Q32 — AWS SAP-C02 Ch.1
Question 32 of 75 | ← Chapter 1
Q107. A government solution runs on a fleet of more than 2,000 Amazon EC2 instances. Each EC2 instance runs highly secure software on Windows Server OS with an AWS Systems Manager Agent(SSM Agent) installed. The TCP/443 inbound port is open to the fleet of instances. All the other inbound ports are closed.Currently, any changes to the port configuration requires a lengthy multi-level review process. Which solution will provide secure access to run scripts on the fleet of instances with the LEAST amount of administrative overhead?
- A. Configure AWS OpsWorks for Puppet Enterprise with a connection to the SSM Agent on the instances Manage the scripts by using Puppet stacks
- B. Open the required ports. Manage the fleet of instances by using Session Manager, a capability of AWS Systems Manager ✓
- C. Add interface endpoints and an IAM role. Manage the fleet of instances by using Run Command, a capability of AWS Systems Manager.
- D. Open Port TCP/22 and copy scripts onto each instance. Manage instances at scale by using scripts
Correct Answer: B. Open the required ports. Manage the fleet of instances by using Session Manager, a capability of AWS Systems Manager
Explanation
This solution provides secure access to run scripts on the fleet of instances with the least amount of administrative overhead. By using Session Manager, administrators can securely connect to Windows Server instances over the internet without requiring inbound open ports or VPN connections. Additionally, Session Manager tracks all user activity and logs all commands, providing increased visibility into changes made to instances. This solution avoids opening additional ports and does not require any additional IAM roles or endpoints. It also eliminates the need for lengthy multi-level reviews for port configuration changes.