Topic 1 Question 319
A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company’s security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.
Which solution will meet this requirement with the LEAST amount of administrative overhead?
Use AWS Systems Manager Session Manager to connect to the EC2 instances.
Use AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand.
Allow shared SSH access to a set of bastion instances. Configure all other instances to allow only SSH access from the bastion instances.
Use an Amazon Cognito custom authorizer to authenticate users. Invoke an AWS Lambda function to generate a temporary SSH key.
ユーザの投票
コメント(10)
Answer is A Using AWS Systems Manager Session Manager to connect to the EC2 instances is a secure option as it eliminates the need for inbound SSH ports and removes the requirement to manage SSH keys manually. It also provides a complete audit trail of user activity. This solution requires no additional software to be installed on the EC2 instances.
👍 4VIad2023/02/17Answer is A
👍 3cloudbusting2023/02/18- 正解だと思う選択肢: A
AWS Systems Manager Session Manager provides secure and auditable instance management without the need for any inbound connections or open ports. It allows you to manage your instances through an interactive one-click browser-based shell or through the AWS CLI. This means that you don't have to manage any SSH keys, and you don't have to worry about securing access to your instances as access is controlled through IAM policies.
👍 3LuckyAro2023/02/21
シャッフルモード