AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 281

A company runs a fleet of Amazon EC2 instances in a VPC. The company's employees remotely access the EC2 instances by using the Remote Desktop Protocol (RDP).

The company wants to collect metrics about how many RDP sessions the employees initiate every day.

Which combination of steps will meet this requirement? (Choose three.)

Answer options

• A. Create an Amazon EventBridge rule that reacts to EC2 Instance State-change Notification events.
• B. Create an Amazon CloudWatch Logs log group. Specify the log group as a target for the EventBridge rule.
• C. Create a flow log in VPC Flow Logs.
• D. Create an Amazon CloudWatch Logs log group. Specify the log group as a destination for the flow log.
• E. Create a log group metric filter.
• F. Create a log group subscription filter. Use EventBridge as the destination.

Correct answer: C, D, E

Explanation

To track RDP sessions, network traffic on port 3389 must be captured, which is achieved by enabling VPC Flow Logs. By sending these flow logs to an Amazon CloudWatch Logs log group, you can apply a metric filter to search for and count the specific RDP connection patterns. EventBridge rules for EC2 state changes are incorrect because they monitor instance power states rather than active network connections like RDP.