ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 461 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 461
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.
The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?

  • A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees' IP addresses.
  • B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
  • C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
  • D. Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Hizumi at Aug. 20, 2021, 12:24 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hizumi
Highly Voted 3 years, 8 months ago
Answer should be (B), since the Windows file server is on-premise and we need something to replicate the data to the cloud, the only option we have is AWS FSx for Windows File Server. Also, since the information is confidential and sensitive, we also want to make sure that the appropriate users have access to it in a secure manner. https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html
upvoted 49 times
...
10minute
Highly Voted 3 years, 7 months ago
B) CORRECT -> Amazon FSx for Win File Server All other solutions don't support Active Directory A) files are on-premise C) Signed URL are part of the CloudFront, pre-Signed URLs are part of S3 D) I really dont think S3 is solution in this example
upvoted 20 times
...
Jobair
Most Recent 2 years, 7 months ago
Selected Answer: C
I feel s3 is the better option here. You can store files in the S3 bucket. In the question, they did not mention using Active Directory or any protocol they want to use e.g. SMB or NFS. So, it's not necessary to use FSx for Windows
upvoted 1 times
...
jopeg
2 years, 9 months ago
Selected Answer: B
I vote for B
upvoted 1 times
...
miles3719
2 years, 9 months ago
Selected Answer: B
B it is
upvoted 1 times
...
nVizzz
2 years, 10 months ago
Selected Answer: B
Vote for B
upvoted 2 times
...
queen101
2 years, 10 months ago
BBBBBBBBBBBBBBBBBBBB
upvoted 1 times
...
marklovesaws143
2 years, 10 months ago
Selected Answer: B
BBBBBBBBBBBBBBBBB
upvoted 1 times
...
slcheng
2 years, 11 months ago
Selected Answer: C
By default, all S3 objects are private. Only the object owner has permission to access them. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects. When you create a presigned URL for your object, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (GET to download the object), and an expiration date and time. The presigned URLs are valid only for the specified duration. If you created a presigned URL using a temporary token, then the URL expires when the token expires, even if the URL was created with a later expiration time.
upvoted 2 times
naveenagurjara
2 years, 11 months ago
S3 is not a File system storage.. here we need a file system and not object storage.. so B ..
upvoted 5 times
...
th3cookie
2 years, 10 months ago
Also, a signed URL is not secure when you can just give it to anyone. A requirement was that it is guarantee'd that no one else who shouldn't have access, has access. So it's B
upvoted 1 times
...
...
slcheng
2 years, 11 months ago
Agreed with B
upvoted 1 times
...
Ashu_0007
3 years ago
Selected Answer: B
Windows file server + AD => FSx
upvoted 2 times
...
Imaculate7
3 years, 2 months ago
If B is correct, how does it get downloaded securely?
upvoted 2 times
mrsh
2 years, 10 months ago
from client VPN
upvoted 1 times
...
...
pandasmarted
3 years, 3 months ago
Selected Answer: B
Win File = FSx
upvoted 4 times
...
awsnoobster
3 years, 3 months ago
B for me ue to VPN access for confidential info
upvoted 2 times
...
KeshavaMugulur
3 years, 4 months ago
Selected Answer: C
Since there is --- data must be safely downloaded to the workers' devices. So it should be C
upvoted 1 times
...
HazimSalim
3 years, 4 months ago
Answer : B
upvoted 1 times
...
yassora
3 years, 4 months ago
Answer Is B ,
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel