AWS Certified Solutions Architect – Professional — Question 5

A Solutions Architect must establish a patching plan for a large mixed fleet of Windows and Linux servers. The patching plan must be implemented securely, be audit-ready, and comply with the company's business requirements.
Which option will meet these requirements with MINIMAL effort?

Answer options

• A. Install and use an OS-native patching service to manage the update frequency and release approval for all instances. Use AWS Config to verify the OS state on each instance and report on any patch compliance issues.
• B. Use AWS Systems Manager on all instances to manage patching. Test patches outside of production and then deploy during a maintenance window with the appropriate approval.
• C. Use AWS OpsWorks for Chef Automate to run a set of scripts that will iterate through all instances of a given type. Issue the appropriate OS command to get and install updates on each instance, including any required restarts during the maintenance window.
• D. Migrate all applications to AWS OpsWorks and use OpsWorks automatic patching support to keep the OS up-to-date following the initial installation. Use AWS Config to provide audit and compliance reporting.

Correct answer: B

Explanation

The correct answer, B, is the most efficient way to manage patching since AWS Systems Manager provides a centralized approach to handle patches, including testing and deployment during maintenance windows. Options A and D involve more manual verification and migration efforts, while C requires scripting and command execution which adds complexity and effort to the process.