Q20 — AWS DOP-C02 Ch.3
Question 20 of 100 | ← Chapter 3
A company uses AWS and operates a VPC containing critical compute infrastructure with predictable traffic patterns. The company has configured VPC Flow Logs, published to a log group in Amazon CloudWatch Logs. The DevOps team needs to configure a monitoring solution for VPC Flow Logs to detect anomalies in network traffic to the VPC within one minute. When an anomaly is detected, the company must be able to initiate a response. How should the DevOps team configure the monitoring solution to meet these requirements?
- A. Create an Amazon Kinesis data stream. Subscribe the log group to the data stream. Configure Amazon Kinesis Data Analytics to detect anomalies in the log stream. Create an AWS Lambda function as the data stream output. Configure the Lambda function to write to the default Amazon EventBridge event bus when an anomaly is detected.
- B. Create an Amazon Kinesis Data Firehose delivery stream to deliver events to an Amazon S3 bucket. Subscribe the log group to the delivery stream. Configure Amazon Lookout for Metrics to monitor the S3 bucket for anomalies. Create an AWS Lambda function to run in response to anomaly detection. Configure the Lambda function to publish to the default Amazon EventBridge event bus. ✓
- C. Create an AWS Lambda function to detect anomalies. Configure the Lambda function to publish events to the default Amazon EventBridge event bus if an anomaly is detected. Subscribe the log group to the Lambda function.
- D. Create an Amazon Kinesis data stream. Subscribe the log group to the data stream. Create an AWS Lambda function to detect log anomalies. Configure the Lambda function to write to the default Amazon EventBridge event bus when an anomaly is detected. Set the Lambda function as the data stream processor.
Correct Answer: B. Create an Amazon Kinesis Data Firehose delivery stream to deliver events to an Amazon S3 bucket. Subscribe the log group to the delivery stream. Configure Amazon Lookout for Metrics to monitor the S3 bucket for anomalies. Create an AWS Lambda function to run in response to anomaly detection. Configure the Lambda function to publish to the default Amazon EventBridge event bus.
Explanation
This question tests selection of an appropriate AWS monitoring and anomaly detection architecture. Amazon Kinesis Data Firehose reliably delivers log data to S3; Amazon Lookout for Metrics is a managed ML-based service designed specifically to detect anomalies in time-series data (e.g., flow log metrics stored in S3). Upon anomaly detection, triggering a Lambda function for response and routing via EventBridge satisfies automation requirements. Option B correctly combines these services. Other options lack a managed anomaly detection capability (A, C, D) or mismatch real-time monitoring needs with batch-oriented or non-ML approaches.