AWS SAA-C03 #37

这篇具有很好参考价值的文章主要介绍了AWS SAA-C03 #37。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.


B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Option B provides a secure and low-operational-overhead solution that aligns with the AWS Well-Architected Framework:

  1. IAM Roles: By attaching the appropriate IAM roles to the instances, you can control access to AWS services and resources. This ensures that only authorized users or systems can interact with the instances.

  2. AWS Systems Manager Session Manager: This service allows you to establish secure, controlled sessions with instances. It doesn’t require opening inbound ports in security groups or network access control lists, which improves security.

  3. Least Operational Overhead: Using Systems Manager Session Manager means you don’t have to manage additional infrastructure like bastion hosts or VPN connections. It’s a managed service provided by AWS, reducing operational overhead.

  4. Secure: The use of IAM roles and Systems Manager for remote access is in line with security best practices, and it provides a controlled and secure method for administrators to access the instances.

Option A (using the EC2 serial console) might be useful in certain scenarios, but it’s not suitable for remote administration on a regular basis due to limitations in functionality.

Option C (using a bastion host) adds additional infrastructure that needs to be managed and secured, which increases operational overhead.

Option D (AWS Site-to-Site VPN) is a valid option for connecting on-premises resources to AWS, but it introduces more complexity and overhead than necessary for this scenario, making it less suitable for the requirement of least operational overhead.文章来源地址https://www.toymoban.com/news/detail-732973.html

到了这里,关于AWS SAA-C03 #37的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • AWS SAA-C03 #146

    A company runs a stateless web application in production on a group of Amazon EC2 On-Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight. Application usage is low during weekends. The company wants to minimize its EC2 costs

    2024年02月07日
    浏览(48)
  • AWS SAA-C03 #157

    A company stores data in an Amazon Aurora PostgreSQL DB cluster. The company must store all the data for 5 years and must delete all the data after 5 years. The company also must indefinitely keep audit logs of actions that are performed within the database. Currently, the company has automated backups configured for Aurora. Which combination of steps should

    2024年02月07日
    浏览(42)
  • AWS SAA-C03 #51

    A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning. Which combination of steps should a solutions architect take to mee

    2024年02月07日
    浏览(40)
  • AWS SAA-C03 #50

    A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability. What should a solutions architect do to meet these requirements? A. Create an AWS La

    2024年02月07日
    浏览(48)
  • AWS认证SAA-C03每日一题

    本题库由云计算狂魔微信公众号分享。 【SAA-C03助理级解决方案架构师认证】 A company runs an application using Amazon ECS.The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3. How can a solutions architect ensure that the application has permission

    2024年02月11日
    浏览(46)
  • AWS SAA-C03考试知识点整理

    S3: 不用于 数据库 功能 分类: S3 Standard :以便频繁访问 S3 Standard-IA 或 S3 One Zone-IA : 不经常访问的数据 Glacier: 最低的成本归档数据 S3 Intelligent-Tiering智能分层 :存储具有不断变化或未知访问模式的数据 S3 存储 也可用于静态网站托管 bucket名::amazonaws.com S3 存储 L ens :

    2024年02月08日
    浏览(47)
  • AWS SAA-C03考试题库(11 - 20)

        A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management. What should a solutions architect do to accomplish this goal?  

    2024年03月12日
    浏览(57)
  • AWS-SAA-C03认证——之基础知识扫盲

    AWS认证考试是什么?有什么用? AWS认证(AWS Certification )是AWS针对云计算行业从业者推出的一套认证体系;学员可以通过获得业内认可的证书来证明您的 AWS 云技能并提高您的信用度。 AWS官网关于认证体系的介绍页面:https://aws.amazon.com/cn/certification/ 目前,AWS在全球云计算市

    2024年01月17日
    浏览(50)
  • AWS SAA C003 #29

    A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has deployments across multiple AWS Regions. The company needs to route users to the Region with the lowest latency. The company also needs automated failover between Regions.

    2024年02月08日
    浏览(32)
  • AWS SAA知识点整理(作成中)

    一些信息已经更新了,但参考题的答案还是旧的。 比如: S3的最大读写性能已经提高到 3,500 PUT/COPY/POST/DELETE or 5,500 GET/HEAD requests per second 并且不再要求使用random prefix 题目中有时候会让选择 Not violation 不合适的一项,必须注意。 为了提高读取的performance: For example, your applica

    2024年02月07日
    浏览(64)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包