The correct answer is B: Configure VPC Flow Logs in the service project VPC for Subnet-2.

Here's why:

VPC Flow Logs are a VPC-level setting: VPC Flow Logs are enabled and configured per VPC. In Shared VPC, each project (host and service) has its own VPC. Therefore, if you want logs for traffic within Subnet-2 of the service project VPC, you need to configure VPC Flow Logs within that specific VPC.

Let's break down why the other options are incorrect:

A: Configure a VPC Flow Logs filter for Subnet-2 in the host project VPC: VPC Flow Logs are configured for the whole subnet. You cannot filter VPC flow logs for a single subnet/vm within a single VPC Flow Logs configuration. Configuring a VPC Flow Logs in the host project VPC won't capture the traffic within the service project. It will only give you the traffic within host project.
C: Configure Packet Mirroring in both the host and service project VPCs: Packet Mirroring duplicates traffic for analysis, not directly create flow logs. While you could then analyze the mirrored traffic to derive similar information to flow logs, it's significantly more complex and resource-intensive than simply enabling VPC Flow Logs in the proper VPC. Also, this feature is not created specifically to use its logs.