ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 10 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 10
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has deployed an AWS Network Firewall firewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall flow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time.
Which solution will meet these requirements?

  • A. Create an Amazon S3 bucket. Create an AWS Lambda function to load logs into the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster. Enable Amazon Simple Notification Service (Amazon SNS) notifications on the S3 bucket to invoke the Lambda function. Configure flow logs for the firewall. Set the S3 bucket as the destination.
  • B. Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall Set the Kinesis Data Firehose delivery stream as the destination for the Network Firewall flow logs.
  • C. Configure flow logs for the firewall. Set the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination for the Network Firewall flow logs.
  • D. Create an Amazon Kinesis data stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster as the destination. Configure flow logs for the firewall. Set the Kinesis data stream as the destination for the Network Firewall flow logs.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by zaazanuna at March 18, 2023, 6:13 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
flowers00
Highly Voted 1 year, 3 months ago
B - correct. https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-analyze-aws-network-firewall-logs-using-amazon-opensearch-service-part-1/
upvoted 9 times
...
Raphaello
Most Recent 3 months, 1 week ago
Selected Answer: B
B is the correct answer. Forward NF logs to KDF and from there to opensearch.
upvoted 1 times
...
Marfee400704
4 months, 4 weeks ago
I think that it's correct answer is B according to SPOTO products.
upvoted 2 times
...
MEDES
9 months, 3 weeks ago
B Because request is shortest possible time. Firehose is one of the shortest destination and has better integration with OpenSearch. The timing of Network Firewall log delivery varies by location type, averaging 3-6 minutes for Amazon CloudWatch Logs and Amazon Kinesis Data Firehose and 8-12 minutes for Amazon Simple Storage Service buckets. https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html
upvoted 1 times
...
DPDK
1 year ago
B Because request is shortest possible time. Firehose is one of the shortest destination and has better integration with OpenSearch. The timing of Network Firewall log delivery varies by location type, averaging 3-6 minutes for Amazon CloudWatch Logs and Amazon Kinesis Data Firehose and 8-12 minutes for Amazon Simple Storage Service buckets. https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html
upvoted 2 times
...
emmanuelodenyire
1 year, 2 months ago
Selected Answer: B
Option B is the correct answer. Explanation: The question asks for a solution to deliver Network Firewall flow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time. Option B suggests creating an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service cluster as the destination. This solution is the most efficient because Kinesis Data Firehose can stream data in near real-time to the Amazon OpenSearch Service cluster. This means that logs will be delivered to the Elasticsearch cluster in the shortest possible time.
upvoted 3 times
...
Untamables
1 year, 3 months ago
Selected Answer: B
B Network Firewall supports Amazon Kinesis Data Firehose as one of the logging destinations. The timing of Network Firewall log delivery varies by location type, averaging 3-6 minutes for Amazon CloudWatch Logs and Amazon Kinesis Data Firehose and 8-12 minutes for Amazon Simple Storage Service buckets. https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging.html
upvoted 3 times
...
Cappy46789
1 year, 3 months ago
B - Firehose
upvoted 2 times
...
zaazanuna
1 year, 3 months ago
B - correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago