Q39 — AWS DVA-C02 Ch.3
Question 39 of 100 | ← Chapter 3
A developer is using a Border Gateway Protocol (BGP)-based AWS VPN connection to connect an on-premises network to Amazon EC2 instances in the developer’s AWS account. The developer can access EC2 instances in subnet A within the same VPC, but cannot access EC2 instances in subnet B. Which logs can the developer use to verify whether traffic reaches subnet B?
- A. VPN logs
- B. BGP logs
- C. VPC flow logs ✓
- D. AWS CloudTrail logs
Correct Answer: C. VPC flow logs
Explanation
VPC flow logs provide detailed information about network traffic, including source and destination, protocol, and port numbers. When a developer encounters inability to reach EC2 instances in subnet B, reviewing VPC flow logs clarifies whether traffic reaches subnet B and identifies potential issues. In contrast, VPN logs primarily record VPN connection details, BGP logs focus on BGP protocol operations, and AWS CloudTrail logs track API calls and management events. Thus, Option C is the correct answer.