ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 420 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 420
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.

A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.

What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

  • A. Use AWS CloudTrail Insights events to identify the top five internet destinations.
  • B. Use Amazon CloudFront standard logs (access logs) to identify the top five internet destinations.
  • C. Use CloudWatch Logs Insights to identify the top five internet destinations.
  • D. Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by JIMBOB2 at Dec. 30, 2023, 3:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LemonGremlin
Highly Voted 10 months, 1 week ago
Selected Answer: C
Pretty sure this is C: To identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads using VPC flow logs, the most operationally efficient way would be: C. Use CloudWatch Logs Insights to identify the top five internet destinations. Explanation: VPC Flow Logs and CloudWatch Logs: VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC. The flow log data can be sent to CloudWatch Logs for analysis and monitoring. CloudWatch Logs Insights is a fully managed service that allows you to search, analyze, and visualize log data.
upvoted 6 times
...
Learning4life
Most Recent 9 months, 1 week ago
Selected Answer: C
"You can use CloudWatch Logs Insights to find the top contributors. For more information about the following query commands, see How can I find the top contributors to traffic through the NAT gateway in my VPC." https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-examples.html
upvoted 2 times
...
ogogundare
9 months, 4 weeks ago
The correct answer is C since it said it publishing the logs to cloudwatch logs https://repost.aws/knowledge-center/vpc-flow-logs-and-cloudwatch-logs-insights
upvoted 3 times
...
WinAndWin
10 months ago
Selected Answer: C
I think C.
upvoted 2 times
...
JIMBOB2
10 months, 1 week ago
i'd say C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago