Q30 — AWS ANS-C01 Ch.1
Question 30 of 100 | ← Chapter 1
A company has deployed an application in a VPC that uses a NAT gateway for outbound tra¨c to the internet. A network engineer notices a large Quantity of suspicious network tra¨c that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network Engineer must implement a solution to determine which AWS resources are generating the suspicious tra¨c. The solution must minimize cost and Administrative overhead. Which solution will meet these requirements?
- A. Launch an Amazon EC2 instance in the VPC. Use Tra¨c Mirroring by specifying the NAT gateway as the source and the EC2 instance as the Destination. Analyze the captured tra¨c by using open-source tools to identify the AWS resources that are generating the suspicious tra¨c.
- B. Use VPC §ow logs. Launch a security information and event management (SIEM) solution in the VPC. Con¦gure the SIEM solution to ingest The VPC §ow logs. Run queries on the SIEM solution to identify the AWS resources that are generating the suspicious tra¨c.
- C. Use VPC §ow logs. Publish the §ow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the §ow logs To identify the AWS resources that are generating the suspicious tra¨c. ✓
- D. Con¦gure the VPC to stream the network tra¨c directly to an Amazon Kinesis data stream. Send the data from the Kinesis data stream to An Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3. Use Amazon Athena to query the data to identify the AWS Resources that are generating the suspicious tra¨c.
Correct Answer: C. Use VPC §ow logs. Publish the §ow logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query the §ow logs To identify the AWS resources that are generating the suspicious tra¨c.
Explanation
在解决此问题时,目标是确定哪个AWS资源正在生成可疑流量,同时要求解决方案成本最低且管理开销最小。A选项通过EC2实例和流量镜像来捕获和分析流量,但这种方法增加了额外的EC2成本和管理复杂性。B选项使用VPC流日志和SIEM解决方案,虽然有效,但SIEM解决方案的部署和配置可能增加成本和复杂性。C选项使用VPC流日志并将其发布到CloudWatchLogs,然后使用CloudWatchLogsInsights进行查询。这种方法既经济又高效,因为CloudWatchLogsInsights提供了强大的查询能力来分析流量日志,且无需额外部署复杂的SIEM系统。D选项虽然使用了Kinesis和Athena等高级服务,但这种方法在成本和管理复杂性上可能更高,不适合最小化成本和开销的要求。因此,C选项是最佳选择。 查看全部