SCS-C03 Question #63: Real Exam Question with Answer & Explanation

Question

A security engineer needs to prepare Amazon EC2 instances for quarantine during a security incident. AWS Systems Manager Agent (SSM Agent) is installed, and a script exists to install and update forensic tools. Which solution will quarantine EC2 instances during a security incident?

Options

• ATrack SSM Agent versions with AWS Config.
• BConfigure Session Manager to deny external connections.
• CStore the script in Amazon S3 and grant read access.
• DConfigure IAM permissions for the SSM Agent to run the script as a Systems Manager Run

Explanation

AWS Systems Manager Run Command enables secure, remote execution of commands on EC2 instances without requiring network access or inbound ports. According to the AWS Certified Security - Specialty Study Guide, Run Command is a recommended mechanism for incident response actions such as installing forensic tools, collecting evidence, or applying quarantine By granting the SSM Agent permission to execute a predefined Run Command document, the security engineer can immediately run the quarantine script across affected instances. This approach supports automation, scalability, and auditability, all of which are critical during security Options A, B, and C do not directly enforce quarantine or execute response actions. Tracking versions and storing scripts alone do not trigger incident response. AWS documentation highlights Systems Manager Run Command as a core capability for automated containment and investigation.

No community discussion yet for this question.