ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 169 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 169
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company is developing a new application that is deployed in multiple VPCs across multiple AWS Regions. The VPCs are connected through AWS Transit Gateway. The VPCs contain private subnets and public subnets.

All outbound internet traffic in the private subnets must be audited and logged. The company's network engineer plans to use AWS Network Firewall and must ensure that all traffic through Network Firewall is completely logged for auditing and alerting.

How should the network engineer configure Network Firewall logging to meet these requirements?

  • A. Configure Network Firewall logging in Amazon CloudWatch to capture all alerts. Send the logs to a log group in Amazon CloudWatch Logs.
  • B. Configure Network Firewall logging in Network Firewall to capture all alerts and flow logs.
  • C. Configure Network Firewall logging by configuring VPC Flow Logs for the firewall endpoint. Send the logs to a log group in Amazon CloudWatch Logs.
  • D. Configure Network Firewall logging by configuring AWS CloudTrail to capture data events.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jinu at March 19, 2024, 1:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bluz
Highly Voted 1 year, 3 months ago
Selected Answer: B
"to capture all alerts and flow logs"
upvoted 6 times
...
jinu
Highly Voted 1 year, 3 months ago
A- https://docs.aws.amazon.com/network-firewall/latest/developerguide/logging-cw-logs.html
upvoted 5 times
secdaddy
4 months, 3 weeks ago
A actions alerts but does not meet the flow logs requirement. B does both.
upvoted 1 times
...
...
qomtodie
Most Recent 9 months, 4 weeks ago
Selected Answer: A Only 3 systems can have AWS Network Firewall Log. Amazon Simple Storage Service, Amazon CloudWatch Logs, Amazon Data Firehose.
upvoted 1 times
Spaurito
7 months, 1 week ago
Option A is saying configure in CloudWatch. You have to configure on the Network Firewall which would suggest Option B. If it said "Configure Network Firewall logging to Amazon CloudWatch..." it may be more accurate.
upvoted 1 times
...
...
kupo777
10 months, 2 weeks ago
Selected Answer: B A: Since only all alerts are captured, the requirement to capture all traffic logs cannot be met. B: The Network Firewall log settings are configured for logging from the Network Firewall's Firewall Details screen. When configuring the logging settings, select either the alert log or the traffic log, or both, and configure the output settings. C: The requirement is not met because alerts cannot be captured. D: Network Firewall alerts and traffic logs cannot be captured by CloudTrail.
upvoted 2 times
...
KobDragoon
1 year, 2 months ago
Selected Answer: B
B - is the only Answer that correctly mentions both alert logs and flowlogs which are 2 different log types the network firewall can be configured to log. A - seems like a good answer as it mentions sending the logs to a cloudwatch log group, but where the logs are sent is not part of the question and so as A only mentions alert logs, it's incorrect.
upvoted 1 times
...
JoellaLi
1 year, 2 months ago
Selected Answer: D
AWS Network Firewall is integrated with AWS CloudTrail, a service that provides a record of API calls to Network Firewall by a user, role, or an AWS service. CloudTrail captures all API calls for Network Firewall as events. The calls captured include calls from the Network Firewall console and code calls to the Network Firewall API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Network Firewall. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine information including the request that was made to Network Firewall, the IP address from which the request was made, who made the request, and when the request was made.
upvoted 1 times
Spaurito
7 months, 2 weeks ago
CloudTrail won't do this.
upvoted 1 times
...
...
daemon101
1 year, 2 months ago
Selected Answer: A
logging destinations are s3, cloudwatch, or data firehose https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-logging-destinations.html
upvoted 2 times
JoellaLi
1 year, 2 months ago
D is correct
upvoted 1 times
Spaurito
7 months, 2 weeks ago
CloudTrail won't do this.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel