During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs. Which steps can the Security Engineer take to troubleshoot this issue? (Choose two.)
A.
Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.
B.
Log in to the AWS account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the ג€Alertingג€ state and restart them using the EC2 console.
C.
Verify that the EC2 instances have a route to the public AWS API endpoints.
D.
Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.
E.
Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.
"If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a private connection between your VPC and CloudWatch Logs. You can use this connection to send logs to CloudWatch Logs without sending them through the internet."
Hence, without a private connection through a interface VPC endpoint, even though CloudWatch is native service you still have to route it through internet API call via an internet gateway.
A and C are the correct ones. However, as usual, we are not sure about the more correct options. In this case, we have to discard B because the "alerting state" doe s exist. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceState.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html There's ongoing instance status check, you can get a memory leak which in turn can cause kernel panic, so you end up without running CloudWatch agent. With C - all the instances will be affected as you are attaching routing tables directly on subnets instad of VMs, that doesn't make sense.
A. Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.
C. Verify that the EC2 instances have a route to the public AWS API endpoints.
D, E SNS topic and SNMP are not relevant. B. There is no such EC2 "Alert" state.
=> A, C
CloudWatch agents will connect to AWS CloudWatch Logs service by internet through CloudWatch Public API endpoint, except you reconfigure private endpoint.
Why not B? The status of the EC2 alarm might be indicating that there is a problem with that instance that was being monitored. C has nothing to do with an EC2 instance. The link of VPC mentioned is to log VPC with Cloudwatch and is also not related to EC2. Also there is the word "Some" indicating that not all EC2 are affected. I think A&B are correct.
It`s a distractor.
first there`s no alerting state for ec2.
second the ec2 is not sending logs to cloudwatch so how could we see it`s state in cloudwatch console?.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ayusef
Highly Voted 3 years, 7 months agovnsuk
3 years, 6 months agoDaniel76
3 years, 6 months agosanjaym
Highly Voted 3 years, 6 months agoArad
Most Recent 11 months, 1 week agoArad
11 months, 3 weeks agoliuyomz
1 year, 9 months agomatrpro
2 years agozeeke
2 years, 3 months agowhichonce
2 years, 4 months agohubekpeter
2 years, 5 months agodcasabona
2 years, 9 months agoTigerInTheCloud
3 years, 1 month agoRadhaghosh
3 years, 3 months agokiev
3 years, 6 months agoChauPhan
3 years, 6 months agoeskimolander
3 years, 6 months agoalghoundar
3 years, 3 months agoChauPhan
3 years, 6 months agoHungdv
3 years, 7 months agoEdgecrusher77
3 years, 7 months ago