AWS Certified Security - Specialty (#1)

During a security event, it is discovered that some Amazon EC2 instances have not been sending Amazon CloudWatch logs. Which steps can the Security Engineer take to troubleshoot this issue? (Select two.)

Connect to the EC2 instances that are not sending the appropriate logs and verify that the CloudWatch Logs agent is running.
Log in to the AWS account and select CloudWatch Logs. Check for any monitored EC2 instances that are in the “Alerting” state and restart them using the EC2 console.
Verify that the EC2 instances have a route to the public AWS API endpoints.
Connect to the EC2 instances that are not sending logs. Use the command prompt to verify that the right permissions have been set for the Amazon SNS topic.
Verify that the network access control lists and security groups of the EC2 instances have the access to send logs over SNMP.