AWS Certified DevOps Engineer - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Deploy the Amazon CloudWatch agent on each EC2 instance, configure it to send logs to Amazon CloudWatch Logs, set up a CloudWatch metric filter for user logins, and notify the security team via Amazon SNS if a login is detected.

Option B is the correct answer. By installing the Amazon CloudWatch agent on each EC2 instance and configuring it to push all logs to Amazon CloudWatch Logs, you can create a CloudWatch metric filter specifically designed to detect user logins. This setup ensures that any detected logins trigger a notification to the security team via Amazon SNS. This method is reliable for monitoring and alerting about user logins in a timely manner, which is crucial for meeting the policy requirement of notifying the security team within 15 minutes.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In a highly regulated company, DevOps engineers are restricted from logging into Amazon EC2 instances except in emergencies. The security team must be notified within 15 minutes if a login occurs. Which AWS service configuration will effectively monitor and notify the security team of such logins?

Exam-Like

Last updated: February 4, 2026 at 14:03

Deploy the Amazon Inspector agent on each EC2 instance, subscribe to Amazon EventBridge notifications, and use an AWS Lambda function to detect user login messages, then notify the security team via Amazon SNS.

0.0%

Deploy the Amazon CloudWatch agent on each EC2 instance, configure it to send logs to Amazon CloudWatch Logs, set up a CloudWatch metric filter for user logins, and notify the security team via Amazon SNS if a login is detected.

100.0%

Configure AWS CloudTrail with Amazon CloudWatch Logs, subscribe CloudWatch Logs to Amazon Kinesis, attach an AWS Lambda function to Kinesis to parse logs for user logins, and notify the security team via Amazon SNS if a login is found.

Set up a script on each Amazon EC2 instance to send logs to Amazon S3, configure an S3 event to trigger an AWS Lambda function, which runs an Amazon Athena query to check for logins, and notify the security team via Amazon SNS if a login is detected.