Crucial Exams

AWS Certified Solutions Architect Professional SAP-C02 Practice Question

A financial-services company is beginning a migration of several Windows-based line-of-business applications from its on-premises data centers to AWS. All applications perform LDAP and Kerberos authentication against a single-forest, multi-domain Microsoft Active Directory (AD).

Requirements

  • Migrated workloads that run on Amazon EC2 and Amazon EKS in AWS must continue to authenticate existing on-premises users during the transition.
  • Within six months all user and computer accounts must be moved to a cloud-hosted directory so the on-premises domain controllers can be decommissioned.
  • The solution must minimize the operational effort of maintaining domain controllers in AWS, support Group Policy, and allow future multi-Region expansion.
  • Network latency between AWS and on-premises resources must be kept to a minimum.

Which approach meets these requirements MOST effectively?

  • Deploy AD Connector in the VPC to proxy authentication to the on-premises AD. After all workloads are migrated, disable the Site-to-Site VPN and shut down the on-premises domain controllers; AD Connector will continue to authenticate users natively in AWS.

  • Create an Amazon Cognito user pool federated with AD FS through SAML. Update the migrated applications to use OAuth or OIDC flows with Cognito. After cutover, import the users into the Cognito user pool and remove the federation.

  • Launch two Windows Server instances in separate Availability Zones, join them to the on-premises domain, promote them to additional domain controllers, seize all FSMO roles onto these EC2 instances, and then shut down the on-premises domain controllers.

  • Create an AWS Managed Microsoft AD Enterprise Edition directory in the target AWS Region. Establish a two-way forest trust to the on-premises AD. Point migrated workloads to the directory's DNS addresses. Use ADMT to migrate user and computer objects into AWS Managed Microsoft AD and then remove the trust and decommission the on-premises domain controllers.

AWS Certified Solutions Architect Professional SAP-C02
Accelerate Workload Migration and Modernization
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot