Question #891
Which AWS service enables the logging of IP traffic flows for network interfaces within an Amazon VPC to assist with troubleshooting connectivity issues and security analysis?
VPC Flow Logs
AWS CloudTrail
Amazon GuardDuty
VPC Peering
Explanation
The correct answer is A. VPC Flow Logs. VPC Flow Logs record metadata about IP traffic flowing through network interfaces in a VPC, including source/destination IPs, ports, protocols, and packet actions (ACCEPT/REJECT). This data is critical for diagnosing connectivity issues (e.g., misconfigured security groups or NACLs) and performing security audits.
Why other options are incorrect:
- B. AWS CloudTrail: Logs API calls and management events, not network traffic.
- C. Amazon GuardDuty: A threat detection service that analyzes logs (including VPC Flow Logs) but does not log traffic itself.
- D. VPC Peering: A networking feature for connecting VPCs, unrelated to logging.
Key Points:
- VPC Flow Logs are used for network monitoring and security analysis.
- Flow logs can be published to CloudWatch Logs or S3 for retention.
- Flow logs do not capture actual packet contents, only flow metadata.
Answer
The correct answer is: A