Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Professional
  5. SAP-C02 Discussions
  6. SAP-C02 Exam Topic 16 Question 154 Discussion

Amazon Web Services AWS Certified Solutions Architect - Professional SAP-C02 Question # 154 Topic 16 Discussion

 Amazon Web Services Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Amazon Web Services AWS Certified Solutions Architect - Professional SAP-C02 Question # 154 Topic 16 Discussion

SAP-C02 Exam Topic 16 Question 154 Discussion:
Question #: 154
Topic #: 16

A company has VPC flow logs enabled for its NAT gateway. The company is seeing Action = ACCEPT for inbound traffic that comes from public IP address

198.51.100.2 destined for a private Amazon EC2 instance.

A solutions architect must determine whether the traffic represents unsolicited inbound connections from the internet. The first two octets of the VPC CIDR block are 203.0.

Which set of steps should the solutions architect take to meet these requirements?
A.

Open the AWS CloudTrail console. Select the log group that contains the NAT gateway ' s elastic network interface and the private instance ' s elastic network interface. Run a query to filter with the destination address set as " like 203.0 " and the source address set as " like 198.51.100.2 " . Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

B.

Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway ' s elastic network interface and the private instance ' s elastic network interface. Run a query to filter with the destination address set as " like 203.0 " and the source address set as " like 198.51.100.2 " . Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

C.

Open the AWS CloudTrail console. Select the log group that contains the NAT gateway ' s elastic network interface and the private instance ' s elastic network interface. Run a query to filter with the destination address set as " like 198.51.100.2 " and the source address set as " like 203.0 " . Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

D.

Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway ' s elastic network interface and the private instance ' s elastic network interface. Run a query to filter with the destination address set as " like 198.51.100.2 " and the source address set as " like 203.0 " . Run the stats command to filter the sum of bytes transferred by the source address and the destination address.

Get Premium SAP-C02 Questions
Actual exam question for Amazon Web Services SAP-C02 exam by Cyra3068 at May 31, 2026, 11:10:57 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next