ANS-C01 · Question #38
ANS-C01 Question #38: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #38. The question stem and answer options stay visible for context.
Question
A security team is performing an audit of a company's AWS deployment. The security team is concerned that two applications might be accessing resources that should be blocked by network ACLs and security groups. The applications are deployed across two Amazon Elastic Kubernetes Service (Amazon EKS) clusters that use the Amazon VPC Container Network Interface (CNI) plugin for Kubernetes. The clusters are in separate subnets within the same VPC and have a Cluster Autoscaler configured. The security team needs to determine which POD IP addresses are communicating with which services throughout the VPC. The security team wants to limit the number of flow logs and wants to examine the traffic from only the two applications. Which solution will meet these requirements with the LEAST operational overhead?
Options
- ACreate VPC flow logs in the default format. Create a filter to gather flow logs only from the EKS
- BCreate VPC flow logs in a custom format. Set the EKS nodes as the resource Include the pkt-
- CCreate VPC flow logs in a custom format. Set the application subnets as resources. Include the
- DCreate VPC flow logs in a custom format. Create a filter to gather flow logs only from the EKS
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.