AWS Certified Solutions Architect – Associate (SAA-C03) — Question 23

A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.
What should a solutions architect do to meet these requirements?

Answer options

• A. Create an AWS Lambda function to apply the patch to all EC2 instances.
• B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.
• C. Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.
• D. Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.

Correct answer: D

Explanation

The correct answer is D because AWS Systems Manager Run Command allows for immediate execution of commands on multiple instances, making it ideal for quickly applying patches. Option A is incorrect as AWS Lambda is not suited for patching EC2 instances directly. Option B would not be the best choice as Patch Manager is designed for managing OS patches rather than third-party software. Option C, while useful for scheduling tasks, may not provide the immediate remediation required for a critical security vulnerability.