ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company runs a stateless web service on six virtual machines (VMs) in a public IaaS environment. The VMs are registered behind the provider's managed load balancer. A critical operating-system security patch has been released that requires a reboot. Management insists that customers must see no noticeable outage and that at least 95 % of capacity remain online throughout the maintenance. Which update strategy will BEST meet the availability requirement?
Schedule an extended maintenance window, disable the load balancer listener, sequentially patch and reboot each VM, and re-enable the listener when all are complete.
Put every VM into maintenance mode, apply the patch to all systems at the same time, and then reboot them together.
Initiate live migration of each VM to a different availability zone, apply the patch in the target zone, and then fail back when finished.
Create a new golden image that includes the patch, add it to the auto-scaling or instance group, and roll out the update by gradually replacing instances as they pass health checks behind the load balancer.
The safest way to keep the service available is to build a new, fully patched VM image and perform a rolling replacement (sometimes called a rolling or blue/green update) through an auto-scaling, instance-group, or similar orchestration mechanism. One patched instance is started and health-checked; once it reports healthy, traffic is shifted to it and one of the old instances is terminated. The cycle repeats until every original VM has been replaced. At no point are all instances down, so at least 95 % of capacity remains online.
Patching all VMs at once (or shutting down the load balancer first) brings the entire service offline, violating the SLA. Simply taking snapshots before patching does not itself maintain availability; if every VM is still rebooted simultaneously, users still experience downtime. Live-migration between availability zones is a platform feature for host maintenance, not guest OS patching, and usually cannot be initiated by the tenant to avoid reboot-required updates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a golden image in cloud environments?
Open an interactive chat with Bash
What is a rolling replacement strategy?
Open an interactive chat with Bash
How do auto-scaling groups help with patch management?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .