Configuring VPC Flow Logs for Security Compliance | AWS Certified DevOps Engineer - Professional Exam

Information Obtained from VPC Flow Logs

Prev Question Next Question

Question

To meet security compliance of the company, your manager asks you to configure VPC Flow Logs in all AWS accounts.

You create the flow logs in VPCs and use an S3 bucket to store the logs.

You also set up a Sumo Logic dashboard to help analyze the log data.

Which of the following information can you get from the VPC Flow Logs? (Select TWO.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer - B, E.

VPC Flow Logs capture information about the IP traffic going to and from network interfaces in the VPC.

About the available fields in the Flow Logs records, please check https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html.

Option A is incorrect: VPC Flow Logs can capture information such as source/destination IP addresses and ports.

The logs cannot capture the information of messages in an SQS queue.

Option B is CORRECT: Because by analyzing the IP traffic from the Flow Logs, users can get the load information and understand when an application has the most number of requests.

Option C is incorrect: VPC Flow Logs cannot reflect the time when CloudWatch customized alarms are raised in EC2 instances.

Option D is incorrect: VPC Flow Logs collect IP traffic in network interfaces of AWS services.

However the AWS S3 information is not collected by VPC Flow Logs.

Option E is CORRECT: Because VPC Flow Logs can collect the source addresses of incoming traffic.

Users can get the geographic information from the requests.

VPC Flow Logs provide detailed information about the network traffic flowing in and out of the network interfaces of a VPC, subnet, or network interface. The logs are stored in an S3 bucket and can be used for security analysis, network monitoring, troubleshooting, and compliance purposes. However, VPC Flow Logs do not provide information about all aspects of an AWS infrastructure.

From the options provided, the following two can be obtained from VPC Flow Logs:

B. The time of the day when your EC2 hosted web application experiences the heaviest load: VPC Flow Logs can provide information about the traffic that is flowing in and out of your EC2 instances. You can use this information to analyze the volume of traffic at different times of the day and identify periods of high or low activity. By correlating this data with other performance metrics of your application, such as CPU usage, memory usage, and disk I/O, you can gain insights into the performance characteristics of your application.

D. The number of objects that are written to S3 buckets owned by your AWS accounts: VPC Flow Logs can provide information about the traffic that is flowing to and from your S3 buckets. You can use this information to track the number of objects that are written to your S3 buckets, the size of the objects, and the frequency of writes. However, it is important to note that VPC Flow Logs do not provide information about the content of the objects or the identities of the users who are accessing them.

A, C, and E cannot be obtained from VPC Flow Logs:

A. The time when the messages in an SQS queue reach the limit: VPC Flow Logs do not provide information about the traffic flowing to and from SQS queues. You can use CloudWatch metrics and alarms to monitor the number of messages in a queue and trigger alerts when the limit is reached.

C. The time when EC2 instances raise customized CloudWatch alarms: VPC Flow Logs do not provide information about the CloudWatch alarms that are configured on your EC2 instances. You can use CloudWatch logs to capture the log output of your instances and analyze it for errors, warnings, or other events that might trigger an alarm.

E. The geographic region that has the most users for your application: VPC Flow Logs do not provide information about the geographic location of the users who are accessing your application. You can use CloudFront access logs, ELB access logs, or other web server logs to capture the IP addresses of the users and derive their geographic location.