Q71 — AWS SAP-C02 Ch.2
Question 71 of 75 | ← Chapter 2
Q221. A company is rearchitecting its applications to run on AWS. The company's infrastructure includes multiple Amazon EC2 instances. The company's development team needs different levels of access. The company wants to implement a policy that requires all Windows EC2 instances to be joined to an Active Directory domain on AWS. The company also wants to implement enhanced security processes such as multi-factor authentication (MFA). The company wants to use managed AWS services wherever possible. Which solution will meet these requirements?
- A. Create an AWS Directory Service for Microsoft Active Directory implementation. Launch an Amazon WorkSpace. Connec to and use the WorkSpace for domain security configuration tasks. ✓
- B. Create an AWS Directory Servicelor Microsoft Active Directory implementation. Launch an EC2instance. Connect to and use the EC2 instance for domain security configuration tasks.
- C. Create an AWS Directory Service Simple AD implementation. Launch an EC2 instance. Connect to and use the EC2instance for domain security configuration tasks.
- D. Create an AWS Directory Service Simple AD implementation. Launch an Amazon WorkSpace. Connect to and use the WorkSpace for domain security configuration tasks.
Correct Answer: A. Create an AWS Directory Service for Microsoft Active Directory implementation. Launch an Amazon WorkSpace. Connec to and use the WorkSpace for domain security configuration tasks.
Explanation
Option A suggests creating an AWS Directory Service for Microsoft Active Directory implementation and launching an Amazon WorkSpace for domain security configuration tasks. This approach provides the development team with various levels of access required while leveraging managed AWS services and enables users to configure domain security settings from anywhere with an internet connection. Option B suggests creating an AWS Directory Service for Microsoft Active Directory implementation and launching an EC2 instance for domain security configuration tasks. However, this approach lacks the mobility and flexibility provided by using Amazon WorkSpaces, requiring users to connect to the EC2 instance from specific devices or locations. Option C suggests creating an AWS Directory Service Simple AD implementation and launching an EC2 instance for domain security configuration tasks. Simple AD does not support MFA or complex AD trust relationships, making it less secure than the Managed AD option. Option D suggests creating an AWS Directory Service Simple AD implementation and launching an Amazon WorkSpace for domain security configuration tasks. Similar to option A, this approach uses Amazon WorkSpaces but does not provide the full capabilities of Managed AD. Therefore, option A provides the most suitable solution by creating an AWS Directory Service for Microsoft Active Directory implementation, which can support MFA and complex AD trust relationships. The solution also involves launching an Amazon WorkSpace for domain security configuration tasks, which enables the development team to have the various levels of access required while leveraging managed AWS services and providing mobility and flexibility to configure domain security settings from anywhere with an internet connection.