SAP-C02 第 90 题
题目
A company has VPC flow logs enabled for Its NAT gateway. The company is seeing Action = ACCEPT for inbound traffic that comes from public IP address 198.51.100.2 destined for a private Amazon EC2 instance. A solutions architect must determine whether the traffic represents unsolicited inbound connections from the internet. The first two octets of the VPC CIDR block are 203.0. Which set of steps should the solutions architect take to meet these requirements?
中文翻译:
某公司为其 NAT 网关启用了 VPC 流日志。该公司看到来自公有 IP 地址 198.51.100.2、发往私有 Amazon EC2 实例的入站流量的 Action = ACCEPT。解决方案架构师必须确定流量是否代表来自 Internet 的未经请求的入站连接。 VPC CIDR 块的前两个八位字节是 203.0.0。解决方案架构师应采取哪组步骤来满足这些要求?
选项
A. Open the AWS CloudTrail console. Select the log group that contains the NAT gateway's elastic network interface and the private instance's elastic network interlace. Run a query to filter with the destination address set as "like 203.0" and the source address set as "like 198.51.100.2". Run the stats command to filter the sum of bytes transferred by the source address and the destination address.
中文翻译:
打开 AWS CloudTrail 控制台。选择包含 NAT 网关的弹性网络接口和私有实例的弹性网络接口的日志组。运行查询进行过滤,目标地址设置为“like 203.0”,源地址设置为“like 198.51.100.2”。使用stats命令过滤源地址和目的地址传输的字节数之和。
B. Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway's elastic network interface and the private instance's elastic network interface. Run a query to filter with the destination address set as "like 203.0" and the source address set as "like 198.51.100.2". Run the stats command to filter the sum of bytes transferred by the source address and the destination address.
中文翻译:
打开 Amazon CloudWatch 控制台。选择包含NAT网关弹性网络接口和私有实例弹性网络接口的日志组。运行查询进行过滤,目标地址设置为“like 203.0”,源地址设置为“like 198.51.100.2”。使用stats命令过滤源地址和目的地址传输的字节数之和。
C. Open the AWS CloudTrail console. Select the log group that contains the NAT gateway's elastic network interface and the private instance’s elastic network interface. Run a query to filter with the destination address set as "like 198.51.100.2" and the source address set as "like 203.0". Run the stats command to filter the sum of bytes transferred by the source address and the destination address.
中文翻译:
打开 AWS CloudTrail 控制台。选择包含NAT网关的弹性网络接口和私有实例的弹性网络接口的日志组。运行查询进行过滤,目标地址设置为“like 198.51.100.2”,源地址设置为“like 203.0”。使用stats命令过滤源地址和目的地址传输的字节数之和。
D. Open the Amazon CloudWatch console. Select the log group that contains the NAT gateway's elastic network interface and the private instance's elastic network interface. Run a query to filter with the destination address set as "like 198.51.100.2" and the source address set as "like 203.0". Run the stats command to filter the sum of bytes transferred by the source address and the destination address.
中文翻译:
打开 Amazon CloudWatch 控制台。选择包含NAT网关弹性网络接口和私有实例弹性网络接口的日志组。运行查询进行过滤,目标地址设置为“like 198.51.100.2”,源地址设置为“like 203.0”。使用stats命令过滤源地址和目的地址传输的字节数之和。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 打开 Amazon CloudWatch 控制台。选择包含NAT网关弹性网络接口和私有实例弹性网络接口的日志组。运行查询进行过滤,目标地址设置为“like 203.0”,源地址设置为“like 198.51.100.2”。使用stats命令过滤源地址和目的地址传输的字节数之和。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词...