AWS Certified Security - Specialty (#110)

An organization has tens of applications deployed on thousands of Amazon EC2 instances. During testing, the Application team needs information to let them know whether the network access control lists (network ACLs) and security groups are working as expected. How can the Application team’s requirements be met?

Turn on VPC Flow Logs, send the logs to Amazon S3, and use Amazon Athena to query the logs.
Install an Amazon Inspector agent on each EC2 instance, send the logs to Amazon S3, and use Amazon EMR to query the logs.
Create an AWS Config rule for each network ACL and security group configuration, send the logs to Amazon S3, and use Amazon Athena to query the logs.
Turn on AWS CloudTrail, send the trails to Amazon S3, and use AWS Lambda to query the trails.