VPC Flowlogs

Question 1

What are VPC Flow Logs?

Answer 1

A feature that captures information about the IP traffic going to and from network interfaces in your VPC.

Question 2

How are VPC Flow Logs stored?

Answer 2

Using Amazon CloudWatch Logs. After creating a flow log, you can view it in CloudWatch Logs

Question 3

Flow logs can be created at three levels in the VPC, what are they?

Answer 3

VPC Level - Tracks all traffic in the VPC
Subnet Level - Tracks all traffic in that subnet
Network Interface Level - Tracks all traffic to that interface

Question 4

True or False: You can enable Flow Logs against other AWS account VPCs that you are peered with?

Answer 4

False. You can only enable flow logs against peered VPCs in your own account.

Question 5

Can you tag flow logs?

Answer 5

No

Question 6

Can you change the configuration of a flow log after it has been created?

Answer 6

No. For example, you cannot change the associated IAM role.

Question 7

True or false: Traffic reaching out to AWS DNS servers are not logged?

Answer 7

True.

Question 8

True or False: Instances that reach out to a customer-managed DNS server are not logged?

Answer 8

False: All traffic to customer managed DNS servers are captured.

Question 9

You review flow logs to ensure AWS Windows activation requests are operating correctly but cannot locate them? Why might this be?

Answer 9

Traffic generated for Amazon Windows license activations are not logged by flow logs.

Question 10

You review flow logs to determine who is accessing instance metadata using 169.254.169.254 but cannot locate those logs. Why might this be?

Answer 10

Traffic generated by metadata queries is not logged by VPC flow logs.

Question 11

True or false: Traffic to AWS DHCP servers are logged?

Answer 11

False. Traffic to AWS DHCP servers are not logged.

Question 12

Is traffic to the default IP address for VPC routers logged?

Answer 12

No