A company has several critical applications running on a large fleet of Amazon EC2 instances. As part of a security operations review, the company needs to apply a critical operating system patch to EC2 instances within 24 hours of the patch becoming available from the operating system vendor. The company does not have a patching solution deployed on AWS, but does have AWS Systems Manager configured. The solution must also minimize administrative overhead.
What should a security engineer recommend to meet these requirements?
A . Create an AWS Config rule defining the patch as a required configuration for EC2 instances.
B . Use the AWS Systems Manager Run Command to patch affected instances.
C . Use an AWS Systems Manager Patch Manager predefined baseline to patch affected instances.
D . Use AWS Systems Manager Session Manager to log in to each affected instance and apply the patch.
Answer: B
Leave a Reply