ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 831 discussion

Exam question from Amazon's AWS-SysOps
Question #: 831
Topic #: 1
[All AWS-SysOps Questions]

Each SysOps Administrator at a company has a unique IAM user account. Each user is a member of the SysOps IAM group that has an IAM policy applied. A recent change to the IT security policy states that employees must now use their on-premises Active Directory user accounts to access the AWS Management
Console.
Which solution should be used to satisfy these requirements?

  • A. Configure the on-premises Active Directory to use AWS Direct Connect.
  • B. Enable an Active Directory federation in an Amazon Route 53 private zone.
  • C. Implement a VPN tunnel and configure an Active Directory connector.
  • D. Implement multi-factor authentication for IAM and Active Directory.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kung07 at May 10, 2020, 8:44 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kung07
Highly Voted 2 years, 9 months ago
C Refer to https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html The provided reference https://docs.aws.amazon.com/directoryservice/latest/admin-guide/usecase5.html points to AWS Managed Microsoft AD, which indeed can help also, but it is not mentioned in Option A. Indeed you need a connection to on-premises, either via Direct Connect or VPN (or both), but that alone will not be a solution.
upvoted 27 times
...
albert_kuo
Most Recent 11 months, 2 weeks ago
Selected Answer: C
To satisfy the requirement of using on-premises Active Directory user accounts to access the AWS Management Console, a VPN tunnel should be established between the on-premises network and the Amazon VPC where the AWS Management Console resources are located. Additionally, an Active Directory connector should be configured to enable Single Sign-On (SSO) with AWS.
upvoted 1 times
...
gulu73
1 year, 5 months ago
Selected Answer: C
C is the answer
upvoted 2 times
...
kk555
2 years, 6 months ago
Answer is C
upvoted 1 times
...
arvsrv
2 years, 8 months ago
C seems to be correct
upvoted 1 times
...
abhishek_m_86
2 years, 9 months ago
Answer C. VPN tunnel needed to connect and the AD connector needed to connect IAM to AD.
upvoted 1 times
...
jackdryan
2 years, 9 months ago
I'll go with C
upvoted 1 times
...
vob
2 years, 9 months ago
Not A. Direct Connect is a networking service to connect on-prem to AWS. It is needed but not enough. Not B. Route 53 DNS service does not have any AD federation capability (and why would it!) Not D. MFA is a good thing but not relevant to the requirements of the question. Answer C. VPN tunnel needed to connect and the AD connector needed to connect IAM to AD.
upvoted 4 times
...
Pirulou
2 years, 9 months ago
Ans C.
upvoted 2 times
...
gretch
2 years, 9 months ago
C https://aws.amazon.com/premiumsupport/knowledge-center/enable-active-directory-console-access/
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel