AWS Certified Solutions Architect – Professional — Question 968

A company runs a Windows Server host in a public subnet that is configured to allow a team of administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The host must be available at all times outside of a scheduled maintenance window, and needs to receive the latest operating system updates within 3 days of release.
What should be done to manage the host with the LEAST amount of administrative effort?

Answer options

• A. Run the host in a single-instance AWS Elastic Beanstalk environment. Configure the environment with a custom AMI to use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.
• B. Run the host on AWS WorkSpaces. Use Amazon WorkSpaces Application Manager (WAM) to harden the host. Configure Windows automatic updates to occur every 3 days.
• C. Run the host in an Auto Scaling group with a minimum and maximum instance count of 1. Use a hardened machine image from AWS Marketplace. Apply system updates with AWS Systems Manager Patch Manager.
• D. Run the host in AWS OpsWorks Stacks. Use a Chief recipe to harden the AMI during instance launch. Use an AWS Lambda scheduled event to run the Upgrade Operating System stack command to apply system updates.

Correct answer: C

Explanation

Deploying the EC2 instance inside an Auto Scaling group with a minimum and maximum count of 1 guarantees high availability by automatically replacing the host if it fails. Using AWS Systems Manager Patch Manager allows for automated, scheduled patching within the required 3-day window with minimal operational effort. Other options like AWS OpsWorks, Elastic Beanstalk, or AWS WorkSpaces introduce unnecessary complexity and configuration overhead for managing a single bastion host.