本题库由云计算狂魔微信公众号分享。
【SAA-C03助理级解决方案架构师认证】
A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux- based bastion host on an Amazon EC2 instance in a public subnet of an VPC. A solution architect needs to connect from the on- premises network, through the company's internet connection, to the bastion host, and to the application servers. The solution architect must make sure that the security groups of all the EC2 instances will allow that access. Which combination of steps should the solutions architect take to meet these requirements?(select TWO)
A : Replace the current security group of the bastion host with one that only allows inbound access from the application instances.
B : Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company.
C : Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company
D : Replace the current security group of the
application instances with one that allows inbound SSH access from only the private lP address of the bastion host.
正确答案 CD
题目解析:
According to D our connection from the company to the application cant be directly. You must first connect to the bastion, & then connect to the application server. The bastion server is on the same VPC that already routing there is no logic to connect via external IP while you are in the local VPC