SCS-C02 · Question #154
SCS-C02 Question #154: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #154. The question stem and answer options stay visible for context.
Question
A company hosts an application on Amazon EC2 that is subject to specific rules for regulatory compliance. One rule states that traffic to and from the workload must be inspected for network- level attacks. This involves inspecting the whole packet. To comply with this regulatory rule, a security engineer must install intrusion detection software on a c5n.4xlarge EC2 instance. The engineer must then configure the software to monitor traffic to and from the application instances. What should the security engineer do next?
Options
- APlace the network interface in promiscuous mode to capture the traffic
- BConfigure VPC Flow Logs to send traffic to the monitoring EC2 instance using a Network Load
- CConfigure VPC traffic mirroring to send traffic to the monitoring EC2 instance using a Network
- DUse Amazon Inspector to detect network-level attacks and trigger an AWS Lambda function to
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.