Amazon Exam SCS-C01 Topic 3 Question 11 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 11
Topic #: 3

A company hosts an application on Amazon EC2 that is subject to specific rules for regulatory compliance. One rule states that traffic to and from the workload must be inspected for network-level attacks. This involves inspecting the whole packet.

To comply with this regulatory rule, a security engineer must install intrusion detection software on a c5n.4xlarge EC2 instance. The engineer must then configure the software to monitor traffic to and from the application instances.

What should the security engineer do next?

APlace the network interface in promiscuous mode to capture the traffic.

BConfigure VPC Flow Logs to send traffic to the monitoring EC2 instance using a Network Load Balancer.

CConfigure VPC traffic mirroring to send traffic to the monitoring EC2 instance using a Network Load Balancer.

DUse Amazon Inspector to detect network-level attacks and trigger an AWS Lambda function to send the suspicious packets to the EC2 instance.

Show Suggested Answer

Suggested Answer: D

by Katina at May 07, 2022, 09:39 PM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!