You have just recently set up a web and database tier in a VPC and hosted the application. When testing the application, you are not able to reach the home page of the app. You have verified the security groups. What can help you diagnose the issue?

Answer options:

A.Use the AWS Trusted Advisor to see what can be done.
B.Use VPC Flow logs to diagnose the traffic.
C.Use AWS WAF to analyze the traffic.
D.Use AWS Guard Duty to analyze the traffic.

Answer – B
The AWS Documentation mentions the following.
VPC Flow Logs capture network flow information for a VPC, subnet, or network interface and store it in Amazon CloudWatch Logs. Flow log data can help customers troubleshoot network issues; for example, to diagnose why specific traffic is not reaching an instance, which might result from overly restrictive security group rules. Customers can also use flow logs as a security tool to monitor the traffic that reaches their instances, profile network traffic, and look for abnormal traffic behaviors.
Option A is invalid because this can be used to check for security issues in your account, but not verify why you cannot reach the home page for your application.
Option C is invalid because this is used to protect your app against application layer attacks, but not verify why you cannot reach the home page for your application.
Option D is invalid because this is used to protect your instance against attacks, but not verify why you cannot reach the home page for your application.
For more information on VPC Security, please visit the following URL:
https://aws.amazon.com/answers/networking/vpc-security-capabilities/