Q28 — AWS DOP-C02 Ch.1
Question 28 of 100 | ← Chapter 1
A company operating electronic medical records runs a fleet of Amazon EC2 instances using Amazon Linux operating systems. Due to patient privacy requirements, the company must ensure ongoing compliance for OS and application patching on the EC2 instances.
- A. Use AWS Systems Manager to create a new patch baseline that includes a custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to validate and install patches. ✓
- B. Use AWS Direct Connect to integrate the company’s repository and deploy patches using Amazon CloudWatch scheduled events, then create reports using CloudWatch dashboards.
- C. Use yum-config-manager to add a custom repository under /etc/yum.repos.d and run yum-config-manager --enable to activate the repository.
- D. Use AWS Systems Manager to create a new patch baseline that includes the company’s repository. Use Run Command to execute the AWS-AmazonLinuxDefaultPatchBaseline document to validate and install patches.
Correct Answer: A. Use AWS Systems Manager to create a new patch baseline that includes a custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to validate and install patches.
Explanation
Option A is correct because AWS Systems Manager Patch Manager supports custom repositories via patch baselines and uses the AWS-RunPatchBaseline document to automate validation and installation of OS and application patches. This provides auditability, scheduling, and compliance reporting—critical for regulated workloads. Option D incorrectly uses AWS-AmazonLinuxDefaultPatchBaseline, which only references default Amazon Linux repositories—not custom ones. Option B misuses Direct Connect (a networking service) for patching and lacks automation governance. Option C performs manual repository configuration without orchestration, monitoring, or compliance tracking.