ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 178 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 178
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

An organization is planning to setup a management network on the AWS VPC. The organization is trying to secure the webserver on a single VPC instance such that it allows the internet traffic as well as the back-end management traffic. The organization wants to make so that the back end management network interface can receive the SSH traffic only from a selected IP range, while the internet facing webserver will have an IP address which can receive traffic from all the internet
IPs.
How can the organization achieve this by running web server on a single instance?

  • A. It is not possible to have two IP addresses for a single instance.
  • B. The organization should create two network interfaces with the same subnet and security group to assign separate IPs to each network interface.
  • C. The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access.
  • D. The organization should launch an instance with two separate subnets using the same network interface which allows to have a separate CIDR as well as security groups.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ExtHo at March 21, 2021, 2:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amministrazione
8 months, 2 weeks ago
C. The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access.
upvoted 1 times
...
SkyZeroZx
1 year, 10 months ago
Selected Answer: C
The correct answer is: C. The organization should create two network interfaces with separate subnets so one instance can have two subnets and the respective security groups for controlled access. To achieve the desired configuration of allowing internet traffic to the web server and back-end management traffic with SSH access from a selected IP range, the organization can create two network interfaces for the single instance. By creating two network interfaces, the organization can assign separate subnets to each network interface. One network interface can be associated with a subnet that allows internet traffic, while the other network interface can be associated with a subnet for back-end management traffic.
upvoted 2 times
...
hollie
2 years, 3 months ago
Selected Answer: C
Tried creating an EC2 with two interfaces in separate subnet but same AZ and it works.
upvoted 2 times
...
NathanvB99
2 years, 5 months ago
Selected Answer: B
An instance can't be in 2 subnets, so C is wrong. An instance can, however, have 2 interfaces with 2 IP's. So B is my answer.
upvoted 1 times
...
RajAWSDevOps007
2 years, 6 months ago
It's ONLY C. As for ENIs in two subnets for the same EC2 instance, it's very much possible per this link- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/scenarios-enis.html
upvoted 2 times
...
Pengcheng
2 years, 6 months ago
Selected Answer: C
C is correct!
upvoted 1 times
...
RVD
2 years, 8 months ago
ANS = C. You Can attach multiple ENI to EC2 with different subnet in Single VPC but Subnet should be in same AZ you cannot attach with different AZ.
upvoted 3 times
...
nexus2020
2 years, 8 months ago
Selected Answer: B
Real world: production and mgmt should be separated. And mgmt should not be allowed to ssh directly from internet, should be allowed from VPN where employee first vpn in and then do the mgmt work.
upvoted 1 times
nexus2020
2 years, 8 months ago
C, clicked the wrong button....
upvoted 1 times
...
...
futen0326
3 years, 2 months ago
C is correct. An instance can have multiple ENIs attached to it, and you can deploy those ENIs into different subnets for more granular security configurations, such as the scenario in the question.
upvoted 2 times
...
Devgela
3 years, 3 months ago
C is only answer
upvoted 2 times
...
AMKazi
3 years, 3 months ago
B: is the answer. its possible to attach more than one network interface and separate security groups with each ENI A: Wrong, its possible to have 2 IP addresses using 2 network interface cards attached to the instance C: No possible. One instance cannot be available to 2 subnets at the same time d: Not possible
upvoted 4 times
...
cldy
3 years, 4 months ago
C. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/scenarios-enis.html
upvoted 2 times
...
01037
3 years, 6 months ago
Of course C
upvoted 1 times
...
ExtHo
3 years, 6 months ago
Correct Answer C: Scenarios for network interfaces Attaching multiple network interfaces to an instance is useful when you want to: Create a management network. Use network and security appliances in your VPC. Create dual-homed instances with workloads/roles on distinct subnets. Create a low-budget, high-availability solution. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/scenarios-enis.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago