AWS Certified Solutions Architect – Professional — Question 339

A company stores sales transaction data in Amazon DynamoDB tables. To detect anomalous behaviors and respond quickly, all changes to the items stored in the DynamoDB tables must be logged within 30 minutes.
Which solution meets the requirements?

Answer options

• A. Copy the DynamoDB tables into Apache Hive tables on Amazon EMR every hour and analyze them for anomalous behaviors. Send Amazon SNS notifications when anomalous behaviors are detected.
• B. Use AWS CloudTrail to capture all the APIs that change the DynamoDB tables. Send SNS notifications when anomalous behaviors are detected using CloudTrail event filtering.
• C. Use Amazon DynamoDB Streams to capture and send updates to AWS Lambda. Create a Lambda function to output records to Amazon Kinesis Data Streams. Analyze any anomalies with Amazon Kinesis Data Analytics. Send SNS notifications when anomalous behaviors are detected.
• D. Use event patterns in Amazon CloudWatch Events to capture DynamoDB API call events with an AWS Lambda function as a target to analyze behavior. Send SNS notifications when anomalous behaviors are detected.

Correct answer: C

Explanation

Amazon DynamoDB Streams captures item-level modifications in DynamoDB tables in near-real-time, which easily satisfies the 30-minute requirement. By streaming these changes to AWS Lambda, Amazon Kinesis Data Streams, and Amazon Kinesis Data Analytics, the system can perform real-time anomaly detection and trigger Amazon SNS notifications. Other methods, such as hourly EMR copy jobs, exceed the time limit, while CloudTrail and CloudWatch Events focus on control-plane API calls rather than item-level data modifications.