A customer is running a multi-tier web application farm in a virtual private cloud (VPC) that is not connected to
their corporate network. They are connecting to the VPC over the Internet to manage all of their Amazon EC2
instances running in both the public and private subnets. They have only authorized the bastion-security-group
with Microsoft Remote Desktop Protocol (RDP) access to the application instance security groups, but the
company wants to further limit administrative access to all of the instances in the VPC. Which of the following
Bastion deployment scenarios will meet this requirement?
A.
Deploy a Windows Bastion host on the corporate network that has RDP access to all instances in the VPC.
B.
Deploy a Windows Bastion host with an Elastic IP address in the public subnet and allow SSH access to the
bastion from anywhere.
C.
Deploy a Windows Bastion host with an Elastic IP address in the private subnet, and restrict RDP access to
the bastion from only the corporate public IP addresses.
D.
Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP
access to the bastion from only the corporate public IP addresses.
Can anyone confirm the answer? Thank you!
D can be the only answer – basic MS Bastion host config
Correct answer is D
answer is d
Answer is D
I’m planning to write the exam next week, is anyone willing for a group study ? please reach me at [email protected]
Hello Manu,
I saw your comment about preparing for the AWS Solution Architect Associate Exam. Have you done the exam? And how did you study for the exam. I have finished the course on aCloudGuru and Linux Academy, but am still not confident enough to do the exam.
Kindly help with any other materials or suggestions, if you have done the exam.
Thank you in advance for your help.
[email protected]
D
I think the answer is C.
The different between C and D is whether to use EIP or auto-assigned IP. I think EIP is better for failover.
C can’t be right because its in the private subnet. Either B or D allows Bastion host access in the Public Subnet. D is more accurate since it allows RDP access to the Bastion host only from Corporate IP addresses.
Sorry, C let basion host into private subnet. D is the answer.
D
D
poorly written question but you get the gist.
I agree with D since it is least wrong. For D to be correct we would need Elastic IP assigned to have static public IP. With auto assign public IP will change each time instance is rebooted. So DNS name will be the only way how to connect to bastion host…
D
D.
Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP
access to the bastion from only the corporate public IP addresses.
D – Deploy a Windows Bastion host with an auto-assigned Public IP address in the public subnet, and allow RDP
access to the bastion from only the corporate public IP addresses.
Cached Volumes – You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.
https://amazonaws-china.com/cn/blogs/security/how-to-record-ssh-sessions-established-through-a-bastion-host/
D