Q62 — AWS DOP-C02 Ch.2
Question 62 of 100 | ← Chapter 2
A company managing electronic patient health records runs a fleet of Amazon EC2 instances using Amazon Linux operating systems. The company requires ensuring that EC2 instances run operating system patches and application patches compliant with current privacy regulations. The company uses a custom repository to store application patches.
- A. Use AWS Systems Manager to create a new custom patch baseline that includes both the default OS repository and the custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to verify and install patches. Configure the new custom patch baseline using the BaselineOverride API. ✓
- B. Use AWS Direct Connect to integrate the custom repository with EC2 instances. Deploy patches using Amazon EventBridge events.
- C. Use the yum-config-manager command to add the custom repository to the /etc/yum.repos.d configuration. Run the yum-config-manager --enable command to activate the new repository.
- D. Use AWS Systems Manager to create one patch baseline for the default OS repository and a second patch baseline for the custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to verify and install patches. Configure both the default and custom patch baselines using the BaselineOverride API.
Correct Answer: A. Use AWS Systems Manager to create a new custom patch baseline that includes both the default OS repository and the custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to verify and install patches. Configure the new custom patch baseline using the BaselineOverride API.
Explanation
AWS Systems Manager Patch Manager supports defining multiple patch sources—including default OS repositories and third-party repositories—within a single custom patch baseline. Option A unifies both repositories under one baseline and leverages the built-in AWS-RunPatchBaseline document, requiring no custom scripting or additional infrastructure. Option C mandates manual per-instance YUM repo configuration, violating automation requirements. Option D introduces unnecessary complexity by maintaining two separate baselines, contrary to best practices. Option B misapplies AWS Direct Connect, which is unrelated to patch repository integration.