Q75 — AWS DOP-C02 Ch.3
Question 75 of 100 | ← Chapter 3
An Amazon EC2 Auto Scaling group manages EC2 instances launched from an AMI. The company has installed the Amazon Systems Manager Agent on the instances. Tags are applied to EC2 instances when they launch into the Auto Scaling group. EC2 instances launched by the Auto Scaling group must receive correct operating system configurations.
- A. Create an SSM Run Command document to configure the required instance settings. Set up SSM Compliance to invoke the Run Command document when an EC2 instance is noncompliant with the latest patches.
- B. Create an SSM State Manager association linked to an SSM Run Command document. Create an immediate-run tag-based query.
- C. Create an SSM Run Command task specifying the required instance configuration. Create a maintenance window that runs daily using SSM Maintenance Windows. Register the Run Command task on the maintenance window and specify targets.
- D. Create an SSM Patch Manager patch baseline and a patch group using the same tags as the Auto Scaling group. Register the patch group with the patch baseline. Define an SSM Run Command document to patch instances, and invoke it via SSM Run Command. ✓
Correct Answer: D. Create an SSM Patch Manager patch baseline and a patch group using the same tags as the Auto Scaling group. Register the patch group with the patch baseline. Define an SSM Run Command document to patch instances, and invoke it via SSM Run Command.
Explanation
AWS Systems Manager Patch Manager manages patch compliance for EC2 instances. A patch baseline defines approved patches, and a patch group dynamically associates instances—via resource tags—with that baseline. Option D leverages tag-based patch group registration aligned with the Auto Scaling group, ensuring newly launched instances automatically inherit the patch policy. Invoking the Run Command document upon instance launch ensures timely, consistent OS configuration. Other options rely on scheduled or reactive mechanisms rather than immediate, automated, tag-driven configuration at launch time—contrary to AWS best practices for Auto Scaling integration.