AWS Certified SysOps Administrator – Associate — Question 309

A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.

A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.

What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

Answer options

• A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
• B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
• C. Use CloudWatch Logs Insights to identify the top five internet destinations.
• D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.

Correct answer: C

Explanation

Since the VPC flow logs are already being published to Amazon CloudWatch Logs, using CloudWatch Logs Insights is the most operationally efficient solution because it allows the administrator to immediately query the existing log streams. Modifying the configuration to send logs to Amazon S3 and querying them with Amazon Athena introduces unnecessary operational overhead. AWS CloudTrail Insights and Amazon CloudFront logs do not capture the raw network-level traffic data needed to identify these outbound internet destinations.