Answer-first summary for fast verification
Answer: Use the AWS Systems Manager Patch Manager capability.
## Explanation **AWS Systems Manager Patch Manager** is the correct solution because: 1. **Automated Patching**: Patch Manager automates the process of patching managed instances across AWS services (EC2, Lightsail) and on-premises servers. 2. **Cross-Platform Support**: It supports multiple operating systems including Windows, Linux, and macOS. 3. **Least Operational Effort**: Once configured, Patch Manager runs automatically according to your defined schedule, requiring minimal ongoing manual intervention. 4. **Centralized Management**: Provides a single interface to manage patching across hybrid environments. **Why other options are incorrect:** - **AWS Shield**: This is a DDoS protection service, not for operating system and application patching. - **Manual remote desktop connection**: This requires significant operational effort and doesn't scale well. - **Amazon GuardDuty**: This is a threat detection service that uses machine learning to identify threats, not for automated patching. **Key Benefits of AWS Systems Manager Patch Manager:** - Automated patch compliance reporting - Flexible scheduling options - Support for security and non-security updates - Integration with AWS Organizations for multi-account management - Ability to create maintenance windows for patching
Author: Ritesh Yadav
Ultimate access to all questions.
No comments yet.
A company has an environment that includes Amazon EC2 instances, Amazon Lightsail, and on-premises servers. The company wants to automate the security updates for its operating systems and applications.
Which solution will meet these requirements with the LEAST operational effort?
A
Use AWS Shield to identify and manage security events.
B
Connect to each server by using a remote desktop connection. Run an update script.
C
Use the AWS Systems Manager Patch Manager capability.
D
Schedule Amazon GuardDuty to run on a nightly basis.