Q79 — AWS DVA-C02 Ch.1

Question 79 of 100 | ← Chapter 1

A company runs an application on AWS. The company deploys the application on Amazon EC2 instances and stores data in Amazon Aurora. The application recently logged a custom application-specific DECRYPT_ERROR error in Amazon CloudWatch Logs. The company discovered this issue only after automated tests—run every 30 minutes—failed. Developers need to implement a solution to monitor these custom errors and send real-time notifications to the development team when they occur in production. Which solution meets these requirements with the lowest operational overhead?

Correct Answer: C. Use Amazon CloudWatch Logs to create a metric filter for the DECRYPT_ERROR pattern. Create a CloudWatch alarm for this metric with a threshold >= 1. Configure the alarm to send notifications via Amazon Simple Notification Service (Amazon SNS).

Explanation

Option C is correct: creating a CloudWatch Logs metric filter for DECRYPT_ERROR and triggering a CloudWatch alarm with threshold >= 1 enables real-time, low-overhead monitoring and notification. Option A misuses CloudTrail (which logs API calls, not log events). Option B introduces polling latency and unnecessary Lambda invocations. Option D adds agent management complexity without benefit over native CloudWatch Logs metric filters.