View all questions & answers for the FCP - AWS Cloud Security 7.4 Administrator Actual Materials exam


Question 20 Discussion

Which three statements are correct about VPC flow logs? (Choose three answers)

  • A. Flow logs do not capture traffic to and from 169.254.169.254 for instance metadata.
  • B. Flow logs do not capture DHCP traffic.
  • C. Flow logs can capture traffic to the reserved IP address for the default VPC router.
  • D. Flow logs can be used as a security tool to monitor the traffic that is reaching the instance.
  • E. Flow logs can capture real-time log streams for the network interfaces.
Correct Answer: A,B,D

Brave-Dump Clients Votes

ABD 100%

Comments



ujwal keezhana 2025-04-12 17:55:51

Selected Answers: A, B, D


Study Guide 7.4 Page 70
VPC flow logs do not capture metadata traffic to the instance metadata IP address (169.254.169.254), which is used for instance metadata queries.

DHCP traffic is not captured by VPC flow logs, as they exclude certain types of traffic such as DHCP and traffic to the Amazon DNS server.

VPC flow logs are useful for security monitoring, allowing administrators to see accepted and rejected traffic at the instance level and diagnose potential security issues.