AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.

To identify AWS resources generating suspicious traffic with minimal cost and administrative overhead, the best approach is to use VPC flow logs and analyze them using Amazon CloudWatch Logs Insights. VPC flow logs capture information about the IP traffic going to and from network interfaces in your VPC. By publishing these logs to Amazon CloudWatch Logs, you can use CloudWatch Logs Insights to run queries and analyze the traffic patterns. This solution is cost-effective because it leverages existing AWS services without the need for additional infrastructure or complex configurations. Option C is the correct choice as it directly addresses the requirement to identify the source of suspicious traffic with minimal cost and administrative overhead. Option A involves additional infrastructure (EC2 instance) and complexity (Traffic Mirroring), which increases cost and administrative effort. Option B, while feasible, introduces a SIEM solution, which may not be necessary for this specific requirement and could increase costs. Option D involves a more complex setup with Kinesis and S3, which is not required for simply identifying the source of suspicious traffic and would likely incur higher costs.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company has an application running in a VPC that relies on a NAT gateway for outbound internet traffic. A network engineer observes a significant amount of suspicious traffic originating from the VPC and being sent to IP addresses on a deny list over the internet. The engineer needs to identify the AWS resources responsible for this traffic while minimizing cost and administrative effort.

What solution will fulfill these requirements?

Exam-Like

Launch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic.

0.0%

Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VPC. Configure the SIEM solution to ingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.

0.0%

Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.

100.0%

Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS resources that are generating the suspicious traffic.