Dynatrace-Associate Dynatrace Associate Certification Exam Questions and Answers

To enable automatic anomaly detection in Kubernetes:

Connect Dynatrace to the Kubernetes API to gather cluster data

Deploy OneAgent (via container/Docker/Operator) to monitor nodes and workloads

Enable Kubernetes anomaly detection settings in Dynatrace

This allows Dynatrace to automatically detect issues like CPU saturation.

RUM is unrelated to infrastructure anomaly detection.

Objective

Create a dashboard in the new Dynatrace platform (NOT Classic) that shows:

Memory usage

For all pods

In easytrade namespace

Summed into a single metric

Timeframe = Last 30 minutes

Dashboard name = EasyTrade memory usage

???? STEP-BY-STEP EXECUTION

???? Step 1: Open Dashboards (New Platform)

Go to: ???? Dashboards & Notebooks

Click: ???? Dashboards

Click: ???? Create Dashboard

???? Step 2: Name the Dashboard

Set name exactly as: ???? EasyTrade memory usage

⚠️ Match spelling exactly (case-sensitive matters sometimes)

???? Step 3: Add a Tile

Click: ???? Add Tile

Select: ???? Data Explorer

???? Step 4: Select the Correct Metric

In the metric selector:

???? Choose:

Kubernetes container memory usage

Typical metric:

builtin:kubernetes.container.memory.usage

???? Step 5: Apply Namespace Filter

Add filter: ???? Kubernetes Namespace = easytrade

⚠️ This is CRITICAL (without this → wrong answer)

???? Step 6: Aggregate Data (MOST IMPORTANT STEP)

Set: ???? Aggregation = SUM

✅ This ensures:

All pods memory = ONE combined value

???? Step 7: Remove Splitting

Ensure: ???? No Split by anything (pod/container/etc.)

⚠️ If you see multiple lines → YOU DID IT WRONG

???? Step 8: Choose Visualization

Pick one:

✅ Single value tile (BEST for exam)

OR simple graph (no split)

???? Step 9: Set Timeframe

Top right of dashboard:

???? Set:

Last 30 minutes

???? Step 10: Save Dashboard

Click: ???? Save

Dynatrace recommends selecting the appropriate OneAgent mode depending on the role of the host:

Infrastructure mode is recommended when only host-level monitoring is required with minimal overhead

Full-Stack mode is used when deep monitoring is needed, including process-level visibility and full observability

Options like Full support , Discovery , and Half stack are not valid OneAgent monitoring modes in Dynatrace.

Dynatrace defines three main types of user actions:

Load Actions – full page loads

XHR Actions – background requests (AJAX/fetch)

Custom Actions – user-defined actions

Click Actions are not a separate action type; clicks are typically captured within other action types such as load or custom actions.

When Dynatrace detects that a vulnerable component is exposed to the internet, it highlights this in the risk assessment by marking it with “public internet exposure.”

This indicates:

The vulnerability is not just present

But also externally accessible , increasing its severity and exploitability

This context is critical in prioritizing security issues, as publicly exposed vulnerabilities pose a significantly higher risk.

Other options are incorrect:

Dynatrace does show this information

Tagging alone is not the primary method of indicating exposure

Email alerts are configurable but not the defining behavior

Private Synthetics are used to monitor internal applications that are not publicly accessible.

They run from:

Private locations within your network

Behind firewalls

This allows monitoring of internal-only systems securely.

The Security Investigator app in Dynatrace is designed for advanced security analysis and threat investigation using Dynatrace Query Language (DQL).

It enables users to:

Run and chain multiple queries across logs, metrics, traces, and events

Correlate different data types stored in Grail

Perform deep investigations into potential security incidents

This query-driven approach allows analysts to explore data relationships and uncover threats efficiently.

Other options describe capabilities not related to this app:

Credential vault checks are unrelated

Session investigation is part of RUM and Session Replay

Memory profiling is not a feature of Security Investigator

Waterfall analysis provides a detailed breakdown of all resource requests triggered by a user action, including timing for each request.

It allows developers to:

See exactly how long each resource takes to load

Analyze dependencies between requests

Identify bottlenecks in frontend performance

This is especially useful for analyzing resource loading triggered by actions such as button clicks.

Other options:

Web application view provides overview data

User Session Query Language is for querying session data

User action analysis provides aggregated insights, not detailed request timing

Dynatrace uses DQL (Dynatrace Query Language) to query Business Event data stored in Grail.

DQL enables:

Querying across logs, metrics, traces, and business events

Advanced filtering, aggregation, and correlation

Unified analysis across all observability and business data

Grail is the data platform, not a query language.

SQL is not used in Dynatrace for this purpose.

USQL is legacy and not used for Grail-based querying.

OpenKit is used for custom instrumentation when standard agents are not supported.

It enables:

Tracking user sessions

Sending custom telemetry data

Monitoring IoT or unsupported environments

Log Security Context in Dynatrace allows restricting access to specific logs based on user roles and permissions.

It enables:

Fine-grained access control over log data

Segmentation of logs based on teams or responsibilities

Secure handling of sensitive log information

Other options do not provide this capability:

Log Processing rules transform logs, not control access

SAML configuration handles authentication

OAuth tokens manage API access

Log Viewer is only for viewing logs

If OneAgent cannot be installed, code-level visibility depends on alternative data ingestion methods .

If the service supports OpenTelemetry , trace data can be sent to Dynatrace

This enables partial or full observability depending on the implementation

Therefore:

It is not always possible , but depends on OpenTelemetry support

Other options are incorrect because:

It’s not strictly impossible

Not all services support OpenTelemetry

Dynatrace is compatible with cloud providers via multiple ingestion methods

In Dynatrace Data Explorer , you can configure up to five threshold values for a metric. These thresholds allow users to define multiple levels of severity or ranges for visualization and alerting purposes.

This enables:

Better visualization of metric boundaries

Clear differentiation between normal, warning, and critical states

Enhanced dashboard customization

Options with fewer or more thresholds do not align with the platform’s supported configuration.

Smartscape is the Dynatrace capability that provides a real-time visualization of the entire environment, including all topological dependencies across infrastructure, processes, services, and applications.

It automatically maps and displays relationships between:

Hosts and infrastructure components

Processes running on those hosts

Services and how they communicate with each other

This dynamic topology view allows users to quickly understand dependencies, identify bottlenecks, and analyze the impact of issues across the full stack.

Other options such as “Technologies and Processes classic” and “Services classic” provide filtered or specific views but do not deliver the complete, unified topology visualization. “Dynatrace Extension” is used to extend monitoring capabilities and does not provide topology visualization.

The Business Event Dataflow in Dynatrace follows a structured pipeline that focuses on collecting, handling, and analyzing business events:

Capture – Business events are ingested into Dynatrace from various sources such as applications, APIs, or external systems

Process – The captured data is processed, enriched, and stored within the Dynatrace platform (Grail)

Analyze – Users query and analyze the processed data using tools like dashboards and DQL

Export is not considered a core step in the business event dataflow. While exporting data is possible, it is not part of the primary ingestion-to-analysis pipeline defined in Dynatrace.

Dynatrace categorizes user types primarily into Real Users and Synthetic Users .

Real Users represent actual human users interacting with applications. Their behavior is captured through Real User Monitoring (RUM), which tracks real-time user interactions, performance, and experience.

Synthetic Users are simulated users generated by Synthetic Monitoring. These are automated scripts that mimic user behavior to test availability and performance proactively.

The terms “Robots” and “Human” are not official Dynatrace user type classifications in the platform. Dynatrace specifically uses the standardized categories of Real and Synthetic users for monitoring and analysis.

To analyze logs in Dynatrace, two essential steps are required:

Ingest logs into Dynatrace – logs must first be collected and stored in the platform (Grail)

Use DQL (Dynatrace Query Language) – to query, filter, and analyze the ingested log data

These steps allow users to extract insights, detect issues, and correlate logs with other observability data.

Other options are not part of log analysis:

RUM is for user experience monitoring

Distributed Traces are for request tracking

Operator is for Kubernetes deployment

Multidimensional Analysis for User Actions is designed specifically for deep analysis of user actions with multiple filters and dimensions.

It allows:

Filtering by user action properties

Comparing across geolocations

Aggregating user actions with the same name across applications

Viewing metrics like Visually Complete time and User Action duration

Other tools are less suitable:

USQL is legacy and less flexible

Dashboards are for visualization, not deep filtering

Data Explorer focuses on metrics, not user actions

Notebooks are not optimized for this specific RUM analysis

Dynatrace supports multiple methods for log ingestion :

OneAgent automatically collects logs from monitored hosts and containers

Dynatrace API allows pushing logs directly into the platform

Dynatrace Extensions can be used to ingest logs from specific technologies

Dynatrace Operator is used for Kubernetes deployment, not direct log ingestion.

Dynatrace Hub is a repository for extensions, not an ingestion mechanism itself.

Dynatrace allows configuring problem notifications , including security problems, through multiple integration channels:

Email notifications for direct alerts

Jira integration for creating and tracking issues

ServiceNow integration for IT service management workflows

PagerDuty integration for incident response and alerting

Custom integrations using webhooks or APIs for flexible notification handling

These integrations ensure that security problems are communicated effectively across teams and tools, enabling rapid response and resolution.

Dynatrace event categories include:

Availability

Error

Slowdown

Resource

Custom

Info

Monitoring Unavailable

These categories define different types of detected issues.

Critical and Warning are severity levels, not categories.