VPC Flow Logs

Question 1

Where can Flow Logs be stored

Answer 1

Cloudwatch or S3

Question 2

What levels are monitored on a flow log

Answer 2

VPC, Network, Subnet

Question 3

Approx Capture window

Answer 3

10min

Question 4

ARP

Answer 4

address resolution protocol

the software address (IP address) of the host or computer connected to the network needs to be translated to a hardware address (MAC address). Without ARP, a host would not be able to figure out the hardware address of another host.

Question 5

Traffic Mirroring

Answer 5

Mirroring gives you direct access to the network packets flowing through your VPC to help analyze network traffic and compare it to VPC Flow Log

Question 6

Traffic Mirroring Source

Answer 6

Network interface of an Amazon EC2 instance where AWS copies the network traffic from. VPC Traffic Mirroring supports the use of Elastic Network Interfaces (ENIs) as mirror sources.

Question 7

Traffic Mirroring Target

Answer 7

A network interface or a network load balancer.

network interface of another EC2 instance

Question 8

Traffic Mirror Filter

Answer 8

set of rules that defines the traffic that is copied in a traffic mirror session.

Question 9

Wireshark

Answer 9

detecting and decrypting network traffic

Question 10

What traffic can you filter in a VPC flow log?

Answer 10

Accepted and Rejected