Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C03 Exam - Topic 5 Question 2 Discussion

A company has a large fleet of Amazon Linux 2 Amazon EC2 instances that run an application processing sensitive data. Compliance requirements include no exposed management ports, full session logging, and authentication through AWS IAM Identity Center. DevOps engineers occasionally need access for troubleshooting.Which solution will provide remote access while meeting these requirements?
C) Assign an EC2 instance role that allows access to AWS Systems Manager. Create an IAM policy that grants access to Systems Manager Session Manager and assign it to an IAM Identity Center role.
A) Grant access to the EC2 serial console and allow IAM role access.
B) Enable EC2 Instance Connect and configure security groups accordingly.
D) Use Systems Manager Automation to temporarily open remote access ports.

Amazon SCS-C03 Exam - Topic 5 Question 2 Discussion

Actual exam question for Amazon's SCS-C03 exam
Question #: 2
Topic #: 5
[All SCS-C03 Questions]

A company has a large fleet of Amazon Linux 2 Amazon EC2 instances that run an application processing sensitive dat

a. Compliance requirements include no exposed management ports, full session logging, and authentication through AWS IAM Identity Center. DevOps engineers occasionally need access for troubleshooting.

Which solution will provide remote access while meeting these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

AWS Systems Manager Session Manager provides secure, auditable shell access to EC2 instances without opening inbound ports. According to AWS Certified Security -- Specialty guidance, Session Manager records all session activity to CloudWatch Logs or Amazon S3 and integrates with IAM Identity Center for centralized authentication.

This solution meets all requirements: no exposed ports, full audit logging, and identity-based access control. EC2 Instance Connect and serial console access do not integrate with Identity Center and may expose management paths.

Referenced AWS Specialty Documents:

AWS Certified Security -- Specialty Official Study Guide

AWS Systems Manager Session Manager

AWS IAM Identity Center Integration


by Ernie at Jan 24, 2026, 02:55 PM

Limited Time Offer

25%

Off

Get Premium SCS-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Zack
1 month ago
I’m not sure about D; opening ports even temporarily feels sketchy.
upvoted 0 times
...
Xenia
1 month ago
Option A seems risky with the serial console access.
upvoted 0 times
...
Francesco
1 month ago
Wait, can we really use Session Manager without exposing ports?
upvoted 0 times
...
Doretha
2 months ago
Agreed, Systems Manager is super secure!
upvoted 0 times
...
Hortencia
2 months ago
I think option C is the best choice here.
upvoted 0 times
...
Kris
2 months ago
C is the clear winner here. Gotta love that IAM integration.
upvoted 0 times
...
Sueann
2 months ago
Haha, the serial console? What is this, the 90s?
upvoted 0 times
...
Eun
2 months ago
B is a good option, but I'd prefer C for the full logging and IAM integration.
upvoted 0 times
...
Brent
3 months ago
D seems a bit risky. Temporarily opening ports? No thanks!
upvoted 0 times
...
Kimi
3 months ago
C is the way to go. Keeps things secure and auditable.
upvoted 0 times
...
Olive
3 months ago
I feel like using Systems Manager Automation to open ports temporarily could lead to security issues, so I would avoid option D.
upvoted 0 times
...
In
3 months ago
I practiced a similar question where we had to ensure secure access without exposing ports. I think option C aligns well with that scenario.
upvoted 0 times
...
Phyliss
4 months ago
I'm a bit unsure about the specifics of EC2 Instance Connect. I think it could work, but I’m not confident it meets all the compliance requirements.
upvoted 0 times
...
Kasandra
4 months ago
I remember we discussed the importance of not exposing management ports, so I think option C might be the best fit since it uses Systems Manager.
upvoted 0 times
...
Gianna
4 months ago
I'm a little unsure about the differences between the options. I'll make sure to carefully read through the details and think through the implications of each approach.
upvoted 0 times
...
Coleen
4 months ago
I'm feeling pretty confident about this one. Option C checks all the boxes - no exposed ports, full logging, and IAM-based authentication. Seems like the ideal solution for this scenario.
upvoted 0 times
...
Paz
4 months ago
Option C sounds like the best approach to me. Leveraging IAM Identity Center for authentication and using Systems Manager for remote access seems like a solid solution.
upvoted 0 times
...
Ena
5 months ago
Hmm, I'm a bit confused by the different options. I'll need to review the details of each one more carefully to understand the pros and cons.
upvoted 0 times
...
Loreta
5 months ago
I think option C looks the most promising. Granting IAM role access through Systems Manager Session Manager seems like it would meet the compliance requirements.
upvoted 0 times
...

Save Cancel