AWS DevOps Engineer Professional Practice Test

In AWS Systems Manager, which two items are responsible for controlling what patches are installed and when?

• A. Patch Baselines and Patch Groups
• B. Patch Management and Update Groups
• C. Patch Timeline and Update Policies
• D. Patch Versions and Group Policies

The correct answer is: Patch Baselines and Patch Groups

In AWS Systems Manager, Patch Baselines and Patch Groups are fundamental components in managing patch compliance for your instances. Patch Baselines define the rules for which patches should be applied to targeted instances. They allow you to specify approved patches, the severity of patches that should be applied, and a schedule for applying those patches. Essentially, they set the criteria and policy regarding which updates are appropriate for your environment. Patch Groups refer to the application of these baselines to groups of managed instances. By creating Patch Groups, you can organize your instances logically based on various criteria, such as environment (e.g., production, staging) or application type. This allows you to easily control the deployment of patches by associating specific instances with defined patch baselines, ensuring that instances are managed according to their specific needs and compliance requirements. Together, these two components facilitate a structured approach to patch management, enabling organizations to maintain a secure and compliant infrastructure effectively. Other choices do not accurately represent the functionality provided by AWS Systems Manager for patch management, as they either use incorrect terminology or do not reflect the fundamental roles that Patch Baselines and Patch Groups play in the patching process.