Q93 — AWS DOP-C02 Ch.3
Question 93 of 100 | ← Chapter 3
A company managing electronic medical records runs an Amazon EC2 instance using Amazon Linux OS. As part of patient privacy requirements, the company must ensure operating system and application patches on the EC2 instance remain compliant.
- A. Use AWS Systems Manager to create a new patch baseline that includes a custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to verify and install patches. ✓
- B. Integrate the enterprise repository using AWS Direct Connect and deploy patches using Amazon CloudWatch scheduled events, then create reports using a CloudWatch dashboard.
- C. Use yum-config-manager to add a custom repository under /etc/yum.repos.d and run yum-config-manager --enable to activate the repository.
- D. Use AWS Systems Manager to create a new patch baseline that includes the company’s repository. Use Run Command to execute the AWS-AmazonLinuxDefaultPatchBaseline document to verify and install patches.
Correct Answer: A. Use AWS Systems Manager to create a new patch baseline that includes a custom repository. Use Run Command to execute the AWS-RunPatchBaseline document to verify and install patches.
Explanation
AWS Systems Manager Patch Manager supports custom repositories via custom patch baselines, enabling flexible patch source management per AWS documentation. Option A correctly uses the AWS-RunPatchBaseline document, which is purpose-built for applying custom baselines—including those referencing custom repositories—ensuring automation and compliance. Option D uses the default baseline, which excludes custom repositories. Option B misuses CloudWatch for patch orchestration instead of dedicated patch services. Option C describes manual configuration, violating the automation requirement. Therefore, A is correct.