A company is attempting to conduct forensic analysis on an Amazon EC2 instance, but the company is unable to connect to the instance by using AWS Systems Manager Session Manager. The company has installed AWS Systems Manager Agent (SSM Agent) on the EC2 instance. The EC2 instance is in a subnet in a VPC that does not have an internet gateway attached. The company has associated a security group with the EC2 instance. The security group does not have inbound or outbound rules. The subnet’s network ACL allows all inbound and outbound traffic. Which combination of actions will allow the company to conduct forensic analysis on the EC2 instance without compromising forensic data? (Choose three.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Update the EC2 instance security group to add a rule that allows outbound traffic on port 443 for 0.0.0.0/0.
B. Update the EC2 instance security group to add a rule that allows inbound traffic on port 443 to the VPC’s CIDR range.
C. Create an EC2 key pair. Associate the key pair with the EC2 instance.
D. Create a VPC interface endpoint for Systems Manager in the VPC where the EC2 instance is located.
E. Attach a security group to the VPC interface endpoint. Allow inbound traffic on port 443 to the VPC’s CIDR range.
F. Create a VPC interface endpoint for the EC2 instance in the VPC where the EC2 instance is located.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion