Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C03 Exam - Topic 5 Question 2 Discussion

Actual exam question for Amazon's SCS-C03 exam
Question #: 2
Topic #: 5
[All SCS-C03 Questions]

A company has a large fleet of Amazon Linux 2 Amazon EC2 instances that run an application processing sensitive dat

a. Compliance requirements include no exposed management ports, full session logging, and authentication through AWS IAM Identity Center. DevOps engineers occasionally need access for troubleshooting.

Which solution will provide remote access while meeting these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

AWS Systems Manager Session Manager provides secure, auditable shell access to EC2 instances without opening inbound ports. According to AWS Certified Security -- Specialty guidance, Session Manager records all session activity to CloudWatch Logs or Amazon S3 and integrates with IAM Identity Center for centralized authentication.

This solution meets all requirements: no exposed ports, full audit logging, and identity-based access control. EC2 Instance Connect and serial console access do not integrate with Identity Center and may expose management paths.

Referenced AWS Specialty Documents:

AWS Certified Security -- Specialty Official Study Guide

AWS Systems Manager Session Manager

AWS IAM Identity Center Integration


by Ernie at Jan 24, 2026, 02:55 PM

Limited Time Offer

25%

Off

Get Premium SCS-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Sueann
3 days ago
Haha, the serial console? What is this, the 90s?
upvoted 0 times
...
Eun
8 days ago
B is a good option, but I'd prefer C for the full logging and IAM integration.
upvoted 0 times
...
Brent
14 days ago
D seems a bit risky. Temporarily opening ports? No thanks!
upvoted 0 times
...
Kimi
19 days ago
C is the way to go. Keeps things secure and auditable.
upvoted 0 times
...
Olive
24 days ago
I feel like using Systems Manager Automation to open ports temporarily could lead to security issues, so I would avoid option D.
upvoted 0 times
...
In
29 days ago
I practiced a similar question where we had to ensure secure access without exposing ports. I think option C aligns well with that scenario.
upvoted 0 times
...
Phyliss
2 months ago
I'm a bit unsure about the specifics of EC2 Instance Connect. I think it could work, but I’m not confident it meets all the compliance requirements.
upvoted 0 times
...
Kasandra
2 months ago
I remember we discussed the importance of not exposing management ports, so I think option C might be the best fit since it uses Systems Manager.
upvoted 0 times
...
Gianna
2 months ago
I'm a little unsure about the differences between the options. I'll make sure to carefully read through the details and think through the implications of each approach.
upvoted 0 times
...
Coleen
2 months ago
I'm feeling pretty confident about this one. Option C checks all the boxes - no exposed ports, full logging, and IAM-based authentication. Seems like the ideal solution for this scenario.
upvoted 0 times
...
Paz
2 months ago
Option C sounds like the best approach to me. Leveraging IAM Identity Center for authentication and using Systems Manager for remote access seems like a solid solution.
upvoted 0 times
...
Ena
3 months ago
Hmm, I'm a bit confused by the different options. I'll need to review the details of each one more carefully to understand the pros and cons.
upvoted 0 times
...
Loreta
3 months ago
I think option C looks the most promising. Granting IAM role access through Systems Manager Session Manager seems like it would meet the compliance requirements.
upvoted 0 times
...

Save Cancel