Topic 1 Question 73
2 つ選択A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC. A solutions architect needs to connect from the on-premises network, through the company's internet connection, to the bastion host, and to the application servers. The solutions architect must make sure that the security groups of all the EC2 instances will allow that access. Which combination of steps should the solutions architect take to meet these requirements?
Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company.
Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company.
Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host.
Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host.
ユーザの投票
コメント(14)
- 正解だと思う選択肢: CD
C because from on-prem network to bastion through internet (using on-prem resource's public IP), D because bastion and ec2 is in same VPC, meaning bastion can communicate to EC2 via it's private IP address
👍 23Six_Fingered_Jose2022/10/24 - 正解だと思う選択肢: CD
CD is correct
👍 2ninjawrz2022/10/16 - 正解だと思う選択肢: CD
Option C (allow access just from the external IP) and D (allow inbound SSH from the private IP of the bastion host).
👍 2ArielSchivo2022/10/18
シャッフルモード