350-701 Question #360: Real Exam Question with Answer & Explanation

Question

An organization has a requirement to collect full metadata information about the traffic going through their AWS cloud services. They want to use this information for behavior analytics and statistics. Which two actions must be taken to implement this requirement? (Choose two.)

Options

• AConfigure Cisco ACI to ingest AWS information.
• BConfigure Cisco Thousand Eyes to ingest AWS information.
• CSend syslog from AWS to Cisco Stealthwatch Cloud.
• DSend VPC Flow Logs to Cisco Stealthwatch Cloud.
• EConfigure Cisco Stealthwatch Cloud to ingest AWS information

Explanation

D and E are correct because AWS VPC Flow Logs capture full network metadata (IP addresses, ports, protocols, byte/packet counts) for traffic traversing your VPC, and Cisco Stealthwatch Cloud must be explicitly configured to ingest that AWS data - both steps are required together to enable the analytics pipeline.

Why the distractors are wrong:

• A (Cisco ACI): ACI is a data center SDN/policy fabric solution, not a cloud traffic analytics tool - it doesn't analyze AWS flow data.
• B (Cisco ThousandEyes): ThousandEyes is a network performance monitoring and path visibility tool focused on application experience, not metadata collection for behavior analytics.
• C (Syslog from AWS): Syslog carries event/log messages from systems and applications - it does not contain the network flow metadata (5-tuple traffic records) needed for behavior analytics. VPC Flow Logs are the correct AWS-native mechanism for network metadata.

Memory tip: Think of it as a two-sided handshake - AWS must send (VPC Flow Logs = D) and Stealthwatch Cloud must receive (configure ingestion = E). You need both sides of the pipe, and Stealthwatch Cloud is the correct Cisco tool for cloud traffic behavior analytics, not ACI or ThousandEyes.

No community discussion yet for this question.