🔥 3-day streak
AWS Certified Security - Specialty174 / 184
Question 174 of 184
A security engineer configured VPC Flow Logs to publish to a CloudWatch Logs log group so the SOC can trace which security group and network interface allowed a suspicious connection. When analyzing the log entries, the team can see source/destination IPs, ports, and the accept/reject action, but they cannot determine the AWS account of the traffic, the VPC ID, the subnet ID, or whether traffic was permitted by a security group versus a network ACL. The flow logs were created using the default format. What should the engineer do to capture this additional context?
Reviewed for accuracy · Report an issueNext question