AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 67

A company uses hundreds of Amazon EC2 On-Demand Instances and Spot Instances to run production and non-production workloads. The company installs and configures the AWS Systems Manager Agent (SSM Agent) on the EC2 instances.

During a recent instance patch operation, some instances were not patched because the instances were either busy or down. The company needs to generate a report that lists the current patch version of all instances.

Which solution will meet these requirements in the MOST operationally efficient way?

Answer options

• A. Use Systems Manager Inventory to collect patch versions. Generate a report of all instances.
• B. Use Systems Manager Run Command to remotely collect patch version information. Generate a report of all instances.
• C. Use AWS Config to track EC2 instance configuration changes by using output from the SSM Agents. Create a custom rule to check for patch versions. Generate a report of all unpatched instances.
• D. Use AWS Config to monitor the patch status of the EC2 instances by using output from the SSM Agents. Create a configuration compliance rule to check whether patches are installed. Generate a report of all instances.

Correct answer: A

Explanation

The correct answer is A because Systems Manager Inventory is specifically designed to collect detailed metadata about your instances, including patch versions, in an efficient manner. Options B and D involve more complex processes that are not as streamlined for simply gathering patch information, while option C focuses on configuration changes rather than directly reporting patch statuses.