Q55 — AWS DOP-C02 Ch.1

Question 55 of 100 | ← Chapter 1

A company’s application runs on Amazon EC2 instances. The application writes log files recording user login sessions, dates, durations, and source IP addresses. Logs are published to a log group in Amazon CloudWatch Logs. The company is conducting root cause analysis for an incident that occurred the previous day. The company needs to know how many times a specific user logged in over the past seven days.

Correct Answer: C. Create a CloudWatch Logs Insights query that uses an aggregation function to count login occurrences for the username over the past seven days. Run the query against the log group.

Explanation

CloudWatch Logs Insights is purpose-built for ad hoc log analysis and supports on-demand, flexible querying using aggregation functions (e.g., `stats count() by username`). It directly scans raw log data in the specified time range without requiring preconfigured metrics or infrastructure. Option A (metric filters) and Option B (subscriptions) require prior setup and generate ongoing metrics—unsuitable for one-time, retrospective analysis. Option D is invalid because CloudWatch dashboards display metrics, not raw log queries; widgets cannot execute dynamic log filtering. Therefore, Option C is the only solution that meets the need for immediate, accurate, and flexible historical login counting.