New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon ANS-C01 Exam - Topic 3 Question 28 Discussion

Actual exam question for Amazon's ANS-C01 exam
Question #: 28
Topic #: 3
[All ANS-C01 Questions]

A company needs to manage Amazon EC2 instances through command line interfaces for Linux hosts and Windows hosts. The EC2 instances are deployed in an environment in which there is

no route to the internet. The company must implement role-based access control for management of the instances. The company has a standalone on-premises environment.

Which approach will meet these requirements with the LEAST maintenance overhead?

Show Suggested Answer Hide Answer
Suggested Answer: B

The correct approach is to use AWS Systems Manager Session Manager, which allows you to manage your EC2 instances through a secure and browser-based interface. By deploying and configuring SSM Agent on each instance, you can enable Session Manager to communicate with the instances. By deploying VPC endpoints for Session Manager, you can enable the instances to connect to the AWS service without requiring an internet gateway, NAT device, or VPN connection. You can also use IAM policies and SSM documents to implement role-based access control for managing the instances. This approach has the least maintenance overhead, as it does not require any additional infrastructure or configuration.


by Pamella at Jun 01, 2024, 08:51 PM

Limited Time Offer

25%

Off

Get Premium ANS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cristen
3 months ago
Wait, can you really manage without internet access? That's surprising!
upvoted 0 times
...
Sean
3 months ago
A Direct Connect sounds too complex for this scenario.
upvoted 0 times
...
Ressie
3 months ago
Not sure about B, what if the SSM Agent fails?
upvoted 0 times
...
Cyril
4 months ago
I agree, SSM makes it super easy to manage instances.
upvoted 0 times
...
Marjory
4 months ago
Option B is the best choice for low maintenance!
upvoted 0 times
...
Junita
4 months ago
Deploying an appliance sounds risky to me. I think option D could introduce more points of failure, especially since we want to keep maintenance low.
upvoted 0 times
...
Eveline
4 months ago
I practiced a similar question where we had to choose between VPN and Direct Connect. I feel like option C could work, but it might require more setup than necessary.
upvoted 0 times
...
Lonna
4 months ago
I'm not entirely sure, but I think Direct Connect might be overkill for this scenario. It sounds complicated for just managing instances without internet access.
upvoted 0 times
...
Dalene
5 months ago
I remember studying about AWS Systems Manager, and it seems like option B could be the best choice since it minimizes maintenance.
upvoted 0 times
...
Jodi
5 months ago
I'm a bit confused by the different connectivity options. I'll need to review the details of each one to understand the tradeoffs and determine the best approach for this scenario.
upvoted 0 times
...
Ilona
5 months ago
The Direct Connect or Site-to-Site VPN options seem like they could work, but they might require more ongoing maintenance and configuration. The Systems Manager approach sounds like the simplest solution.
upvoted 0 times
...
Matthew
5 months ago
Okay, let me think this through. I'm leaning towards the AWS Systems Manager option since it provides a secure way to connect without needing to manage a VPN or other external appliance.
upvoted 0 times
...
Brunilda
5 months ago
Hmm, not sure about this one. Seems like we need to establish some kind of secure connection to the EC2 instances, but I'm not sure which option would have the least maintenance overhead.
upvoted 0 times
...
Glory
5 months ago
This looks like a classic network connectivity question. I'll need to carefully consider the requirements around no internet access and role-based access control.
upvoted 0 times
...
Stacey
5 months ago
Okay, let me see. The question is asking about the multi-planar system design, so I'll need to focus on understanding the different planes and how they're connected.
upvoted 0 times
...
Lanie
5 months ago
I'm not too sure about option B being valid just because it says the Employee Name must be required. Isn't that more about validation than just field configuration?
upvoted 0 times
...
Gianna
5 months ago
I'm pretty sure the answer is A. The command "app-hosting" is used to enable application hosting on Cisco IOS XE devices.
upvoted 0 times
...
Javier
5 months ago
I remember something about Call Queuing from our practice exam. It could help users wait for available bandwidth, but I'm not sure if it's really the best answer here.
upvoted 0 times
...
Charlena
5 months ago
Hmm, I'm not sure about this one. I'll need to review the Cisco ACI deployment options again to be confident in my answer.
upvoted 0 times
...
Jeannetta
2 years ago
I don't know, I'm kind of leaning towards C. Site-to-Site VPN might be a bit more work, but it seems more secure than using an intermediary appliance.
upvoted 0 times
Jerry
2 years ago
B) Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.
upvoted 0 times
...
Bok
2 years ago
C) Establish an AWS Site-to-Site VPN connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Site-to-Site VPN connection.
upvoted 0 times
...
...
Nan
2 years ago
Haha, D is just asking for trouble. Exposing an appliance to the public internet? No thank you, I'll pass on that one.
upvoted 0 times
Micah
2 years ago
C) Establish an AWS Site-to-Site VPN connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Site-to-Site VPN connection.
upvoted 0 times
...
Oliva
2 years ago
B) Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.
upvoted 0 times
...
France
2 years ago
A) Set up an AWS Direct Connect connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Direct Connect connection.
upvoted 0 times
...
...
Iraida
2 years ago
Agreed, B is the best choice here. Maintaining the AWS Direct Connect or VPN connection would be a headache in an environment with no internet access.
upvoted 0 times
Nu
2 years ago
Agreed, B is the best choice here. Maintaining the AWS Direct Connect or VPN connection would be a headache in an environment with no internet access.
upvoted 0 times
...
Rana
2 years ago
C) Establish an AWS Site-to-Site VPN connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Site-to-Site VPN connection.
upvoted 0 times
...
Jerlene
2 years ago
B) Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.
upvoted 0 times
...
...
Jesus
2 years ago
Option B seems like the way to go. Systems Manager Agent and Session Manager make it easier to manage the instances without a direct internet connection.
upvoted 0 times
Matt
2 years ago
Option B is definitely the most efficient choice. Systems Manager Agent and Session Manager simplify management without needing internet access.
upvoted 0 times
...
Raina
2 years ago
Definitely, it's a convenient solution that requires less maintenance overhead compared to the other options.
upvoted 0 times
...
Alyce
2 years ago
I agree, using Systems Manager Agent and Session Manager seems like the most efficient option for managing the instances without internet access.
upvoted 0 times
...
Yvonne
2 years ago
B) Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.
upvoted 0 times
...
Kimberely
2 years ago
B) Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.
upvoted 0 times
...
Elizabeth
2 years ago
User2
upvoted 0 times
...
Lorean
2 years ago
User1
upvoted 0 times
...
...
Miesha
2 years ago
I agree with Chaya. Using Systems Manager Session Manager seems like the easiest solution.
upvoted 0 times
...
Chaya
2 years ago
I think option B is the best approach.
upvoted 0 times
...

Save Cancel