Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 53

An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?

Answer options

• A. sFlow
• B. NetFlow
• C. mirror port
• D. VPC flow logs

Correct answer: D

Explanation

The correct answer is D, VPC flow logs, as they are specifically designed to capture information about the IP traffic going to and from network interfaces in a VPC. Options A (sFlow) and B (NetFlow) are useful for traffic analysis but are not specifically tailored for cloud environments. Option C (mirror port) pertains to physical network switches and does not apply to cloud telemetry configurations.