A security review has flagged this architecture as vulnerable, and a Security Engineer has been asked to make this design more s
ecure. The company has a short deadline and a second VPN connection to the Aurora account is not possible.
How can a Security Engineer securely set up the bastion host?
A. Move the bastion host to the VPC and VPN connectivity. Create a VPC peering relationship between the bastion host VPC and Aurora VPC.
B. Create a SSH port forwarding tunnel on the Developer's workstation to the bastion host to ensure that only authorized SSH clients can access the bastion host.
C. Move the bastion host to the VPC with VPN connectivity. Create a cross-account trust relationship between the bastion VPC and Aurora VPC, and update the Aurora security group for the relationship.
D. Create an AWS Direct Connect connection between the corporate network and the Aurora account, and adjust the Aurora security group for this connection.
How can a Security Engineer securely set up the bastion host?
A. Move the bastion host to the VPC and VPN connectivity. Create a VPC peering relationship between the bastion host VPC and Aurora VPC.
B. Create a SSH port forwarding tunnel on the Developer's workstation to the bastion host to ensure that only authorized SSH clients can access the bastion host.
C. Move the bastion host to the VPC with VPN connectivity. Create a cross-account trust relationship between the bastion VPC and Aurora VPC, and update the Aurora security group for the relationship.
D. Create an AWS Direct Connect connection between the corporate network and the Aurora account, and adjust the Aurora security group for this connection.
1 answer:
Answer:
Complete Question:
A company has two AWS accounts, each containing one VPC. The first VPC has a VPN connection with its corporate network. The second VPC, without a VPN, hosts an Amazon Aurora database cluster in private subnets. Developers manage the Aurora database from a bastion host in a public subnet as shown in the image.
A security review has flagged this architecture as vulnerable, and a Security Engineer has been asked to make this design more secure. The company has a short deadline and a second VPN connection to the Aurora account is not possible.
How can a Security Engineer securely set up the bastion host?
A. Move the bastion host to the VPC and VPN connectivity. Create a VPC peering relationship between the bastion host VPC and Aurora VPC.
B. Create a SSH port forwarding tunnel on the Developer's workstation to the bastion host to ensure that only authorized SSH clients can access the bastion host.
C. Move the bastion host to the VPC with VPN connectivity. Create a cross-account trust relationship between the bastion VPC and Aurora VPC, and update the Aurora security group for the relationship.
D. Create an AWS Direct Connect connection between the corporate network and the Aurora account, and adjust the Aurora security group for this connection.
Answer:
B. Create an SSH port forwarding tunnel on the Developer's workstation to the bastion host to ensure that only authorized SSH clients can access the bastion host.
Explanation:
To gain a better understanding of why the option selected in the answer to the question let first explain some terms.
AWS:
According to techtarget,
AWS (Amazon Web Services) is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of (1) infrastructure as a service (IaaS),(2) platform as a service (PaaS) and (3)packaged software as a service (SaaS) offerings.
An AWS account is a container for your AWS resources
A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attacks, a bastion host must minimize the chances of penetration to the private network.
SSH port forwarding, or TCP/IP connection tunneling, is a process whereby a TCP/IP connection that would otherwise be insecure is tunneled through a secure SSH(Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network.) link, thus protecting the tunneled connection from network attacks.
So the Bastion protects the private network while the SSH prevent unauthorized access to the bastion
You might be interested in
Answer:
The balloon hit the ground with velocity -15.34 m/s
Explanation:
<em>Lets explain how to solve the problem</em>
You found that the best height to pitch a water balloon in order for it to
burst when it hits the ground is 12 meters.
We consider that the 12 meters is the maximum height, so the velocity
at this height is zero.
To find the velocity when the balloon hits the ground lets use the rule
<em>v² = u² + 2gh</em>, where v is the final velocity, u is the initial velocity, g is
the acceleration of gravity and h is the height.
u = 0 , h = 12 m , g = 9.8 m/s²
<em>Substitute these values in the equation above</em>
v² = 0 + 2(9.8)(12)
v² = 235.2
<em>Take square root for both sides</em>
v = ±
The velocity is downward, then it's a negative value
Then v = -15.34 m/s
<em>The balloon hit the ground with velocity -15.34 m/s</em>