DPN Support Specialist Certification Exam

1)A common issue that users experience with log monitoring is they can see their logs appear in the Livetail, but those logs are not showing in the Log Explorer. This means
they cannot perform any analysis on those logs.
What are the four common causes?
✘ The log timestamp is outside of the allowed range.
✘ The logs are submitted with reserved attributes.
✘ There are exclusion filters.
✘ The daily quota has been reached.

The user does not have the privilege to view the logs.
The log contains sensitive information such as passwords and credit card numbers.

2) A metric is a generic term and is identified by the name only. It differs from a datapoint which is more specific with various properties.
Which of the following is NOT a property of a datapoint? (Choose one).
type
name
value
✘ size

timestamp
tag(s)

3) Conf.d is the configuration directory that contains all the configuration files for the Agent checks.
All config files are in what format?
.json
.tomi
✘ .yaml

.cfg
.ini

4) There are timestamp restrictions on the logs submitted to Datadog. If logs sent to Datadog have a timestamp that is too old, or the timestamp is too far in the future, the
logs will not be processed.
The timestamp of logs need to be within what range?
Between 12 hours in the past and 12 hours in the future.
Between 18 hours in the past and 8 hours in the future.
Between 6 hours in the past and 6 hours in the future.
Between 8 hours in the past and 2 hours in the future.
✘ Between 18 hours in the past and 2 hours in the future.

5) The Trace Agent is built and packaged with the Datadog Agent. It is responsible for various tasks around APM data like keeping track of traces received from the tracing client
and sending those traces to the Datadog platform.
When troubleshooting the Datadog Agent, what information should you collect? (Choose two).
Tracing Client Startup logs
✘ Debug or trace level flare
✘ Environment description

6) Facets allow you to perform analysis on the logs you have indexed. In the Log Explorer, you can use them to search your logs, define log patterns and perform log analytics.
You can create facets for any attributes you need.
Choose the correct statement.
✘ You need to be careful when creating a facet because it will only apply to new logs and historical logs will not appear in searches and analysis.

You need to be careful when creating a facet because it will apply retroactively to historical logs and they will appear in searches and analysis.

7) A flare can be very useful for troubleshooting issues. However, a flare won’t help solve all issues.
A flare can help you to identify: (Choose two)
Issues with the UI
✘ Issues with checks run by the Agent

Issues with installing the Agent

✘ Issues with the Agent

Issues with cloud integrations / crawler issues

8) The SAML configuration in Datadog provides a feature called SAML Strict Mode. When SAML strict mode is enabled, it ensures that all users with access to Datadog must
have valid credentials in your company’s identity provider/directory service to access their Datadog account. You notice users are not able to log into their Datadog account.
Why? (Choose two)
✘ The Identity Provider (IdP) is down.
✘ Users must login using SSO.

Users are typing their passwords incorrectly.

9) When graphing a metric, you can normally choose the metric name from the metric field dropdown list. Sometimes, the metric name does not appear in the list and you
need to type in the name.
Why doesn’t the metric name always appear in the list?
✘ Only metrics collected within the past 24 hours appear in the list.

The list only shows recently accessed metrics.

The list is dynamic and only shows popular metrics used in dashboards and monitors.
The list is alphabetical and only shows the top 10 metrics for each letter.

10) The Flush interval is the period of time where the DogStatsD client aggregates multiple data points for a unique metric, into a single data point.
By default, how long is this interval?
15 seconds
30 seconds
5 seconds
✘ 10 seconds

5 minutes
 60 seconds

11) A flare contains all of the Agent’s configuration files and logs packaged into an archive file. However, before asking for a flare, there are many troubleshooting steps you can
do without a flare.
Choose the five steps.
✘ Check installer log
✘ Check the infrastructure list for integration errors
✘ Check the Event Stream for Agent restarts
✘ Check the infrastructure list for the value of the ntp.offset metric
✘ Use a Notebook with bar graphs to confirm gaps in metric submission

Check the agent.log and status.log

12) When collecting logs, there are some technical specifications to consider, which will help prevent issues of logs not appearing in the Datadog UI.
Which of the following statements are true? (Choose three)
There is an API rate limit of 100GB of log events that can be submitted per hour.
✘ Datadog recommends a log event should not exceed 256KB in size.

There must be direct internet connectivity to Datadog from the host sending logs.
✘ When using the Datadog TCP or HTTP API directly, log events up to 1MB are accepted.
✘ When using the Datadog Agent, log events greater than 256KB are split into several entries.

13) When troubleshooting APM issues at the Datadog Agent stage, there are different log levels you can set depending on the level of detail you need.
Which of the following three levels provides the most detailed information?
✘ TRACE

DEBUG
INFO

14) Each part of the Datadog Agent has its own log file such as the agent.log, process-agent.log and trace-agent.log. These logs rollover when they reach a certain size and
become a backup copy. If there is already a previous backup, it is overwritten with the new copy.
By default, log rollover occurs when the log reaches what size?
✘ 10MB

1GB
1MB
10GB
100MB

15) Before a user can access a Datadog organization for the first time, you should check they have been invited to that organization and the user account is active. Inviting a
user will generate an email with a unique link for them to join.
Where in Datadog can you confirm who invited the user and when?
Security Signals
✘ Event stream

Watchdog
Log Explorer

16) Datadog’s Live Processes gives you real-time visibility into the processes running on your infrastructure. You can break down resource consumption by host/containers at
the process level and query for processes running on a specific host, in a specific zone, or running a specific workload.
This Live Process monitoring is enabled by default.
True
✘ False

17) Special characters in logs are not searchable in logs search. In order to search these special characters, it is recommended to parse them into attributes with the grok parser,
and then search for logs that contain the attribute.
False
✘ True

18) For APM investigations, it is useful to know you can change the log level of the flare to match your needs, based on where you are in the investigation.
Which log level provides more context for what is happening by adding <loglevel> logs to your log files?
✘ DEBUG

TRACE
INFO

19) Live Process Monitors are health checks that return the status of matching processes. This is useful for monitoring the number of processes running on a host or on multiple
hosts. When configuring Live Process Monitors, it’s important to keep in mind how long the live process data is retained for.
How long is the default retention period?
15 minutes
8 hours
✘ 36 hours

24 hours

20) When collecting logs for analysis, it’s common that not all logs are useful and don’t need to be indexed. Exclusion filters can be used to control which logs flowing in your
index should be removed.
Choose the correct two statements.
Excluded logs are discarded from indexes and do not flow through Livetail.
Excluded logs cannot be used to generate metrics and cannot be archived.
✘ Excluded logs can be used to generate metrics and can be archived.

Excluded logs are discarded from indexes, but still flow through Livetail.

21) There are many concepts to understand when it comes to Application Performance Monitoring. To be able to troubleshoot APM issues effectively, you need to understand
what a Span is.
A span represents a logical unit of work in the system for a given period of time. Each span consists of a span.name, start time, duration, and span tags.
Choose the correct statement.
 Spans cannot be nested within each other.
A span contains only one trace.
✘ A span contains one or more traces.
Spans and traces are unrelated.

22) For Log monitoring investigations, it is useful to know the components that affect logs and how they appear in the UI.
Which component applies a list of sequential processors to a filtered subset of incoming logs?
Processor
Attributes
Indexes
✘ Pipeline

Facets

23) When troubleshooting APM issues at the Datadog Agent stage, you may need to ask for more details via a flare.
Which level flare is usually the most useful?
TRACE
✘ DEBUG

INFO

24) The Usage Attribution feature gives visibility into what’s driving product usage. This is useful when you need to know the contribution of usage for chargeback purposes, or
need to monitor the daily usage to control usage spikes and trends. You can report on this usage by tags, such as teams, business units, applications, services, environments
etc.
How many tags can you use simultaneously?
2
✘ 3

5
6
4

25) One of the most important attributes of a log is the log status, such as INFO, WARN, ERROR etc. Sometimes the default status can be incorrect in Datadog but this can easily
be remapped.
What is ONE reason for this status being incorrect?
The status string needs to be lower case.
✘ Only the first character of the status string is used to determine the log status.

The status string needs to be upper case.

The status string is not in English.
All the characters of the status string are used to determine the log status (e.g. warn ≠ warning).

26) Issues with collecting metrics from integrations is commonly due to the configuration. Before commencing detailed troubleshooting, make sure the integration is enabled
and configured correctly.
What should you do next? (Choose three).
✘ Ask for a flare.
✘ Confirm the integration is an Agent Check and not a crawler integration.

Uninstall and reinstall the Datadog Agent.

✘ Confirm the config file is correctly formatted.

Contact the 3rd party vendor support for the integration.

27) All requests to Datadog’s API must be authenticated.

Choose the correct statement.
Requests that write data require both API key and APP key.
Requests that write data require an APP key.
✘ Requests that write data require an API key.

28) It is common to compare the MAX/MIN/SUM metric values in CloudWatch to those seen in Datadog. The values are likely to be different and this is expected.
Why?
✘ CloudWatch will display the raw MAX/MIN/SUM value, while Datadog will show the MAX/MIN/SUM of the AVERAGE values received.

Values shown in Datadog are less accurate and have a degree of variance because our method of extracting the values is different.
There are conflicting duplicate metrics with the same metric name but different values.

29) Using graphs is a useful way to check for gaps in metrics and confirm there is an NTP offset issue. However, when the NTP offset is too large, it can be difficult or impossible
to confirm this in the Datadog UI.
What is the best way to confirm there’s a NTP offset issue with the Agent?
Create a dashboard using the Top List widget showing the NTP offset metric.
✘ Run the Agent Status command to see the NTP offset.

Extend the graphs start time and end time so the graph shows a larger window.

30) As DogStatsD receives data, it aggregates multiple data points for each unique metric into a single data point over a period of time.
What is this period of time called?
Buffer interval
✘ Flush interval

Queue interval
Submission Interval

31) AWS has extensive CloudWatch metrics. Datadog does not collect all statistics (e.g. Min, Max, Sum, Ave, Count, p99 etc) for all CloudWatch metrics. The AWS
documentation is checked for the recommended statistics, and if it’s not specified there, we collect the AVERAGE.
Choose two reasons why Datadog does not collect all statistics.
Only the common statistics requested by our customers are collected.
✘ To significantly reduce the amount of data collected and overall traffic between Datadog and AWS.
✘ Only certain statistics are valuable for what a metric represents.
 To reduce the work of our software engineers.

32) For Log monitoring investigations, it is useful to know the components that affect logs and how they appear in the UI.
Which component executes within a pipeline to complete a data-structuring action on a log?
Attributes
✘ Processor

Pipeline
Facets
Indexes

33) Roles categorize users and define what account permissions those users have, such as what data they can read or what account assets they can modify.
By default, how many roles does Datadog offer?
2
4
✘ 3

5
6
34) The Agent config is the datadog.yaml file. Depending on the operating system, the datadog.yaml file will contain only the explicit variables, OR the full yaml file including
the default values.
Which operating system’s datadog.yaml file shows only the explicitly set variables?
✘ Linux

Windows

35) A multi-org account consists of a single parent organization and multiple child organizations. Submitting metrics and events to these accounts requires a valid API key.
Choose the correct statement.
The API key used by all child organizations is the same and you only need one valid API key.
✘ API keys are unique to organizations and not interchangeable.

The API key used needs to match the parent organization only.

36) Datadog’s cloud provider integrations (AWS, Azure, GCP, etc) are crawler based.
Choose the two correct statements.
A crawler is simply the Datadog Agent that interacts with an API.
✘ A crawler is a program that runs at a repeated interval that interacts with an API.
✘ A crawler pulls in metrics via APIs.

You do not need to configure anything on the cloud provider’s end.

37) The Agent’s NTP Offset needs to be accurate. Any significant offset can have undesired effects.
Which effects are caused by large NTP Offsets? (Choose three).
✘ Metric delays
✘ Incorrect alert triggers

Agent buffer overload

Agent crashloops
✘ Gaps in graphs of metrics

38) Just in time (JIT) provisioning allows a user to be created within Datadog the first time they try to log in. This eliminates the need for administrators to manually create user
accounts one at a time.
Organizations can configure multiple email domains to enable JIT provisioning for all users of those domains.
False
✘ True

39) For Log monitoring investigations, it is useful to know the components that affect logs and how they appear in the UI.
Which component is a user-defined tag and attribute from your indexed logs that are meant for qualitative or quantitative data analysis?
Pipeline
Processor
Indexes
✘ Facets

Attributes

40) Roles categorize users and define what account permissions those users have, such as what data they can read or what account assets they can modify.
By default, which are the roles that Datadog offers?
Admin, Super User, Read Only
✘ Admin, Standard, Read Only

Admin, Power User, Standard, Read Only

Admin, Modify, Write, Read

41) When troubleshooting issues related to metrics, you may need to validate individual datapoints to ensure they have the correct values.
You can manually run a specific Agent check to see each individual datapoint collected by the Agent.
✘ True

False

42) The Datadog Application (UI) is the final destination for a trace. A potential issue at this point relates to APM data where services and traces are not appearing in the
Datadog Application.
When troubleshooting in the Datadog Platform, what information should you collect? (Choose two).
✘ The Datadog Status Page.

Language and version

✘ Relevant links to the Datadog Application.

Versions of frameworks and libraries used

43) After a user logs into Datadog successfully, they are not able to find items they are looking for such as Dashboards, Monitors, Hosts, saved views etc.
What is a common cause of this?
Their Datadog subscription has expired. Once renewed, all items will be restored and viewable.
Another team member has deleted all their configurations
✘ They have more than one Datadog organization and have logged into the wrong one.

Their Admin role has been changed to a Limited role.

44) When troubleshooting issues related to metrics, you may need to validate individual datapoints to ensure they have the correct values.
You can manually run a specific Agent check to see each individual datapoint collected by the Agent.
be aware of the timezone the related host is located in. ly
✘ be aware of the timezone the browser is set to.

be aware the timezone is displayed as UTC.

45) It is common to compare the MAX/MIN/SUM metric values in CloudWatch to those seen in Datadog. The values are likely to be different and this is expected.
Why?
Values shown in Datadog are less accurate and have a degree of variance because our method of extracting the values is different.
✘ CloudWatch will display the raw MAX/MIN/SUM value, while Datadog will show the MAX/MIN/SUM of the AVERAGE values received.

There are conflicting duplicate metrics with the same metric name but different values.

46) The datadog.yaml file is used to configure the Agent and the runtime_config_dump.yaml can be used to see the configuration the Agent is currently using.
What is the reason these two files can be different?
Changes to the runtime_config_dump.yaml were not duplicated to the datadog yam! file.
Sync issue between the datadog.yaml and the runtime_config_dump.yam| file.
✘ The Agent wasn't restarted after modifying the datadog.yam file.

47) There could be many factors throughout the journey of a log event that prevents it from showing in the Datadog UI.
Assuming the submitted logs can reach Datadog, what are common causes for lqgs not showing up in the UI? (Choose three).
✘ Logs have more than 100 tags.
✘ Log timestamp is older than 18 hours.
✘ Logs have too many attributes.

Logs are not in English

Log timezone is not GMT

48) Datadog provides three login methods. When troubleshooting user login issues, it’s important to know which method they are using to log in.
What are the three login methods?
✘ Username + Password
✘ Google OAuth
✘ SAML

Token-Based Authentication
Multi-Factor Authentication

49) All Datadog API clients are configured to consume which site by default?
✘ https//api.datadoghg.com

https://api.datadoghq.eu
https://api.datadoghg.gov

50) Tracing clients are libraries that are added to the application code which provide visibility into the applications performance.
When troubleshooting the tracing client, what information should you collect? (Choose four).
✘ Language and version
✘ Tracing Client version
✘ Tracing Client debug logs

Agent Flare
✘ Tracing Client Startup logs

51) A daily quota can be set for log monitoring to manage costs. This quota resets automatically at 2:00pm UTC.
What happens once the daily quota is reached? (Choose four)
✘ Metrics can still be generated from logs.
✘ Logs are no longer indexed.

Logs are still indexed.

✘ Logs are still available in Livetail.

Logs are no longer ingested.

✘ Logs are still sent to archives.

52) There are a few ways a user can receive notifications from Datadog monitors (such as email, Pagerduty, Slack, Jira, Webhooks etc) and it’s important to look at which
method was used when troubleshooting why the notification is missing. In the case of email notifications, they are sent from alert@dtdg.co.
What should you check at the receiving end of the notification journey? (Choose two).
✘ Check if the receiving mail server has marked email notifications from Datadog as SPAM before reaching the user’s inbox.

Check the SMTP settings in Datadog for the outgoing mail server is correct.
✘ Check the SPAM filter on the inbox.

Check the incoming email size restrictions as email notifications from Datadog may include large file attachments (such graphs, log files and PDFs)

53) Configuring SAML for your Datadog account lets you and all your teammates log into Datadog using the credentials stored in your organization's Active Directory, LDAP, or
other identity store that has been configured with a SAML Identity provider. You have noticed users can still log into Datadog with their username and password.
Why?
Those users are Admin users and have a “backdoor” way to log in if the Idp is down.
✘ SAML strict mode has not been enabled.

The IdP is not configured correctly.

54) For Log monitoring investigations, it is useful to know the components that affect logs and how they appear in the UI.
Which component provides fine-grained control over your log management budget by allowing you to segment data into value groups?
✘ Indexes
Pipeline
facets
Attributes
Processor

55) If the Agent's NTP Offset is too far from the Datadog service, the server time will need to be synced to a reliable time server.
To prevent incorrect alert triggers, metric delays and gaps in graphs of metrics, the NTP Offset needs to be less than how many seconds?
5 seconds
60 seconds
30 seconds
✘ 15seconds

56) Customers can control their log monitoring costs and protect against unexpected spikes in log volumes by configuring a daily quota.
What is a daily quota?
✘ A hard-limit on the number of logs that are stored within an Index per day.

A hard-limit on the number of Agents that can collect and send logs.
Ahard-limit on the number of logs ingested by Datadog per day.

56) Depending on the issue, a flare can be very useful for troubleshooting issues.
If a customer is having issues with their Webhook integration, should you ask for a flare?
Yes
✘ No

57) Just in time (JIT) provisioning allows a user to be created within Datadog the first time they try to log in. This eliminates the need for administrators to manually create user
accounts one at a time.
This is configured and scoped by email domain, however, the trade off is that you can’t exclude any users from accessing Datadog.
Tue
✘ False

57) For APM investigations, it is useful to know you can change the log level of the flare to match your needs, based on where you are in the investigation.
Which log level provides the output of every single span that the Datadog Agent has accepted?
DEBUG
INFO
✘ TRACE

58) For APM investigations, it is useful to know you can change the log level of the flare to match your needs, based on where you are in the investigation.
Which log level is the default level where you'll see all of the Agent's configuration files and logs packaged into an archive file?
✘ INFO

DEBUG
TRACE

59) Your API keys are unique to your organization. An API key is required by the Datadog Agent to submit metrics and events to Datadog.
How can you check if the Agent has a valid key?
✘ Run the Agent Status command on the host and compare the last 5 characters.

Check the datadog.yaml file and if an API key exists, it means it is valid.
60) The Tracing Client Startup Logs capture all obtainable information at startup.
Choose the two types of information.
Application Logs
Datadog Agent Logs
✘ Datadog Tracer Diagnostic
✘ Datadog Tracer Configuration

Datadog Tracer Language

61) Datadog Agents (v6 & v7) are responsible for collecting infrastructure metrics, logs, and receiving DogStatsD metrics.
The main components to this process are: (Choose two)
The Receiver
✘ The Forwarder

The Sender
✘ The Collector

62) A metric is a generic term and is identified by the name only. It differs from a datapoint which is more specific with various properties.
Which of the following properties are valid and mandatory for a datapoint? (Choose four).
✘ name
✘ timestamp
✘ tag(s)

size
type
✘ value

63) When troubleshooting APM issues at the Datadog Agent stage, you don't always need to rely on logs. There are OTB tracing metrics sent by the Datadog Agent when APM
is enabled. You can use the UI and graph these metrics to give additional insight into the issue.
Which metrics could you use? (Choose two).
datadog.trace_agent.sender.traces_sent
✘ datadog.trace_agent heartbeat

datadog.trace_agent.processed.traces_per_second
✘ datadog.trace_agent.receiver:traces received

datadog.trace_agent.error_count
64) Often a user may advise they did not receive a monitor notification. There could be many causes along the notifications journey to the user.
Before troubleshooting all the possible causes, what should you confirm first on the Monitor Status page? (Choose four).
✘ Confirm where or who the monitor notification was sent to.

Confirm no firewalls are blocking the notification.

✘ Confirm the timestamp on the Event.
✘ Confirm the monitor was not muted.
✘ Confirm that an alert (Event) was generated.

Confirm the user's mail server received notification.

65) The Datadog Agent has the APM tracing agent built in and packaged together. This is configurable in the datadog.yaml file under apm_config.
By default, APM is disabled.
✘ false

True

66) It is important to collect the right information to find missing metrics. This includes the exact name of the metric, the timeframe (or timestamp), the origin and the
submission method.
The Agent version and Datadog account details are not needed.
✘ false

True

67) While troubleshooting Agent issues, you may need more control over the Agent logs. You can change the default location, size, format and rollover.
In which file can you make these changes?
runtime_config_dump.yaml
healthyaml
enwars.log
Config-check.log &
✘ datadog.yaml

68) There are many concepts to understand when it comes to Application Performance Monitoring. To be able to troubleshoot APM issues effectively, you need to understand
what a Trace is.
Atrace is used to track the time spent by an application processing a request and the status of this request.
Choose the correct statement.
Atrace represents a logical unit of work in the system for a given period of time.
Multiple traces make up a span.
A trace cannot consist of multiple spans.
✘ Atrace consists of one or more spans.

69) Datadog has an Alert Rollup function which sends two notifications when an alert is triggering or recovering. Subsequent messages will be rolled up to reduce noise. For
example, the same monitor will not send you 5 notifications for 5 different hosts, but only 1 notification with all 5 hosts in it.
This is only true if the alerts are within how many seconds of each other?
120 seconds
30seconds
✘ 20 seconds

6o seconds

70) Notebooks are useful for capturing troubleshooting information.

To spot gaps in metric submission, which type of graph should you use?
Line graph
Area graph
✘ Bar graph

71) The Agent has seven log levels which can be changed to show more or less detail.
Which is the default log level?
TRACE
CRITICAL
ERROR
✘ INFO

DEBUG
WARN

72) One of the most important properties of a metric is the timestamp. The accuracy of this timestamp can be affected by the NTP Offset of a host.
How can you identify NTP Offset issues for a host? (Choose two).
✘ Look at the ntp.offset metric in the Ul.
✘ Check the datadog-agent status output.

Check the time on https://www.epochconverter.com/

73) When sending metrics using DogStatsD, you need to know the exact metric name and the metric type. A metric’s type affects how the metric values are displayed when
queried because aggregation works differently for each metric type.
Match the following metric type to the correct description.
COUNT - The sum of all received datapoints is sent.
GAUGE - The latest datapoint received is sent.
SET - The number of different datapoints is sent.
HISTOGRAM - The min, max, avg, etc. of all datapoints received is sent.

74) Logs collected will vary in format, complexity and content. Often logs will contain special characters which can complicate tasks you need to perform around those logs.
Special characters can be escaped with the \ character, but are not searchable in logs search.
✘ True

False

75) For Log monitoring investigations, it is useful to know the components that affect logs and how they appear in the UI.
Which component prescribes log facets and tags, which are used for filtering and searching in Log Explorer?
Processor
Indexes
Facets
Pipeline
✘ Attributes

76) The flare contains many log files and knowing which log contains the information you’re looking for will make troubleshooting easier.
Which log would you find information about the Agent version, Log level, NTP offset, OS version and Hostname?
envvars.log
✘ agent.log

status.log
secrets.log
config-check.log (está mal)

77) When troubleshooting Agent integration issues, the traceback error can provide useful information.
How can you see these errors?
Look in the integrations.log file that comes with the Agent flare.
✘ In the UI, go to the Infrastructure list and look for hosts which show “integration issue”.

78) Datadog offers different sites throughout the world. For example, https://app.datadoghq.com and https://app.datadoghq.eu are completely independent, and you cannot
share data across sites.
When submitting metrics and events, the site is not a factor as long as you have a valid API key.
True
✘ False