SCS-C03 · Question #120
SCS-C03 Question #120: Real Exam Question with Answer & Explanation
The correct answer is D: Configure IAM permissions for the SSM Agent to run the script as a predefined Systems Manager. AWS Systems Manager Run Command enables security engineers to remotely and securely execute scripts on EC2 instances without requiring SSH or inbound network access. According to AWS Certified Security - Specialty incident response guidance, Run Command is a foundational tool for
Question
A security engineer needs to prepare a company's Amazon EC2 instances for quarantine during a security incident. The AWS Systems Manager Agent (SSM Agent) has been deployed to all EC2 instances. The security engineer has developed a script to install and update forensics tools on the EC2 instances. Which solution will quarantine EC2 instances during a security incident?
Options
- ACreate a rule in AWS Config to track SSM Agent versions.
- BConfigure Systems Manager Session Manager to deny all connection requests from external IP
- CStore the script in Amazon S3 and grant read access to the instance profile.
- DConfigure IAM permissions for the SSM Agent to run the script as a predefined Systems Manager
Explanation
AWS Systems Manager Run Command enables security engineers to remotely and securely execute scripts on EC2 instances without requiring SSH or inbound network access. According to AWS Certified Security - Specialty incident response guidance, Run Command is a foundational tool for instance quarantine and forensic preparation. By configuring IAM permissions that allow the SSM Agent to execute a predefined Run Command document, the security engineer can rapidly deploy forensic tools, disable services, or modify system configurations across affected EC2 instances during an incident. This approach aligns with AWS best practices for containment and evidence preservation, while maintaining auditability through Systems Manager logs.
Community Discussion
No community discussion yet for this question.