Q32 — AWS DOP-C02 Ch.2
Question 32 of 100 | ← Chapter 2
A company uses AWS WAF to protect its cloud infrastructure. A DevOps engineer needs to enable the operations team to analyze log messages from AWS WAF. The operations team also needs to create alerts for specific patterns in the log output. Which solution meets these requirements with minimal operational overhead?
- A. Create an Amazon CloudWatch Logs log group. Configure the appropriate AWS WAF web ACL to send logs to the log group. Guide the operations team to create CloudWatch metric filters. ✓
- B. Create an Amazon OpenSearch Service cluster and appropriate index. Configure an Amazon Kinesis Data Firehose delivery stream to deliver log data to the index. Use OpenSearch Dashboards to create filters and widgets.
- C. Create an Amazon S3 bucket for log output. Configure AWS WAF to send log output to the S3 bucket. Instruct the operations team to create an AWS Lambda function to detect each required log pattern. Configure the Lambda function to publish to an Amazon Simple Notification Service (Amazon SNS) topic.
- D. Create an Amazon S3 bucket for log output. Configure AWS WAF to send log output to the S3 bucket. Use Amazon Athena to create an external table definition matching the log message pattern. Guide the operations team to write SQL queries and create Amazon CloudWatch metric filters for Athena queries.
Correct Answer: A. Create an Amazon CloudWatch Logs log group. Configure the appropriate AWS WAF web ACL to send logs to the log group. Guide the operations team to create CloudWatch metric filters.
Explanation
AWS WAF log analysis requires a lightweight integration solution. CloudWatch Logs natively receives WAF logs, and metric filters can extract specific patterns and emit custom metrics, which can then trigger CloudWatch Alarms for real-time alerting—requiring no additional data processing infrastructure. All other options introduce unnecessary complexity: option C adds custom Lambda logic and SNS orchestration; option D adds S3 storage, Athena query setup, and extra CloudWatch metric filter configuration; option B requires managing an OpenSearch cluster and Kinesis Data Firehose pipeline. Only option A delivers the required functionality with zero infrastructure maintenance and minimal operational overhead.