Q51 — AWS DOP-C02 Ch.1

Question 51 of 100 | ← Chapter 1

A company deploys an application in a production VPC within a single AWS account. The application is highly popular and experiences high usage. The security team wants to add additional security, such as AWS WAF, but the product manager is concerned about cost and does not want to approve additional spending unless the security team can demonstrate the necessity of extra protection. The security team notes that some application requests may originate from IP addresses on a deny list. The security team provides the DevOps engineer with this deny list. If any IP address from the deny list accesses the application, the security team wants near-real-time automated notifications so they can document that the application requires enhanced security. The DevOps engineer enables VPC Flow Logs for the production VPC.

Correct Answer: A. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to capture accepted traffic and send data to the log group. Create Amazon CloudWatch metric filters for IP addresses in the deny list. Use the metric filters as input to create CloudWatch alarms. Set the period to 5 minutes and the number of data points to alarm to 1. Use an Amazon Simple Notification Service (Amazon SNS) topic to send alarm notifications to the security team.

Explanation

Option A is the most cost-effective and operationally efficient solution. It leverages native, low-overhead AWS services: VPC Flow Logs (with accepted traffic only), CloudWatch metric filters (lightweight pattern matching), and CloudWatch alarms (simple threshold-based triggering). This avoids expensive, complex infrastructure like OpenSearch clusters (Option C), Athena/QuickSight pipelines (Option B), or Lambda/Athena/S3 orchestration (Option D). Metric filters provide near-real-time detection with minimal latency and cost, and SNS delivers immediate email notifications. All other options introduce unnecessary service dependencies, higher costs, and increased management overhead.