A company wants to deploy an application in a private VPC that will not be connected to the internet. The company's security team will not allow bastion hosts or methods using SSH to log in to Amazon EC2 instances. The application team plans to use AWS Systems Manager Session Manager to connect to and manage the EC2 instances. Which combination of steps should the security team take? (Choose three.)
A) Make sure the Systems Manager Agent is installed and running on all EC2 instances inside the VPC.
B) Ensure the IAM role attached to the EC2 instances in the VPC allows access to Systems Manager.
C) Create an SCP that prevents the creation of SSH key pairs.
D) Launch a NAT gateway in the VPC. Update the routing policies to forward traffic to this NAT gateway.
E) Ensure proper VPC endpoints are in place for Systems Manager and Amazon EC2.
F) Ensure the VPC has a transit gateway attachment. Update the routing policies to forward traffic to this transit gateway.
Correct Answer:
Verified
Q190: A security engineer has noticed that VPC
Q191: A company uses multiple AWS accounts managed
Q192: A company has a VPC with an
Q193: A recent security audit identified that a
Q194: A security engineer is designing an incident
Q196: A security engineer is responsible for providing
Q197: A company wants to encrypt data locally
Q198: A security engineer needs to ensure their
Q199: A company has a VPC with several
Q200: A company's security officer is concerned about
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents