Exam ANS-C00 topic 1 question 25 discussion

A is correct

Correct Answer A

https://diegooo.com/wireshark-ec2-aws/

Only A. Wireshark can "performing deep packet inspection, looking for atypical patterns".

Wireshark from market place as Deep packet inspection is not natively available

Answer is A . DEEP PACKET INSPECTION on your EC2

A is CORRECT. What initially was confusing was "atypical patterns". BUT the main term is "DEEP PACKET INSPECTION". B, C, or D do not do this. The only tool in the line up that does that, even though with manual intervention is WIRESHARK.

agree A is the only packet inspection tool among the options

I think A is correct, the only option which can provide actual packet inspection

i think the ans COULD possibly be D. The question is about monitoring. Wireshark is protocol analyzer (you can Monitor), meaning you need a capture tool like tcpdump or setting instance ENI to promiscuous mode..) to actually capture/sniff the packet; this doesn't scale and the AWS hypervisor will not allow an instance , y to sniff another instance x's traffic. so A is out. B, vpc flow log is definitely a capture tool, infact the cleanest ,scalable way, if we are monitoring 100's of instances(flows at vpc,subnet and eni levels). But you still need to publish VPC flow logs to cloudwatch logs "TO LOOK" at the data. https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html. the ambiguity of these questions are ridiculous!!! Maybe am over thinking it ?.

A is the best answer, But this is a aws exam the no ask you any tools outside the scope of aws, for my in this exam the correct option is B

A is correct

It can't be B. VPC flow logs is not a deep packet inspection tool, it only capture metadata of data. A is correct.

Answer is B : VPC flow logs. https://aws.amazon.com/answers/networking/vpc-network-management-and-monitoring/ VPC Flow Logs capture network flow information for a VPC, subnet, or network interface in Amazon CloudWatch Logs. Flow logs can help you with a number of tasks, such as troubleshooting why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network traffic, and to look for abnormal traffic behaviors. A common use of VPC flow logs is to watch for abnormal and unexpected denied outbound connection requests, which could be an indication of a misconfigured or compromised EC2 instance. CloudWatch Alerts can provide rudimentary network alerting on VPC Flow Logs, however AWS APN members provide third-party log management systems that provide extensive reporting, visualization, and alerting capabilities based on VPC Flow Log data.