In stead of creating an AMI and then creating a new EC2 instance to add a new public key to the authorized_keys if you have lost the private key of the original EC2 instance, wouldn’t it be much easier to use Systems Manager Session Manager and just copy past the new public key into the autorized_keys files. No need to spin up a new EC2 instance and your access is restored again
Great suggestion! It’s also worth noting that the exam can sometimes be quite a bit out of date in the latest recommendations, so unfortunately they do sometimes ask you about practices which have at some point become refined or superseded by new functionality. Ultimately either way will work, though to my knowledge the exam will not ask you about how to do this using Systems Manager.