Practice Test

True or False: AWS Systems Manager Patch Manager can be used to apply patches for both AWS and on-premises systems.

Answer: True.

Explanation: AWS Systems Manager Patch Manager not only supports EC2 instances and managed instances in AWS, but also the servers and VMs in your premises.

Multiple Select: Which of the following can be accomplished with AWS Systems Manager Patch Manager?

  • a) Create patch baselines
  • b) Automate patching process
  • c) Check the compliance status of instances against the patches defined
  • d) All of the above

Answer: d) All of the above.

Explanation: AWS Systems Manager Patch Manager lets you automate discovering and deploying patches for AWS and on-premises servers, create patch baselines, and check compliance with patch policies.

Single Select: Patch compliance reporting is based on which approach:

  • a) Inventory collection
  • b) Registry key value
  • c) Both a & b
  • d) None of the above

Answer: c) Both a & b.

Explanation: The AWS Systems Manager Patch Manager uses both inventory collection and registry key value to provide patch compliance reporting.

True or False: AWS Systems Manager Patch Manager can automatically patch Linux-based systems only.

Answer: False.

Explanation: AWS Systems Manager Patch Manager can patch both Linux-based and Windows-based systems.

True or False: Automated patch management is a service only offered on AWS.

Answer: False.

Explanation: Automated patch management is a feature offered by many cloud service providers, including AWS, Google Cloud, and Microsoft Azure.

Single Select: What is a patch baseline in AWS Systems Manager Patch Manager?

  • a) A policy applied to all instances
  • b) A set of patches approved for installation on systems
  • c) A registry key value
  • d) A list of non-compliance systems

Answer: b) A set of patches approved for installation on systems.

Explanation: Patch baselines are groups of approved patches that Systems Manager uses to determine if an instance is compliant or non-compliant with the patch baseline.

True or False: AWS Systems Manager Patch Manager only supports patching on regular business hours.

Answer: False.

Explanation: AWS Systems Manager Patch Manager allows you to schedule maintenance windows to adhere to your organization’s operational hours.

Single Select: In AWS, which service would you most likely to use to automate the patch management of EC2 instances?

  • a) AWS Lambda
  • b) AWS Config
  • c) AWS Systems Manager
  • d) AWS EC2 Auto Scaling

Answer: c) AWS Systems Manager.

Explanation: AWS Systems Manager provides a unified interface to allow you to automate patch management of your AWS resources.

True or False: You are only charged by AWS for the patches themselves and not the automation of applying those patches.

Answer: False.

Explanation: While patches may not incur direct costs, use of AWS services such as AWS Systems Manager to automate patch management may come with their own costs based on usage.

True or False: In AWS, it is required to reboot an EC2 instance immediately after a patch is installed.

Answer: False.

Explanation: Some patches require reboots in order to be effective. However, AWS allows you to control if and when to reboot instances during the patching process.

Interview Questions

What is automated patch management in the context of AWS?

Automated patch management in AWS context refers to the process of automatically identifying, acquiring, installing, and verifying patches for system vulnerabilities in AWS resources. This includes using an AWS Service like AWS Systems Manager Patch Manager to automate the process of patching managed instances.

Which AWS service can you use for automated patch management?

AWS Systems Manager Patch Manager can be used for automated patch management. It is a service that helps you simplify your patch management process by scanning instances for missing patches and applying them at scale.

How can you automate the process of patch deployment in AWS Systems Manager Patch Manager?

AWS Systems Manager Patch Manager’s patch baseline functionality allows you to automate the process of patch deployment. A patch baseline defines which patches are to be installed and includes auto-approval rules for patches based on categories and severities.

Can you control the timing of the patch update process in AWS Patch Manager?

Yes, AWS Systems Manager Patch Manager allows you to control the timing of the patch update process. You can schedule maintenance windows to define when to implement patches, ensuring minimum disruption of services.

What is the role of a ‘patch group’ in AWS Systems Manager Patch Manager?

A patch group in AWS Systems Manager Patch Manager is used to segregate your instances into different groups for patching. When you assign instances to a patch group, you specify which patch baseline should be used for those instances, providing granular control over patch operations.

What are the different operating systems supported by AWS Systems Manager Patch Manager?

AWS Systems Manager Patch Manager supports a variety of operating systems including Amazon Linux, Ubuntu Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), and Windows Server.

Is it possible to use AWS Systems Manager Patch Manager for on-premises servers?

Yes, AWS Systems Manager Patch Manager can also be used for on-premises servers or virtual machines (VMs), not just for Amazon EC2 instances.

What is the function of a maintenance window in the AWS Systems Manager Patch Manager?

In AWS Systems Manager Patch Manager, a maintenance window is a set period, defined by the user, during which AWS performs changes, such as patch implementations, on your instances. This helps in minimizing the impact on system services and performance.

What is the `Scan` option in AWS Systems Manager Patch Manager?

The `Scan` option in AWS Systems Manager Patch Manager enables you to scan your instances for any missing patches. This helps you identify what patches are needed and apply them according to the defined patch baselines.

If you want to report on patch compliance, which AWS service can be used with AWS Systems Manager Patch Manager?

AWS Systems Manager Patch Manager integrates with AWS Config to provide reporting on patch compliance. You can use AWS Config to track the patch compliance status of your instances.

Can you roll back patches using AWS Systems Manager Patch Manager?

No, AWS Systems Manager Patch Manager does not natively support patch rollbacks. You must plan and test patches carefully before applying them to your production environments.

Is it possible to exclude certain patches in AWS Systems Manager Patch Manager?

Yes, AWS Systems Manager Patch Manager allows you to exclude certain patches by using the ‘Rejected patches’ list in a patch baseline.

Can AWS Systems Manager Patch Manager apply patches to instances in Amazon VPCs that aren’t connected to the internet?

Yes, by using VPC Endpoints for Systems Manager, AWS Systems Manager Patch Manager can apply patches to instances in Amazon VPCs that aren’t directly connected to the internet.

Do you need to install SSM Agent on your instances to use AWS Systems Manager Patch Manager?

Yes, to use AWS Systems Manager Patch Manager, you need to install the Systems Manager SSM Agent on each instance you want to manage. SSM Agent processes requests from the Systems Manager service and runs them on your instances.

Is AWS Systems Manager Patch Manager free to use?

No, AWS Systems Manager Patch Manager is not free. There are charges for using this service which varies depending on the number of managed instances and the operating system used.

Leave a Reply

Your email address will not be published. Required fields are marked *