Question 2
Domain 1: Design Secure ArchitecturesAn application writes log data to CloudWatch Logs. The operations team needs to be alerted when the word "ERROR" appears more than 10 times in 5 minutes. How should this be configured?
Correct answer: B
Explanation
CloudWatch Logs metric filters can turn log patterns into custom metrics, so a filter for "ERROR" can count each occurrence. An alarm on that metric can then trigger when the count exceeds 10 within a 5-minute period, matching the requirement to alert on repeated errors.
Why each option is right or wrong
A. Use CloudWatch Logs Insights to query for errors and manually check
B. Create a metric filter to count "ERROR" occurrences, then create an alarm on that metric
Amazon CloudWatch Logs metric filters can extract a pattern from log events and publish a custom metric for each match under the CloudWatch Logs service model. The alarm is then created on that metric using a 5-minute period and a threshold of greater than 10, which satisfies the requirement to notify when the term appears more than 10 times in 300 seconds.
C. Export logs to S3 and use Athena to query for errors
D. Use CloudTrail to track error events and create SNS notifications