ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 1001 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 1001
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company's solutions architect needs to provide secure Remote Desktop connectivity to users for Amazon EC2 Windows instances that are hosted in a VPC. The solution must integrate centralized user management with the company's on-premises Active Directory. Connectivity to the VPC is through the internet. The company has hardware that can be used to establish an AWS Site-to-Site VPN connection.

Which solution will meet these requirements MOST cost-effectively?

  • A. Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy an EC2 instance as a bastion host in the VPC. Ensure that the EC2 instance is joined to the domain. Use the bastion host to access the target instances through RDP.
  • B. Configure AWS Single Sign-On to integrate with the on-premises Active Directory by using the AWS Directory Service for Microsoft Active Directory AD Connector. Configure permission sets against user groups for access to AWS Systems Manager. Use Systems Manager Fleet Manager to access the target instances through RDP.
  • C. Implement a VPN between the on-premises environment and the target VPEnsure that the target instances are joined to the on-premises Active Directory domain over the VPN connection. Configure RDP access through the VPN. Connect from the company's network to the target instances.
  • D. Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy a Remote Desktop Gateway on AWS by using an AWS Quick Start. Ensure that the Remote Desktop Gateway is joined to the domain. Use the Remote Desktop Gateway to access the target instances through RDP.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Heer at Nov. 21, 2022, 11:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ggrodskiy
1 year, 9 months ago
Correct B.
upvoted 4 times
...
Jesuisleon
1 year, 10 months ago
For those choose C, would you please explain how you fulfill "Ensure that the target instances are joined to the on-premises Active Directory domain over the VPN connection" ? How instance in VPC can join on-premise AD domain ?
upvoted 1 times
Miquella_The_Rizzler
4 months ago
You can definitely do this, AD when broken down are just server-client communication, you can join any Window instance in a domain if it is reachable
upvoted 1 times
...
...
Sudeepshiv
1 year, 10 months ago
Selected Answer: B
Rdp - SSM + Fleet mgr
upvoted 4 times
...
Jesuisleon
1 year, 11 months ago
Selected Answer: B
I prefer B as "he solution must integrate centralized user management with the company's on-premises Active Directory", didn't see how ec2 instance joins to the on-premises Active Directory domain using on-premises active directory in C. Microsoft Active Directory AD Connector is the keyword to use the on-premises Active Directory of the company.
upvoted 4 times
...
dev112233xx
1 year, 12 months ago
Selected Answer: C
C is correct - RDP through VPN is indeed the cheapest
upvoted 1 times
...
zozza2023
2 years, 3 months ago
Selected Answer: C
The most cost-effective solution to provide secure Remote Desktop connectivity to users for Amazon EC2 Windows instances that are hosted in a VPC, while integrating centralized user management with the company's on-premises Active Directory, would be to use AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) and an AWS Site-to-Site VPN connection. This solution would allow the company to establish a secure, private connection between their on-premises Active Directory and the VPC, and provide centralized user management for the EC2 instances. This solution would also be more cost-effective than using other solutions such as setting up a separate Active Directory domain in the VPC.
upvoted 4 times
...
pixepe
2 years, 5 months ago
the competition is between B & C. IMO, C is best solution, however question is asking cost effective solution which leans me towards B. B's +ve points: SSO is free, System manager Fleet manager is free, AD connector is priced $0.05 / hour for small size, and $0.15 for larger size - https://aws.amazon.com/directoryservice/other-directories-pricing/ Note - I don't think VPN is mandatory as here is reference without VPN using AD connector https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/ Now for C: $0.05 per Site-to-Site VPN connection per hour - https://aws.amazon.com/vpn/pricing/ $0.12 for standard edition ($0.40 for enterprise edition) May be they have used VPN as distractor, Anyways, I think answer should be B
upvoted 2 times
marians86
1 year, 5 months ago
Why you don't think VPN is mandatory? in the link you posted says: "there must be a VPN or Direct Connect circuit in place between your VPC and your on-premises environment."
upvoted 1 times
...
...
Heer
2 years, 5 months ago
The RDP client, Remote Desktop Connection, connects to an HSPH computer through the VPN tunnel. The right ans is C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago