AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.

The question requires a solution that allows for managing EC2 instances in an environment without internet access, with role-based access control, and with the least maintenance overhead. Option A involves setting up an AWS Direct Connect connection, which provides a dedicated network connection from the on-premises environment to AWS. However, this option requires significant setup and maintenance, including configuring routing, security groups, and ACLs. Option C suggests establishing an AWS Site-to-Site VPN connection, which also requires configuring routing, security groups, and ACLs, similar to Option A, and thus does not offer the least maintenance overhead. Option D proposes deploying an appliance with a public IP address, which introduces security risks and additional maintenance for the appliance. Option B, deploying AWS Systems Manager Agent (SSM Agent) on each instance and using VPC endpoints for Systems Manager Session Manager, allows for secure and efficient management of EC2 instances without requiring internet access or complex network configurations. This approach leverages AWS's managed services to reduce maintenance overhead and supports role-based access control, making it the best choice among the options provided.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company must manage Amazon EC2 instances for both Linux and Windows hosts using command line interfaces in an environment without internet access. They need to implement role-based access control for instance management and operate within a standalone on-premises setup. Which solution meets these requirements with the minimal maintenance effort?

Exam-Like

Last updated: March 24, 2026 at 14:04

Set up an AWS Direct Connect connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Direct Connect connection.

0.0%

Deploy and configure AWS Systems Manager Agent (SSM Agent) on each instance. Deploy VPC endpoints for Systems Manager Session Manager. Connect to the instances by using Session Manager.

100.0%

Establish an AWS Site-to-Site VPN connection between the on-premises environment and the VPC where the instances are deployed. Configure routing, security groups, and ACLs. Connect to the instances by using the Site-to-Site VPN connection.

Deploy an appliance to the VPC where the instances are deployed. Assign a public IP address to the appliance. Configure security groups and ACLs. Connect to the instances by using the appliance as an intermediary.