Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmasmnth

A company uses an organization in AWS Organizations to manage thousands of Amazon EC2 instances...

A company uses an organization in AWS Organizations to manage thousands of Amazon EC2 instances that run in multiple AWS accounts. The company groups the accounts into production and non-production environments that are in separate organizational units (OUs). The company identifies a critical vulnerability in its EC2 instances. The company needs to patch all affected instances. To comply with a security policy, the company must patch instances in the non-production environment before deploying the patch to the production environment. The company needs a scalable and auditable patch management solution across all accounts.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Tag each EC2 instance with an environment tag of either Prod or NonProd in all accounts. Enable Organizations delegated administration in the organization management account. Create an AWS Systems Manager Automation runbook that patches each instance based on the value of the environment tag. Use Amazon EventBridge to apply patching workflows for non-production instances first, followed by production instances.

B.

Use AWS Systems Manager State Manager in each account to apply patches to EC2 instances during scheduled maintenance windows. Configure State Manager associations to non-production accounts first, followed by production accounts. Use AWS Config to produce compliance reports for all accounts.

C.

Configure AWS Systems Manager Patch Manager with patch baselines. Enable delegated administration for Systems Manager and assign a delegated administrator account. Create Systems Manager Automation runbooks that target the OUs. Apply patches to instances in the non-production OU first by using approval gates before patching the production OU. Use Systems Manager Compliance and AWS CloudTrail to audit compliance in the OUs.

D.

Use AWS Config rules across all accounts to manage patch compliance. Enable Organizations delegated administration in the organization management account. Create an AWS Lambda function to run a patching workflow in non-production accounts and then in production accounts. Configure the function to run when AWS Config identifies non-compliant accounts. Use AWS CloudTrail to audit all patch activity across the organization.

Amazon Web Services SAP-C02 Summary

  • Vendor: Amazon Web Services
  • Product: SAP-C02
  • Update on: Jul 5, 2026
  • Questions: 683
Price: $52.5  $149.99
Buy Now SAP-C02 PDF + Testing Engine Pack

Payments We Accept

Your purchase with ExamsVCE is safe and fast. Your products will be available for immediate download after your payment has been received.
The ExamsVCE website is protected by 256-bit SSL from McAfee, the leader in online security.

examsvce payment method