Q37 — AWS SAA-C03 Ch.5
Question 37 of 65 | ← Chapter 5
Q337. A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices. The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.Which solution will meet these requirements?
- A. Migrate the file server to an Amazon EC2 instance in a public subnet Configure the security group to limit inbound traffic to the employees' IP addresses
- B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN. ✓
- C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
- D. Migrate the files to Amazon S3, and create a public VPC endpoint Allow employees to sign on with AWS Single Sign-on.
Correct Answer: B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
Explanation
Migrating the files to Amazon FSx for Windows File Server file system and integrating it with the on- premises Active Directory provides a secure and scalable solution for storing files. AWS Client VPN can be configured to provide secure remote access to employees to access the files securely. This solution meets all the requirements mentioned in the question.Option A is not a recommended solution since providing access based on IP address is not a secure authentication method, as IP addresses can be spoofed.Option C is not a suitable solution since S3 doesn't natively integrate with Active Directory. Additionally, signed URLs may still be susceptible to interception and unauthorized access.Option D is not a secure solution since creating a public VPC endpoint would make the S3 bucket accessible to anyone on the internet.Answer should be (B), since the Windows file server is on-premise and we need something to replicate the data to the cloud, the only option we have is AWS FSx for Windows File Server. Also, since the information is confidential and sensitive, we also want to make sure that the appropriate users have access to it in a secure manner.