Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 325

A company is rearchitecting its applications to run on AWS. The company’s infrastructure includes multiple Amazon EC2 instances. The company's development team needs different levels of access. The company wants to implement a policy that requires all Windows EC2 instances to be joined to an Active Directory domain on AWS. The company also wants to implement enhanced security processes such as multi-factor authentication (MFA). The company wants to use managed AWS services wherever possible.

Which solution will meet these requirements?

    Correct Answer: A

    To meet the requirement of having all Windows EC2 instances joined to an Active Directory domain on AWS, as well as implementing multi-factor authentication and using managed AWS services wherever possible, the best solution is to create an AWS Directory Service for Microsoft Active Directory implementation. Using Amazon WorkSpaces for domain security configuration tasks is a fully managed service that provides a Windows desktop environment in the AWS Cloud, making it easier to manage and secure compared to setting up and configuring an EC2 instance manually.

Discussion
HappyPrinceOption: B

I support B as well per this link where EC2 is recommended: https://docs.aws.amazon.com/workspaces/latest/adminguide/directory_administration.html

nublitOption: B

B is correct. The question mention "Windows EC2", no "Windows user desktops". Maybe the Windows EC2 can be Windows Servers.

TonytheTigerOption: A

Option A - Three requirements, 1. join AD domain, 2. enable MFA, 3. Use AWS managed service. Nothing about cost or any additional requirements. Option A checks all the boxes from the article information - https://aws.amazon.com/blogs/security/how-to-enable-multi-factor-authentication-for-amazon-workspaces-and-amazon-quicksight-by-using-microsoft-ad-and-on-premises-credentials/

dankositzkeOption: A

I would choose A over B because of the last requirement: “The company wants to use managed AWS services wherever possible.”

07c2d2a

"The company wants to implement a policy that requires all Windows EC2 instances to be joined to an Active Directory domain on AWS". Workspaces are automatically domain joined. EC2 aren't going to be automatically domain joined without some extra steps. I feel like that's what they're getting at here...

chelbsikOption: A

A seems better, as it uses managed Workspaces, which we can apply different security controls to despite what some people here say https://docs.aws.amazon.com/whitepapers/latest/best-practices-deploying-amazon-workspaces/security.html

chelbsik

Additionally, you can apply Group Policies to Windows Workspaces, which is a domain security task, though there are some limitations https://docs.aws.amazon.com/workspaces/latest/adminguide/group_policy.html

junehc

I will go for A based on this "RADIUS MFA is applicable only to authenticate access to the AWS Management Console, or to Amazon Enterprise applications and services such as WorkSpaces, Amazon QuickSight, or Amazon Chime. It does not provide MFA to Windows workloads running on EC2 instances, or for signing into an EC2 instance" https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_mfa.html

Win007

A is correct

trungtdOption: A

Technically, you can use AWS Workspace for domain security configuration tasks. So A is correct

9f02c8d

A is right answer

9f02c8d

A is right answer as the Amazon WorkSpaces provides a managed desktop-as-a-service solution that allows you to access a Windows desktop environment in the AWS Cloud

paderni

A. Amazon WorkSpaces is more secure and managed,

markovr6

You can managed AD Admin tasks from Workspace. The requirement is to use AWS Managed Services where possible. So answer is A - nothing you can manage AD wise on EC2 that you can't do on the Windows Workspace

titi_rOption: A

A - correct.

DgixOption: A

Because managed services.

career360guruOption: B

Option B. Workspace Windows servers can not be used for Domain Security tasks.

Jay_2pt0_1

It can't be an EC2. It says to use AWS services. I'm even torn on wether or not we should use simple AD

rodygogan

Indeed, EC2 is an AWS service - I guess you meant it isn't aws managed.