ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 39 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 39
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance. The application server is available only in a private subnet. The contractors are not authorized for VPN access.
What should the DevOps engineer do to grant the contactors access to the application server?

  • A. Create an IAM user and SSH keys for each contractor. Add the public SSH key to the application server's SSH authorized_keys file. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials files with their private keys, and use the aws ssm start-session command to gain access to the target application server instance ID.
  • B. Ask each contractor to securely send their SSH public key. Add this public key to the application server's SSH authorized-keys file. Instruct the contractors to use their private key to connect to the application server through SSH.
  • C. Ask each contractor to securely send their SSH public key. Use EC2 pairs to import their key. Update the application server's SSH authorized_keys file. Instruct the contractors to use their private key to connect to the application server through SSH.
  • D. Create an IAM user for each contractor with programmatic access. Add each user to an IAM group that has a policy that allows the ssm:StartSession action. Instruct the contractors to install the AWS CLI and AWS Systems Manager Session Manager plugin, update their AWS credentials files with their access keys, and use the aws ssm start-session to gain access to the target application server instance ID.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ohcn at Aug. 31, 2022, 10:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ParagSanyashiv
2 years, 1 month ago
Selected Answer: D
D is more relevant here.
upvoted 1 times
...
easytoo
2 years, 2 months ago
It's A or D but I go with D. Option A requires creating an SSH key pair for each contractor, which can be time-consuming if there are many contractors involved. Additionally, managing SSH keys can be challenging from a security perspective. On the other hand, option D provides programmatic access, which is generally more secure than SSH keys. Contractors do not need to manage SSH keys, and access to the instance can be controlled using IAM policies.
upvoted 1 times
m4r0ck
1 year, 10 months ago
the point of connecting through SSM is exactly to avoid creating/managing SSH keys. so It's D
upvoted 1 times
...
...
sasa33_p
2 years, 3 months ago
Selected Answer: D
Using SSM looks more reasonable.
upvoted 1 times
...
Piccaso
2 years, 3 months ago
Selected Answer: B
The contractors are external ....
upvoted 2 times
yogi3100
2 years, 3 months ago
The question does not mention that contractors are external... it says, they are not allowed to use VPN.
upvoted 1 times
Ozarsif
1 year, 9 months ago
"to grant several external contractors" i like B answer, but this is private network, so additionally bastion should be used, in that case.
upvoted 1 times
...
...
...
Sabreen_Salama
2 years, 4 months ago
the answer is D
upvoted 2 times
...
Piccaso
2 years, 4 months ago
Selected Answer: D
D is the most AWS-managed option.
upvoted 1 times
...
Bulti
2 years, 4 months ago
D is the right answer. AWS credentials to use AWS CLI to start AWS session manager is the right answer.
upvoted 1 times
...
saeidp
2 years, 5 months ago
D for sure
upvoted 2 times
...
saggy4
2 years, 5 months ago
Selected Answer: D
All other answers involve a lot of hassles involving addition and removal of public and private keys. In option D you just need to create/delete and add/remove users from group for all future access
upvoted 2 times
...
DonWang
2 years, 6 months ago
D for me
upvoted 1 times
...
Maygam
2 years, 6 months ago
Selected Answer: D
https://aws.amazon.com/premiumsupport/knowledge-center/systems-manager-ssh-vpc-resources/
upvoted 2 times
...
developer_404
2 years, 6 months ago
Selected Answer: D
Use AWS System Manager for easy login
upvoted 2 times
...
celetas
2 years, 8 months ago
I would say D if contractors belong to the same company, on the other hand B
upvoted 3 times
Piccaso
2 years, 3 months ago
I agree. B is strict.
upvoted 1 times
...
...
SamHan
2 years, 9 months ago
Selected Answer: D
Ans: D
upvoted 2 times
...
Brain4
2 years, 9 months ago
D is the correct answer
upvoted 1 times
...
colinquek
2 years, 9 months ago
D pls use AWS SSM when possible
upvoted 1 times
...
ohcn
2 years, 9 months ago
B seems correct. https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ssh-best-practices/ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
upvoted 1 times
ohcn
2 years, 9 months ago
My bad. D seems correct.
upvoted 1 times
ohcn
2 years, 9 months ago
Session Manager allows AWS Identity and Access Management (IAM) users to log in to your instances with encryption and logging capabilities. Systems Manager's traffic goes through the Systems Manager Endpoint, allowing easy and secure access to private instances without opening inbound ports.
upvoted 3 times
Nickhiahiahia
2 years, 5 months ago
if set up only one user, how to trace the user behavior since the are more than one contractor?
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel