AWS Certified Security – Specialty (SCS-C03) — Question 20

A company has installed a third-party application that is distributed on several Amazon EC2 instances and on-premises servers. Occasionally, the company's IT team needs to use SSH to connect to each machine to perform software maintenance tasks. Outside these time slots, the machines must be completely isolated from the rest of the network. The company does not want to maintain any SSH keys. Additionally, the company wants to pay only for machine hours when there is an SSH connection.
Which solution will meet these requirements?

Answer options

• A. Create a bastion host with port forwarding to connect to the machines.
• B. Set up AWS Systems Manager Session Manager to allow temporary connections.
• C. Use AWS CloudShell to create serverless connections.
• D. Set up an interface VPC endpoint for each machine for private connection.

Correct answer: B

Explanation

The correct answer is B because AWS Systems Manager Session Manager allows for secure and temporary connections to instances without the need for SSH keys or maintaining a bastion host. Options A and D involve methods that do not isolate the machines completely or require management of additional infrastructure, while option C does not provide the necessary connection capabilities for isolated instances.