ANS-C01 · Question #57
ANS-C01 Question #57: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #57. The question stem and answer options stay visible for context.
Question
A company has deployed an application in a VPC that uses a NAT gateway for outbound traffic to the internet. A network engineer notices a large quantity of suspicious network traffic that is traveling from the VPC over the internet to IP addresses that are included on a deny list. The network engineer must implement a solution to determine which AWS resources are generating the suspicious traffic. The solution must minimize cost and administrative overhead. Which solution will meet these requirements?
Options
- ALaunch an Amazon EC2 instance in the VPC. Use Traffic Mirroring by specifying the NAT
- BUse VPC flow logs. Launch a security information and event management (SIEM) solution in the
- CUse VPC flow logs. Publish the flow logs to a log group in Amazon CloudWatch Logs. Use
- DConfigure the VPC to stream the network traffic directly to an Amazon Kinesis data stream. Send
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.