AWS Certified Solutions Architect – Professional — Question 604

A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances use a variety of tools to perform patching.
Management requires a single report showing the patch status of all the servers and instances.
Which set of actions should a solutions architect take to meet these requirements?

Answer options

• A. Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports
• B. Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use Amazon QuickSight integration with OpsWorks to generate patch compliance reports.
• C. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to apply patches by scheduling an AWS Systems Manager patch remediation job. Use Amazon Inspector to generate patch compliance reports.
• D. Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use AWS X-Ray to post the patch status to AWS Systems Manager OpsCenter to generate patch compliance reports.

Correct answer: A

Explanation

AWS Systems Manager Patch Manager is the native tool designed to automate the patching process and track compliance across both Amazon EC2 instances and hybrid on-premises servers. It provides built-in capabilities to generate unified patch compliance reports directly. Other services like AWS OpsWorks, Amazon Inspector, and AWS X-Ray are not designed to serve as central patch management or compliance reporting tools for hybrid environments.