Amazon SCS-C03 Exam - Topic 5 Question 2 Discussion

Actual exam question for Amazon's SCS-C03 exam

Question #: 2
Topic #: 5

A company has a large fleet of Amazon Linux 2 Amazon EC2 instances that run an application processing sensitive dat

a. Compliance requirements include no exposed management ports, full session logging, and authentication through AWS IAM Identity Center. DevOps engineers occasionally need access for troubleshooting.

Which solution will provide remote access while meeting these requirements?

AGrant access to the EC2 serial console and allow IAM role access.

BEnable EC2 Instance Connect and configure security groups accordingly.

CAssign an EC2 instance role that allows access to AWS Systems Manager. Create an IAM policy that grants access to Systems Manager Session Manager and assign it to an IAM Identity Center role.

DUse Systems Manager Automation to temporarily open remote access ports.

Show Suggested Answer

Suggested Answer: C

AWS Systems Manager Session Manager provides secure, auditable shell access to EC2 instances without opening inbound ports. According to AWS Certified Security -- Specialty guidance, Session Manager records all session activity to CloudWatch Logs or Amazon S3 and integrates with IAM Identity Center for centralized authentication.

This solution meets all requirements: no exposed ports, full audit logging, and identity-based access control. EC2 Instance Connect and serial console access do not integrate with Identity Center and may expose management paths.

Referenced AWS Specialty Documents:

AWS Certified Security -- Specialty Official Study Guide

AWS Systems Manager Session Manager

AWS IAM Identity Center Integration

by Ernie at Jan 24, 2026, 02:55 PM

Limited Time Offer

25%

1 month ago

I think option C looks the most promising. Granting IAM role access through Systems Manager Session Manager seems like it would meet the compliance requirements.

upvoted 0 times

...