Learn how to automate the patching process for Amazon EC2 Windows instances using AWS Systems Manager Patch Manager, including setting auto-approval delays and maintenance windows based on environment tags.
Table of Contents
Question
A SysOps administrator wants to use AWS Systems Manager Patch Manager to automate the process of patching Amazon EC2 Windows instances. The SysOps administrator wants to ensure that patches are auto-approved 2 days after the release date for development instances. Patches also must be auto-approved 5 days after the release date for production instances. Maintenance must occur only during a 2-hour window for all instances.
Which solution will meet these requirements?
A. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and one patch baseline. Add an auto-approval delay to each patch group. Create a single maintenance window.
B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
C. Use tags to identity development instances and production instances. In Patch Manager, create two patch groups and one patch baseline, Create two separate maintenance windows, each with an auto-approval delay.
D. Use tags to identify development instances. In Patch Manager, create one patch group and one patch baseline. Specify auto-approval delays in the patch baseline, Add development instances to the new patch group. Use predefined Patch Manager patch baselines for all remaining instances. Create a single maintenance window.
Answer
B. Use tags to identify development instances and production instances. In Patch Manager, create two patch groups and two patch baselines. Specify an auto-approval delay in each of the patch baselines. Create a single maintenance window.
Explanation
- Use tags to identify development instances and production instances: This allows for easy differentiation and targeting of the respective instance groups.
- Create two patch groups: One for development instances and one for production instances. Patch groups allow for the grouping of instances based on specific criteria, such as tags.
- Create two patch baselines: One for development instances and one for production instances. Patch baselines define the approved and rejected patches, as well as an auto-approval delay, which is required to meet the specified time-based auto-approval requirements.
- Specify an auto-approval delay in each of the patch baselines: In the development patch baseline, set the auto-approval delay to 2 days after the release date. In the production patch baseline, set the auto-approval delay to 5 days after the release date.
- Create a single maintenance window: This maintenance window will be used for both development and production instances, allowing patches to be applied during the specified 2-hour window.
By following this solution, the SysOps administrator can ensure that patches are auto-approved according to the required timeframes for development and production instances, while also enforcing the maintenance window constraint for all instances.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.