ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 301 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 301
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses AWS Systems Manager to manage a fleet of Amazon Linux EC2 instances that have SSM Agent installed. All EC2 instances are configured to use Instance Metadata Service Version 2 (IMDSv2) and are running in the same AWS account and AWS Region. Company policy requires developers to use only Amazon Linux.

The company wants to ensure that all new EC2 instances are automatically managed by Systems Manager after creation.

Which solution will meet these requirements with the MOST operational efficiency?

  • A. Create an IAM role that has a trust policy that allows Systems Manager to assume the role. Attach the AmazonSSMManagedEC2InstanceDefaultPolicy policy to the role. Configure the default-ec2-instance-management-role SSM service setting to use the role.
  • B. Ensure that AWS Config is set up. Create an AWS Config rule that validates if an EC2 instance has SSM Agent installed. Configure the rule to run on EC2 configuration changes. Configure automatic remediation for the rule to run the AWS-InstallSSMAgent SSM document to install SSM Agent.
  • C. Configure Systems Manager Patch Manager. Create a patch baseline that automatically installs SSM Agent on all new EC2 instances. Create a patch group for all EC2 instances. Attach the patch baseline to the patch group. Create a maintenance window and maintenance window task to start installing SSM Agent daily.
  • D. Create an EC2 instance role that has a trust policy that allows Amazon EC2 to assume the role. Attach the AmazonSSMManagedInstanceCore policy to the role. Ensure that AWS Config is set up. Use the ec2-instance-profile-attached managed AWS Config rule to validate if an EC2 instance has the role attached. Configure the rule to run on EC2 configuration changes. Configure automatic remediation for the rule to run the AWS-SetupManagedRoleOnEc2Instance SSM document to attach the role to the EC2 instance.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ArunRav at Nov. 28, 2024, 9:31 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Srikantha
2 weeks, 5 days ago
Selected Answer: A
By setting the default-ec2-instance-management-role service setting, new EC2 instances will automatically assume the correct role, allowing seamless management by AWS Systems Manager. Thus, Option A is the best choice.
upvoted 1 times
...
Ky_24
4 months ago
Selected Answer: A
1. Automatic Role Association: • AWS Systems Manager supports a default instance management role that is automatically attached to new EC2 instances upon creation. • By configuring the default-ec2-instance-management-role SSM service setting, any new EC2 instance will automatically be associated with the specified IAM role. 2. IAM Role and Policy: • The AmazonSSMManagedEC2InstanceDefaultPolicy provides the necessary permissions for SSM Agent to manage instances, including access to Systems Manager services, Amazon S3, and AWS Config logs. 3. Operational Efficiency: • This solution ensures new EC2 instances are automatically registered with Systems Manager without requiring additional manual steps or configuration changes. • It eliminates the need for AWS Config rules, patch baselines, or remediation documents, simplifying the management process.
upvoted 2 times
...
ArunRav
4 months, 3 weeks ago
Selected Answer: A
Amazon Linux has the agent already installed. So A perform the rest of the steps to manage the instances using SSM
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago