🔥 3-day streak
AWS Certified Security - Specialty161 / 184
Question 161 of 184

A company runs a fleet of Linux EC2 instances in private subnets with no route to the internet and no public IP addresses. Security policy prohibits any inbound SSH access and forbids deploying bastion hosts. Administrators still need interactive shell access for troubleshooting, and all sessions must be logged for audit. Which approach meets these requirements with the least additional attack surface?

Reviewed for accuracy · Report an issueNext question