Crucial Exams

AWS Certified Solutions Architect Professional SAP-C02 Practice Question

A global enterprise has 250 AWS accounts that are organized into multiple organizational units (OUs) in AWS Organizations. Security policy mandates that every Amazon EC2 instance must automatically install any Critical or Important operating-system security patch within 24 hours of its release. The solution must provide a single place to configure and report patch compliance for all accounts and Regions, use only the existing SSM Agent, remediate non-compliant instances automatically, and impose the least possible operational overhead on the central cloud-operations team.

Which approach best meets these requirements?

  • Use AWS CloudFormation StackSets to deploy identical custom patch baselines, nightly maintenance windows, and AWS-RunPatchBaseline Run Command tasks in every account and Region. Tag each instance with its patch group and build a cross-account CloudWatch dashboard to display patch compliance.

  • Create an AWS Config conformance pack that contains the managed rule EC2_MANAGEDINSTANCE_PATCH_COMPLIANCE_STATUS_CHECK and attach an auto-remediation action that invokes the AWS-RunPatchBaseline Automation runbook on every NON_COMPLIANT instance. Run the rule once every 24 hours and aggregate the results in the management account.

  • Enable Amazon Inspector across the organization by delegating administration to a central account, then configure Amazon EventBridge rules that match Inspector EC2 vulnerability findings with a CVSS score of 7.0 or higher and start an SSM Automation runbook that executes AWS-RunPatchBaseline on the affected instances. Use the Inspector console for compliance visibility.

  • From the management account, deploy an AWS Systems Manager Quick Setup Patch Manager policy to the entire organization. Configure a custom patch baseline with a 0-day auto-approval rule for Critical and Important patches, select the Scan and install operation, and schedule the State Manager association to run daily. Quick Setup propagates the baseline, schedule, and compliance reporting across all member accounts and Regions by using the existing SSM Agent.

AWS Certified Solutions Architect Professional SAP-C02
Continuous Improvement for Existing Solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot