A company has an application running in a VPC that relies on a NAT gateway for outbound internet traffic. A network engineer observes a significant amount of suspicious traffic originating from the VPC and being sent to IP addresses on a deny list over the internet. The engineer needs to identify the AWS resources responsible for this traffic while minimizing cost and administrative effort.

What solution will fulfill these requirements?

Exam-Like

Launch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT gateway as the source and the EC2 instance as the destination. Analyze the captured traffic by using open-source tools to identify the AWS resources that are generating the suspicious traffic.

0.0%

Use VPC flow logs. Launch a security information and event management (SIEM) solution in the VPC. Configure the SIEM solution to ingest the VPC flow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious traffic.

0.0%

Use VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the flow logs to identify the AWS resources that are generating the suspicious traffic.

100.0%

Configure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS resources that are generating the suspicious traffic.

0.0%

AWS Certified Advanced Networking - Specialty

Get started today

Comments