Read each question carefully and select the best answer.
Click on an answer choice to reveal the explanation.
Focus on understanding the reasoning behind the correct and incorrect answers.
1
A company needs to monitor the memory utilization of its EC2 instances to trigger an Auto Scaling policy. By default, this metric is not available in CloudWatch. What is the most appropriate solution to achieve this?
A. Enable Detailed Monitoring for the EC2 instances.
Incorrect. Detailed Monitoring provides more frequent (1-minute) metric data for existing EC2 metrics like CPU and Network I/O, but it does not add new metrics like memory utilization.
B. Install and configure the CloudWatch Agent on the EC2 instances to send memory metrics as a custom metric.
Correct. The CloudWatch Agent is designed to collect system-level metrics from within the operating system, such as memory usage, disk space, and process statistics, and publish them as custom metrics to CloudWatch.
C. Create a custom script that uses the `free` command and calls the `PutMetricData` API, then run it via a cron job.
Incorrect. While this is technically possible, it is not the *most appropriate* solution. The CloudWatch Agent is the standard, supported, and more robust way to accomplish this without writing and maintaining custom scripts.
D. Use a CloudWatch Logs subscription filter to extract memory data from system logs.
Incorrect. System logs do not typically contain real-time memory utilization data in a format that can be easily extracted to create a reliable metric.
2
An application's health is determined by two factors: the CPU utilization of its web servers and the number of messages in a processing queue. An alert should only be sent if the average CPU utilization is above 80% AND the queue depth is greater than 1000 messages. Which CloudWatch feature should be used to implement this specific alerting logic?
A. Create two separate CloudWatch Alarms, one for CPU and one for queue depth, both pointing to the same SNS topic.
Incorrect. This would send an alert if *either* condition is met, not only when *both* are met simultaneously. This would lead to alarm fatigue.
B. Create a single CloudWatch Alarm that monitors both metrics at the same time.
Incorrect. A standard CloudWatch Alarm can only monitor a single metric.
C. Create a CloudWatch Composite Alarm that uses an AND condition to combine the states of two separate alarms (one for CPU, one for queue depth).
Correct. Composite Alarms are designed for this exact purpose. They allow you to combine the states of multiple other alarms using Boolean logic (AND, OR, NOT) to create more sophisticated alerting rules and reduce alarm noise.
D. Use a CloudWatch Events/EventBridge rule to trigger a Lambda function that checks both metric values.
Incorrect. This is an overly complex solution. While possible, it requires custom code and infrastructure, whereas Composite Alarms provide this functionality natively within CloudWatch.
3
A DevOps engineer needs to search through application logs to find all error messages that occurred in the last 24 hours, count them by error type, and display the results in a dashboard. Which CloudWatch feature is best suited for this task?
A. CloudWatch Metrics with a custom metric filter.
Incorrect. While metric filters can extract patterns from logs and create metrics, they don't provide the interactive querying and detailed log analysis capabilities needed for this task.
B. CloudWatch Logs Insights to query and analyze the logs.
Correct. CloudWatch Logs Insights is an interactive query service that enables you to search, analyze, and visualize your logs. You can write queries to filter error messages, aggregate by error type, and display results in dashboards.
C. Export logs to S3 and use Amazon Athena to query them.
Incorrect. While this approach works, it's more complex and has higher latency than using CloudWatch Logs Insights, which is purpose-built for real-time log analysis.
D. Use CloudWatch Events to capture log entries and process them with Lambda.
Incorrect. CloudWatch Events (EventBridge) is for event-driven architectures, not for querying and analyzing historical log data.
4
A company wants to create a single dashboard that displays EC2 metrics from US-East-1, database metrics from EU-West-1, and S3 metrics from AP-Southeast-1. Which CloudWatch feature enables this requirement?
A. CloudWatch does not support cross-region dashboards; separate dashboards are required for each region.
Incorrect. CloudWatch does support cross-region dashboards, allowing you to display metrics from multiple regions in a single view.
B. Use CloudWatch Cross-Region Dashboards to display metrics from multiple regions.
Correct. CloudWatch dashboards support displaying metrics and alarms from different AWS Regions in a single dashboard, providing a global view of your infrastructure.
C. Replicate all metrics to a single region using Lambda functions, then create a dashboard in that region.
Incorrect. This is unnecessarily complex. CloudWatch natively supports cross-region dashboards without requiring metric replication.
D. Use CloudWatch Contributor Insights to aggregate metrics across regions.
Incorrect. Contributor Insights is used to analyze high-cardinality data and identify top contributors, not for cross-region metric aggregation.
5
An e-commerce application needs to track the number of successful checkout transactions as a business metric. This metric should be available in CloudWatch for alarming and dashboards. What is the recommended approach?
A. Log each transaction to CloudWatch Logs and use a metric filter to count occurrences.
Incorrect. While this works, it's not the most direct approach. Metric filters add complexity and latency compared to publishing custom metrics directly.
B. Use the PutMetricData API to publish custom metrics directly from the application.
Correct. Publishing custom metrics using PutMetricData is the recommended approach for application-level business metrics. This provides real-time data directly to CloudWatch with minimal latency.
C. Store transaction counts in a DynamoDB table and query it periodically.
Incorrect. This doesn't integrate with CloudWatch and would require additional infrastructure to expose the data as CloudWatch metrics.
D. Use AWS X-Ray to trace transactions and extract the count.
Incorrect. X-Ray is designed for distributed tracing and performance analysis, not for tracking business metrics as CloudWatch metrics.
6
A company needs to retain high-resolution CloudWatch metrics (1-second granularity) for 30 days for compliance purposes. What should they know about this requirement?
A. High-resolution metrics can be configured to retain for 30 days in CloudWatch settings.
Incorrect. CloudWatch metric retention periods are fixed and cannot be customized. High-resolution metrics are only retained for 3 hours.
B. Use CloudWatch Logs to store the high-resolution data for 30 days.
Incorrect. CloudWatch Logs is for log data, not metric data. This would require converting metrics to logs, which is not appropriate.
C. High-resolution metrics are only retained for 3 hours. Export the data to S3 for long-term retention.
Correct. CloudWatch retains high-resolution metrics (less than 60 seconds) for only 3 hours. For longer retention, you must export the metric data to Amazon S3 or another storage solution.
D. Convert high-resolution metrics to standard resolution (1-minute) to get 15-day retention.
Incorrect. You cannot convert metric resolution after publication. You would need to republish the data at standard resolution, which doesn't meet the requirement for 1-second granularity.
7
A Solutions Architect needs to send CloudWatch Logs from multiple log groups to a central security analysis system in near real-time. What is the most appropriate solution?
A. Use metric filters to extract data and send it via SNS.
Incorrect. Metric filters convert log data into metrics, not forward raw log data. SNS is also not designed for streaming log data.
B. Configure subscription filters on the log groups to stream data to Amazon Kinesis or Lambda.
Correct. Subscription filters provide real-time access to log events and can deliver them to Kinesis Data Streams, Kinesis Data Firehose, or Lambda for processing and forwarding to external systems.
C. Export logs to S3 every hour and process them in batches.
Incorrect. Exporting to S3 is a batch operation with significant latency (up to 12 hours), not suitable for near real-time requirements.
D. Use CloudWatch Events to trigger on new log entries.
Incorrect. CloudWatch Events (EventBridge) doesn't natively trigger on individual log entries. Subscription filters are the correct mechanism for streaming logs.
8
An application publishes 25 different custom metrics to CloudWatch using a single PutMetricData API call. What will happen?
A. All 25 metrics will be successfully published.
Incorrect. CloudWatch has a limit of 20 metrics per PutMetricData call. This request would fail or only partially succeed.
B. The API call will fail because the limit is 20 metrics per PutMetricData request.
Correct. CloudWatch enforces a hard limit of 20 metrics per PutMetricData API call. To publish 25 metrics, you would need to split them across two API calls.
C. Only the first 20 metrics will be published; the rest will be silently dropped.
Incorrect. CloudWatch doesn't silently drop data. The API call would return an error indicating the request exceeded limits.
D. The metrics will be queued and published eventually.
Incorrect. CloudWatch doesn't queue requests that exceed limits. The application is responsible for batching within limits and handling failures.