As an AWS consultant, you are helping a company to manage AWS resources.
At the moment, the company spends a lot of manual effort on patching the EC2 instances weekly.
The company asks you to configure auto patching for its EC2 instances using Patch Manager in AWS Systems Manager.
In terms of the usage of Patch Manager, which of the following statements are true? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: B and C.
Option A is incorrect because several types of operating systems are supported, including Amazon Linux, CentOS, Debian Server, macOS, Ubuntu Server, Windows Server, etc.
Option B is CORRECT because users can create their own patch baselines with custom patch settings.
Option C is CORRECT because, in Patch Manager, customers can perform on-demand patching without the need to create a schedule.
Option D is incorrect because Lambda functions are serverless and not in the scope of Patch Manager.
Option E is incorrect because users can choose the type of patches to be applied with a custom patch baseline such as Security or Enhancement.
Reference:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.htmlSure, I'll be happy to provide you with a detailed explanation of Patch Manager in AWS Systems Manager and its features.
Patch Manager is a service provided by AWS Systems Manager that allows you to automate the process of patching your Amazon EC2 instances and on-premises instances. It enables you to create and manage patch baselines, automate patching operations, and simplify compliance reporting for operating system patches. Patch Manager provides predefined patch baselines for common operating systems, such as Amazon Linux, Ubuntu, and Windows Server.
Now, let's discuss the statements provided in the question:
A. Patch Manager only works for the Linux operating system. This statement is false. Patch Manager supports patching for both Linux and Windows operating systems. You can create patch baselines for both operating systems and automate the patching process using Patch Manager.
B. You can customize a patch baseline used by your EC2 instances. This statement is true. Patch Manager allows you to create custom patch baselines to meet your organization's specific patching requirements. You can add or remove patches from the baseline, change the severity level of patches, and define patch rules based on criteria such as keywords or classifications.
C. You can perform an on-demand patching operation even if it is not within a maintenance window. This statement is true. With Patch Manager, you can perform on-demand patching operations outside of the defined maintenance window. This enables you to apply critical patches to instances immediately, without waiting for the next maintenance window.
D. You can use Patch Manager to patch Lambda functions. This statement is false. Patch Manager is designed to patch EC2 instances and on-premises instances only. It cannot be used to patch Lambda functions.
E. The “Security” type of patches are always applied by Patch Manager which users cannot bypass. This statement is false. Patch Manager provides flexibility in terms of which patches are applied and when they are applied. You can define patch rules and include or exclude specific patches based on your organization's policies. While Patch Manager does prioritize security patches, it does not force you to apply them or prevent you from bypassing them.
I hope this explanation helps you understand the capabilities of Patch Manager in AWS Systems Manager.