AmazonAmazon
SCS-C02 · Question #166
SCS-C02 Question #166: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #166. The question stem and answer options stay visible for context.
Submitted by minji_kr· Mar 6, 2026Data Protection
Question
A company uses user data scripts that contain sensitive information to bootstrap Amazon EC2 instances. A security engineer discovers that this sensitive information is viewable by people who should not have access to it. What is the MOST secure way to protect the sensitive information used to bootstrap the instances?
Options
- AStore the scripts in the AMI and encrypt the sensitive data using AWS KMS. Use the instance role
- BStore the sensitive data in AWS Systems Manager Parameter Store using the encrypted string
- CExternalize the bootstrap scripts in Amazon S3 and encrypt them using AWS KMS. Remove the
- DBlock user access of the EC2 instance's metadata service using IAM policies. Remove all scripts
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Secrets Management#EC2 Bootstrapping#Systems Manager Parameter Store#Data Encryption