今天分享一道AWS SAP认证的典型练习题目。之所以说它典型,是因为答案基本都是大段大段的描述,而且相似度比较高,一不小心很容易漏掉关键信息,导致出错。
下面,我们一起来看看吧。
An internal security audit of AWS resources within a company found that a number of Amazon EC2 instances running Microsoft Windows workloads were missing several important operating system-level patches. A Solutions Architect has been asked to fix existing patch deficiencies, and to develop a workflow to ensure that future patching requirements are identified and taken care of quickly. The Solutions Architect has decided to use AWS Systems Manager. It is important that EC2 instance reboots do not occur at the same time on all Windows workloads to meet organizational uptime requirements. Which workflow will meet these requirements in an automated manner?
A. Add a Patch Group tag with a value of Windows Servers to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS-DefaultPatchBaseline to the Windows servers patch group. Define an AWS Systems Manager maintenance window, conduct patching within it, and associate it with the Windows Servers patch group. Register instances with the maintenance window using associated subnet IDs. Assign the AWS-RunPatchBaseline document as a task within each maintenance window.
B. Add a Patch Group tag a value of Windows Servers to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWS-WindowsPatchBaseline document as a task associated with the Windows Servers patch group. Create an Amazon CloudWatch Events rule configured to use a cron expression to schedule the execution of patching using the AWS Systems Manager run command. Create an AWS Systems Manager State Manager document to define commands to be executed during patch execution.
C. Add a Patch Group tag with a value of either Windows Servers1 or Windows Server2 to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWSDefaultPatchBaseline with both Windows Servers patch groups. Define two non-overlapping AWS Systems Manager maintenance windows, conduct patching within them, and associate each with a different patch group. Register targets with specific maintenance windows using the Patch Group tags. Assign the AWS-RunPatchBaseline document as a task within each maintenance window.
D. Add a Patch Group tag with a value of either Windows servers1 or Windows Server2 to all existing EC2 instances. Ensure that all Windows EC2 instances are assigned this tag. Associate the AWSWindowsPatchBaseline with both Windows Servers patch groups. Define two non-overlapping AWS Systems Manager maintenance windows, conduct patching within them, and associate each with a different patch group. Assign the AWS-RunWindowsPatchBaseline document as a task within each maintenance window. Create an AWS Systems Manager State Manager document to define commands to be executed during patch execution.
答案:C
题目难度:低
题目解析:题干中的关键信息已经用黑体标示出来——不能在同一时间段内重启所有的EC2实例。因此可直接排除选项A和B。剩下选项C和D,均满足分别重启EC2实例的要求,剩下则是考察应试者对AWS Systems Manager的使用熟悉程度。对比选项C,D的方案描述,最大的区别是选项C包括Regiseter targets这一步骤,而选项D则有“conduct patching within them”的语句。那么,到底哪一个才是正确的选择呢?
根据AWS博客的描述,https://amazonaws-china.com/blogs/mt/patching-your-windows-ec2-instances-using-aws-systems-manager-patch-manager/,创建维护时间窗口之后,接下来需要做的就是“On the Register targets page in the console, create register targets for your Maintenancewindow by specifying the Patch Group tag for the tag name...”。
由此得出结论,选项C更清晰地描述了使用AWS Systems Manager为多个运行Windows操作系统的EC2实例打补丁的步骤,是最符合题目要求的选项。
网友评论