ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 61 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 61
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices a large quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution must minimize cost and administrative overhead.
Which solution will meet these requirements?

  • A. Launch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic.
  • B. Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VPC. Configure the SIEM solution to ingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.
  • C. Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.
  • D. Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS resources that are generating the suspicious traffic.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zaazanuna at March 19, 2023, 5:07 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
study_aws1
Highly Voted 1 year, 7 months ago
C) ensures - The solution must minimize cost and administrative overhead
upvoted 8 times
...
vikasj1in
Highly Voted 8 months, 2 weeks ago
Selected Answer: C
VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC. They provide details such as source and destination IP addresses, ports, and protocols. Publishing the VPC flow logs to a log group in Amazon CloudWatch Logs (Option C) allows for centralized and easy access to the flow log data. CloudWatch Logs Insights can be used to query the flow logs efficiently and identify the AWS resources that are generating the suspicious traffic. This solution minimizes cost by leveraging existing AWS services (CloudWatch Logs) and has lower administrative overhead compared to setting up custom streaming solutions (such as Amazon Kinesis) or deploying additional instances (as in Option A). Options A, B, and D introduce additional complexity and may have higher associated costs or administrative overhead compared to using CloudWatch Logs Insights for analyzing VPC flow logs.
upvoted 7 times
...
Raphaello
Most Recent 6 months, 2 weeks ago
Selected Answer: C
C is the correct answer. VPC flow logs (with custom format to have "pkt-srcaddr" & "pkt-dstaddr" since it goes via NAT GW). Direct it to CloudWatch Logs, and use CW Logs Insights for querying and visualization.
upvoted 3 times
...
Arad
12 months ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
bcx
1 year, 3 months ago
Selected Answer: C
No doubt it is C, it is simple to implement (even temporarily) and is affordable.
upvoted 3 times
...
Wiss7
1 year, 3 months ago
Selected Answer: C
Lowest cost
upvoted 1 times
...
ITgeek
1 year, 6 months ago
Selected Answer: C
C is the simples
upvoted 2 times
...
ohcan
1 year, 6 months ago
Selected Answer: C
C. " The solution must minimize cost and administrative overhead."
upvoted 2 times
...
helloworldabc
1 year, 7 months ago
CCCCCCCCC
upvoted 2 times
...
zaazanuna
1 year, 7 months ago
C - correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago