Answer: Enable VPC Flow Logs on the production VPC network frontend and backend subnets only with a sample volume scale of 1.0.

The goal is to capture network traffic for analyzing a suspected malicious process in the production frontend servers. VPC Flow Logs are ideal for monitoring traffic. Key considerations: 1. **Targeted Scope**: The malicious activity is confined to the production environment. Enabling logs in the testing environment (options C and D) is unnecessary and adds cost/complexity without benefit. 2. **Sampling Rate**: Intermittent malicious traffic requires a high sampling rate to avoid missing data. A sample volume scale of 1.0 (100% sampling) in option B ensures all traffic is captured, unlike 0.5 (50% sampling) in options A and C, which risks missing intermittent communications. 3. **Urgency**: Testing changes in a non-production environment (options C and D) delays capturing the malicious traffic in production, which is critical for real-time analysis. VPC Flow Logs are non-disruptive, so applying directly to production is safe and efficient. 4. **Subnet Focus**: The logs should cover both frontend and backend subnets in production, as the malicious process might communicate across subnets. Options A and B correctly limit logs to production subnets. Thus, option B is optimal: enabling VPC Flow Logs only on the production VPC's frontend and backend subnets with 100% sampling ensures comprehensive, timely capture of traffic for analysis.

Author: LeetQuiz Editorial Team