Q28 — AWS DOP-C02 Ch.1

Question 28 of 100 | ← Chapter 1

A company operating electronic medical records runs a fleet of Amazon EC2 instances using Amazon Linux operating systems. Due to patient privacy requirements, the company must ensure ongoing compliance for OS and application patching on the EC2 instances.

Correct Answer: A. Use AWS Systems Manager to create a new patch baseline that includes a custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to validate and install patches.

Explanation

Option A is correct because AWS Systems Manager Patch Manager supports custom repositories via patch baselines and uses the AWS-RunPatchBaseline document to automate validation and installation of OS and application patches. This provides auditability, scheduling, and compliance reporting—critical for regulated workloads. Option D incorrectly uses AWS-AmazonLinuxDefaultPatchBaseline, which only references default Amazon Linux repositories—not custom ones. Option B misuses Direct Connect (a networking service) for patching and lacks automation governance. Option C performs manual repository configuration without orchestration, monitoring, or compliance tracking.