Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 148 discussion

VPC Flow Logs capture metadata about the network traffic, such as source and destination IP addresses, source and destination ports, protocol, packet and byte counts, start and end times of the flow, and more. This information is useful for monitoring and troubleshooting network traffic patterns, but it does not include the payload content of TCP segments. If you need to capture and analyze the payload data of TCP segments, you would need to use other monitoring and logging solutions, such as tapping into the network traffic with tools like Traffic Mirroring or using other packet capture mechanisms. These solutions can capture the actual data content for analysis, but they might require more advanced setup and configuration compared to VPC Flow Logs

NAT Gateways cannot be configured as a traffic mirror source, so option B is not possible.

Even with a custom format, VPC Flow Logs capture only traffic metadata (e.g., IP addresses and ports) and not payloads. This does not meet the payload inspection requirement. https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-targets.html

D is correct

VPC Flow Logs includes information about allowed and denied traffic (based on security group and network ACL rules). It also includes source and destination IP addresses, ports, the IANA protocol number, packet and byte counts, a time interval during which the flow was observed, and an action (ACCEPT or REJECT). Reference link: https://aws.amazon.com/blogs/aws/vpc-flow-logs-log-and-view-network-traffic-flows/

I think that it's correct answer is D according to SPOTO products.

VPC flow logs do not capture the actual payload of your IP packets, rather they capture a lot of metadata such as source and destination ports, addresses, number of bytes transferred and very interestingly for us, an action