Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SOA-C03 Exam - Topic 1 Question 13 Discussion

A CloudOps engineer launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the CloudOps engineer obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the CloudOps engineer always receives a timeout error.Which action will allow the CloudOps engineer to remotely connect to the instance?
C) Modify the instance security group to allow inbound SSH traffic from the CloudOps engineer's IP address.
A) Add a route table entry in the public subnet for the CloudOps engineer's IP address.
B) Add an outbound network ACL rule to allow TCP port 22 for the CloudOps engineer's IP address.
D) Modify the instance security group to allow outbound SSH traffic to the CloudOps engineer's IP address.

Amazon SOA-C03 Exam - Topic 1 Question 13 Discussion

Actual exam question for Amazon's SOA-C03 exam
Question #: 13
Topic #: 1
[All SOA-C03 Questions]

A CloudOps engineer launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the CloudOps engineer obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the CloudOps engineer always receives a timeout error.

Which action will allow the CloudOps engineer to remotely connect to the instance?

Show Suggested Answer Hide Answer
Suggested Answer: C

SSH access to a Linux EC2 instance requires inbound TCP port 22 to be allowed by the instance's security group from the administrator's source IP address. A timeout usually indicates that network traffic is being blocked before the SSH service can respond. Since the instance is in a public subnet and has a public IP address, the most likely missing control is an inbound security group rule. Security groups are stateful, so return traffic is automatically allowed after inbound SSH is permitted. Adding a route for the engineer's IP address is not needed because public subnets use a default route to the internet gateway. An outbound-only NACL or security group rule does not allow inbound SSH initiation. Therefore, the correct remediation is to allow inbound SSH from the engineer's public IP.


by Filiberto at May 02, 2026, 05:50 PM

Limited Time Offer

25%

Off

Get Premium SOA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cathrine
1 month ago
I practiced a similar question where modifying security groups was the key. I think option C is definitely the right choice.
upvoted 0 times
...
Myong
1 month ago
I'm not entirely sure, but I feel like the network ACLs could be involved here too. Maybe option B?
upvoted 0 times
...
Lauryn
1 month ago
I remember something about security groups being crucial for inbound traffic. I think option C makes the most sense.
upvoted 0 times
...

Save Cancel