nerdexam
ExamsDOP-C02Questions#316
AmazonAmazon

DOP-C02 · Question #316

DOP-C02 Question #316: Real Exam Question with Answer & Explanation

The correct answer is A: Create an IAM role that has a trust policy that allows Systems Manager to assume the role.. By creating an IAM role with the AmazonSSMManagedEC2InstanceDefaultPolicy attached, the EC2 instances will have the necessary permissions to interact with AWS Systems Manager (SSM). This role is specifically designed to allow EC2 instances to be managed by Systems Manager and pro

Submitted by manish99· Mar 6, 2026Configuration Management and Infrastructure as Code

Question

A company uses AWS Systems Manager to manage a fleet of Amazon Linux EC2 instances that have SSM Agent installed. All EC2 instances are configured to use Instance Metadata Service Version 2 (IMDSv2) and are running in the same AWS account and AWS Region. Company policy requires developers to use only Amazon Linux. The company wants to ensure that all new EC2 instances are automatically managed by Systems Manager after creation. Which solution will meet these requirements with the MOST operational efficiency?

Options

  • ACreate an IAM role that has a trust policy that allows Systems Manager to assume the role.
  • BEnsure that AWS Config is set up. Create an AWS Config rule that validates if an EC2 instance
  • CConfigure Systems Manager Patch Manager. Create a patch baseline that automatically installs
  • DCreate an EC2 instance role that has a trust policy that allows Amazon EC2 to assume the role.

Explanation

By creating an IAM role with the AmazonSSMManagedEC2InstanceDefaultPolicy attached, the EC2 instances will have the necessary permissions to interact with AWS Systems Manager (SSM). This role is specifically designed to allow EC2 instances to be managed by Systems Manager and provides access to all necessary Systems Manager features, such as Patch Manager, Session Manager, and Run Command. Configuring the default-ec2-instance-management-role in the SSM service settings ensures that all new EC2 instances automatically get this role when they are created. This eliminates the need for manual intervention to attach the role to each instance, ensuring that every new instance is immediately managed by Systems Manager after creation. This solution automates the process of managing new EC2 instances by Systems Manager. By attaching the role automatically to all new instances, the company ensures that the instances comply with the management requirements without manual configuration or complex workflows. By using the default-ec2-instance-management-role service setting and attaching the correct role to the instances, option A provides the most streamlined and automated way to ensure that all new EC2 instances are automatically managed by Systems Manager.

Topics

#Systems Manager#IAM roles#EC2 management#SSM Agent

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DOP-C02 PracticeBrowse All DOP-C02 Questions