Q38 — AWS SOA-C02 Ch.1

Question 38 of 100 | ← Chapter 1

A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances. Which solution will meet these requirements?

Correct Answer: B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.

Explanation

AWS Systems Manager Patch Manager允许通过创建独立的补丁基准(patch baselines)来管理不同环境实例的补丁策略。每个补丁基准可定义特定的自动批准延迟时间,开发和生产实例分别使用标签分配到不同的补丁组(patch groups),每个组关联对应的基准。维护窗口负责定义统一的补丁应用时间,无需多个窗口。AWS文档指出补丁基准与补丁组的关联关系,不同组需独立基准以应用不同策略。选项B正确配置了两个补丁组和基准,满足不同延迟需求,而其他选项或缺少必要基准,或错误分割维护窗口。