Which of the following Bastion deployment scenarios wil…

A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to
their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2
instances running in both the public and private subnets. They have only authorized the bastion-security-group
with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the
company wants to further limit administrative access to all of the instances in the VPC. Which of the following
Bastion deployment scenarios will meet this requirement?

A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to
their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2
instances running in both the public and private subnets. They have only authorized the bastion-security-group
with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the
company wants to further limit administrative access to all of the instances in the VPC. Which of the following
Bastion deployment scenarios will meet this requirement?

A.
Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VPC,

B.
Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the
bastion from anywhere.

C.
Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to
the bastion from only the corporate public IP addresses.

D.
Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow
RDP access to the bastion from only the corporate public IP addresses.



Leave a Reply 7

Your email address will not be published. Required fields are marked *


McEphin

McEphin

Agree, D

Rest don’t make sense, I hope this question and ones like it are on the test…

Ab_li

Ab_li

can you plz explain in detail regarding why not the other options?

Steve

Steve

Because the other ones are wrong. ;-p

Sid

Sid

ha ha 😛

NhutLM1

NhutLM1

A. Bastion host must be deploy in VPC subnet—>Wrong
B. Follow the question the bastion host must used RDP connection, can not use SSH connection –>Wrong
C. Assign EIP but the instance in private subnet —>Wrong
D. Correct because, but best practice please add EIP to remember easily

Daddy

Daddy

you are genius. Best practice, always assign EIP to the Bastion host.