Q37 — AWS SAA-C03 Ch.5

Question 37 of 65 | ← Chapter 5

Q337. A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices. The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.Which solution will meet these requirements?

Correct Answer: B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.

Explanation

Migrating the files to Amazon FSx for Windows File Server file system and integrating it with the on- premises Active Directory provides a secure and scalable solution for storing files. AWS Client VPN can be configured to provide secure remote access to employees to access the files securely. This solution meets all the requirements mentioned in the question.Option A is not a recommended solution since providing access based on IP address is not a secure authentication method, as IP addresses can be spoofed.Option C is not a suitable solution since S3 doesn't natively integrate with Active Directory. Additionally, signed URLs may still be susceptible to interception and unauthorized access.Option D is not a secure solution since creating a public VPC endpoint would make the S3 bucket accessible to anyone on the internet.Answer should be (B), since the Windows file server is on-premise and we need something to replicate the data to the cloud, the only option we have is AWS FSx for Windows File Server. Also, since the information is confidential and sensitive, we also want to make sure that the appropriate users have access to it in a secure manner.