AWS Certified Developer – Associate (DVA-C02) — Question 117
A developer is leveraging a Border Gateway Protocol (BGP)-based AWS VPN connection to connect from on-premises to Amazon EC2 instances in the developer's account. The developer is able to access an EC2 instance in subnet A, but is unable to access an EC2 instance in subnet B in the same VPC.
Which logs can the developer use to verify whether the traffic is reaching subnet B?
Answer options
- A. VPN logs
- B. BGP logs
- C. VPC Flow Logs
- D. AWS CloudTrail logs
Correct answer: C
Explanation
The correct answer is C, VPC Flow Logs, as they provide detailed information about the traffic going to and from network interfaces in a VPC, which can help the developer determine if traffic is reaching subnet B. VPN logs and BGP logs are more focused on the status and performance of the VPN connection itself rather than the flow of traffic within the VPC. AWS CloudTrail logs track API calls made in the account but do not provide insights into network traffic.