ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 37 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 37
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
  • B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
  • C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
  • D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by TaiTran1994 at Oct. 10, 2022, 5:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BoboChow
Highly Voted 2 years, 8 months ago
Selected Answer: B
How can Session Manager benefit my organization? Ans: No open inbound ports and no need to manage bastion hosts or SSH keys https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 25 times
Nightducky
2 years, 7 months ago
Do you know what from the question is it Windows or Linux EC2. I think not so how you want to do SSH session for Windows? Answer is C
upvoted 3 times
JayBee65
2 years, 7 months ago
Session Manager provides support for Windows, Linux, and macOS from a single tool
upvoted 10 times
...
sohailn
1 year, 11 months ago
session manager works with linux, windows, and mac too
upvoted 4 times
...
TienHuynh
2 years ago
"Cross-platform support for Windows, Linux, and macOS" https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 3 times
...
...
...
cookieMr
Highly Voted 2 years ago
Selected Answer: B
Option A provides direct access to the terminal interface of each instance, but it may not be practical for administration purposes and can be cumbersome to manage, especially for multiple instances. Option C adds operational overhead and introduces additional infrastructure that needs to be managed, monitored, and secured. It also requires SSH key management and maintenance. Option D is complex and may not be necessary for remote administration. It also requires administrators to connect from their local on-premises machines, which adds complexity and potential security risks. Therefore, option B is the recommended solution as it provides secure, auditable, and repeatable remote access using IAM roles and AWS Systems Manager Session Manager, with minimal operational overhead.
upvoted 9 times
...
Kazmin
Most Recent 3 months, 1 week ago
Selected Answer: A
looks correct
upvoted 1 times
...
Rcosmos
5 months, 3 weeks ago
Selected Answer: B
A Opção B é a solução mais simples, segura e de menor sobrecarga operacional. O uso do AWS Systems Manager Session Manager elimina a necessidade de abrir portas, gerenciar chaves SSH ou configurar infraestrutura adicional, alinhando-se ao AWS Well-Architected Framework.
upvoted 1 times
...
satyaammm
6 months ago
Selected Answer: B
Creatin an IAM Role is the most suitable as others do not meet the criteria of less operational overhead.
upvoted 1 times
...
safa_123
8 months ago
B. Create a customer managed multi-Region KMS key. Create an S3 bucket in each Region. Configure replication between the S3 buckets. Configure the application to use the KMS key with client-side encryption. Explanation: Multi-Region KMS Key: AWS KMS supports multi-Region keys, which can be replicated across Regions, enabling encryption and decryption in multiple Regions using the "same" KMS key (though technically it's a replica). This meets the requirement of using the same key in both Regions without additional management overhead for separate keys. Client-side encryption: Configuring the application to use the KMS key with client-side encryption ensures that the data is encrypted before it is sent to Amazon S3, and decrypted when retrieved.
upvoted 2 times
MortisG
1 month, 3 weeks ago
This is perfect for the previous question.
upvoted 1 times
...
...
zied007
9 months, 4 weeks ago
Selected Answer: B
Answer is B
upvoted 1 times
...
ManikRoy
1 year, 2 months ago
Selected Answer: B
Session Manager provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
upvoted 4 times
...
awsgeek75
1 year, 5 months ago
Selected Answer: B
A: Serial console is for device direct connection to peripherals and monitor boot etc. C: Workable solution but a lot of overhead D: Too much overhead for everyone B: Managed product for this purpose so least overhead. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
upvoted 2 times
...
A_jaa
1 year, 5 months ago
Selected Answer: B
Answer-B
upvoted 1 times
...
AWSStudyBuddy
1 year, 8 months ago
I go with option B. Here's why--- IAM Roles: Without SSH keys or shared passwords, securely provide access to EC2 instances and AWS services.
upvoted 4 times
AWSStudyBuddy
1 year, 8 months ago
Without requiring direct SSH connection, securely access and control EC2 instances with AWS Systems Manager Session Manager. Least Operational Overhead: An effective and fully managed method of managing instances. Well-Architected Framework: Complies with performance, security, and reliability best practices from AWS. Cons of alternative options: Option A: The automation and flexibility required for secure administration at scale are not provided by using the EC2 serial terminal directly. Option C: There is more operational overhead and complexity when a bastion host is deployed. Option D: For secure instance administration, setting up an AWS Site-to-Site VPN connection is too difficult and not the optimal approach. In conclusion, Option B is suggested as the best option given the given circumstances.
upvoted 5 times
...
...
Guru4Cloud
1 year, 11 months ago
Selected Answer: B
This solution meets all of the requirements with the LEAST operational overhead. It is repeatable, uses native AWS services, and follows the AWS Well-Architected Framework. Repeatable: The process of attaching an IAM role to an EC2 instance and using Systems Manager Session Manager to establish a remote SSH session is repeatable. This can be easily automated, so that new instances can be provisioned and administrators can connect to them securely without any manual intervention.
upvoted 3 times
...
TariqKipkemei
1 year, 11 months ago
Selected Answer: B
With AWS Systems Manager Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). It provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html#:~:text=RSS-,Session%20Manager,-is%20a%20fully
upvoted 3 times
...
james2033
1 year, 11 months ago
Selected Answer: B
Keyword "access and administer the instances remotely and securely" See "AWS Systems Manager Session Manager at " https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html .
upvoted 2 times
...
miki111
1 year, 11 months ago
Option B is the right answer for this.
upvoted 1 times
...
TienHuynh
2 years ago
Selected Answer: B
+Centralized access control to managed nodes using IAM policies +No open inbound ports and no need to manage bastion hosts or SSH keys +Cross-platform support for Windows, Linux, and macOS
upvoted 2 times
...
Bmarodi
2 years, 1 month ago
Selected Answer: B
The choice for me is the option B.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel