Topic 1 Question 144
2 つ選択An online media company has an application that customers use to watch events around the world. The application is hosted on a fleet of Amazon EC2 instances that run Amazon Linux 2. The company uses AWS Systems Manager to manage the EC2 instances. The company applies patches and application updates by using the AWS-AmazonLinux2DefaultPatchBaseline patching baseline in Systems Manager Patch Manager.
The company is concerned about potential attacks on the application during the week of an upcoming event. The company needs a solution that can immediately deploy patches to all the EC2 instances in response to a security incident or vulnerability. The solution also must provide centralized evidence that the patches were applied successfully.
Which combination of steps will meet these requirements?
Create a new patching baseline in Patch Manager. Specify Amazon Linux 2 as the product. Specify Security as the classification. Set the automatic approval for patches to 0 days. Ensure that the new patching baseline is the designated default for Amazon Linux 2.
Use the Patch Now option with the scan and install operation in the Patch Manager console to apply patches against the baseline to all nodes. Specify an Amazon S3 bucket as the patching log storage option.
Use the Clone function of Patch Manager to create a copy of the AWS-AmazonLmux2DefaultPatchBaseline built-in baseline. Set the automatic approval for patches to 1 day.
Create a patch policy that patches all managed nodes and sends a patch operation log output to an Amazon S3 bucket. Use a custom scan schedule to set Patch Manager to check every hour for new patches. Assign the baseline to the patch policy.
Use Systems Manager Application Manager to inspect the package versions that were installed on the EC2 instances. Additionally use Application Manager to validate that the patches were correctly installed.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: AB
A: Creating a new patching baseline with the specific settings ensures that security patches are automatically approved without delay (0 days). This immediate approval is crucial during a security incident when rapid patch deployment is necessary. Making this baseline the designated default for Amazon Linux 2 ensures that it is applied consistently across all instances.
B: Using the Patch Now option with the scan and install operation ensures that patches are deployed immediately to all EC2 instances. By specifying an Amazon S3 bucket for log storage, the company can centrally store and review logs to provide evidence that the patches were applied successfully. This meets the requirement for centralized evidence of successful patch application.
👍 4cumzle_com2024/06/24 why not D
👍 2sema22322024/06/12- 正解だと思う選��択肢: AD
A,D correct
👍 2toshimizu2024/07/25
シャッフルモード