AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use CloudWatch Logs Insights to query the logs.

VPC Flow Logs in CloudWatch Logs can be queried with Logs Insights using SQL-like queries to filter for NAT gateway traffic, group by destination IP or address, and get top 5. Most efficient without changing config. CloudTrail is for API, CloudFront for CDN, Athena requires S3 export.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Use CloudWatch Logs Insights to query the logs.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A SysOps administrator needs to identify the top 5 internet destinations accessed by private EC2 instances via a NAT gateway. VPC flow logs are published to CloudWatch Logs. What is the MOST operationally efficient approach?

Exam-Like

UAnonymous

Last updated: April 30, 2026 at 11:42

Use AWS CloudTrail Insights events.

Use Amazon CloudFront standard access logs.

Use CloudWatch Logs Insights to query the logs.

Change flow logs to publish to S3; use Amazon Athena to query.