Q16 — AWS SOA-C02 Ch.1
Question 16 of 100 | ← Chapter 1
A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers. What should the SysOps administrator do to meet these requirements?
- A. Create an IAM role and instance profile that include AWS Systems Manager permissions. Attach the role to the on-premises servers.
- B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation. ✓
- C. Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-premises servers.
- D. Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Configure the access key in the AWS credentials file after the AWS CLI is successfully installed.
Correct Answer: B. Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation.
Explanation
AWS Systems Manager支持混合环境管理,无需在本地服务器存储长期凭证。根据AWS文档,使用Systems Manager的托管实例激活功能,生成激活码和ID。在本地服务器安装SSM Agent后,使用激活信息注册,即可通过临时凭证安全连接AWS服务。选项A错误,因本地服务器无法附加IAM角色;选项C下载IAM策略无效;选项D使用长期凭证违反要求。正确方法参照Systems Manager混合环境注册流程。