Exam DOP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 146

A company uses AWS and has a VPC that contains critical compute infrastructure with predictable traffic patterns. The company has configured VPC flow logs that are published to a log group in Amazon CloudWatch Logs.

The company's DevOps team needs to configure a monitoring solution for the VPC flow logs to identify anomalies in network traffic to the VPC over time. If the monitoring solution detects an anomaly, the company needs the ability to initiate a response to the anomaly.

How should the DevOps team configure the monitoring solution to meet these requirements?

    Correct Answer: B

    To configure a monitoring solution that identifies anomalies in network traffic to the VPC and can initiate a response, the DevOps team should use a combination of Amazon Kinesis Data Firehose, Amazon S3, and Amazon Lookout for Metrics. Amazon Lookout for Metrics is specifically designed for detecting anomalies within metrics and can monitor the data stored in the S3 bucket for any irregularities. Additionally, configuring an AWS Lambda function to respond to detected anomalies by publishing to the default Amazon EventBridge event bus aligns with the requirement to initiate a response. This solution is efficient and leverages managed services to minimize the complexity of setting up and maintaining custom anomaly detection logic.

Discussion
Seoyong

Question keyword : - predictable traffic patterns - anomalies Thus, B.

dznOption: A

Kinesis Data Firehose determines how often to write to S3 by buffer settings, which is not realtime enough to handle VPC flow log, which can be fatal depending on the content of the `CRITICAL compute infrastructure`. Kinesis Data Analytics has machine learning solutions such as RANDOM_CUT_FOREST in addition to fixed detection by normal SQL.

thanhnv142Option: B

B is correct: <needs to configure a monitoring solution for the VPC flow logs to identify anomalies> means Amazon Lookout for Metrics. A, C and D dont mention Amazon Lookout for Metrics

c3518fcOption: B

Lookout for Metrics automatically detects and diagnoses anomalies (outliers from the norm) in business and operational data. It’s a fully managed ML service, which uses specialized ML models to detect anomalies based on the characteristics of your data. You don’t need ML experience to use Lookout for Metrics. Kinesis Data Analytics Studio provides an interactive notebook experience powered by Apache Zeppelin and Apache Flink to analyze streaming data. It also helps productionize your analytics application by building and deploying code as a Kinesis data analytics application straight from the notebook. https://aws.amazon.com/blogs/machine-learning/smart-city-traffic-anomaly-detection-using-amazon-lookout-for-metrics-and-amazon-kinesis-data-analytics-studio/

CloudHandsOnOption: A

I'll go with A. Mainly because Kinesis data analytics has anomoly detection using a random cut forest function: https://docs.aws.amazon.com/kinesisanalytics/latest/dev/app-anomaly-detection.html

DanShoneOption: B

B - Amazon Lookout for Metrics Automatically detect anomalies within metrics and identify their root causes. So would fit the requirements

cb6a796Option: B

B without a doubt

fdoxxx

Option B is the most suitable for the scenario. Kinesis Data Firehose: It allows the streaming of data to an S3 bucket, providing a durable storage solution. Lookout for Metrics: It is designed to detect anomalies in your data and can be configured to monitor the data stored in the S3 bucket for anomalies.

kyuhuckOption: A

b is not corret Option A is the most suitable approach to meet the requirements. It leverages Amazon Kinesis Data Stream for real-time data ingestion, Amazon Kinesis Data Analytics for efficient and scalable anomaly detection in real-time, and AWS Lambda to initiate a response when anomalies are detected. This setup provides a robust, scalable, and real-time monitoring solution for VPC flow logs, with the ability to initiate responses to anomalies through integration with Amazon EventBridge.

a54b16fOption: B

Both A (RCF) and B should detect anomalies. A didn't mention using RCF, also Kinesis data stream usually refers to real-time detection, while firehose is not about real-time. There is a keyword "overtime" in the description, so B.

trungtdOption: B

Although option A uses Kinesis Data Analytics for anomaly detection, setting up and maintaining custom analytics and anomaly detection logic is more complex and less efficient compared to using a managed service like Lookout for Metrics.

xdkonorek2Option: B

A is wrong because kinesis data analytics output must be either kinesis data stream or firehose, can't be lambda directly so there is a missing component

Gomer

I've reviewed most of the comments, and it seems like everyone is just repeating themselves. I've "googled" and looked at the references. I found examples of both kinesis data streams, kinesis data analytics and firehose. The one step in "A" I have a problem with is "Create an AWS Lambda function to use as the output of the data stream." How can Lambda be an output of a data stream "over time"? I don't think you can identify an anomaly "over time" unless you've got persistent storage for the data (which can be reparsed as necessary to compare past with present). I'm leaning towards "B" unless someone can convince me otherwise (and not by just repeating what others have already said).

tsangcklOption: A

Option B involves using Amazon Lookout for Metrics, which is not designed for real-time anomaly detection.

Gomer

I see the "over time" requirement as implying some ability to parse the past with the present in order for ML to assess an anomaly. I don't see the words "real time" in the requirements. The "over time" requirement is not specific enough, but until there are more specifics, it would be reasonable to presume it means your trying to discover current anomalies by comparing traffic from against days, weeks or months ago.

seetptOption: B

i think B

stoy123Option: A

A. If you google "detecting anomalies in vpc flow logs" every article suggests Kinesis Data Analytics

ogerberOption: A

Option A is preferable for scenarios requiring real-time processing and anomaly detection in streaming data, such as VPC flow logs, with the capability to quickly initiate responses to detected anomalies. It offers a more streamlined and immediate approach to monitoring and responding to network traffic anomalies, making it highly suitable for the company's needs regarding their critical compute infrastructure with predictable traffic patterns. Option B might still be considered if the company's workflow is more adapted to batch processing and the delays inherent in data delivery and processing are acceptable. However, for immediate anomaly detection and response, Option A stands out as the more appropriate solution.