AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.

What should a solutions architect do to meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create an AWS Lambda function to apply the patch to all EC2 instances.

Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.

Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.

Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.

Explanation:

Explanation

Correct Answer: D - Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.

Why this is the best solution:

Third-party software patching: AWS Systems Manager Patch Manager is designed for patching operating systems and AWS-provided software, but for third-party software, you typically need custom patching procedures. Run Command allows you to execute custom scripts or commands across multiple instances.
Speed requirement: The question emphasizes "as quickly as possible." Run Command can execute commands across all 1,000 instances simultaneously, making it the fastest option.
Scale: Managing 1,000 EC2 instances requires an automated, scalable solution. Run Command is designed for this exact purpose.

Analysis of other options:

A. Create an AWS Lambda function to apply the patch to all EC2 instances.

While possible, this is more complex and requires additional development work
Lambda functions have execution time limits that might be problematic for patching 1,000 instances
Not the most efficient or AWS-recommended approach for this specific use case

B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.

Patch Manager is excellent for OS and AWS software patches
However, for third-party software, it may not have the necessary patch definitions
The question specifies "third-party software," making this less suitable

C. Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.

Maintenance windows are for scheduling operations during specific timeframes
While you could use maintenance windows with Run Command, the question asks for the quickest approach
Scheduling implies waiting for a maintenance window, which contradicts "as quickly as possible"

Key AWS Services Knowledge:

AWS Systems Manager Run Command: Execute commands at scale on EC2 instances and on-premises servers
AWS Systems Manager Patch Manager: Automate patching of operating systems and applications
AWS Systems Manager Maintenance Windows: Schedule operations during specific timeframes
AWS Lambda: Serverless compute service, not optimized for mass EC2 instance management

Best Practice Recommendation:

For patching third-party software quickly across many instances, use Systems Manager Run Command with a custom script that applies the specific patch required for the third-party software vulnerability.

Powered ByGPT-5.2

Comments

Loading comments...