ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 169 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 169
Topic #: 1
[All AWS Certified Database - Specialty Questions]

A company has an on-premises SQL Server database. The users access the database using Active Directory authentication. The company successfully migrated its database to Amazon RDS for SQL Server. However, the company is concerned about user authentication in the AWS Cloud environment.
Which solution should a database specialist provide for the user to authenticate?

  • A. Deploy Active Directory Federation Services (AD FS) on premises and configure it with an on-premises Active Directory. Set up delegation between the on- premises AD FS and AWS Security Token Service (AWS STS) to map user identities to a role using theAmazonRDSDirectoryServiceAccess managed IAM policy.
  • B. Establish a forest trust between the on-premises Active Directory and AWS Directory Service for Microsoft Active Directory. Use AWS SSO to configure an Active Directory user delegated to access the databases in RDS for SQL Server.
  • C. Use Active Directory Connector to redirect directory requests to the company's on-premises Active Directory without caching any information in the cloud. Use the RDS master user credentials to connect to the DB instance and configure SQL Server logins and users from the Active Directory users and groups.
  • D. Establish a forest trust between the on-premises Active Directory and AWS Directory Service for Microsoft Active Directory. Ensure RDS for SQL Server is using mixed mode authentication. Use the RDS master user credentials to connect to the DB instance and configure SQL Server logins and users from the Active Directory users and groups.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by leunamE at Nov. 9, 2021, 11:56 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rlnd2000
Highly Voted 3 years ago
Selected Answer: D
D => You need to use sql authentication with master user credential for configuring SQL Server logins and users from the Active Directory users and groups, so for me mixed mode authentication is a MUST, I go with D. from: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html ... 6. Use the Amazon RDS master user credentials to connect to the SQL Server DB instance as you do any other DB instance. Because the DB instance is joined to the AWS Managed Microsoft AD domain, you can provision SQL Server logins and users from the Active Directory users and groups in their domain. (These are known as SQL Server "Windows" logins.) Database permissions are managed through standard SQL Server permissions granted and revoked to these Windows logins. ...
upvoted 6 times
...
toppic26
Highly Voted 3 years, 6 months ago
Answer is not D. Mixed mode is for both AD and Sql users. Question doesnt require that. Answer is B
upvoted 5 times
palanikumar_n
3 years, 6 months ago
did you take the exam recently . how many question came from the dump
upvoted 1 times
...
johnconnor
3 years, 6 months ago
I think you are right, I vote for B
upvoted 2 times
grekh001
3 years, 6 months ago
"Amazon RDS uses mixed mode for Windows Authentication" https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html The correct answer is D
upvoted 4 times
...
...
...
Pranava_GCP
Most Recent 1 year, 9 months ago
Selected Answer: B
B. Establish a forest trust between the on-premises Active Directory and AWS Directory Service for Microsoft Active Directory. Use AWS SSO to configure an Active Directory user delegated to access the databases in RDS for SQL Server. https://aws.amazon.com/what-is/sso/#:~:text=Single%20sign%2Don%20(SSO),with%20one%2Dtime%20user%20authentication.
upvoted 1 times
...
lollyj
2 years, 5 months ago
Selected Answer: B
B is my answer. I don't understand why others select D. I will continue reading reasons why
upvoted 1 times
...
awsjjj
2 years, 7 months ago
Selected Answer: D
Answer is D. you have to login to the instance to map the aws directory with sql server logins
upvoted 5 times
awsjjj
2 years, 7 months ago
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html Use the Amazon RDS master user credentials to connect to the SQL Server DB instance as you do any other DB instance. Because the DB instance is joined to the AWS Managed Microsoft AD domain, you can provision SQL Server logins and users from the Active Directory users and groups in their domain. (These are known as SQL Server "Windows" logins.) Database permissions are managed through standard SQL Server permissions granted and revoked to these Windows logins.
upvoted 5 times
Mintwater
2 years, 2 months ago
Amazon RDS uses mixed mode for Windows Authentication. This approach means that the master user (the name and password used to create your SQL Server DB instance) uses SQL Authentication. Because the master user account is a privileged credential, you should restrict access to this account. To get Windows Authentication using an on-premises or self-hosted Microsoft Active Directory, create a forest trust. The trust can be one-way or two-way. For more information on setting up forest trusts using AWS Directory Service, see When to create a trust relationship in the AWS Directory Service Administration Guide.
upvoted 1 times
...
...
...
Omijh
2 years, 11 months ago
Selected Answer: B
The link reference clearly shows after the forest trust you can either connect with sso or access link. The option D has multiple problem 1. connect using master creds [not required & unwanted] 2. Mixed mode will allow both the AD and the regular connection which the client didn't want in the first place.
upvoted 2 times
...
sachin
2 years, 11 months ago
D is correct
upvoted 1 times
...
novice_expert
3 years, 1 month ago
Selected Answer: B
D uses master user access
upvoted 1 times
...
Rama_aws
3 years, 2 months ago
Selected Answer: D
The correct answer is D
upvoted 1 times
...
RotterDam
3 years, 3 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
tugboat
3 years, 3 months ago
Selected Answer: D
Per - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html Amazon RDS uses mixed mode for Windows Authentication. This approach means that the master user (the name and password used to create your SQL Server DB instance) uses SQL Authentication. Because the master user account is a privileged credential, you should restrict access to this account. To get Windows Authentication using an on-premises or self-hosted Microsoft Active Directory, create a forest trust.
upvoted 3 times
...
nood
3 years, 6 months ago
D for me https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html
upvoted 2 times
...
Justu
3 years, 6 months ago
Nope, Right answer is D: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html Read it and understand.
upvoted 2 times
...
leunamE
3 years, 7 months ago
Answer is D. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel