Topic 1 Question 97

AWS Certified SysOps Administrator - Associate

Topic 1 Question 97
A team of on-call engineers frequently needs to connect to Amazon EC2 instances in a private subnet to troubleshoot and run commands. The instances use either the latest AWS-provided Windows Amazon Machine Images (AMIs) or Amazon Linux AMIs. The team has an existing 1AM role for authorization. A SysOps administrator must provide the team with access to the instances by granting IAM permissions to this role. Which solution will meet this requirement?
- Add a statement to the 1AM role policy to allow the ssm:StartSession action on the instances. Instruct the team to use AWS Systems Manager Session Manager to connect to the instances by using the assumed IAM role.
- Associate an Elastic IP address and a security group with each instance. Add the engineers' IP addresses to the security group inbound rules. Add a statement to the IAM role policy to allow the ec2:AuthorizeSecurityGrouplngress action so that the team can connect to the instances.
- Create a bastion host with an EC2 instance, and associate the bastion host with the VPC. Add a statement to the 1AM role policy to allow the ec2:CreateVpnConnection action on the bastion host. Instruct the team to use the bastion host endpoint to connect to the instances.
- Create an internet-facing Network Load Balancer. Use two listeners. Forward port 22 to a target group of Linux instances. Forward port 3389 to a target group of Windows instances. Add a statement to the IAM role policy to allow the ec2:CreateRoute action so that the team can connect to the instances.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: A
  A is correct.
  
  👍 2
  Surferbolt2022/10/16
- 正解だと思う選択肢: A
  aaaaaaa
  
  👍 2
  michaldavid2022/12/09
- 正解だと思う選択肢: A
  Agree, its A. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
  
  👍 1
  kati2k22cz2022/09/05
シャッフルモード

ユーザの投票

コメント(4)