SOA-C02 · Question #694
SOA-C02 Question #694: Real Exam Question with Answer & Explanation
The correct answer is C: Create an Amazon EventBridge rule to react to Systems Manager Compliance events. Configure. By defining your patch baseline in Systems Manager Patch Manager and then using an EventBridge rule that listens for noncompliant (i.e., vulnerable) Compliance events, you can automatically invoke the Patch Manager run command against only the affected instances. This approach re
Question
A company has deployed Amazon EC2 instances from custom Amazon Machine Images (AMIs) in two AWS Regions. The company registered all the instances with AWS Systems Manager. The company discovers that the operating system on some instances has a significant zero-day exploit. However, the company does not know how many instances are affected. A SysOps administrator must implement a solution to deploy operating system patches for the affected EC2 instances. Which solution will meet this requirement with the LEAST operational overhead?
Options
- ADefine a patch baseline in Systems Manager Patch Manager. Use a Patch Manager scan to
- BUse AWS Config to identify the affected instances. Define a patch baseline in Systems Manager
- CCreate an Amazon EventBridge rule to react to Systems Manager Compliance events. Configure
- DUse AWS Config to identify the affected instances. Update the existing EC2 AMIs with the desired
Explanation
By defining your patch baseline in Systems Manager Patch Manager and then using an EventBridge rule that listens for noncompliant (i.e., vulnerable) Compliance events, you can automatically invoke the Patch Manager run command against only the affected instances. This approach removes the need for manual scans or “Patch Now” launches, minimizing operational overhead while ensuring all exposed instances are patched promptly.
Community Discussion
No community discussion yet for this question.