AWS Certified DevOps Engineer – Professional — Question 22

A company runs an application with an Amazon EC2 and on-premises configuration. A DevOps Engineer needs to standardize patching across both environments. Company policy dictates that patching only happens during non-business hours.
Which combination of actions will meet these requirements? (Choose three.)

Answer options

• A. Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.
• B. Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.
• C. Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.
• D. Execute an AWS Systems Manager Automation document to patch the systems every hour.
• E. Use Amazon CloudWatch Events scheduled events to schedule a patch window.
• F. Use AWS Systems Manager Maintenance Windows to schedule a patch window.

Correct answer: A, B, F

Explanation

The correct actions are A, B, and F. Action A is necessary to bring on-premises machines under the management of AWS Systems Manager. Action B allows EC2 instances to be controlled by Systems Manager. Action F enables scheduling of the patching process during the designated maintenance window. Options C and D are incorrect; C is not a recommended practice for security, and D does not align with the requirement to patch only during non-business hours.