nerdexam
ExamsSOA-C02Questions#582
AmazonAmazon

SOA-C02 · Question #582

SOA-C02 Question #582: Real Exam Question with Answer & Explanation

The correct answer is D: Detach the main boot volume from the instance. Attach the main boot volume to a working. Option D is correct because the standard recovery procedure for a locked-out EC2 instance is to detach the boot volume from the stopped instance and attach it to a separate, working EC2 instance as a secondary data volume. From that recovery instance, the administrator can mount

Submitted by skyler.x· Mar 30, 2026Reliability and Business Continuity

Question

A company has an Amazon EC2 instance that runs Windows Server 2019. An encrypted Amazon Elastic Block Store (Amazon EBS) volume is attached to the instance as the main boot volume. The company has lost the ability to use Remote Desktop Protocol (RDP) to connect to the instance. The company needs to back up the instance. Before the backup, a SysOps administrator must change local Windows Firewall settings to fix the RDP connectivity issue. The SysOps administrator stops the instance. What should the SysOps administrator do next to regain access to the instance?

Options

  • ADetach the main boot volume from the instance. Disable encryption on the main boot volume.
  • BDetach the main boot volume from the instance. Use Amazon Inspector to reconfigure the
  • CDisable encryption for the main boot volume. Use Amazon Inspector to reconfigure the Windows
  • DDetach the main boot volume from the instance. Attach the main boot volume to a working

Explanation

Option D is correct because the standard recovery procedure for a locked-out EC2 instance is to detach the boot volume from the stopped instance and attach it to a separate, working EC2 instance as a secondary data volume. From that recovery instance, the administrator can mount the volume, edit the Windows Registry (specifically the firewall-related keys), and modify the Windows Firewall configuration files directly - no RDP needed. The volume can then be reattached to the original instance. Importantly, EBS encryption does not block this process; the encrypted volume can be attached to another instance that shares access to the same KMS key.

Why the distractors are wrong:

  • A - You cannot simply "disable" encryption on an existing EBS volume in place; you'd need to create an unencrypted snapshot copy. More importantly, disabling encryption is completely unnecessary to fix a firewall issue.
  • B & C - Amazon Inspector is a vulnerability assessment and compliance scanning service. It has no capability to reconfigure Windows Firewall settings or modify OS-level configurations on a volume. These options misuse the service entirely.

Memory tip: Think of the detach-and-reattach method as "transplant surgery" - when a PC won't boot or allow login, you pull the hard drive, plug it into a healthy machine to fix the files, then put it back. The same logic applies to EBS volumes in AWS.

Topics

#EC2 Troubleshooting#EBS Volumes#Windows Server#RDP Connectivity

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SOA-C02 PracticeBrowse All SOA-C02 Questions