Q75 — AWS DOP-C02 Ch.3

Question 75 of 100 | ← Chapter 3

An Amazon EC2 Auto Scaling group manages EC2 instances launched from an AMI. The company has installed the Amazon Systems Manager Agent on the instances. Tags are applied to EC2 instances when they launch into the Auto Scaling group. EC2 instances launched by the Auto Scaling group must receive correct operating system configurations.

Correct Answer: D. Create an SSM Patch Manager patch baseline and a patch group using the same tags as the Auto Scaling group. Register the patch group with the patch baseline. Define an SSM Run Command document to patch instances, and invoke it via SSM Run Command.

Explanation

AWS Systems Manager Patch Manager manages patch compliance for EC2 instances. A patch baseline defines approved patches, and a patch group dynamically associates instances—via resource tags—with that baseline. Option D leverages tag-based patch group registration aligned with the Auto Scaling group, ensuring newly launched instances automatically inherit the patch policy. Invoking the Run Command document upon instance launch ensures timely, consistent OS configuration. Other options rely on scheduled or reactive mechanisms rather than immediate, automated, tag-driven configuration at launch time—contrary to AWS best practices for Auto Scaling integration.