Q12 — AWS DOP-C02 Ch.3
Question 12 of 100 | ← Chapter 3
A company detects unusual login attempts across many AWS accounts. When multiple failed login attempts occur, a developer or DevOps engineer wants to implement a solution that sends notifications to the company’s security team. The engineer has already created an Amazon Simple Notification Service (Amazon SNS) topic and subscribed the security team to it. Which solution provides the most operational efficiency for delivering notifications?
- A. Configure AWS CloudTrail to deliver management events to an Amazon CloudWatch Logs log group. Create a CloudWatch Logs metric filter to match failed console login events. Create a CloudWatch alarm based on the metric filter. Configure the alarm action to send a message to the SNS topic. ✓
- B. Configure AWS CloudTrail to deliver management events to an Amazon S3 bucket. Create an Amazon Athena query that returns failures if it finds failed logins in the S3 logs. Create an Amazon EventBridge rule to run the query periodically. Create a second EventBridge rule to detect when the query fails and send a message to the SNS topic.
- C. Configure AWS CloudTrail to deliver data events to an Amazon CloudWatch Logs log group. Create a CloudWatch Logs metric filter to match failed console login events. Create a CloudWatch alarm based on the metric filter. Configure the alarm action to send a message to the SNS topic.
- D. Configure AWS CloudTrail to deliver data events to an Amazon S3 bucket. Configure Amazon S3 event notifications for the s3:ObjectCreated event type. Filter for failure events. Configure the event notification to forward to the SNS topic.
Correct Answer: A. Configure AWS CloudTrail to deliver management events to an Amazon CloudWatch Logs log group. Create a CloudWatch Logs metric filter to match failed console login events. Create a CloudWatch alarm based on the metric filter. Configure the alarm action to send a message to the SNS topic.
Explanation
AWS CloudTrail records management events—including console login attempts. Delivering management events to CloudWatch Logs enables direct identification of failed login events via metric filters, followed by CloudWatch alarms triggering SNS notifications. This approach leverages native CloudTrail–CloudWatch integration with minimal components. Option B introduces unnecessary complexity with Athena queries and EventBridge rules. Options C and D incorrectly use data events, which do not capture console login events. Option A uses the correct event type and minimal service dependencies, aligning with AWS best practices.