Answer-first summary for fast verification
Answer: Configure Network Firewall logging in Network Firewall to capture all alerts and flow logs.
To meet the requirement of auditing and logging all outbound internet traffic in the private subnets using AWS Network Firewall, the network engineer should configure Network Firewall logging to capture all alerts and flow logs. This approach ensures comprehensive logging of both the traffic that triggers alerts and the general flow of traffic through the firewall. Option A only captures alerts, not the flow logs, which is insufficient for complete auditing. Option C suggests using VPC Flow Logs for the firewall endpoint, which does not specifically address the requirement for Network Firewall logging. Option D, configuring AWS CloudTrail to capture data events, is not relevant to Network Firewall logging. Therefore, the correct configuration is to configure Network Firewall logging in Network Firewall to capture all alerts and flow logs, as stated in option B.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should the network engineer configure AWS Network Firewall logging to ensure all outbound internet traffic from private subnets is fully logged for auditing and alerting, given that the application is deployed across multiple VPCs connected via AWS Transit Gateway and includes both private and public subnets?
A
Configure Network Firewall logging in Amazon CloudWatch to capture all alerts. Send the logs to a log group in Amazon CloudWatch Logs.
B
Configure Network Firewall logging in Network Firewall to capture all alerts and flow logs.
C
Configure Network Firewall logging by configuring VPC Flow Logs for the firewall endpoint. Send the logs to a log group in Amazon CloudWatch Logs.
D
Configure Network Firewall logging by configuring AWS CloudTrail to capture data events.
No comments yet.