Skip to Content

CLF-C02: Which solution automate security updates for OS and app with the LEAST operational effort

Question

A company has an environment that includes Amazon EC2 instances, Amazon Lightsail, and on-premises servers. The company wants to automate the security updates for its operating systems and applications. Which solution will meet these requirements with the LEAST operational effort?

A. Use AWS Shield to identify and manage security events.
B. Connect to each server by using a remote desktop connection. Run an update script.
C. Use the AWS Systems Manager Patch Manager capability.
D. Schedule Amazon GuardDuty to run on a nightly basis.

Answer

C. Use the AWS Systems Manager Patch Manager capability.

Explanation

The option that will meet the company’s requirements with the least operational effort is C. Use the AWS Systems Manager Patch Manager capability.

AWS Systems Manager Patch Manager is a service that helps automate the process of patching Amazon EC2 instances and on-premises servers. It allows you to automate the management of operating system and software updates across your environment, including EC2 instances, Amazon Lightsail, and on-premises servers.

By using AWS Systems Manager Patch Manager, you can define patch baselines that specify the approved patches for your environment. You can then schedule automatic patching at a convenient time, such as during maintenance windows or off-peak hours. Patch Manager will ensure that the specified patches are applied to the instances and servers in your environment.

This option requires the least operational effort because Patch Manager automates the patching process and eliminates the need for manual intervention on each server. Once the patch baselines are set up and the automatic patching schedule is configured, the process runs automatically, reducing the administrative burden.

Let’s compare this option with the other options to understand why it is the most suitable for the company’s requirements:

A. Using AWS Shield to identify and manage security events is applicable for protecting against distributed denial of service (DDoS) attacks. While it is essential for security, it does not address the automation of security updates for operating systems and applications. Therefore, it is not the most appropriate solution for the company’s requirement.

B. Connecting to each server using a remote desktop connection and running an update script manually is a time-consuming and error-prone process. It requires manual effort to log in to each server individually and execute the update script. This approach is not scalable and does not provide efficient automation, making it unsuitable for the company’s requirement.

D. Scheduling Amazon GuardDuty to run on a nightly basis is a good practice for monitoring security threats, but it does not directly address the automation of security updates. GuardDuty is a threat detection service that analyzes logs and network traffic to identify potential security issues. While it is a valuable security tool, it does not fulfill the requirement of automating security updates for operating systems and applications.

In conclusion, the most suitable option for the company to automate security updates for its operating systems and applications with the least operational effort is C. Use the AWS Systems Manager Patch Manager capability.

Reference

Amazon AWS Certified Cloud Practitioner certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner exam and earn Amazon AWS Certified Cloud Practitioner certification.

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.