A retail company is running its service on AWS. The company’s architecture includes Appli…

Question

A retail company is running its service on AWS. The company’s architecture includes Application Load Balancers (ALBs) in public subnets. The ALB target groups are configured to send traffic to backend Amazon EC2 instances in private subnets. These backend EC2 instances can call externally hosted services over the internet by using a NAT gateway.
The company has noticed in its billing that NAT gateway usage has increased significantly. A network engineer needs to find out the source of this increased usage.
Which options can the network engineer use to investigate the traffic through the NAT gateway? (Choose two.)

Accepted Answer

Correct answer: A, D. A. Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to a log group in Amazon CloudWatch Logs. Use CloudWatch Logs Insights to query and analyze the logs. — D. Enable VPC flow logs on the NAT gateway's elastic network interface. Publish the logs to an Amazon S3 bucket. Create a custom table for the S3 bucket in Amazon Athena to describe the log structure. Use Athena to query and analyze the logs. — Option A is correct as enabling VPC flow logs on the NAT gateway's elastic network interface allows for detailed traffic analysis through CloudWatch Logs Insights. Option D is also correct since it enables flow logs to be stored in an S3 bucket and analyzed using Athena. The other options either do not pertain to the NAT gateway specifically or do not provide the same level of traffic detail needed for investigation.

AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 7

Answer options

Correct answer: A, D

Explanation