Which of the following is a possible reason for the difference in traffic?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A SysOps administrator configures VPC flow logs to publish to Amazon CloudWatch Logs.The SysOps administrator reviews the logs in CloudWatch Logs and notices less traffic than expected.After the SysOps administrator compares the VPC flow logs to logs that were captured on premises, the SysOps administrator believes that the VPC flow logs are incomplete.

Which of the following is a possible reason for the difference in traffic?

CloudWatch Logs throttling has been applied.

The CloudWatch IAM role does not have a trust relationship with the VPC flow logs service.

The VPC flow log is still in the process of being created.

VPC flow logs cannot capture traffic from on-premises servers to a VPC.

Explanations:

CloudWatch Logs throttling would result in dropped log entries, but it typically does not result in a noticeable reduction in traffic unless log volume is extremely high.

A missing trust relationship between the IAM role and the VPC flow logs service would prevent logs from being published but wouldn’t affect the logs that were already published.

If the VPC flow log is still being created, it would not yet capture traffic. However, once created, it should capture all expected traffic, not just a subset.

VPC flow logs only capture traffic within the VPC and between VPC components. They do not capture traffic between on-premises servers and the VPC, which explains the gap.

Leave a Reply

Your email address will not be published. Required fields are marked *

two + 3 =