SCS-C02 · Question #459
SCS-C02 Question #459: Real Exam Question with Answer & Explanation
The correct answer is C: Monitor VPC flow logs for traffic to non-standard time servers.. To identify EC2 instances attempting to use Network Time Protocol (NTP) servers on the internet instead of the Amazon Time Sync Service, monitoring VPC flow logs is appropriate. VPC flow logs capture details about traffic to and from EC2 instances, including any traffic directed
Question
A company's security policy requires all Amazon EC2 instances to use the Amazon Time Sync Service. AWS CloudTrail trails are enabled in all of the company's AWS accounts. VPC flow logs are enabled for all VPCs. A security engineer must identify any EC2 instances that attempt to use Network Time Protocol (NTP) servers on the internet. Which solution will meet these requirements?
Options
- AMonitor CloudTrail logs for API calls to non-standard time servers.
- BMonitor CloudTrail logs for API calls to the Amazon Time Sync Service.
- CMonitor VPC flow logs for traffic to non-standard time servers.
- DMonitor VPC flow logs for traffic to the Amazon Time Sync Service.
Explanation
To identify EC2 instances attempting to use Network Time Protocol (NTP) servers on the internet instead of the Amazon Time Sync Service, monitoring VPC flow logs is appropriate. VPC flow logs capture details about traffic to and from EC2 instances, including any traffic directed to external NTP servers. By analyzing these logs for traffic to non-standard time servers (IP addresses other than the Amazon Time Sync Service endpoint ), the security engineer can identify instances that are not complying with the company's policy.
Community Discussion
No community discussion yet for this question.