AWS Certified Developer – Associate (DVA-C02) — Question 489

A developer is troubleshooting a three-tier application, which is deployed on Amazon EC2 instances. There is a connectivity problem between the application servers and the database servers.

Which AWS services or tools should be used to identity the faulty component? (Choose two.)

Answer options

• A. AWS CloudTrail
• B. AWS Trusted Advisor
• C. Amazon VPC Flow Logs
• D. Network access control lists
• E. AWS Config rules

Correct answer: C, D

Explanation

Amazon VPC Flow Logs enable you to capture and analyze IP traffic flowing to and from network interfaces in your VPC, which helps verify if connection attempts are being rejected. Network Access Control Lists (NACLs) act as a subnet-level firewall, and inspecting their inbound and outbound rules is essential to identify if they are blocking the traffic. Other services like AWS CloudTrail, AWS Trusted Advisor, and AWS Config do not monitor active network traffic flows or control packet-level access.