Discover the ideal solution for analyzing TCP traffic from Amazon EC2 instances in your VPC. Uncover source/destination IP addresses, ports, and payload details efficiently.
Table of Contents
Question
A company wants to analyze TCP traffic to the internet. The traffic originates from Amazon EC2 instances in the company’s VPC. The EC2 instances initiate connections through a NAT gateway. The required information includes source and destination IP addresses, ports, and the first 8 bytes of payload of TCP segments. The company needs to collect, store, and analyze all the required data points.
Which solution will meet these requirements?
A. Set up the EC2 instances as VPC traffic mirror sources. Deploy software on the traffic mirror target to forward the data to Amazon CloudWatch Logs. Analyze the data by using CloudWatch Logs Insights.
B. Set up the NAT gateway as a VPC traffic mirror source. Deploy software on the traffic mirror target to forward the data to an Amazon OpenSearch Service cluster. Analyze the data by using OpenSearch Dashboards.
C. Turn on VPC Flow Logs on the EC2 instances. Specify the default format and a log destination of Amazon CloudWatch Logs. Analyze the flow log data by using CloudWatch Logs Insights.
D. Turn on VPC Flow Logs on the EC2 instances. Specify a custom format and a log destination of Amazon S3. Analyze the flow log data by using Amazon Athena.
Answer
D. Turn on VPC Flow Logs on the EC2 instances. Specify a custom format and a log destination of Amazon S3. Analyze the flow log data by using Amazon Athena.
Explanation
The solution that fulfills the specified requirements is Option D. Turning on VPC Flow Logs on the EC2 instances, specifying a custom format, setting the log destination as Amazon S3, and analyzing the flow log data using Amazon Athena is the suitable approach to capture, store, and analyze the requested data points.
This method allows the capturing of source and destination IP addresses, ports, and the first 8 bytes of payload of TCP segments. VPC Flow Logs provide detailed information about the traffic within the VPC, including the necessary data points specified. By specifying a custom format, it ensures the required information is included in the logs.
Routing the logs to Amazon S3 allows for scalable and durable storage, accommodating large volumes of data for analysis. Amazon Athena, an interactive query service, enables efficient querying of data stored in Amazon S3, facilitating analysis based on the specified criteria.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.