A financial institution has the following security requirements:
• Cloud-based users must be contained in a separate authentication domain.
• Cloud-based users cannot access on-premises systems.
As part of standing up a cloud environment, the financial institution is creating a number of Amazon managed databases and Amazon EC2 instances. An Active Directory service exists on-premises that has all the administrator accounts, and these must be able to access the databases and instances.
How would the organization manage its resources in the MOST secure manner? (Choose two.)
A . Configure an AWS Managed Microsoft AD to manage the cloud resources.
B . Configure an additional on-premises Active Directory service to manage the cloud resources.
C . Establish a one-way trust relationship from the existing Active Directory to the new Active Directory service.
D . Establish a one-way trust relationship from the new Active Directory to the existing Active Directory service.
E . Establish a two-way trust between the new and existing Active Directory services.
Answer: A,E
Explanation:
Deploy a new forest/domain on AWS with one-way trust. If you are planning on leveraging credentials from an on-premises AD on AWS member servers, you must establish at least a one-way trust to the Active Directory running on AWS. In this model, the AWS domain becomes the resource domain where computer objects are located and on-premises domain becomes the account domain.
Ref: https://d1.awsstatic.com/whitepapers/adds-on-aws.pdf
Leave a Reply