Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SOA-C02 Topic 7 Question 85 Discussion

Actual exam question for Amazon's SOA-C02 exam
Question #: 85
Topic #: 7
[All SOA-C02 Questions]

A company has created a NAT gateway in a public subnet in a VPC. The VPC also contains a private subnet that includes Amazon EC2 instances. The EC2 instances use the NAT gateway to access the internet to download patches and updates. The company has configured a VPC flow log for the elastic network interface of the NAT gateway. The company is publishing the output to Amazon CloudWatch Logs.

A SysOps administrator must identify the top five internet destinations that the EC2 instances in the private subnet communicate with for downloads.

What should the SysOps administrator do to meet this requirement in the MOST operationally efficient way?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Dion
7 months ago
I think using Amazon S3 with Athena would also be a good option to analyze the flow logs.
upvoted 0 times
...
Maryann
7 months ago
That makes sense, CloudWatch Logs Insights can give us a deeper look into the data.
upvoted 0 times
...
Venita
7 months ago
I see your point, Delfina, but CloudWatch Logs Insights can provide more detailed information.
upvoted 0 times
...
Delfina
7 months ago
But wouldn't using CloudTrail Insights events be better for this specific task?
upvoted 0 times
...
Maryann
7 months ago
I agree with Venita, it seems like the most efficient option.
upvoted 0 times
...
Venita
7 months ago
I think using CloudWatch Logs Insights is the way to go.
upvoted 0 times
...
Delfina
8 months ago
You guys are probably right. But I'm curious, why wouldn't we want to use AWS CloudTrail Insights events or Amazon CloudFront standard logs? Are those not as suitable for this use case?
upvoted 0 times
...
Bobbye
8 months ago
*laughs* Yeah, no kidding. Sometimes it feels like we're drowning in log data, doesn't it? But CloudWatch Logs Insights makes it a lot easier to find the needle in the haystack.
upvoted 0 times
Rasheeda
7 months ago
D) Querying log files in Amazon S3 with Amazon Athena sounds like a solid approach.
upvoted 0 times
...
Annabelle
7 months ago
C) Agreed, CloudWatch Logs Insights is a game-changer for managing log data.
upvoted 0 times
...
Louvenia
8 months ago
A) AWS CloudTrail Insights events might also offer some useful information.
upvoted 0 times
...
Tamar
8 months ago
B) Using Amazon CloudFront standard logs could also provide valuable insights.
upvoted 0 times
...
Wynell
8 months ago
C) Yes, CloudWatch Logs Insights will definitely help narrow down the top destinations.
upvoted 0 times
...
Cherry
8 months ago
D) Change the flow log to publish logs to Amazon S3. Use Amazon Athena to query the log files in Amazon S3.
upvoted 0 times
...
Mabelle
8 months ago
C) Use CloudWatch Logs Insights to identify the top five internet destinations.
upvoted 0 times
...
...
Diane
8 months ago
Exactly, Merilyn. CloudWatch Logs Insights is really the way to go here. It's designed for analyzing log data like the VPC flow logs, and it's super easy to use. *chuckles* Just don't forget to bring your magnifying glass - you might need it to read all those logs!
upvoted 0 times
...
Merilyn
8 months ago
Good question, Lina. CloudTrail is more focused on tracking API calls and user activity, so it might not be the best fit here. And CloudFront logs would only show traffic going through CloudFront, not directly to the internet.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77