DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

Option A is incorrect because EventBridge rules cannot filter events based on the message body or attributes of the target service. Therefore, configuring an SNS subscription filter policy to match the CloudFormation stack will not work. The SNS topic will receive all events from the EventBridge rule, regardless of the stack name or drift status.

Option B is incorrect because it introduces unnecessary complexity and cost. Creating a second Lambda function to query the CloudFormation API for the drift detection results is redundant, since CloudFormation already publishes drift detection events to EventBridge. Moreover, invoking two Lambda functions every hour will incur more charges than invoking one.

Option C is incorrect because GuardDuty does not provide drift detection for CloudFormation stacks. GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior in AWS accounts and workloads. It does not monitor or report on configuration changes or drifts in CloudFormation stacks.

Option D is correct because it leverages AWS Config and its managed rule for drift detection. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It can detect configuration changes and drifts in CloudFormation stacks using the cloudformation-stack-drift-detection-check managed rule. This rule triggers an AWS Config event when a stack drifts from its expected template configuration. By creating a second EventBridge rule that reacts to this event for the specific stack, the DevOps engineer can configure the SNS topic as a target and receive a notification as soon as possible when drift is detected.

The company needs fast, proactive alerts for future performance issues, beyond basic EC2 metrics. Option A provides a complete, AWS-native monitoring pattern aligned with best practices:

Enable detailed monitoring on EC2 instances to increase metric resolution (from 5-minute to 1-minute intervals), improving the responsiveness of alarms.

Define custom CloudWatch metrics for application-level indicators such as request latency, error rate, queue depth, or throughput. These metrics can be published from the application or sidecar agents.

Create CloudWatch alarms on both infrastructure (CPU, network, disk) and custom application metrics with thresholds that reflect performance SLOs. Alarms can notify teams via SNS or incident management tools.

Use CloudWatch Logs Insights to analyze logs for recurring error patterns, slow requests, or exceptions when alarms fire.

Option B focuses on tracing and frontend RUM; while useful, it is more complex and not necessary just to get quick alerts. Option C uses services (CloudTrail, GuardDuty, Trusted Advisor) that are not focused on real-time performance detection. Option D with VPC Flow Logs is network-level and would not detect general application performance issues.

Thus, Option A offers a direct, efficient way to detect and alert on performance degradations quickly.

Amazon CloudWatch metric streams are designed to deliver metrics in near real time to downstream services like Amazon Data Firehose with minimal configuration and management overhead. By configuring a metric stream to include all metrics, you ensure that any newly created performance or custom metrics are automatically included without needing to update filters or code when namespaces or metrics change.

Option B uses a CloudWatch metric stream → Firehose → Lambda → S3 pattern. Firehose natively supports invoking a Lambda function for in-flight transformation of the metric data before final delivery to S3. This satisfies the requirement to transform metrics before storing them and provides a fully managed, serverless pipeline with very little ongoing operational burden.

Option A mentions including metrics from “the application and the CloudWatch namespace,” which implies more manual selection and maintenance, potentially missing new metrics if not explicitly added. Options C and D work at the log level, not at the metric level, and would require building additional logic to derive metrics from logs. This is more complex and not aligned with “least operational overhead.”

Therefore, Option B is the most efficient and scalable solution.