Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 260 discussion

A company’s compliance team needs to move its file shares to AWS. The shares run on a Windows Server SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.

The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windows File Server file system.

Which solution will meet these requirements?

  • A. Create an Active Directory Connector to connect to the Active Directory. Map the Active Directory groups to IAM groups to restrict access.
  • B. Assign a tag with a Restrict tag key and a Compliance tag value. Map the Active Directory groups to IAM groups to restrict access.
  • C. Create an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict access.
  • D. Join the file system to the Active Directory to restrict access.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
mhmt4438
Highly Voted 1 year, 10 months ago
Selected Answer: D
D. Join the file system to the Active Directory to restrict access. Joining the FSx for Windows File Server file system to the on-premises Active Directory will allow the company to use the existing Active Directory groups to restrict access to the file shares, folders, and files after the move to AWS. This option allows the company to continue using their existing access controls and management structure, making the transition to AWS more seamless.
upvoted 21 times
...
cookieMr
Highly Voted 1 year, 4 months ago
Selected Answer: D
D. allows the file system to leverage the existing AD infrastructure for authentication and access control. Option A is incorrect because mapping the AD groups to IAM groups is not applicable in this scenario. IAM is primarily used for managing access to AWS resources, while the requirement is to integrate with the on-premises AD for access control. Option B is incorrect because assigning a tag with a Restrict tag key and a Compliance tag value does not provide the necessary integration with the on-premises AD for access control. Tags are used for organizing and categorizing resources and do not provide authentication or access control mechanisms. Option C is incorrect because creating an IAM service-linked role linked directly to FSx for Windows File Server does not integrate with the on-premises AD. IAM roles are used within AWS for managing permissions and do not provide the necessary integration with external AD systems.
upvoted 7 times
...
Lin878
Most Recent 5 months, 2 weeks ago
Selected Answer: D
When you create a file system with Amazon FSx, you join it to your Active Directory domain to provide user authentication and file- and folder-level access control.
upvoted 4 times
...
bujuman
9 months ago
Selected Answer: D
D is relevent and accurate answer when we consider this: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/creating-joined-ad-file-systems.html "When you create a new FSx for Windows File Server file system, you can configure Microsoft Active Directory integration so that it joins to your self-managed Microsoft Active Directory domain. To do this, provide the following information for your Microsoft Active Directory"
upvoted 3 times
...
awsgeek75
10 months, 1 week ago
Selected Answer: A
The on-premise AD already has restrictions via group in place so D makes no sense as the groups are already linked to file system. "The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS." The question is about linking the on-prem permissions to the new FSx server on AWS and this can only be done by A
upvoted 1 times
awsgeek75
10 months, 1 week ago
Actually neither A nor D make sense. "A self-managed on-premises Active Directory controls access to the files and folders." This makes D sound useless and at the same time does not allow the on-prem AD to control file access on FSx. A uses IAM roles which is irrelevant to this setup. BC are totally wrong
upvoted 1 times
...
...
meowruki
11 months, 3 weeks ago
Selected Answer: D
Option A: Creating an Active Directory Connector and mapping groups to IAM groups is more relevant for AWS Directory Service, such as AWS Managed Microsoft AD, and not for integrating with existing on-premises Active Directory. Option B: Using tags is typically not used for access control purposes. Tags are metadata and are not directly involved in user authentication and authorization. Option C: Creating an IAM service-linked role directly linked to FSx for Windows File Server is not the standard approach for integrating with existing on-premises Active Directory.
upvoted 4 times
...
wrmari
1 year, 1 month ago
Selected Answer: D
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html
upvoted 3 times
...
Guru4Cloud
1 year, 2 months ago
Selected Answer: D
This allows the on-premises Active Directory to manage permissions to the FSx file shares, meeting the key requirement to use existing AD groups to control access after migrating to AWS. Joining FSx to the AD domain allows the native file system permissions, users, and groups to be applied from Active Directory. Access is handled seamlessly via the trust relationship between FSx and AD. The other options would not leverage the existing AD identities and groups
upvoted 3 times
Guru4Cloud
1 year, 2 months ago
The other options would not leverage the existing AD identities and groups: A) AD Connector and IAM groups would require re-mapping AD groups to IAM, adding complexity. Native AD integration is simpler. B) Tags and IAM groups also don't use native AD semantics. C) Service-linked roles are not applicable for managing end user access. So D is the correct option to meet the requirements using the native Active Directory integration built into FSx for Windows.
upvoted 3 times
...
...
mtmayer
1 year, 3 months ago
Selected Answer: A
The AD is on-premisses... Your need the connector.
upvoted 2 times
...
Mia2009687
1 year, 4 months ago
Selected Answer: D
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/aws-ad-integration-fsxW.html
upvoted 2 times
...
kraken21
1 year, 7 months ago
Selected Answer: D
Other options are referring to IAM based control which is not possible. Existing AD should be used without IAM.
upvoted 3 times
...
Abhineet9148232
1 year, 8 months ago
Selected Answer: D
https://aws.amazon.com/blogs/storage/using-amazon-fsx-for-windows-file-server-with-an-on-premises-active-directory/
upvoted 3 times
...
somsundar
1 year, 8 months ago
Answer D. Amazon FSx does not support Active Directory Connector .
upvoted 3 times
JA2018
1 day, 18 hours ago
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/aws-ad-integration-fsxW.html
upvoted 1 times
...
...
Abhineet9148232
1 year, 8 months ago
Selected Answer: D
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html
upvoted 4 times
...
Yelizaveta
1 year, 9 months ago
Selected Answer: D
Note: Amazon FSx does not support Active Directory Connector and Simple Active Directory. https://docs.aws.amazon.com/fsx/latest/WindowsGuide/aws-ad-integration-fsxW.html
upvoted 4 times
...
aakashkumar1999
1 year, 9 months ago
Selected Answer: A
The answer will be AD connector so : A, it will create a proxy between your onpremises AD which you can use to restrict access
upvoted 2 times
JA2018
1 day, 18 hours ago
from: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/aws-ad-integration-fsxW.html Amazon FSx does not support Active Directory Connector and Simple Active Directory.
upvoted 1 times
...
...
Stanislav4907
1 year, 9 months ago
Selected Answer: D
Option D: Join the file system to the Active Directory to restrict access. Joining the FSx for Windows File Server file system to the on-premises Active Directory allows the company to use the existing Active Directory groups to restrict access to the file shares, folders, and files after the move to AWS. By joining the file system to the Active Directory, the company can maintain the same access control as before the move, ensuring that the compliance team can maintain compliance with the relevant regulations and standards. Options A and B involve creating an Active Directory Connector or assigning a tag to map the Active Directory groups to IAM groups, but these options do not allow for the use of the existing Active Directory groups to restrict access to the file shares in AWS. Option C involves creating an IAM service-linked role linked directly to FSx for Windows File Server to restrict access, but this option does not take advantage of the existing on-premises Active Directory and its access control.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...