Happy to Announce Our New Discussion Forum | Join Now

WhizQuiz Oct 16

A Company has a set of resources hosted in a VPC on the AWS Cloud. The IT Security Department has now mandated that all IP Traffic from all network interfaces in the VPC be monitored. Which of the following would help suffice this requirement?

  • A Trusted Advisor
  • VPC Flow Logs
  • Use CloudWatch Metrics
  • Use CloudTrail

0 voters

Correct Answer is B

The AWS Documentation mentions the following:

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

For more information on VPC Flow Logs, please visit the following URL:

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.html

So, The correct answer is: VPC Flow Logs

Here are my thoughts on this:

Cloud Trail:

Cloud Trial is used for the auditing purpose.

In AWS documentation, it’s clearly mentioned that"AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting."

So it’s mainly used to track changes to resources and recording the user activity on your AWS account. So, It’s not a valid option here.

CloudWatch Metrics:

There are no metrics available in CloudWatch to track IP add an EC2 instance. So, It’s not a valid option.
You can see all available metrics in AWS CloudWatch Here

Trust Advisor:

Trust Advisor works at AWS account level and it provides the best practices. So, this is not suitable here.

VPC FlowLogs:

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

AWS says that"Flow logs can help you with a number of tasks; for example, to troubleshoot why specific traffic is not reaching an instance, which in turn helps you diagnose overly restrictive security group rules.
You can also use flow logs as a security tool to monitor the traffic that is reaching your instance." So it’s a Correct and Valid Option based on the mentioned requirement.

Feedback is welcome:)

Cheers…!

3 Likes