A company wants to monitor all traffic passing through a network interface on its bastion host. They wish to be alerted if there are more than 10 attempts to connect to the host via SSH within a one-hour time interval. 
What solution can the company employ to meet this requirement?

Answer options:

A.Create a VPC flow log for the network interface. Create a Lambda function that queries the CloudTrail logs for SSH login attempts.Trigger the Lambda function every 5 minutes with a scheduled CloudWatch event.
B.Configure a VPC flow log with CloudWatch Logs as the destination.Create a CloudWatch metric filter for destination port 22. Create a CloudWatch Alarm trigger.
C.Install the Amazon Inspector agent on the bastion host. Configure CloudWatch alerts based on Amazon Inspector findings.
D.Create a Lambda function that mounts the bastion host EBS volume and sends logs to CloudWatch logs. Create a CloudWatch metric filter for destination port 22. Create a CloudWatch Alarm trigger.

Answer: B
Option A is incorrect because CloudTrail is not a supported destination for VPC flow logs.
Option B is CORRECT because VPC flow logs can be sent to CloudWatch Logs.A CloudWatch metric filter and alarm can be configured to send notifications when the specified criteria are satisfied.
Option C is incorrect because Amazon Inspector is used to perform vulnerabilities assessment and cannot be used to inspect network traffic using VPC flow logs.
Option D is incorrect because it is not suitable to use a Lambda function to mount EBS volumes. It does not help to check the network traffic.
Reference:
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-cwl.html#flow-logs-cwl-create-flow-log