ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 836 discussion

Exam question from Amazon's AWS-SysOps
Question #: 836
Topic #: 1
[All AWS-SysOps Questions]

An application is currently deployed on several Amazon EC2 instances that reside within a VPC. Due to compliance requirements, the EC2 instances cannot have access to the public internet. SysOps Administrators require SSH access to EC2 instances from their corporate office to perform maintenance and other administrative tasks.
Which combination of actions should be taken to permit SSH access to the EC2 instances while meeting the compliance requirements? (Choose two.)

  • A. Attach a NAT gateway to the VPC and configure routing
  • B. Attach a virtual private gateway to the VPC and configure routing
  • C. Attach an internet gateway to the VPC and configure routing
  • D. Configure a VPN connection back to the corporate office
  • E. Configure an Application Load Balancer in front of the EC2 instances
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
Reference:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
by MrDEVOPS at Aug. 31, 2020, 8:54 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Chubb
Highly Voted 1 year, 3 months ago
why not B and D
upvoted 21 times
...
aidenpearce01
Most Recent 9 months, 2 weeks ago
Selected Answer: BD
Da hell A ? it's should be B and D Nat GW and Internet GW by default allow connect to the Internet
upvoted 1 times
...
sasquatchshrimp
1 year, 1 month ago
A gives internet access so its B and D
upvoted 1 times
...
arvsrv
1 year, 2 months ago
I agree, B & D
upvoted 1 times
...
abhishek_m_86
1 year, 2 months ago
B. Attach a virtual private gateway to the VPC and configure routing D. Configure a VPN connection back to the corporate office Seem correct
upvoted 1 times
...
jackdryan
1 year, 2 months ago
I'll go with B,D
upvoted 1 times
...
ImranR
1 year, 2 months ago
B & D...
upvoted 2 times
...
vob
1 year, 3 months ago
We want to permit SSH but not allow EC2 to access public internet. Not E because ALB is not relevant. Not C because adding an IGW won't help us achieve what we want. I don't think B because a VGW on its own is useless. It needs a CGW on the on-prem side. So A and D.
upvoted 1 times
MegatonN
1 year, 2 months ago
BD will create a VPN connection between VPC and on prem.
upvoted 1 times
MegatonN
1 year, 2 months ago
https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html The following diagram shows your network, the customer gateway device, the VPN connection that goes to a virtual private gateway (which is attached to your VPC). The two lines between the customer gateway device and virtual private gateway represent the tunnels for the VPN connection.
upvoted 3 times
...
...
...
tifoz
1 year, 3 months ago
I agree, B & D
upvoted 1 times
...
Pirulou
1 year, 3 months ago
Ans B&D
upvoted 4 times
...
MrDEVOPS
1 year, 3 months ago
D is sure. A ~ is correct but it is attached to subnet not vpc.
upvoted 2 times
phongpg
1 year, 3 months ago
"the EC2 instances cannot have access to the public internet" -> A is incorrect, we don't need create NAT gateway to EC2 access internet. I think correct answer are B & D
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel