Q38 — AWS SOA-C02 Ch.1
Question 38 of 100 | ← Chapter 1
A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances. Which solution will meet these requirements?
- A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
- B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window. ✓
- C. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Create two separate maintenance windows, each with an auto-approval delay.
- D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline. Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.
Correct Answer: B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
Explanation
AWS Systems Manager Patch Manager允许通过创建独立的补丁基准(patch baselines)来管理不同环境实例的补丁策略。每个补丁基准可定义特定的自动批准延迟时间,开发和生产实例分别使用标签分配到不同的补丁组(patch groups),每个组关联对应的基准。维护窗口负责定义统一的补丁应用时间,无需多个窗口。AWS文档指出补丁基准与补丁组的关联关系,不同组需独立基准以应用不同策略。选项B正确配置了两个补丁组和基准,满足不同延迟需求,而其他选项或缺少必要基准,或错误分割维护窗口。