AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company's application uses Network Load Balancers, Auto Scaling groups, Amazon EC2 instances, and databases that are deployed in an Amazon VPC. The company wants to capture information about traffic to and from the network interfaces in near real time in its Amazon VPC. The company wants to send the information to Amazon OpenSearch Service for analysis.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Streams to stream the logs from the log group to OpenSearch Service.

Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Firehose to stream the logs from the log group to OpenSearch Service.

Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Streams to stream the logs from the trail to OpenSearch Service.

Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Firehose to stream the logs from the trail to OpenSearch Service.

Explanation:

Explanation

Correct Answer: B

Why Option B is correct:

VPC Flow Logs to CloudWatch Logs: VPC Flow Logs can be configured to send log data directly to Amazon CloudWatch Logs, which is the appropriate destination for VPC traffic logs.
Kinesis Data Firehose for OpenSearch: Amazon Kinesis Data Firehose is specifically designed to deliver streaming data to destinations like Amazon OpenSearch Service (formerly Amazon Elasticsearch Service). It can directly read from CloudWatch Logs and deliver to OpenSearch Service with built-in transformation capabilities.
Near real-time requirement: Kinesis Data Firehose provides near real-time data delivery with configurable buffering intervals.

Why other options are incorrect:

Option A: Uses Kinesis Data Streams instead of Kinesis Data Firehose. While Data Streams can stream data, it requires additional processing to deliver to OpenSearch Service, whereas Data Firehose has native integration with OpenSearch Service.
Option C & D: Both incorrectly suggest sending VPC Flow Logs to AWS CloudTrail. VPC Flow Logs cannot be sent to CloudTrail - CloudTrail is for API activity logging, not network traffic logging. VPC Flow Logs can only be sent to CloudWatch Logs or Amazon S3.

Key AWS Services:

VPC Flow Logs: Captures information about IP traffic going to and from network interfaces in your VPC
CloudWatch Logs: Centralized logging service
Kinesis Data Firehose: Easiest way to reliably load streaming data into data stores and analytics tools
OpenSearch Service: Managed search and analytics service

This solution meets all requirements: capturing VPC traffic information in near real time and sending it to OpenSearch Service for analysis.

Powered ByGPT-5.2

Comments

Loading comments...