Q80 — AWS DVA-C02 Ch.1

Question 80 of 100 | ← Chapter 1

A developer is using a Border Gateway Protocol (BGP)-based AWS VPN connection to connect on-premises networks to Amazon EC2 instances in their AWS account. The developer can access EC2 instances in subnet A but cannot access EC2 instances in subnet B within the same VPC. Which logs can the developer use to verify whether traffic reaches subnet B?

Correct Answer: C. VPC flow logs

Explanation

Option C is correct: VPC flow logs capture detailed information about IP traffic flowing in and out of network interfaces in a VPC—including source, destination, port, protocol, and acceptance/rejection status—making them ideal for verifying whether traffic reaches subnet B. VPN logs (A) provide connection health and tunnel status but lack granular per-subnet traffic visibility. BGP logs (B) relate to route advertisement and convergence, not packet delivery. CloudTrail logs (D) record API activity, not network packet flows.