AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Explanation:

The correct approach must adhere to the company's requirement that prohibits direct access to production systems and mandates all log analysis to be performed in a dedicated monitoring account. Option A suggests using VPC flow logs, which do not capture the actual packet data but rather metadata about the traffic, making it unsuitable for debugging the specific issue with the pricing service's responses. Option B proposes setting up traffic mirroring and packet inspection within the production environment, which violates the company's policy against direct access to production systems. Option D involves logging into the production EC2 instance to capture data, which also violates the company's policy. Option C is the correct choice as it configures traffic mirroring to capture the necessary UDP data and uses a packet inspection package on a new EC2 instance in the monitoring account, thus adhering to the company's requirements by not directly accessing production systems and performing log analysis in the dedicated monitoring account.

Explanation:

Comments (0)

No comments yet.

A financial trading company operates its trading platform on Amazon EC2 instances, which interact with a third-party pricing service over UDP on port 50000. Recently, the pricing service has been returning incorrectly formatted responses, causing processing failures. The third-party vendor needs to debug the issue by capturing request and response data but is restricted from directly accessing production systems. The company mandates that all log analysis must occur in a dedicated monitoring account. What steps should a network engineer follow to capture the necessary data while adhering to these requirements?

Exam-Like

Last updated: January 16, 2026 at 14:03

Configure VPC flow logs to capture the data that flows in the VPC. 2. Send the data to an Amazon S3 bucket. 3. In the monitoring account, extract the data that flows to the EC2 instance's IP address and filter the traffic for the UDP data. 4. Provide the data to the third-party vendor.

Configure a traffic mirror filter to capture the UDP data. 2. Configure Traffic Mirroring to capture the traffic for the EC2 instance's elastic network interface. 3. Configure a packet inspection package on a new EC2 instance in the production environment. Use the elastic network interface of the new EC2 instance as the target for the traffic mirror. 4. Extract the data by using the packet inspection package. 5. Provide the data to the third-party vendor.

Configure a traffic mirror filter to capture the UDP data. 2. Configure Traffic Mirroring to capture the traffic for the EC2 instance's elastic network interface. 3. Configure a packet inspection package on a new EC2 instance in the monitoring account. Use the elastic network interface of the new EC2 instance as the target for the traffic mirror. 4. Extract the data by using the packet inspection package. 5. Provide the data to the third-party vendor.

Create a new Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to the EC2 instance. 2. Log in to the EC2 instance in the production environment. Run the tcpdump command to capture the UDP data on the EBS volume. 3. Export the data from the EBS volume to Amazon S3. 4. Provide the data to the third-party vendor.