Answer: Configure Network Firewall logging in Network Firewall to capture all alerts and flow logs.

To meet the requirements of auditing and logging all outbound internet traffic in the private subnets using AWS Network Firewall, the network engineer needs to ensure that all traffic through Network Firewall is logged. Option A suggests configuring Network Firewall logging in Amazon CloudWatch to capture all alerts, which is a good practice for monitoring and alerting but does not cover the requirement of logging all traffic. Option B suggests configuring Network Firewall logging in Network Firewall to capture all alerts and flow logs, which directly addresses the requirement by ensuring that both alerts and the actual traffic (flow logs) are logged. Option C suggests using VPC Flow Logs for the firewall endpoint, which is not directly related to Network Firewall logging and might not capture all the necessary details. Option D suggests using AWS CloudTrail to capture data events, which is more suited for auditing AWS API calls rather than network traffic. Therefore, the correct approach is to configure Network Firewall logging in Network Firewall to capture all alerts and flow logs, making option B the correct choice.

Author: LeetQuiz Editorial Team