NSE7_CDS_AR-7.6 Exam Dumps : Fortinet NSE 7 - Public Cloud Security 7.6.4 Architect

Comprehensive and Detailed Explanation From FortiOS 7.6, FortiWeb 7.4 Exact Extract study guide:

According to the FortiOS 7.6 AWS Administration Guide and the Public Cloud Security documentation regarding AWS VPC Flow Logs, the level at which a flow log is created determines the scope of the data collected:

Flow Log Scope and Hierarchy (Option A): AWS VPC Flow Logs can be created at three different levels: VPC, Subnet, or Network Interface (ENI).

As seen in the exhibit (VPC flow log wizard), the flow log is being created for the resource vpc-09d6e4631cd49d2b3. When a flow log is created at the VPC level, it captures IP traffic for all network interfaces within that VPC.

To isolate traffic specifically for a single FortiGate EC2 instance and avoid seeing traffic from other instances in the same VPC or subnet, the administrator must create a flow log at the Network Interface level. This provides the most granular visibility and ensures the logs only contain traffic associated with the specific ENIs of that FortiGate instance.

Why other options are incorrect:

Option B: Changing the maximum aggregation interval from 10 minutes to 1 minute increases the frequency of log delivery and captures shorter-lived flows more accurately, but it does not change the scope of the resources being monitored.

Option C: This is a general troubleshooting statement and not a configuration action within the AWS Flow Log wizard that would filter the traffic by instance.

Option D: Changing the destination to Amazon Data Firehose changes how the logs are processed and delivered (e.g., for streaming to a SIEM), but the source data is still determined by the resource level selected (VPC vs. Interface).