Which set of steps should the solutions architect take to meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company has VPC flow logs enabled for Its NAT gateway.The company is seeing Action = ACCEPT for inbound traffic that comes from public IP address 198.51.100.2 destined for a private Amazon EC2 instance.A solutions architect must determine whether the traffic represents unsolicited inbound connections from the internet.The first two octets of the VPC CIDR block are 203.0.

Which set of steps should the solutions architect take to meet these requirements?

Open the AWS CloudTrail console. Select the log group that contains the NAT gateway’s elastic network interface and the private instance’s elastic network interlace. Run a query to filter with the destination address set as “like 203.0” and the source address set as “like 198.51.100.2”. Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway’s elastic network interface and the private instance’s elastic network interface. Run a query to filter with the destination address set as “like 203.0” and the source address set as “like 198.51.100.2”. Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

Open the AWS CloudTrail console. Select the log group that contains the NAT gateway’s elastic network interface and the private instance’s elastic network interface. Run a query to filter with the destination address set as “like 198.51.100.2” and the source address set as “like 203.0”. Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway’s elastic network interface and the private instance’s elastic network interface. Run a query to filter with the destination address set as “like 198.51.100.2” and the source address set as “like 203.0”. Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

Explanations:

AWS CloudTrail is used for API activity monitoring, not network traffic analysis. The correct tool to examine VPC flow logs is Amazon CloudWatch Logs, as VPC flow logs are stored in CloudWatch Logs.

Amazon CloudWatch Logs is the correct place to analyze VPC flow logs. Filtering on destination address “like 203.0” (the private IP range) and source address “like 198.51.100.2” will identify potential unsolicited connections.

AWS CloudTrail is not used to analyze VPC flow logs; it tracks API calls. Also, destination and source IPs are incorrectly swapped.

Although CloudWatch Logs is correct, filtering with destination as “198.51.100.2” and source as “203.0” reverses the direction, which does not meet the requirement to check unsolicited traffic from the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − 17 =