Q44 — AWS SAA-C03 Ch.4
Question 44 of 105 | ← Chapter 4
Q239. A company has a production workload that runs on 1,000Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.What should a solutions architect do to meet these requirements?
- A. Create an AWS Lambda function to apply the patch to all EC2 instances.
- B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances. ✓
- C. Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.
- D. Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.
Correct Answer: B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.
Explanation
B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances would be the best solution to meet these requirements. AWS Systems Manager Patch Manager provides a centralized solution for automating the process of patching managed instances with both security-related and other types of updates. It can be used to automate patch deployment across multiple instances, including Amazon EC2 and on-premises instances. Option A would require creating an AWS Lambda function to apply the patch to all EC2 instances, which may not be efficient or effective for patching a large number of instances. Option C involves scheduling maintenance windows, which may be useful for planned maintenance activities but may not be ideal for urgent security patches. Option D entails using AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances, which may be feasible for smaller numbers of instances but may not be efficient for managing 1,000 instances.B.