ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 228 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 228
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company hosts an application on Amazon EC2 that is subject to specific rules for regulatory compliance. One rule states that traffic to and from the workload must be inspected for network-level attacks. This involves inspecting the whole packet.
To comply with this regulatory rule, a security engineer must install intrusion detection software on a c5n.4xlarge EC2 instance. The engineer must then configure the software to monitor traffic to and from the application instances.
What should the security engineer do next?

  • A. Place the network interface in promiscuous mode to capture the traffic.
  • B. Configure VPC Flow Logs to send traffic to the monitoring EC2 instance using a Network Load Balancer.
  • C. Configure VPC traffic mirroring to send traffic to the monitoring EC2 instance using a Network Load Balancer.
  • D. Use Amazon Inspector to detect network-level attacks and trigger an AWS Lambda function to send the suspicious packets to the EC2 instance.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DayQuil at March 17, 2021, 11:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 3 years, 9 months ago
C: https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
upvoted 17 times
...
pal40sg
Most Recent 2 years, 1 month ago
Selected Answer: C
VPC traffic mirroring allows the security engineer to capture and inspect network traffic at the Elastic Network Interface (ENI) level. By configuring traffic mirroring, the engineer can select the desired ENIs associated with the application instances and mirror their traffic to the monitoring EC2 instance. This ensures that all inbound and outbound traffic to and from the application instances is sent to the intrusion detection software for analysis.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
VCP traffic mirroring is the most effective way to protect cloud workloads. Threat detection and continuous security monitoring in cloud environments have to integrate security monitoring of instances and images (system monitoring), just as they do on premises. However in the cloud we need to monitor the management plane and the data flowing inside and out of the virtual private network. Amazon VPC Traffic Mirroring addresses these challenges and enables customers to natively replicate their network traffic without having to install and run packet forwarding agents on Amazon EC2 instances. Amazon VPC Traffic Mirroring captures packets at the ENI level, which cannot be tampered with from the user space, thus offering better security. C
upvoted 1 times
...
Andyrajamma
2 years, 7 months ago
C is the answer
upvoted 1 times
...
sapien45
2 years, 12 months ago
Selected Answer: C
Promiscuous mode doesn't work in AWS. You can think of VPC Traffic Mirroring as a “virtual fiber tap” that gives you direct access to the network packets flowing through your VPC. As you will soon see, you can choose to capture all traffic or you can use filters to capture the packets that are of particular interest to you, with an option to limit the number of bytes captured per packet. You can use VPC Traffic Mirroring in a multi-account AWS environment, capturing traffic from VPCs spread across many AWS accounts and then routing it to a central VPC for inspection
upvoted 4 times
...
TigerInTheCloud
3 years, 3 months ago
Selected Answer: C
Only C makes sense. But why NLB in front of a single target?
upvoted 1 times
Jonfernz
3 years, 2 months ago
because an ALB cannot operate at Layer 4.
upvoted 2 times
...
...
Radhaghosh
3 years, 5 months ago
Answer C -->VPC Traffic Monitoring https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
upvoted 1 times
...
refuz
3 years, 8 months ago
C is the answer
upvoted 4 times
...
cldy
3 years, 8 months ago
C. Traffic mirroring to send network logs to IDS on the host.
upvoted 4 times
...
DayQuil
3 years, 9 months ago
C. Use VPC traffic mirroring to send network logs to the IDS.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel