AWS Certified DevOps Engineer - Professional · Domain 4 · 15% of exam

Monitoring and Logging

Drill 20 practice questions focused entirely on Monitoring and Logging for the AWS DOP-C02 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A company runs a fleet of EC2 instances hosting a Java application that writes structured JSON application logs to local files. The DevOps team must centralize these logs in CloudWatch Logs and, without adding any code to the application, generate a custom CloudWatch metric for the number of log entries whose JSON field "level" equals "ERROR", then trigger an alarm when the error count exceeds a threshold over a 5-minute window. Which approach meets these requirements with the LEAST operational overhead?

Reviewed for accuracy · Report an issue
Question 2 of 20

A DevOps team runs a three-tier web application. Their monitoring setup fires individual CloudWatch alarms for high database CPU, elevated API latency, and increased 5xx errors. During a recent database maintenance event, all three alarms triggered simultaneously, paging the on-call engineer three separate times for what was fundamentally a single underlying issue. The team wants to be paged only once when the database problem causes cascading symptoms, while still keeping the individual alarms for dashboards and troubleshooting. Which approach best meets this requirement?

Reviewed for accuracy · Report an issue
Question 3 of 20

A DevOps engineer manages a payment processing service on EC2. The team wants a CloudWatch alarm on the p99 latency metric (published every minute) to notify the on-call engineer via SNS when the service is genuinely degraded. During load testing they observed that a single elevated 1-minute datapoint occurs frequently due to garbage collection pauses, but these are not real incidents. Real degradation is characterized by latency staying high across most of a 5-minute window. Which alarm configuration best reduces false alarms while still catching sustained degradation quickly?

Reviewed for accuracy · Report an issue
Question 4 of 20

A DevOps team monitors a batch-processing Lambda function that only runs a few times per hour. They created a CloudWatch alarm on a custom 'ProcessingErrors' metric that the function publishes only when an error occurs. During periods when the function runs successfully, no data points are emitted for the metric. The team reports that the alarm frequently transitions to the INSUFFICIENT_DATA state and occasionally sends false alerts. They want the alarm to trigger only when actual errors are reported and to remain stable (not fire) during periods with no data. Which configuration change should they make?

Reviewed for accuracy · Report an issue
Question 5 of 20

A DevOps team runs a fleet of application servers that send logs to a single CloudWatch Logs log group. Support engineers report that intermittent surges in application error messages are only noticed hours later when customers complain. The team wants an automated, low-maintenance way to detect statistically abnormal spikes in the rate of ERROR-level log entries without manually defining static thresholds, since normal error volume varies significantly by time of day. What approach best meets this requirement?

Reviewed for accuracy · Report an issue
Question 6 of 20

A company operates 40 AWS accounts within an AWS Organization. The platform team wants a single monitoring account where engineers can query CloudWatch metrics, logs, and X-Ray traces from all member accounts through unified dashboards, without having to switch roles or log into each source account individually. The solution must scale automatically as new member accounts are added and require minimal per-account configuration. What is the MOST operationally efficient approach?

Reviewed for accuracy · Report an issue
Question 7 of 20

A DevOps team manages 12 microservices, each deployed in its own AWS account under a single AWS Organization. The observability team needs a single CloudWatch dashboard in a central monitoring account that displays CPU and error-rate metrics from all 12 accounts, updated in near real time, without copying metric data or running custom scripts. What is the MOST operationally efficient way to achieve this?

Reviewed for accuracy · Report an issue
Question 8 of 20

A team runs a high-throughput payment service on AWS Lambda. They need per-customer latency and error metrics for thousands of customers, but calling PutMetricData for each customer on every invocation is causing throttling and increasing invocation duration. They want custom metrics generated asynchronously without adding synchronous API calls in the hot path, while keeping the raw structured log data queryable. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 9 of 20

A DevOps team operates a microservices platform where each service runs in a separate AWS account and ships application logs to a CloudWatch Logs log group in its own account. During a recent incident, engineers needed to correlate 5xx error patterns across all services but had to log in to each account individually and run separate queries, which delayed the investigation. The team wants to enable engineers in a central operations account to run a single CloudWatch Logs Insights query spanning log groups in all the service accounts, with the least ongoing operational overhead. Which approach should they implement?

Reviewed for accuracy · Report an issue
Question 10 of 20

A platform team is debugging an intermittent 5xx error in a production microservice running on ECS Fargate. The application writes structured JSON logs to a single CloudWatch Logs log group. During the debugging session, engineers need to watch new log events as they arrive in near real time and dynamically filter for entries where the field 'statusCode' is 503, without repeatedly re-running historical queries or waiting for query completion. Which approach best meets this requirement with the least operational effort?

Reviewed for accuracy · Report an issue
Question 11 of 20

A security team stores VPC Flow Logs in a CloudWatch Logs log group. After a suspected exfiltration attempt, they need to quickly identify the top 10 source IP addresses generating the most REJECTED traffic to a specific destination port over the last 6 hours, and they want to run this ad hoc without provisioning any additional infrastructure. Which approach meets these requirements with the least operational effort?

Reviewed for accuracy · Report an issue
Question 12 of 20

A DevOps team runs a fleet of microservices that write structured JSON logs to a single CloudWatch Logs log group. Every morning an on-call engineer manually opens CloudWatch Logs Insights and runs a saved query to count HTTP 5xx responses grouped by service over the previous 24 hours, then copies the results into a report. Leadership wants this daily aggregation delivered automatically to an S3 bucket without requiring anyone to open the console. Which solution requires the LEAST custom code and operational overhead?

Reviewed for accuracy · Report an issue
Question 13 of 20

A DevOps team runs a fleet of application servers that write structured JSON logs to a single CloudWatch Logs log group. Each log event contains fields for 'statusCode', 'service', and 'region'. The team creates a metric filter to count HTTP 5xx errors and wants the resulting CloudWatch metric to be broken down separately by the 'service' and 'region' field values so they can alarm per-service. After deploying the metric filter with dimensions configured for 'service' and 'region', they notice that some emitted metrics are missing dimension values and total counts appear incomplete. What is the MOST likely cause and correct approach?

Reviewed for accuracy · Report an issue
Question 14 of 20

A company centralizes application logs from dozens of Lambda functions and ECS services into CloudWatch Logs. The compliance team requires that logs be retained for 7 years for audit purposes, but the finance team reports that CloudWatch Logs storage costs have grown significantly because most log groups use the default 'Never expire' retention setting. Engineers only actively query logs from the past 30 days. Which approach minimizes cost while meeting the 7-year retention requirement and preserving query capability for recent logs?

Reviewed for accuracy · Report an issue
Question 15 of 20

A company runs dozens of microservices across multiple accounts, each writing to its own CloudWatch Logs log groups. The security team wants near-real-time streaming of all application logs into a centralized Amazon OpenSearch Service domain in a dedicated logging account, so analysts can query recent events within seconds of them being generated. The solution must scale to hundreds of log groups and require minimal ongoing operational effort. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 16 of 20

A payment processing service on EC2 writes structured JSON application logs to a CloudWatch Logs group. The operations team needs to be paged whenever the application emits more than 10 log entries containing "level":"ERROR" within any 5-minute window. They also need a persistent record of the error count over time so they can graph trends on a dashboard. The solution must avoid running any custom log-scanning code. Which approach meets these requirements with the least operational overhead?

Reviewed for accuracy · Report an issue
Question 17 of 20

A payments team runs a service whose transaction volume has strong daily and weekly seasonality (high during business hours, near-zero overnight and on weekends). They currently have a static CloudWatch alarm on the TransactionCount metric that triggers when the count drops below a fixed threshold. This alarm fires false positives every night and weekend, and it also misses real outages during daytime peaks because the static floor is set too low. The team wants an alarm that automatically adapts to expected traffic patterns and only alerts when volume deviates from the expected range for that time of day. What should they implement?

Reviewed for accuracy · Report an issue
Question 18 of 20

A DevOps team needs to forward specific EC2 state-change events to a third-party incident management SaaS platform via its REST API. The SaaS API requires an OAuth client-credentials token in the Authorization header and enforces a strict limit of 10 requests per second. During large-scale Auto Scaling events, hundreds of EC2 state-change events can be generated in a short burst, and the team is seeing HTTP 429 throttling errors and dropped notifications. Which approach best delivers these events reliably while respecting the API rate limit and handling authentication automatically?

Reviewed for accuracy · Report an issue
Question 19 of 20

A security team operates a centralized audit account. They want all AWS Config compliance-change events and GuardDuty findings emitted from 40 member accounts to be routed to a single custom event bus in the audit account, where a Lambda function processes them. The solution must be event-driven, avoid polling, and follow least-privilege principles. What is the MOST appropriate way to configure this?

Reviewed for accuracy · Report an issue
Question 20 of 20

A DevOps team must automatically enforce cost-allocation tagging on all newly launched EC2 instances across a single account. Whenever an instance transitions to the 'running' state, a Lambda function should verify required tags and apply defaults if any are missing. The solution must be event-driven with minimal latency and require no polling. Which approach best meets these requirements?

Reviewed for accuracy · Report an issue

More DOP-C02 practice

Keep going with the other AWS Certified DevOps Engineer - Professional domains, or take a full timed mock exam.

← Back to DOP-C02 overview