Q68 — AWS DOP-C02 Ch.1

Question 68 of 100 | ← Chapter 1

A highly regulated company has implemented a policy prohibiting DevOps engineers from logging into Amazon EC2 instances except during emergencies. If login does occur, the security team must be notified within 15 minutes. Which solution meets these requirements?

Correct Answer: B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up CloudWatch metric filters to search for user login events. If detected, send notifications via Amazon SNS to the security team.

Explanation

The requirement is real-time detection of EC2 logins and notification within 15 minutes. Option B uses the CloudWatch agent to stream logs directly to CloudWatch Logs, applies metric filters to detect login patterns (e.g., SSH or system auth logs), and triggers SNS notifications immediately upon match — satisfying timeliness, automation, and reliability. Option A relies on Amazon Inspector, which focuses on security assessments, not login auditing. Option C adds unnecessary complexity with Kinesis. Option D introduces latency via S3 storage and Athena querying. Therefore, Option B is optimal.