Q12 — AWS DOP-C02 Ch.3

Question 12 of 100 | ← Chapter 3

A company detects unusual login attempts across many AWS accounts. When multiple failed login attempts occur, a developer or DevOps engineer wants to implement a solution that sends notifications to the company’s security team. The engineer has already created an Amazon Simple Notification Service (Amazon SNS) topic and subscribed the security team to it. Which solution provides the most operational efficiency for delivering notifications?

Correct Answer: A. Configure AWS CloudTrail to deliver management events to an Amazon CloudWatch Logs log group. Create a CloudWatch Logs metric filter to match failed console login events. Create a CloudWatch alarm based on the metric filter. Configure the alarm action to send a message to the SNS topic.

Explanation

AWS CloudTrail records management events—including console login attempts. Delivering management events to CloudWatch Logs enables direct identification of failed login events via metric filters, followed by CloudWatch alarms triggering SNS notifications. This approach leverages native CloudTrail–CloudWatch integration with minimal components. Option B introduces unnecessary complexity with Athena queries and EventBridge rules. Options C and D incorrectly use data events, which do not capture console login events. Option A uses the correct event type and minimal service dependencies, aligning with AWS best practices.