Explanation:
Amazon CloudWatch Logs has a quota on the PutLogEvents API. If the volume of VPC flow logs exceeds this quota, CloudWatch Logs throttles the requests and drops the log events, leading to incomplete logs. Option B is incorrect because a missing trust relationship would result in no logs at all. Option C is incorrect as the creation delay wouldn't manifest as ongoing partial logs. Option D is incorrect because VPC flow logs capture traffic at the ENI level regardless of origin (including on-premises via VPN or Direct Connect).
Ultimate access to all questions.
Question 36
A SysOps administrator configures VPC flow logs to publish to Amazon CloudWatch Logs. The SysOps administrator reviews the logs in CloudWatch Logs and notices less traffic than expected. After the SysOps administrator compares the VPC flow logs to logs that were captured on premises, the SysOps administrator believes that the VPC flow logs are incomplete. Which of the following is a possible reason for the difference in traffic?
A
CloudWatch Logs throttling has been applied.
B
The CloudWatch IAM role does not have a trust relationship with the VPC flow logs service.
C
The VPC flow log is still in the process of being created.
D
VPC flow logs cannot capture traffic from on-premises servers to a VPC.
No comments yet.