SAP-C02 · Question #25
SAP-C02 Question #25: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #25. The question stem and answer options stay visible for context.
Question
A start up company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company's engineers rely heavily on SSH access to the instances for troubleshooting. The company's existing architecture includes the following: - A VPC with private and public subnets, and a NAT gateway - Site-to-Site VPN for connectivity with the on-premises environment - EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers. Which strategy should a solutions architect use?
Options
- AInstall and configure EC2 Instance Connect on the fleet of EC2 instances. Remove all security
- BUpdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the
- CUpdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the
- DCreate an IAM role with the AmazonSSMManagedInstanceCore managed policy attached. Attach
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.