Multiple Choice
A company wants to deploy an application in a private VPC that will not be connected to the internet. The company's security team will not allow bastion hosts or methods using SSH to log in to Amazon EC2 instances. The application team plans to use AWS Systems Manager Session Manager to connect to and manage the EC2 instances. Which combination of steps should the security team take? (Choose three.)
A) Make sure the Systems Manager Agent is installed and running on all EC2 instances inside the VPC.
B) Ensure the IAM role attached to the EC2 instances in the VPC allows access to Systems Manager.
C) Create an SCP that prevents the creation of SSH key pairs.
D) Launch a NAT gateway in the VPC. Update the routing policies to forward traffic to this NAT gateway.
E) Ensure proper VPC endpoints are in place for Systems Manager and Amazon EC2.
F) Ensure the VPC has a transit gateway attachment. Update the routing policies to forward traffic to this transit gateway.
Correct Answer:
Verified
Correct Answer:
Verified
Q155: A company is undergoing a layer 3
Q156: An application makes calls to AWS services
Q157: An application running on Amazon EC2 instances
Q158: The Security Engineer has discovered that a
Q159: Amazon CloudWatch Logs agent is successfully delivering
Q161: A global company must mitigate and respond
Q162: A Security Engineer is trying to determine
Q163: A company has a forensic logging use
Q164: A Security Engineer who was reviewing AWS
Q165: A Security Engineer is asked to update