ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 203 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 203
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has a VPC with several Amazon EC2 instances behind a NAT gateway. The company's security policy states that all network traffic must be logged and must include the original source and destination IP addresses. The existing VPC Flow Logs do not include this information. A security engineer needs to recommend a solution.
Which combination of steps should the security engineer recommend? (Choose two.)

  • A. Edit the existing VPC Flow Logs. Change the log format of the VPC Flow Logs from the Amazon default format to a custom format.
  • B. Delete and recreate the existing VPC Flow Logs. Change the log format of the VPC Flow Logs from the Amazon default format to a custom format.
  • C. Change the destination to Amazon CloudWatch Logs.
  • D. Include the pkt-srcaddr and pkt-dstaddr fields in the log format.
  • E. Include the subnet-id and instance-id fields in the log format.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by chronoler at March 15, 2021, 5:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cldy
Highly Voted 3 years, 6 months ago
B. D. New flow logs + custom attributes
upvoted 15 times
...
[Removed]
Highly Voted 3 years, 6 months ago
B and D ( pkt-srcaddr field displays the IP address of the host on the internet.)
upvoted 7 times
DahMac
3 years, 6 months ago
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html to see the fields available with custom flow logs.
upvoted 1 times
DahMac
3 years, 6 months ago
After you've created a flow log, you cannot change its configuration or the flow log record format. For example, you can't associate a different IAM role with the flow log, or add or remove fields in the flow log record. Instead, you can delete the flow log and create a new one with the required configuration.
upvoted 4 times
...
...
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: BD
Cannot change fields in an existing VPC Flow Log. WIll need create a new VPC Flow log with custom format/fields, that include pkt-srcaddr & pkt-dstaddr for this case.
upvoted 1 times
...
ITGURU51
2 years ago
We must create a new VPC flow log with the required fields. Source and destination addresses can be defined using pkt-srcaddr/pkt-dstaddr. BD
upvoted 1 times
...
TigerInTheCloud
3 years ago
Selected Answer: BD
B VPC flow log cannot be modified except the tags. package-level source/destination IP address field is needed to get distinguish the intermidiate layer, such as NAT gateway, IPs.
upvoted 2 times
sapien45
2 years, 9 months ago
thanks for the explanations
upvoted 2 times
...
...
Radhaghosh
3 years, 3 months ago
B & D (new flow log + Custom Attributes) You can't edit a VPC flow log.
upvoted 1 times
...
NivNZ
3 years, 5 months ago
B & D are correct. B - "After you create a flow log, you cannot change its configuration or the flow log record format. For example, you can't associate a different IAM role with the flow log, or add or remove fields in the flow log record. Instead, you can delete the flow log and create a new one with the required configuration." Reference: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-limitations D - https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-nat
upvoted 4 times
ggx
3 years, 3 months ago
This is very helpful. Thanks
upvoted 1 times
...
...
Hudda
3 years, 6 months ago
not sure about D. any other comments friends ?
upvoted 1 times
...
DayQuil
3 years, 6 months ago
B and D. Existing flow logs cannot have their configuration (flow log format) denied.
upvoted 4 times
...
chronoler
3 years, 7 months ago
B and D are ok. PD: You can't just go and edit an existing vpc flow log...
upvoted 4 times
viestner
3 years, 6 months ago
agree, after you've created a flow log, you cannot change its configuration or the flow log record format
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago