Logo
AWS Certified Solutions Architect - Professional / Question #855 of 529

Question #855

A company is deploying a secure application on AWS that requires integration with an Active Directory domain. The application's backend runs on multiple Windows EC2 instances, which must be domain-joined. The company mandates enhanced security measures, including multi-factor authentication (MFA), and prefers using managed AWS services. The deployment process also requires configuring the application servers using domain-aware administrative tools.

Which solution meets these requirements?

A

Create an AWS Directory Service for Microsoft Active Directory implementation. Launch an Amazon Workspace. Deploy and configure the application via the Workspace using domain-integrated tools.
B

Create an AWS Directory Service for Microsoft Active Directory implementation. Launch an EC2 instance. Deploy and configure the application via the EC2 instance using domain-integrated tools.
C

Create an AWS Directory Service Simple AD implementation. Launch an EC2 instance. Deploy and configure the application via the EC2 instance using domain-integrated tools.
D

Create an AWS Directory Service Simple AD implementation. Launch an Amazon Workspace. Deploy and configure the application via the Workspace using domain-integrated tools.

Explanation

Option B is correct because:
1. AWS Directory Service for Microsoft AD is a managed service that supports full Active Directory features, including MFA integration, meeting security requirements.
2. EC2 instances can be domain-joined to this directory, enabling the use of domain-aware administrative tools for application configuration.
3. Simple AD (Options C/D) lacks MFA support and full AD compatibility, making it unsuitable.
4. Amazon Workspaces (Options A/D) are virtual desktops intended for end-users, not server configuration tasks, making EC2 more appropriate.

Key Points:
- Use AWS Managed Microsoft AD for full AD features and MFA.
- EC2 instances are optimal for deploying/configuring domain-joined application servers.
- Avoid Simple AD and Workspaces when advanced AD features or server management is required.

Answer

The correct answer is: B