Which of the following statements on VPC Flow Logs is incorrect?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - D.
The AWS documentation mentions the following on VPC Flow Logs.
A flow log record represents a network flow in your flow log.
Each record captures the network flow for a specific 5-tuple, for a specific capture window.
A 5-tuple is a set of 5 different values that specify the source, destination, and protocol for an Internet protocol (IP) flow.
The capture window is the duration of time during which the flow logs service aggregates data before publishing flow log records.
The capture window is approximately 10 minutes but can take up to 15 minutes.
For more information on VPC Flow Logs, please refer to the below URL:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/flow-logs.htmlVPC Flow Logs is a feature provided by Amazon Web Services (AWS) that captures information about the traffic going into and out of a VPC, subnet, or network interface. This information can be used for troubleshooting, monitoring, and security analysis purposes. The exam question asks to identify the incorrect statement among the following:
A. You cannot change the configuration of the flow logs once created. B. You can create a flow log for a VPC, a subnet, or a network interface. C. Flow log data is published to a log group in CloudWatch Log. D. The log data is captured in real-time.
The correct answer is A. You cannot change the configuration of the flow logs once created. This statement is incorrect because you can modify the configuration of a flow log after it is created. For example, you can change the destination of the log data, enable or disable logging for specific types of traffic, or update the IAM roles that have access to the logs.
The other statements are correct:
B. You can create a flow log for a VPC, a subnet, or a network interface. This statement is correct because you can create flow logs at different levels of granularity, depending on your monitoring needs. For example, you can create a flow log for a specific subnet to monitor the traffic going in and out of that subnet only.
C. Flow log data is published to a log group in CloudWatch Log. This statement is correct because AWS stores the flow log data in a log group in CloudWatch Logs. From there, you can access the logs, set up alarms, and analyze the data using CloudWatch Logs Insights.
D. The log data is captured in real-time. This statement is correct because flow logs capture the network traffic in real-time. The logs are generated and delivered to the log group in CloudWatch Logs almost immediately after the traffic occurs. However, there may be some delay in the delivery of logs, depending on the network traffic volume and other factors.
In summary, the incorrect statement on VPC Flow Logs is A. You can modify the configuration of flow logs after they are created.