ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 267 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 267
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company wants to analyze TCP internet traffic. The traffic originates from Amazon EC2 instances in the company’s VPC. The EC2 instances initiate connections through a NAT gateway.

The company wants to capture data about the traffic including source and destination IP addresses ports, and the first 8 bytes of the TCP segments of the traffic. The company needs to collect, store, and analyze all the required data points.

Which solution will meet these requirements?

  • A. Configure the EC2 instances to be VPC traffic mirror sources. Deploy software on the traffic mirror target to forward the data to Amazon CloudWatch Logs. Analyze the data by using CloudWatch Logs Insights
  • B. Configure the NAT gateway to be a VPC traffic mirror source. Deploy software on the traffic mirror target to forward the data to an Amazon S3 bucket. Analyze the data by using Amazon Athena.
  • C. Turn on VPC Flow Logs for the EC2 instances. Specify the default format and set Amazon CloudWatch Logs as the log destination. Analyze the flow log data by using CloudWatch Logs Insights.
  • D. Turn on VPC Flow Logs for the EC2 instances. Specify a custom format and set Amazon S3 as the log destination. Analyze the flow log data by using Amazon Athena.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ashk123456 at April 1, 2025, 10:08 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AWSLoverLoverLoverLoverLover
3 weeks, 1 day ago
Selected Answer: B
The correct answer is: B. Requirements: Analyze TCP internet traffic initiated by EC2 instances via a NAT gateway. Capture: Source and destination IP addresses Ports First 8 bytes of the TCP segments. Collect, store, and analyze the data. A. ❌ CloudWatch Logs isn't a suitable destination for raw packet data—it’s structured log storage. ❌ Not designed for analyzing binary packet data; difficult to analyze packet-level data in CloudWatch Logs Insights.
upvoted 1 times
...
ashk123456
1 month ago
Selected Answer: B
✅ Using the NAT gateway as a VPC traffic mirror source ensures all outbound traffic is captured. ✅ Forwarding traffic to S3 and analyzing it with Athena provides an efficient storage and analysis pipeline. A. Incorrect – This would capture traffic at the instance level, but it does not efficiently aggregate traffic from multiple instances.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago