ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company operates a production VPC that contains an AWS Managed Microsoft AD directory. You must allow users from the on-premises Active Directory forest to log on to Amazon EC2 instances that are joined to the AWS directory, while ensuring that accounts created in AWS cannot authenticate to any on-premises resources. Which trust configuration best satisfies these requirements?
Create a one-way outgoing forest trust from AWS Managed Microsoft AD to the on-premises Active Directory.
Create a one-way incoming forest trust from AWS Managed Microsoft AD to the on-premises Active Directory.
Avoid trusts and use ADFS with SAML federation for cross-environment authentication instead.
Create a two-way transitive forest trust between AWS Managed Microsoft AD and the on-premises forest.
A one-way outgoing trust created from AWS Managed Microsoft AD to the on-premises forest makes the AWS directory the trusting domain and the on-premises forest the trusted domain. As a result, authentication requests for on-premises users are honored in AWS, permitting them to sign in to EC2 instances. Because the trust is one-way, credentials originating from the AWS directory are not accepted by the on-premises forest, so AWS accounts cannot access on-premises resources. A one-way incoming trust would reverse the direction, allowing AWS accounts into the on-premises forest, which violates the requirement. A two-way forest trust allows authentication in both directions and therefore also fails to meet the restriction. Replacing trusts with ADFS/SAML might enable single sign-on, but the question specifically asks for an Active Directory trust configuration, and SAML alone does not establish the required Kerberos-based logons for EC2-joined instances.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a one-way forest trust in Active Directory?
Open an interactive chat with Bash
Why is a one-way outgoing trust suitable for this configuration?
Open an interactive chat with Bash
What is Kerberos authentication, and why is it needed in this scenario?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .