Amazon SOA-C03 Exam - Topic 1 Question 13 Discussion

Actual exam question for Amazon's SOA-C03 exam

Question #: 13
Topic #: 1

A CloudOps engineer launches an Amazon EC2 Linux instance in a public subnet. When the instance is running, the CloudOps engineer obtains the public IP address and attempts to remotely connect to the instance multiple times. However, the CloudOps engineer always receives a timeout error.

Which action will allow the CloudOps engineer to remotely connect to the instance?

AAdd a route table entry in the public subnet for the CloudOps engineer's IP address.

BAdd an outbound network ACL rule to allow TCP port 22 for the CloudOps engineer's IP address.

CModify the instance security group to allow inbound SSH traffic from the CloudOps engineer's IP address.

DModify the instance security group to allow outbound SSH traffic to the CloudOps engineer's IP address.

Show Suggested Answer

Suggested Answer: C

SSH access to a Linux EC2 instance requires inbound TCP port 22 to be allowed by the instance's security group from the administrator's source IP address. A timeout usually indicates that network traffic is being blocked before the SSH service can respond. Since the instance is in a public subnet and has a public IP address, the most likely missing control is an inbound security group rule. Security groups are stateful, so return traffic is automatically allowed after inbound SSH is permitted. Adding a route for the engineer's IP address is not needed because public subnets use a default route to the internet gateway. An outbound-only NACL or security group rule does not allow inbound SSH initiation. Therefore, the correct remediation is to allow inbound SSH from the engineer's public IP.

by Filiberto at May 02, 2026, 05:50 PM

Limited Time Offer

25%

Off

Get Premium SOA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!