ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 258 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 258
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS CloudHSM is the best service for this.
However, there seem to be a few pre-requisites before this can happen, one of those being a security group that has certain ports open.
Which of the following is correct in regards to those security groups?

  • A. A security group that has no ports open to your network.
  • B. A security group that has only port 3389 (for RDP) open to your network.
  • C. A security group that has only port 22 (for SSH) open to your network.
  • D. A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
AWS CloudHSM provides secure cryptographic key storage to customers by making hardware security modules (HSMs) available in the AWS cloud.
AWS CloudHSM requires the following environment before an HSM appliance can be provisioned. A virtual private cloud (VPC) in the region where you want the
AWS CloudHSM service. One private subnet (a subnet with no Internet gateway) in the VPC. The HSM appliance is provisioned into this subnet.
One public subnet (a subnet with an Internet gateway attached). The control instances are attached to this subnet.
An AWS Identity and Access Management (IAM) role that delegates access to your AWS resources to AWS CloudHSM.
An EC2 instance, in the same VPC as the HSM appliance, that has the SafeNet client software installed. This instance is referred to as the control instance and is used to connect to and manage the HSM appliance.
A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network. This security group is attached to your control instances so you can access them remotely.
by ar2000 at Feb. 26, 2021, 7:51 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aandc
2 years, 10 months ago
weird question, should be 2223-2225
upvoted 2 times
...
jj22222
3 years, 1 month ago
Selected Answer: D
D. A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network.
upvoted 1 times
...
tkanmani76
3 years, 2 months ago
https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg-client-instance.html
upvoted 1 times
tkanmani76
3 years, 2 months ago
Hence D is correct
upvoted 1 times
...
...
DashL
3 years, 6 months ago
For CloudHSM, you launch an Amazon EC2 Client Instance to connect to cloud HSM (https://docs.aws.amazon.com/cloudhsm/latest/userguide/launch-client-instance.html). To connect to the EC2 instance you need either port 22(SSH) or 3389(RDP) open. But the seurity group between EC2 client and CloudHSM need to have port 2223-2225 open. https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg-client-instance.html. The question seems to be asking for CloudHSM pre-requisites, not client EC2 instances. If my understanding is correct, none of the answers are valid.
upvoted 3 times
...
01037
3 years, 6 months ago
OK, it is D a little far-fetched
upvoted 1 times
...
ar2000
3 years, 6 months ago
d. You need to modify the default security group to permit the SSH or RDP connection so that you can download and install client software, and interact with your HSM.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago