Amazon SCS-C02 Exam - Topic 5 Question 55 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 55
Topic #: 5

A security engineer configures VPC Flow Logs and the associated IAM role to log all VPC traffic to a log group in Amazon CloudWatch Logs. After a wait of 10 minutes, no logs are appearing in the log group. The security engineer confirms that traffic is being sent to the VPC. After additional debugging, the security engineer isolates the problem to the role that is associated with the VPC flow logs.

What could be the reason that the logs are not appearing in CloudWatch Logs?

DThe role does not have permission to tag a CloudWatch Logs stream.

BThe security engineer does not have permission to assume the role.

AThe logs:GetLogEvents permission is not granted in the role.

CThe principal vpc-flow-logs.amazonaws.com does not have permission to assume the role.

Show Suggested Answer

Suggested Answer: C

by Maile at Jan 26, 2026, 12:44 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tijuana

5 days ago

I think there was a practice question about VPC Flow Logs where permissions were the issue too. Could it be that the role lacks the necessary policies?

upvoted 0 times

...

Rickie

10 days ago

I remember something about IAM roles needing the right permissions for logging. Maybe the role isn't set up correctly?

upvoted 0 times

...

Brandon

15 days ago

Ah, I see. The issue is likely with the IAM role. I'd check the role's permissions and make sure it has the necessary access to write logs to CloudWatch Logs.

upvoted 0 times

...

Norah

20 days ago

Hmm, I'm a bit stumped on this one. I'd probably start by reviewing the CloudWatch Logs configuration and making sure the log group is set up correctly to receive the VPC Flow Logs.

upvoted 0 times

...

Florinda

25 days ago

Okay, let's think this through. The traffic is being sent, so the VPC Flow Logs are being generated. Could the issue be with the log group itself? Maybe it needs to be configured properly.

upvoted 0 times

...

Oliva

1 month ago

Ugh, I hate when things like this happen. Maybe the role is missing the right CloudWatch Logs permissions? I'd look into that first.

upvoted 0 times

...

Nydia

1 month ago

Hmm, this seems like a tricky one. I'd start by double-checking the IAM role permissions to make sure it has the necessary access to write logs to CloudWatch.

upvoted 0 times

...