A production workload runs on 1,000 Amazon EC2 Linux instances and is powered by third-party software. The company must patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability. What should a solutions architect do to meet this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances..
Why this is the answer
AWS Systems Manager Run Command is the most efficient and direct way to apply a critical patch to 1,000 EC2 instances quickly. It allows you to execute commands, such as patch installation scripts, across a large fleet of instances simultaneously and on-demand. Creating an AWS Lambda function to apply the patch is not suitable because Lambda functions are stateless and designed for event-driven, short-duration tasks, not for directly managing and patching EC2 instances at scale. Configuring AWS Systems Manager Patch Manager is designed for automated, scheduled patching of operating systems and applications. While useful for ongoing maintenance, it might not be the fastest option for an immediate, critical, one-time security vulnerability remediation that requires a custom patch. Scheduling an AWS Systems Manager maintenance window would introduce a delay, as it's designed for planned, recurring maintenance activities, not for urgent, immediate remediation of a critical vulnerability.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed