Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 5 Question 55 Discussion

A security engineer configures VPC Flow Logs and the associated IAM role to log all VPC traffic to a log group in Amazon CloudWatch Logs. After a wait of 10 minutes, no logs are appearing in the log group. The security engineer confirms that traffic is being sent to the VPC. After additional debugging, the security engineer isolates the problem to the role that is associated with the VPC flow logs.What could be the reason that the logs are not appearing in CloudWatch Logs?
C) The principal vpc-flow-logs.amazonaws.com does not have permission to assume the role.
D) The role does not have permission to tag a CloudWatch Logs stream.
B) The security engineer does not have permission to assume the role.
A) The logs:GetLogEvents permission is not granted in the role.

Amazon SCS-C02 Exam - Topic 5 Question 55 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 55
Topic #: 5
[All SCS-C02 Questions]

A security engineer configures VPC Flow Logs and the associated IAM role to log all VPC traffic to a log group in Amazon CloudWatch Logs. After a wait of 10 minutes, no logs are appearing in the log group. The security engineer confirms that traffic is being sent to the VPC. After additional debugging, the security engineer isolates the problem to the role that is associated with the VPC flow logs.

What could be the reason that the logs are not appearing in CloudWatch Logs?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Maile at Jan 26, 2026, 12:44 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Vincenza
1 month ago
Wait, can IAM roles really cause logs to disappear? That’s surprising!
upvoted 0 times
...
Gianna
1 month ago
Are you sure the role is properly attached to the flow logs?
upvoted 0 times
...
Destiny
1 month ago
I thought it could take longer than 10 minutes sometimes?
upvoted 0 times
...
Refugia
2 months ago
Definitely sounds like a permissions issue!
upvoted 0 times
...
Rolland
2 months ago
The IAM role might not have the correct permissions.
upvoted 0 times
...
Ettie
2 months ago
The logs are probably just shy and need a little encouragement to come out and play.
upvoted 0 times
...
Meaghan
2 months ago
I bet the security engineer is scratching their head, wondering if they forgot to pay the CloudWatch Logs subscription fee.
upvoted 0 times
...
Eden
2 months ago
Haha, the security engineer must have forgotten to turn on the "make logs appear" switch!
upvoted 0 times
...
Jesusita
3 months ago
Maybe the VPC flow logs are not configured correctly or there's an issue with the VPC itself.
upvoted 0 times
...
Maurine
3 months ago
The IAM role might not have the necessary permissions to write logs to CloudWatch.
upvoted 0 times
...
Marilynn
3 months ago
What if the log group itself has some restrictions? I vaguely recall something about log group permissions affecting visibility.
upvoted 0 times
...
Yun
3 months ago
I'm not entirely sure, but could it also be related to the trust relationship of the IAM role? I feel like that was mentioned in a study session.
upvoted 0 times
...
Tijuana
4 months ago
I think there was a practice question about VPC Flow Logs where permissions were the issue too. Could it be that the role lacks the necessary policies?
upvoted 0 times
...
Rickie
4 months ago
I remember something about IAM roles needing the right permissions for logging. Maybe the role isn't set up correctly?
upvoted 0 times
...
Brandon
4 months ago
Ah, I see. The issue is likely with the IAM role. I'd check the role's permissions and make sure it has the necessary access to write logs to CloudWatch Logs.
upvoted 0 times
...
Norah
4 months ago
Hmm, I'm a bit stumped on this one. I'd probably start by reviewing the CloudWatch Logs configuration and making sure the log group is set up correctly to receive the VPC Flow Logs.
upvoted 0 times
...
Florinda
4 months ago
Okay, let's think this through. The traffic is being sent, so the VPC Flow Logs are being generated. Could the issue be with the log group itself? Maybe it needs to be configured properly.
upvoted 0 times
...
Oliva
5 months ago
Ugh, I hate when things like this happen. Maybe the role is missing the right CloudWatch Logs permissions? I'd look into that first.
upvoted 0 times
...
Nydia
5 months ago
Hmm, this seems like a tricky one. I'd start by double-checking the IAM role permissions to make sure it has the necessary access to write logs to CloudWatch.
upvoted 0 times
...

Save Cancel