DOP-C02 · Question #245
DOP-C02 Question #245: Real Exam Question with Answer & Explanation
The correct answer is C: Create an Amazon CloudWatch Logs metric filter to match root user login events. Configure a. Explanation To monitor root user activity across an AWS Organization, you need three components working together: CloudTrail to capture the events, CloudWatch Logs metric filters to trigger alerts, and CloudWatch dashboards to visualize activity. Option E is correct because an AW
Question
A company uses AWS Organizations to manage its AWS accounts. The company wants its monitoring system to receive an alert when a root user logs in. The company also needs a dashboard to display any log activity that the root user generates. Which combination of steps will meet these requirements? (Choose three.)
Options
- AEnable AWS Config with a multi-account aggregator. Configure log forwarding to Amazon
- BCreate an Amazon QuickSight dashboard that uses an Amazon CloudWatch Logs query.
- CCreate an Amazon CloudWatch Logs metric filter to match root user login events. Configure a
- DCreate an Amazon CloudWatch Logs subscription filter to match root user login events. Configure
- ECreate an AWS CloudTrail organization trail. Configure the organization trail to send events to
- FCreate an Amazon CloudWatch dashboard that uses a CloudWatch Logs Insights query.
Explanation
Explanation
To monitor root user activity across an AWS Organization, you need three components working together: CloudTrail to capture the events, CloudWatch Logs metric filters to trigger alerts, and CloudWatch dashboards to visualize activity. Option E is correct because an AWS CloudTrail organization trail captures API activity (including root logins) across all accounts and sends logs to CloudWatch Logs. Option C is correct because a CloudWatch Logs metric filter can detect root login events and trigger an alarm/alert via Amazon SNS. Option F is correct because a CloudWatch dashboard using CloudWatch Logs Insights queries provides a native, integrated way to display root user log activity.
Why the distractors are wrong:
- Option A is wrong because AWS Config tracks resource configuration changes, not login events - it's not designed for user activity monitoring.
- Option B is wrong because Amazon QuickSight is a separate BI tool that doesn't natively integrate with CloudWatch Logs for real-time log querying; CloudWatch's own dashboard is the appropriate native tool.
- Option D is wrong because a subscription filter streams logs to destinations like Lambda or Kinesis for processing - it's useful for routing data, not for creating alerts or dashboards directly.
Memory Tip
Think "Trail → Filter → Dashboard": CloudTrail captures events, a metric filter alerts on them, and a CloudWatch dashboard displays them - three sequential steps forming a complete monitoring pipeline.
Topics
Community Discussion
No community discussion yet for this question.