ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 37 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 37
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
  • B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
  • C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
  • D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by TaiTran1994 at Oct. 10, 2022, 5:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoboChow
Highly Voted 2 years, 1 month ago
Selected Answer: B
How can Session Manager benefit my organization? Ans: No open inbound ports and no need to manage bastion hosts or SSH keys https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 24 times
Nightducky
2 years, 1 month ago
Do you know what from the question is it Windows or Linux EC2. I think not so how you want to do SSH session for Windows? Answer is C
upvoted 3 times
JayBee65
2 years ago
Session Manager provides support for Windows, Linux, and macOS from a single tool
upvoted 9 times
...
sohailn
1 year, 4 months ago
session manager works with linux, windows, and mac too
upvoted 4 times
...
TienHuynh
1 year, 6 months ago
"Cross-platform support for Windows, Linux, and macOS" https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 3 times
...
...
...
cookieMr
Highly Voted 1 year, 6 months ago
Selected Answer: B
Option A provides direct access to the terminal interface of each instance, but it may not be practical for administration purposes and can be cumbersome to manage, especially for multiple instances. Option C adds operational overhead and introduces additional infrastructure that needs to be managed, monitored, and secured. It also requires SSH key management and maintenance. Option D is complex and may not be necessary for remote administration. It also requires administrators to connect from their local on-premises machines, which adds complexity and potential security risks. Therefore, option B is the recommended solution as it provides secure, auditable, and repeatable remote access using IAM roles and AWS Systems Manager Session Manager, with minimal operational overhead.
upvoted 6 times
...
safa_123
Most Recent 1 month, 2 weeks ago
B. Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region. Configure replication between the S3 buckets. Configure the application to use the KMS key with client-side encryption. Explanation: Multi-Region KMS Key: AWS KMS supports multi-Region keys, which can be replicated across Regions, enabling encryption and decryption in multiple Regions using the "same" KMS key (though technically it's a replica). This meets the requirement of using the same key in both Regions without additional management overhead for separate keys. Client-side encryption: Configuring the application to use the KMS key with client-side encryption ensures that the data is encrypted before it is sent to Amazon S3, and decrypted when retrieved.
upvoted 2 times
...
zied007
3 months, 2 weeks ago
Selected Answer: B
Answer is B
upvoted 1 times
...
ManikRoy
8 months ago
Selected Answer: B
Session Manager provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
upvoted 3 times
...
awsgeek75
11 months, 2 weeks ago
Selected Answer: B
A: Serial console is for device direct connection to peripherals and monitor boot etc. C: Workable solution but a lot of overhead D: Too much overhead for everyone B: Managed product for this purpose so least overhead. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 2 times
...
A_jaa
11 months, 2 weeks ago
Selected Answer: B
Answer-B
upvoted 1 times
...
AWSStudyBuddy
1 year, 2 months ago
I go with option B. Here's why--- IAM Roles: Without SSH keys or shared passwords, securely provide access to EC2 instances and AWS services.
upvoted 4 times
AWSStudyBuddy
1 year, 2 months ago
Without requiring direct SSH connection, securely access and control EC2 instances with AWS Systems Manager Session Manager. Least Operational Overhead: An effective and fully managed method of managing instances. Well-Architected Framework: Complies with performance, security, and reliability best practices from AWS. Cons of alternative options: Option A: The automation and flexibility required for secure administration at scale are not provided by using the EC2 serial terminal directly. Option C: There is more operational overhead and complexity when a bastion host is deployed. Option D: For secure instance administration, setting up an AWS Site-to-Site VPN connection is too difficult and not the optimal approach. In conclusion, Option B is suggested as the best option given the given circumstances.
upvoted 5 times
...
...
Guru4Cloud
1 year, 4 months ago
Selected Answer: B
This solution meets all of the requirements with the LEAST operational overhead. It is repeatable, uses native AWS services, and follows the AWS Well-Architected Framework. Repeatable: The process of attaching an IAM role to an EC2 instance and using Systems Manager Session Manager to establish a remote SSH session is repeatable. This can be easily automated, so that new instances can be provisioned and administrators can connect to them securely without any manual intervention.
upvoted 3 times
...
TariqKipkemei
1 year, 4 months ago
Selected Answer: B
With AWS Systems Manager Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). It provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html#:~:text=RSS-,Session%20Manager,-is%20a%20fully
upvoted 3 times
...
james2033
1 year, 5 months ago
Selected Answer: B
Keyword "access and administer the instances remotely and securely" See "AWS Systems Manager Session Manager at " https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html .
upvoted 2 times
...
miki111
1 year, 5 months ago
Option B is the right answer for this.
upvoted 1 times
...
TienHuynh
1 year, 6 months ago
Selected Answer: B
+Centralized access control to managed nodes using IAM policies +No open inbound ports and no need to manage bastion hosts or SSH keys +Cross-platform support for Windows, Linux, and macOS
upvoted 2 times
...
Bmarodi
1 year, 6 months ago
Selected Answer: B
The choice for me is the option B.
upvoted 1 times
...
cheese929
1 year, 8 months ago
Selected Answer: B
B is correct and has the least overhead.
upvoted 1 times
...
linux_admin
1 year, 8 months ago
Selected Answer: B
AWS Systems Manager Session Manager is a fully managed service that provides secure and auditable instance management without the need for bastion hosts, VPNs, or SSH keys. It provides secure and auditable access to EC2 instances and eliminates the need for managing and securing SSH keys.
upvoted 1 times
...
PaoloRoma
1 year, 9 months ago
Selected Answer: B
I selected B) as "open inbound ports, maintain bastion hosts, or manage SSH keys" https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html However Session Manager comes with pretty robust list of prerequisites to put in place (SSM Agent and connectivity to SSM endpoints). On the other side A) come with basically no prerequisites, but it is only for Linux and we do not have info about OSs, so we should assume Windows as well.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago