ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 908 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 908
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has applications that run in an organization in AWS Organizations. The company outsources operational support of the applications. The company needs to provide access for the external support engineers without compromising security.

The external support engineers need access to the AWS Management Console. The external support engineers also need operating system access to the company’s fleet ofAmazon EC2 instances that run Amazon Linux in private subnets.

Which solution will meet these requirements MOST securely?

  • A. Confirm that AWS Systems Manager Agent (SSM Agent) is installed on all instances. Assign an instance profile with the necessary policy to connect to Systems Manager. Use AWS IAM Identity Center to provide the external support engineers console access. Use Systems Manager Session Manager to assign the required permissions.
  • B. Confirm that AWS Systems Manager Agent (SSM Agent) is installed on all instances. Assign an instance profile with the necessary policy to connect to Systems Manager. Use Systems Manager Session Manager to provide local IAM user credentials in each AWS account to the external support engineers for console access.
  • C. Confirm that all instances have a security group that allows SSH access only from the external support engineers’ source IP address ranges. Provide local IAM user credentials in each AWS account to the external support engineers for console access. Provide each external support engineer an SSH key pair to log in to the application instances.
  • D. Create a bastion host in a public subnet. Set up the bastion host security group to allow access from only the external engineers’ IP address ranges. Ensure that all instances have a security group that allows SSH access from the bastion host. Provide each external support engineer an SSH key pair to log in to the application instances. Provide local account IAM user credentials to the engineers for console access.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by officedepotadmin at Aug. 5, 2024, 3:54 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LeonSauveterre
3 months, 3 weeks ago
Selected Answer: A
A - It leverages AWS-managed solutions that simplify operations, enhance security, and meet the requirement for both console and OS-level access, while avoiding the pitfalls of SSH-based access or local user management, so this is what we're looking for. B - Providing local IAM user credentials increases operational overhead and security risks. Managing these credentials across multiple AWS accounts can lead to inconsistency and potential vulnerabilities. C - Allowing SSH access via security groups and distributing SSH key pairs introduces significant security risks. Keys could be lost or misused, and managing IP address ranges is not a piece of cake. D - Bastion hosts require ongoing maintenance and monitoring to ensure security, which is unnecessary with Session Manager.
upvoted 1 times
...
EllenLiu
4 months ago
Selected Answer: A
B: I believe the Session Manager may not have the capability to provide IAM user credentials. If it were to do so, it could potentially lead to security concerns.
upvoted 1 times
...
Cpso
4 months, 4 weeks ago
Selected Answer: A
A or B. Exam not tell if they have IDP and no. of outsource.
upvoted 2 times
...
Changwha
5 months ago
A: This solution minimizes the attack surface by eliminating the need for SSH access, avoids bastion hosts, and provides secure, auditable, and federated access to AWS resources.
upvoted 2 times
...
swati1508
8 months, 3 weeks ago
A use MSM
upvoted 2 times
...
officedepotadmin
8 months, 3 weeks ago
Selected Answer: A
Systems Manager Session Manager allows secure, auditable, and controlled access to your EC2 instances without needing to open SSH ports or manage SSH keys, reducing the attack surface. Local IAM user credentials are less secure and harder to manage at scale compared to using IAM Identity Center.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago