A company needs to deploy virtual desktops to its customers in a virtual private cloud, leveraging existing
security controls. Which set of AWS services and features will meet the company’s requirements?
A.
Virtual Private Network connection. AWS Directory Services, and ClassicLink
B.
Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces
C.
AWS Directory Service, Amazon Workspaces, and AWS Identity and Access Management
D.
Amazon Elastic Compute Cloud, and AWS Identity and Access Management
b
Answer is C.
https://aws.amazon.com/directoryservice/faqs/
AWS Directory Service enables your end users to use their existing corporate credentials when accessing AWS applications, such as Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail, as well as directory-aware Microsoft workloads, including SharePoint, custom .NET and SQL Server-based applications.
Finally, you can use your existing corporate credentials to administer AWS resources via AWS Identity and Access Management (IAM) role-based access to the AWS Management Console, so you do not need to build out more identity federation infrastructure.
I am certain, you would need VPN connection to achieve this.
B
B and C are close. But when you launch workspace, you can specify the VPC to launch the desktops into. With AWS-AD, you can federation SSO with existing usings. You don’t really need to use IAM to create access for each users. For me the critical point is VPC, because you can create your own custom VPC and lauch the workspace desktops into them.
VPN or Direct connect must require for AD service. So B could be the answer here.
correct.
Virtual Private Network connection is not AWS services and features
perfect
I choose C
will go with C as VPN i snot aws service
B
Amazon WorkSpaces provides you with the choice of creating a standalone, managed directory for users who will use WorkSpaces, or you can integrate with your existing Active Directory environment so that your users can use their current credentials to obtain seamless access to corporate resources. This integration works via a secure hardware VPN connection to your on-premises network using Amazon Virtual Private Cloud (VPC) or with AWS Direct Connect. You can manage your Amazon WorkSpaces with the existing tools you are using for your on-premises desktops to maintain full administrative control.
Ans: B
Source: https://aws.amazon.com/directoryservice/faqs/
Q: How do I create an AD Connector to connect to my on-premises directory?
You can use the AWS Management Console to create an AD Connector to connect your existing, on-premises Microsoft Active Directory to AWS. You will need to configure an Amazon Virtual Private Cloud (VPC) with a hardware VPN connection to your on-premises environment, or provision a dedicated connection with AWS Direct Connect. Once you’ve set up this integration, you will need to provide some basic information such as the name of your on-premises Microsoft Active Directory, DNS servers to discover Microsoft Active Directory, and an account name and password that you’ve pre-created in your Microsoft Active Directory. This is a limited privilege account used by AD Connector to authenticate and connect to one of the domain controllers and proxy various authentication, domain join, and look-up requests.
B.. too clear
https://acloud.guru/course/aws-certified-solutions-architect-associate/learn/additional-exam-tips/88db164c-bc84-1810-7d52-c86166b6eed4/watch
B
To enable integration, you need to ensure that your domain is reachable via an Amazon Virtual Private Cloud VPC (this could mean that Active Directory domain controllers for your domain are running on Amazon EC2 instances, or that they are reachable via a VPN connection and are located in your on-premises network).
Answer B
You don’t need AWS Identity and Access Management, so the correct answer is B.
@vladam: B required VPN, and VPN is not an AWS’ service
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html
Although the term VPN connection is a general term, in the Amazon VPC documentation, a VPN connection refers to the connection between your VPC and your own network. AWS supports Internet Protocol security (IPsec) VPN connections.
B is the correct answer
D
an instance ID will be a “more random” prefix than HH-DD-MM-YYYY
Agree with B.
B, Virtual Private Network connection. AWS Directory Services, and Amazon Workspaces (WorkSpaces for Virtual desktops, and AWS Directory Services to authenticate to an existing on-premises AD through VPN)
B
http://docs.aws.amazon.com/workspaces/latest/adminguide/create_iam_user.html
Document says Workspace should provision with IAM. Even admin should be a IAM user. And I see you don’t need a VPN connection for this purpose. But you definitely need IAM. So I will go with option:
‘C’
Keyword here is “leveraging existing
security controls”
Answer is B : VPN is required.
Please refer
http://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html