ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 571 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 571
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company wants to use AWS Systems Manager to manage a fleet of Amazon EC2 instances. According to the company's security requirements, no EC2 instances can have internet access. A solutions architect needs to design network connectivity from the EC2 instances to Systems Manager while fulfilling this security obligation.
Which solution will meet these requirements?

  • A. Deploy the EC2 instances into a private subnet with no route to the internet.
  • B. Configure an interface VPC endpoint for Systems Manager. Update routes to use the endpoint.
  • C. Deploy a NAT gateway into a public subnet. Configure private subnets with a default route to the NAT gateway.
  • D. Deploy an internet gateway. Configure a network ACL to deny traffic to all destinations except Systems Manager.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kevinsnow at Dec. 29, 2021, 3:23 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sant25
Highly Voted 3 years, 5 months ago
Ans - B Q: Can I privately access AWS Systems Manager APIs from my VPC without using public IP addresses? Yes, you can privately access AWS Systems Manager APIs from your VPC (created using Amazon Virtual Private Cloud) by creating VPC Endpoints. With VPC Endpoints, the routing between the VPC and AWS Systems Manager is handled by the AWS network without the need for an internet gateway, NAT gateway, or virtual private network (VPN) connection. The latest generation of VPC Endpoints used by AWS Systems Manager are powered by AWS PrivateLink, a technology that enables private connectivity between AWS services using Elastic Network Interfaces (ENIs) with private IP addresses in your VPCs. To learn more about PrivateLink, visit the PrivateLink documentation. https://aws.amazon.com/systems-manager/faq/
upvoted 8 times
...
BECAUSE
Most Recent 2 years, 1 month ago
Selected Answer: B
B is the answer
upvoted 1 times
...
tigerbaer
2 years, 10 months ago
B is not correct. You don't have to update the route table for interface endpoints! Only gateway endpoints will do that automatically
upvoted 1 times
zikou
11 months, 2 weeks ago
they didnt specify interface endpoint or gateway endpoint they say vpc endpoint which include interface endpoint
upvoted 1 times
...
...
queen101
2 years, 10 months ago
bbbbbbbbbbb
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: B
Vote B
upvoted 1 times
...
Arshadul
3 years ago
Key: --> communication between systems manager and pvt instances Distractors: A/C/D A is a distractor because it does not address the questions answer C is also a distractor as this one also is not addressing the question but a generic statement of how to make pvt instances to allow egress D is a distractor cause first part talks about igw which is not needed here at all B solves the problem as with interface VPC E/P are powered by AWS PrivateLink, and use an Elastic Network Interface (ENI) as an entry point for traffic destined to the service. Interface endpoints are typically accessed using the public or private DNS name associated with the service, once you have the endpoint we can use the IP and update the route table table where the pvt lies to use the endpoint
upvoted 3 times
...
Pryce94
3 years, 2 months ago
B VPC Endpoint provides private access to AWS Services (S3, DynamoDB, CloudFormation, SSM) within a VPC
upvoted 1 times
...
azure_kai
3 years, 6 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
jennyka76
3 years, 6 months ago
D https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html To enable access to or from the internet for instances in a subnet in a VPC, you must do the following. Create an internet gateway and attach it to your VPC. Add a route to your subnet's route table that directs internet-bound traffic to the internet gateway. Ensure that instances in your subnet have a globally unique IP address (public IPv4 address, Elastic IP address, or IPv6 address). Ensure that your network access control lists and security group rules allow the relevant traffic to flow to and from your instance.
upvoted 2 times
Guqnn
3 years, 6 months ago
but it clearly says "No EC2 instances are permitted to have internet access"
upvoted 2 times
...
...
hmc929
3 years, 6 months ago
B is the answer
upvoted 1 times
...
kevinsnow
3 years, 6 months ago
Selected Answer: B
B https://aws.amazon.com/premiumsupport/knowledge-center/ec2-systems-manager-vpc-endpoints/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel