🔥 3-day streak
AWS Certified Security - Specialty9 / 157
Question 9 of 157

A financial services company runs a critical application on EC2 that writes structured application logs to Amazon CloudWatch Logs. The incident response team wants near-real-time detection: whenever a log entry contains the string "AuthorizationFailure" more than a threshold number of times within a short window, an automated containment workflow must be triggered within seconds. The solution must not rely on polling and must scale to high log volume without dropping events. Which approach best meets these requirements?

Reviewed for accuracy · Report an issueNext question