nerdexam
ExamsSAP-C02Questions#591
AmazonAmazon

SAP-C02 · Question #591

SAP-C02 Question #591: Real Exam Question with Answer & Explanation

The correct answer is A: Create an AWS Directory Service for Microsoft Active Directory implementation. Launch an. The company needs a managed Active Directory for Windows EC2 instances, and MFA for user access, prioritizing managed AWS services.

Submitted by brentm· Mar 6, 2026Design for New Solutions

Question

A company is rearchitecting its applications to run on AWS. The company's infrastructure includes multiple Amazon EC2 instances. The company's development team needs different levels of access. The company wants to implement a policy that requires all Windows EC2 instances to be joined to an Active Directory domain on AWS. The company also wants to implement enhanced security processes such as multi-factor authentication (MFA). The company wants to use managed AWS services wherever possible. Which solution will meet these requirements?

Options

  • ACreate an AWS Directory Service for Microsoft Active Directory implementation. Launch an
  • BCreate an AWS Directory Service for Microsoft Active Directory implementation. Launch an EC2
  • CCreate an AWS Directory Service Simple AD implementation. Launch an EC2 instance. Connect
  • DCreate an AWS Directory Service Simple AD implementation. Launch an Amazon Workspace.

Explanation

The company needs a managed Active Directory for Windows EC2 instances, and MFA for user access, prioritizing managed AWS services.

Common mistakes.

  • B. Manually configuring domain join is less efficient than automatic configuration, and relying on a third-party identity provider for MFA is less aligned with using managed AWS services where possible compared to AWS SSO.
  • C. AWS Directory Service Simple AD is not a full-featured Microsoft Active Directory and might not meet advanced domain requirements, while manually joining instances and using an on-premises RADIUS server deviates from a fully managed AWS solution.
  • D. Using AWS Directory Service Simple AD might be insufficient for the specified Active Directory requirements, and Amazon WorkSpaces are virtual desktops, not the primary mechanism for joining EC2 instances to a domain.

Concept tested. AWS Directory Service, MFA, EC2 domain join, managed services

Reference. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftad_overview.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SAP-C02 PracticeBrowse All SAP-C02 Questions