Q19 — AWS ANS-C01 Ch.1

Question 19 of 100 | ← Chapter 1

A financial trading company is using Amazon EC2 instances to run its trading platform. Part of the company's trading platform includes a thirdparty pricing service that the EC2 instances communicate with over UDP on port 50000. Recently, the company has had problems with the pricing service. Some of the responses from the pricing service appear to be incorrectly Formatted and are not being processed successfully. The third-party vendor requests access to the data that the pricing service is returning. The Third-party vendor wants to capture request and response data for debugging by logging in to an EC2 instance that accesses the pricing service. The company prohibits direct access to production systems and requires all log analysis to be performed in a dedicated monitoring account. Which set of steps should a network engineer take to capture the data and meet these requirements?

Correct Answer: C. 1Configure a traffic mirror filter to capture the UDP data. 2Configure Traffic Mirroring to capture the traffic for the EC2 instance's elastic network interface. 3Configure a packet inspection package on a new EC2 instance in the monitoring account. Use the elastic network interface of the new EC2 Instance as the target for the traffic mirror. 4Extract the data by using the packet inspection package. 5Provide the data to the third-party vendor.

Explanation

该题目涉及AWS网络流量捕获与跨账户日志管理的实现方式。AWS文档指出,VPC流量镜像(Traffic Mirroring)可将指定ENI的流量复制到目标实例,适用于需要捕获实际数据包内容的场景。选项C的关键在于将镜像流量发送至监控账户的实例,符合不允许直接访问生产系统且日志分析在独立账户进行的要求。选项A的VPC流日志仅记录元数据,无法获取具体数据包内容;选项B的目标实例位于生产环境,违反监控账户策略;选项D通过登录生产实例操作,直接违反安全规定。正确答案C通过配置流量镜像过滤器、跨账户目标镜像及数据提取流程,满足所有条件。