Answer-first summary for fast verification
Answer: Create VPC flow logs in a custom format. Set the application subnets as resources. Include the pkt-srcaddr field and the pkt-dstaddr field in the flow logs.
To meet the requirements with the least operational overhead, the security team should focus on capturing flow logs that are directly related to the traffic of interest, which is the traffic from the two applications deployed across the two Amazon EKS clusters. Since the applications are deployed using the Amazon VPC CNI plugin, the POD IP addresses are directly routable within the VPC. Therefore, capturing flow logs at the subnet level where the EKS nodes reside would be more efficient than capturing all flow logs in the VPC. Option C suggests creating VPC flow logs in a custom format, setting the application subnets as resources, and including the pkt-srcaddr and pkt-dstaddr fields. This approach directly targets the traffic of interest by focusing on the subnets where the applications are deployed, thereby reducing the volume of flow logs generated and making it easier to analyze the traffic related to the two applications. This method provides a balance between capturing the necessary information and minimizing operational overhead by not capturing unnecessary flow logs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A security team is auditing a company's AWS deployment and is concerned that two applications might be accessing resources that should be restricted by network ACLs and security groups. These applications are deployed across two Amazon EKS clusters using the Amazon VPC CNI plugin, located in separate subnets within the same VPC, with Cluster Autoscaler enabled. The team needs to identify which POD IP addresses are communicating with which services across the VPC, while minimizing the number of flow logs and focusing only on the traffic from these two applications. What solution will meet these requirements with the least operational overhead?
A
Create VPC flow logs in the default format. Create a filter to gather flow logs only from the EKS nodes. Include the srcaddr field and the dstaddr field in the flow logs.
B
Create VPC flow logs in a custom format. Set the EKS nodes as the resource Include the pkt-srcaddr field and the pkt-dstaddr field in the flow logs.
C
Create VPC flow logs in a custom format. Set the application subnets as resources. Include the pkt-srcaddr field and the pkt-dstaddr field in the flow logs.
D
Create VPC flow logs in a custom format. Create a filter to gather flow logs only from the EKS nodes. Include the pkt-srcaddr field and the pkt-dstaddr field in the flow logs.