ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 44 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 44
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff.
What should the solutions architect recommend?

  • A. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.
  • B. Create another EC2 instance in the same subnet and reinstall Active Directory on it. Uninstall Active Directory.
  • C. Use AWS Directory Service to create an Active Directory connector. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance.
  • D. Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controller. Modify the EC2 instance's security group to deny public access to Active Directory.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
AWS Managed Microsoft AD -
AWS Directory Service lets you run Microsoft Active Directory (AD) as a managed service. AWS Directory Service for Microsoft Active Directory, also referred to as AWS Managed Microsoft AD, is powered by Windows Server 2012 R2. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers run in different Availability Zones in a region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you.
Reference:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html
by malefin280 at June 1, 2020, 9:12 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
frizzo
Highly Voted 3 years, 8 months ago
I thought this was 'A'. I think Active Directory connector is only for ON-PREM AD. The one they have exists in the cloud already.
upvoted 61 times
foreverlearner
3 years, 8 months ago
Correct. Reduce risk = remove AD from that EC2. Minimize admin = remove AD from any EC2 -> use AWS Directory Service
upvoted 29 times
PhilMultiCloud
3 years, 7 months ago
Thanks for this
upvoted 2 times
...
...
DK2
3 years, 8 months ago
I think A as well.
upvoted 4 times
...
Heyang
3 years, 7 months ago
AAAAAAAAAAAA
upvoted 4 times
...
...
AJ2003
Highly Voted 3 years, 8 months ago
I am with A
upvoted 8 times
...
VIHANARYA
Most Recent 2 years, 12 months ago
A is the best
upvoted 1 times
...
VIHANARYA
3 years ago
Selected Answer: A
A is the best
upvoted 1 times
...
janvandermerwer
3 years, 3 months ago
Selected Answer: A
Agree with A
upvoted 1 times
...
Vibes
3 years, 7 months ago
A is right
upvoted 2 times
...
mynk29
3 years, 7 months ago
Number of enterprise who will do that- ZERO. Sorry not related to question. ;)
upvoted 3 times
...
karthisena
3 years, 7 months ago
Explanation: Migrate AD to AWS Managed AD and keep the webserver alone.. Reduce risk = remove AD from that EC2. Minimize admin = remove AD from any EC2 -> use AWS Directory Service Active Directory connector is only for ON-PREM AD. The one they have exists in the cloud already.
upvoted 6 times
...
woke
3 years, 7 months ago
a. remove ad from the ec2 instance
upvoted 2 times
...
reliquary
3 years, 7 months ago
this came up in my exam taken 3 June 2021 i picked A
upvoted 6 times
...
Gupshup
3 years, 7 months ago
improve the security of the architecture --> uninstall AD on current EC2, and minimize the administrative demand on IT staff --> AWS Directory Service
upvoted 1 times
...
KK_uniq
3 years, 7 months ago
Very tough topic. But A for sure
upvoted 1 times
...
syu31svc
3 years, 7 months ago
Correct answer is A as AWS Directory Service can be used to create a managed Active Directory, and uninstall the current instance. Using managed service would also reduce the administrative demand on IT staff. Options B & D are wrong as they would increase the administrative demand on IT staff. Option C is wrong as it would not improve the security.
upvoted 3 times
...
mryala
3 years, 7 months ago
it's A
upvoted 1 times
...
Yogi
3 years, 7 months ago
If you are like me and didn't know that AWS Directory Svc = Microsoft Active Directory = AWS Managed Microsoft Active Directory. https://aws.amazon.com/directoryservice/
upvoted 8 times
...
Ankitrathi85
3 years, 7 months ago
A rigjt
upvoted 1 times
...
dave0808
3 years, 7 months ago
A took a long time to read, but A it is
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel