AWS Certified SysOps Administrator – Associate (legacy) — Question 529

Users are struggling to connect to a single public-facing development web server using its public IP address on a unique port number of 8181. The security group is correctly configured to allow access on that port, and the network ACLs are using the default configuration.
Which log type will confirm whether users are trying to connect to the correct port?

Answer options

• A. AWS CloudTrail logs
• B. Elastic Load Balancer access logs
• C. VPC Flow Logs
• D. Amazon S3 access logs

Correct answer: C

Explanation

VPC Flow Logs capture IP traffic information flowing to and from network interfaces in your VPC, including the destination port, allowing you to verify if traffic is indeed reaching the instance on port 8181. AWS CloudTrail tracks API calls rather than network packet flows, and Amazon S3 access logs only record requests to S3 buckets. Elastic Load Balancer access logs are not applicable here because the scenario describes users connecting directly to a single web server's public IP rather than through a load balancer.