket policies or IAM to control access.You need to enable encryption in S3 so that the AWS CloudTrail log files are encrypted.Your security team has made the requirement that controls need to be implemented to prevent accidental deletion of AWS CloudTrail log files. What is the best solution for this?
Restrict access to the S3 bucket.Enable MFA Delete.Enable versioning.Use lifecycle policies to archive deleted objects.Your legal team has asked you to ensure that AWS CloudTrail log files are only retained for 90 days. What can you do to meet their needs?
You can’t adjust the retention time frame on AWS CloudTrail log files.You make the change in AWS CloudTrail to reflect the 90-day rule.You make the change in Amazon CloudWatch to reflect the 90-day rule.You make a lifecycle rule in S3 to delete log files older than 90 days.Your developers are checking an AWS CloudTrail log file troubleshooting their work. They are complaining that API calls they are making are not showing up until 15 minutes later. What can you do to remediate this issue?
The AWS CloudTrail trail is not configured properly; you need to reconfigure it to log items faster.There is nothing to remediate; AWS CloudTrail log files typically get an event around 15 minutes after the API call.You should change the timing between the delivery of the event and the occurrence of the event to 5 minutes.You should change the timing between the delivery of the event and it occurring to 1 minute.You look in your S3 bucket where AWS CloudTrail stores its log files and you notice that there are no log files during the late evening hours. What is the most likely cause for the missing log files?
There was no API activity during this time frame.There was a misconfiguration in AWS CloudTrail.You don’t have permissions to view the log files.AWS CloudTrail doesn’t have the access it needs to write the log files.Your security team has asked for you to provide a way to validate that AWS CloudTrail log files have not been modified since being placed in the S3 bucket. What can you do to prove that the files have not been changed with the least amount of administrative effort?
Enable encryption in Amazon S3.Create an AWS Lambda function to check the hashes every hour and compare against a database of the original hashes.Enable AWS CloudTrail log file integrity validation.Manually hash the files and check against known hashes.Your security team wants to ensure that AWS resources are built according to the organizational standards that have been set. How can you prove to your security team that your systems are using the desired configurations?
Use Amazon CloudWatch.Use AWS CloudTrail.Use AWS Config.Use AWS Lambda.Your legal department wants to know anytime a configuration change is made on one of their systems. They want to receive a notification when the change is made. How can you ensure that the legal department is aware of any changes made to their server?
Enable Amazon CloudWatch and create an SNS topic; subscribe them to the topic.Enable AWS CloudTrail and create an SNS topic; subscribe them to the topic.Enable AWS Config and create an SNS topic; subscribe them to the topic.Enable AWS Config and create an SMS topic; subscribe them to the topic.One of your critical applications just suffered an outage. It is suspected that a change caused the outage but there is no scheduled change in your change management calendar. How can you figure out who made the change and what the change was?
Use Amazon CloudWatch to check for events that happened around the time of the outage.Use AWS CloudTrail to look at any of the API calls made around the time that it is believed the change occurred to see who made the change and what the change was.Setup AWS Config to send a message to an SNS topic when any config changes are made.Use AWS Config to view the configuration history of the resource that suffered the outage and AWS CloudTrail to see who made the change.You are the system administrator in charge of your organization’s AWS resources. You work for a hospital and have been asked by the internal audit team for a report that proves that you have implemented the proper controls to maintain HIPAA compliance. How can you do this within AWS?
Create rules that evaluate your systems for the desired controls in AWS Config.Use AWS CloudTrail to check for inappropriate API calls.Use Amazon CloudWatch to monitor for compliance.There is no automated tool; you must do it all manually.You are the system administrator for your organization in charge of its AWS infrastructure. You have configured the desired configurations for your systems. You want to ensure that systems are never out of compliance. Can you prevent users from making changes with AWS Config?
Yes, select the Enforce option when you set up AWS Config.Yes, it does it automatically without any further interaction.No, AWS Config is only able to monitor configurations, not change them.No, AWS Config doesn’t monitor configuration drift.You have multiple accounts under AWS Organizations. You want to combine the results of AWS Config under AWS Organizations. How can you do this?
Create an aggregator in one of the regions that you want to monitor.Create an aggregator in AWS Organizations.You can’t view the AWS Config data from multiple regions, though you can view it for multiple regions.You can’t view the AWS Config data from multiple regions or accounts in one area.You have multiple accounts under AWS Organizations. You want to combine the results of AWS Config under one of the regions that most of your resources reside in. How can you do this?
Create an aggregator in one of the regions that you want to monitor.Create an aggregator in AWS Organizations.You can’t view the AWS Config data from multiple regions, though you can view it for multiple regions.You can’t view the AWS Config data from multiple regions or accounts in one area.You want to ensure that AWS Config is enabled for all three regions that your organization is using. How would you enable AWS Config for all three regions?
It is automatically enabled for all regions.You need to enable it once for all regions.You need to enable it once per region.You can’t use AWS Config for that many regions.Your security team has asked you to make sure that any changes to the desired configurations in AWS Config are monitored so that they know who made the change. Which product can be used to achieve this request?
AWS ConfigAmazon CloudWatchAWS CloudTrailAWS IAMYou currently have 145 individual AWS Config rules built for your organization’s environment. You need to make 10 more rules for new criteria that your legal team wants you to monitor for. Will you be able to create 10 more rules?
Yes, you can create unlimited rules.Yes, but you will need to request an increase on the limit from AWS.No, because you can’t have more than 150 rules.No, because you can’t add more rules.Your boss wants you to set up a periodic rule in AWS Config, and they want it to run every 6 hours. How should you respond to this request?
Set up the periodic rule for 3 hours because you can’t set it to 6.
