Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 37 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 37
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
  • B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
  • C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
  • D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by TaiTran1994 at Oct. 10, 2022, 5:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
BoboChow
Highly Voted 1 year, 8 months ago
Selected Answer: B
How can Session Manager benefit my organization? Ans: No open inbound ports and no need to manage bastion hosts or SSH keys https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 22 times
Nightducky
1 year, 7 months ago
Do you know what from the question is it Windows or Linux EC2. I think not so how you want to do SSH session for Windows? Answer is C
upvoted 2 times
JayBee65
1 year, 7 months ago
Session Manager provides support for Windows, Linux, and macOS from a single tool
upvoted 6 times
...
sohailn
11 months ago
session manager works with linux, windows, and mac too
upvoted 3 times
...
TienHuynh
1 year ago
"Cross-platform support for Windows, Linux, and macOS" https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 2 times
...
...
...
ManikRoy
Most Recent 2 months, 1 week ago
Selected Answer: B
Session Manager provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
upvoted 2 times
...
awsgeek75
5 months, 3 weeks ago
Selected Answer: B
A: Serial console is for device direct connection to peripherals and monitor boot etc. C: Workable solution but a lot of overhead D: Too much overhead for everyone B: Managed product for this purpose so least overhead. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 1 times
...
A_jaa
5 months, 3 weeks ago
Selected Answer: B
Answer-B
upvoted 1 times
...
AWSStudyBuddy
8 months, 2 weeks ago
I go with option B. Here's why--- IAM Roles: Without SSH keys or shared passwords, securely provide access to EC2 instances and AWS services.
upvoted 4 times
AWSStudyBuddy
8 months, 2 weeks ago
Without requiring direct SSH connection, securely access and control EC2 instances with AWS Systems Manager Session Manager. Least Operational Overhead: An effective and fully managed method of managing instances. Well-Architected Framework: Complies with performance, security, and reliability best practices from AWS. Cons of alternative options: Option A: The automation and flexibility required for secure administration at scale are not provided by using the EC2 serial terminal directly. Option C: There is more operational overhead and complexity when a bastion host is deployed. Option D: For secure instance administration, setting up an AWS Site-to-Site VPN connection is too difficult and not the optimal approach. In conclusion, Option B is suggested as the best option given the given circumstances.
upvoted 4 times
...
...
Guru4Cloud
11 months ago
Selected Answer: B
This solution meets all of the requirements with the LEAST operational overhead. It is repeatable, uses native AWS services, and follows the AWS Well-Architected Framework. Repeatable: The process of attaching an IAM role to an EC2 instance and using Systems Manager Session Manager to establish a remote SSH session is repeatable. This can be easily automated, so that new instances can be provisioned and administrators can connect to them securely without any manual intervention.
upvoted 2 times
...
TariqKipkemei
11 months, 1 week ago
Selected Answer: B
With AWS Systems Manager Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). It provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html#:~:text=RSS-,Session%20Manager,-is%20a%20fully
upvoted 2 times
...
james2033
11 months, 3 weeks ago
Selected Answer: B
Keyword "access and administer the instances remotely and securely" See "AWS Systems Manager Session Manager at " https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html .
upvoted 1 times
...
miki111
11 months, 3 weeks ago
Option B is the right answer for this.
upvoted 1 times
...
TienHuynh
1 year ago
Selected Answer: B
+Centralized access control to managed nodes using IAM policies +No open inbound ports and no need to manage bastion hosts or SSH keys +Cross-platform support for Windows, Linux, and macOS
upvoted 1 times
...
cookieMr
1 year ago
Selected Answer: B
Option A provides direct access to the terminal interface of each instance, but it may not be practical for administration purposes and can be cumbersome to manage, especially for multiple instances. Option C adds operational overhead and introduces additional infrastructure that needs to be managed, monitored, and secured. It also requires SSH key management and maintenance. Option D is complex and may not be necessary for remote administration. It also requires administrators to connect from their local on-premises machines, which adds complexity and potential security risks. Therefore, option B is the recommended solution as it provides secure, auditable, and repeatable remote access using IAM roles and AWS Systems Manager Session Manager, with minimal operational overhead.
upvoted 4 times
...
Bmarodi
1 year, 1 month ago
Selected Answer: B
The choice for me is the option B.
upvoted 1 times
...
cheese929
1 year, 3 months ago
Selected Answer: B
B is correct and has the least overhead.
upvoted 1 times
...
linux_admin
1 year, 3 months ago
Selected Answer: B
AWS Systems Manager Session Manager is a fully managed service that provides secure and auditable instance management without the need for bastion hosts, VPNs, or SSH keys. It provides secure and auditable access to EC2 instances and eliminates the need for managing and securing SSH keys.
upvoted 1 times
...
PaoloRoma
1 year, 3 months ago
Selected Answer: B
I selected B) as "open inbound ports, maintain bastion hosts, or manage SSH keys" https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html However Session Manager comes with pretty robust list of prerequisites to put in place (SSM Agent and connectivity to SSM endpoints). On the other side A) come with basically no prerequisites, but it is only for Linux and we do not have info about OSs, so we should assume Windows as well.
upvoted 1 times
...
nour
1 year, 4 months ago
Selected Answer: B
The keyword that makes option B follows the AWS Well-Architected Framework is "IAM role." IAM roles provide fine-grained access control and are a recommended best practice in the AWS Well-Architected Framework. By attaching the appropriate IAM role to each instance and using AWS Systems Manager Session Manager to establish a remote SSH session, the solution is using IAM roles to control access and follows a recommended best practice.
upvoted 2 times
...
Shaw605
1 year, 5 months ago
Answer is B ~ Chat GPT To meet the requirements with the least operational overhead, the company can use the AWS Systems Manager Session Manager. It is a native AWS service that enables secure and auditable access to instances without the need for remote public IP addresses, inbound security group rules, or Bastion hosts. With AWS Systems Manager Session Manager, the company can establish a secure and auditable session to the EC2 instances and perform administrative tasks without the need for additional operational overhead.
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours