AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 235

A company needs to capture and log traffic for Nitro-based Amazon EC2 instances to comply with regulations. The company's network team has prepared a solution that enables VPC traffic mirroring and sends traffic to a second set of EC2 instances in an Auto Scaling group.

The network team has added a Network Load Balancer (NLB) in front of the EC2 instances the traffic will be sent to. However, the solution does not send any mirrored traffic to the EC2 instances that are behind the NLB.

How should the network team configure traffic mirroring to use the NLB endpoint?

Answer options

• A. Select the NLB as a source for traffic mirroring. Use a UDP listener.
• B. Select the NLB as a target for traffic mirroring. Use a TCP listener and a UDP listener.
• C. Select the NLB as a target for traffic mirroring. Use a TCP listener.
• D. Select the NLB as a target for traffic mirroring. Use a UDP listener.

Correct answer: D

Explanation

The correct answer is D because selecting the NLB as a target and using a UDP listener allows the mirrored traffic to be forwarded correctly to the EC2 instances behind the NLB. Options A and C are incorrect as they either misconfigure the traffic source or use the wrong protocol. Option B is also wrong since it suggests using both TCP and UDP listeners, which is unnecessary when only one is needed.