A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC. A solutions architect needs to connect from the on-premises network, through the company's internet connection, to the bastion host, and to the application servers. The solutions architect must make sure that the security groups of all the EC2 instances will allow that access. Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
A) Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
B) Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company.
C) Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company.
D) Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host.
E) Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host.
Correct Answer:
Verified
Q363: A company plans to host a survey
Q364: A solutions architect must analyze and update
Q365: A company is using Amazon Route 53
Q366: A company has multiple applications that use
Q367: A development team is deploying a new
Q369: An engineering team is developing and deploying
Q370: A recently created startup built a three-tier
Q371: A company is using Amazon DynamoDB with
Q372: A company is planning to transfer multiple
Q373: A company provides an online service for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents