You have multiple Amazon Elastic Compute Cloud (EC2) instances running a web server in a VPC configured with security groups and NACL. You need to ensure layer 7 protocol level logging of all network traffic (ACCEPT/REJECT) on the instances. What should be enabled to complete this task?
A. CloudWatch Logs at the VPC level
B. Packet sniffing at the instance level
C. VPC flow logs at the subnet level
D. Packet sniffing at the VPC level
D could be correct, I feel like it’s an incomplete statement because yes you can achieve this by using a 3rd party firewall for example, that way all VPC ingress and Egress traffic goes through a firewall, then you can do DPI.
But because it’s just an empty statement, the only option that is correct is B.
B is Correct.
C