Q75 — AWS SAP-C02 Ch.3
Question 75 of 75 | ← Chapter 3
Q300. A company wants to use Amazon WorkSpaces in combination with the client devices to replace aging desktops. Employees use the desktops to access applications that work with clinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding an additional branch in the next 6 months. Which solution meets these requirements with the Most operational efficiency?
- A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory. ✓
- B. Use AWS Firewall Manager to create a web ACL rule with an IPSET with the list of public addresses from the branch office locations. Associate the web ACL with the WorkSpaces directory.
- C. USE AWS Certificate Manager (ACM) to issue trusted device certificates to the machine deployed in the branch office locations. Enable restricted access on the WorkSpaces directory.
- D. Create a custom WorkSpaces image with Windows Firewall configured to restrict configured access to the public address of the branch offices. Use the image to deploy the Workspace.
Correct Answer: A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory.
Explanation
JIEXI: Apologies for the confusion in my previous response. Upon reassessing the requirements, the correct solution that meets the requirements with the most operational efficiency is: A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory. This solution allows you to create an IP access control group rule that specifies the list of public addresses associated with the company's branch office locations. By associating this IP access control group with the WorkSpaces directory, you can restrict access to the applications to only those client devices located in the branch offices. Option B (using AWS Firewall Manager to create a web ACL rule with an IPSET) is not the most appropriate solution for this specific scenario. While AWS Firewall Manager is a powerful tool for managing network access, it is more suitable for broader network security management rather than the specific requirement of restricting access to WorkSpaces based on branch office locations. Option C (using AWS Certificate Manager to issue trusted device certificates) is not the optimal solution for restricting access based on branch office locations. Trusted device certificates issued by ACM are more commonly used for device authentication rather than IP-based access control. Option D (creating a custom WorkSpaces image with Windows Firewall configuration) does not provide the same level of flexibility and centralized management as using IP access control groups. Managing Windows Firewall configurations on individual WorkSpaces images can become cumbersome as the number of branch offices increases. Therefore, the correct and most operationally efficient solution is: A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory.