AWS Certified SysOps Administrator – Associate — Question 299

A SysOps administrator configured VPC flow logs by using the default format. The SysOps administrator specified Amazon CloudWatch Logs as the destination. This solution has worked successfully for several months. However, because of additional troubleshooting requirements, the SysOps administrator needs to include the tcp-flags field on the flow logs.

What should the SysOps administrator do to meet this requirement?

Answer options

• A. Create a new flow log. Include the tcp-flags field in the custom log format. Delete the original flow log.
• B. In the CloudWatch Logs log group, modify the filter to include the tcp-flags field and the type field.
• C. In CloudWatch Metrics, modify the metric configuration to include the tcp-flags field.
• D. Modify the existing flow log. Include the tcp-flags field and the type field in the custom log format. Save the configuration.

Correct answer: A

Explanation

Once an AWS VPC flow log is created, its configuration and log format cannot be modified. Therefore, to change the format to include the tcp-flags field, the SysOps administrator must create a new flow log with the custom format and delete the original one. Modifying the existing flow log directly is not supported, and adjusting CloudWatch Log filters or metrics will not alter the fields captured from the VPC.