ANS-C01 Question #8: Real Exam Question with Answer & Explanation

Question

A retail company is running its service on AWS. The company's architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway. The company has noticed in its billing that NAT gateway usage has increased significantly. A network engineer needs to find out the source of this increased usage. Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)

Options

• AEnable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to a log
• BEnable NAT gateway access logs. Publish the logs to a log group in Amazon CloudWatch Logs.
• CConfigure Traffic Mirroring on the NAT gateway's elastic network interface. Send the traffic to an
• DEnable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to an
• EEnable NAT gateway access logs. Publish the logs to an Amazon S3 bucket. Create a custom

Explanation

To investigate the increased usage of a NAT gateway in a VPC architecture with ALBs and backend EC2 instances, a network engineer can use the following options: Enable VPC flow logs on the NAT gateway's elastic network interface and publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs. (Option A) Enable VPC flow logs on the NAT gateway's elastic network interface and publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure and use Athena to query and analyze the logs. (Option D) These options allow for detailed analysis of traffic through the NAT gateway to identify the source of increased usage.

No community discussion yet for this question.