ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 244 discussion

Exam question from Amazon's ANS-C00
Question #: 244
Topic #: 1
[All ANS-C00 Questions]

You need to create a baseline of normal traffic flow in order to implement some security changes to your organization.
What two items would be best to use? (Choose two.)

  • A. Wireshark
  • B. CloudTrail
  • C. An IDS
  • D. CloudWatch
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by Kentik at Nov. 26, 2020, 1:57 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kentik
Highly Voted 3 years, 10 months ago
i would say C and D are better options then A and D, If you want to see a baseline of normal traffic wireshark is only going to help you per instance, if you have 100 EC2 then you need to deploy this 100 times, instead a IDS will capture all the traffic and report on all of it
upvoted 6 times
Paagee
3 years, 10 months ago
not sure how cloudwatch can help with traffic pattern without VPC flow log.. I thought it should be IDS or Wireshare (not scalable solution but doable)
upvoted 1 times
KMak
3 years, 10 months ago
CloudWatch would be leveraged for monitoring and alarming once the baseline has been captured. I also agree with @kentik in that Wireshark is instance specific, therefore if you want to capture the baseline for all traffic within your VPC, then an IDS would be the proper method.
upvoted 2 times
...
...
...
FireTv
Highly Voted 3 years, 5 months ago
Selected Answer: CD
Baseline traffic + security = looks like C(IDS) & D (CloudWatch) should be more accurate.
upvoted 5 times
...
arhelp
Most Recent 1 year, 7 months ago
If I'm trying to setup a baseline of normal traffic, I'm not using wireshark. lol. Wireshark is for troubleshooting/analyzing packets on a deeper level. I don't know anyone that uses Wireshark for setting up a baseline of network traffic. I've been doing this for 27 years. C/D for me.
upvoted 1 times
arhelp
1 year, 7 months ago
I stand corrected. This URLs explains how to use Wireshark for establishing a network baseline. https://wiki.wireshark.org/uploads/__moin_import__/attachments/KnownBugs/OutOfMemory/Using-Wireshark-to-Create-Network-Usage-Baselines.pdf
upvoted 1 times
...
...
Hermin
3 years, 7 months ago
Based on https://marbot.io/blog/monitoring-ec2-network-utilization.html, the cloudwatch should be correct. answer A & D
upvoted 2 times
...
jyrajan69
3 years, 7 months ago
IDS - Intrusion Detection, not designed to setup a Network Traffic Flow baseline. Definitely not Cloud Trail, so based on elimination, has to be WireShark and Cloudwatch (Logs can capture from VPC Flow Logs and you can set baseline on metric captured)
upvoted 2 times
...
ceros399
3 years, 8 months ago
Selected Answer: AC
A and B for me are more accurate, as only those options are able to inspect the traffic in order to setup the baseline.
upvoted 3 times
...
ChauPhan
3 years, 9 months ago
C. An IDS D. CloudWatch
upvoted 4 times
...
student2020
3 years, 10 months ago
I would also say C and D are better option. Set up an IDS and send all VPC traffic through the IDS ENI. The IDS will se all traffic into and out of the VPC enabling you to create a baseline. CW keeps historical metrics which can be used for baselining as well.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel