Skip to main content

AWS DVA-C02 Drill: Network Troubleshooting - Identifying Request Reachability with Logs

·758 words·4 mins·
Certification Drills AWS DVA-C02 Amazon Route 53 VPC Flow Logs Application Load Balancer
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

“Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.”

“For DVA-C02 candidates, the confusion often lies in where to look when a request fails network connectivity checks. In production, this is about knowing exactly which AWS logs confirm inbound request arrival vs. DNS resolution or instance-level issues. Let’s drill down.”

The Certification Drill (Simulated Question)
#

Scenario
#

CloudNova Solutions is developing a modern three-tier web application using an Application Load Balancer (ALB), several Amazon EC2 instances running the application code, and Amazon RDS as the backend database. DNS is configured using an Alias record in Amazon Route 53 pointing to the ALB.

A developer tries to access the application URL from a developer laptop but experiences a timeout error. To diagnose the problem, the developer wants to verify if the incoming request actually reaches the AWS network before the ALB. This will help isolate if the issue is DNS related, network based, or downstream.

The Requirement:
#

Which logs should the developer check to confirm that the request is reaching the AWS network level (before reaching the ALB)?

The Options
#

  • A) VPC Flow Logs
  • B) Amazon Route 53 query logs
  • C) AWS Systems Manager Agent logs on the instance
  • D) Amazon CloudWatch agent logs on the EC2 instances

Google adsense
#

leave a comment:

Correct Answer
#

A) VPC Flow Logs

Quick Insight: The Developer Imperative
#

  • VPC Flow Logs provide packet-level metadata about IP traffic going in and out of network interfaces, confirming network reachability.
  • This contrasts with Route 53 logs, which only capture DNS queries and do not confirm network delivery.
  • Systems Manager and CloudWatch agent logs capture instance-side metrics and logs, insufficient for network entry validation.

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option A: VPC Flow Logs

The Winning Logic
#

VPC Flow Logs capture metadata about ingress and egress IP traffic going through Elastic Network Interfaces (ENIs) in your VPC. When a client sends a request to the ALB DNS endpoint, the request traverses the VPC network interface attached to the ALB. VPC Flow Logs will record this request’s arrival—showing source/destination IP and port with accept/reject status. This confirms the request reached the AWS network boundary and rules out network ACL or security group blocking.

  • Why this works for Dev: You understand your client request’s network path and can exclude DNS or instance logging as the root cause.
  • API Context: VPC Flow Logs are enabled using the AWS CLI or Console on VPC subnets or ENIs, sending logs to CloudWatch Logs or S3 for analysis.

The Trap (Distractor Analysis):
#

  • Option B (Route 53 logs): Only log DNS queries and responses. Even if Route 53 resolved correctly, it does not confirm network connectivity or TCP reachability to ALB.
  • Option C (SSM Agent logs): These logs relate to Systems Manager Agent running on EC2 instances, unrelated to the incoming request reaching the ALB or network.
  • Option D (CloudWatch agent logs): Typically capture OS or application metrics inside the instance, not network traffic metadata needed to confirm request entry.

The Technical Blueprint
#

B) For Developer (CLI Snippet to enable VPC Flow Logs):

aws ec2 create-flow-logs \
  --resource-type VPC \
  --resource-ids vpc-0abcd1234efgh5678 \
  --traffic-type ALL \
  --log-group-name my-vpc-flow-logs \
  --deliver-logs-permission-arn arn:aws:iam::123456789012:role/FlowLogsRole

This command enables thorough capture of network traffic metadata for your VPC, ideal for troubleshooting inbound request issues.

The Comparative Analysis
#

Option API Complexity Diagnostic Value Use Case
A) VPC Flow Logs Medium High - Confirms network traffic arrival Network troubleshooting inbound/outbound request reachability
B) Route 53 logs Low Low - DNS Resolution only Debug DNS query issues but cannot confirm network reach
C) Systems Manager Agent logs Low Low - Instance management Useful for configuration and management, not request arrival
D) CloudWatch Agent logs Medium Low - OS/Application metrics Great for monitoring OS, not network-level reception

Real-World Application (Practitioner Insight)
#

Exam Rule
#

“For the exam, always pick VPC Flow Logs when you need to verify if network packets are entering or leaving your VPC.”

Real World
#

“In production, you might combine VPC Flow Logs with ALB Access Logs and CloudWatch Metrics to troubleshoot full request lifecycle issues from DNS to backend.”

(CTA) Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the AWS DVA-C02 exam.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.