Q15 — AWS SOA-C02 Ch.1
Question 15 of 100 | ← Chapter 1
A SysOps administrator configures VPC flow logs to publish to Amazon CloudWatch Logs. The SysOps administrator reviews the logs in CloudWatch Logs and notices less traffic than expected. After the SysOps administrator compares the VPC flow logs to logs that were captured on-premises, the SysOps administrator believes that the VPC flow logs are incomplete. Which of the following is a possible reason for the difference in traffic?
- A. CloudWatch Logs throttling has been applied.
- B. The CloudWatch IAM role does not have a trust relationship with the VPC flow logs service.
- C. The VPC flow log is still in the process of being created.
- D. VPC flow logs cannot capture traffic from on-premises servers to a VPC. ✓
Correct Answer: D. VPC flow logs cannot capture traffic from on-premises servers to a VPC.
Explanation
VPC流日志用于监控VPC内网络流量,但存在特定限制。AWS文档指出,VPC流日志无法记录某些流量类型,例如通过VPN或Direct Connect进入VPC的本地到VPC流量。本地服务器发往VPC的流量若使用此类连接方式,可能未被流日志捕获。选项A涉及CloudWatch限制,但通常导致延迟而非持续缺失;选项B的IAM权限问题会阻止日志传输而非部分缺失;选项C属于临时状态,与题目描述的持续现象不符。选项D对应文档中明确指出的流量类型限制,正确解释了流量差异。