SAP-C02 Question #739: Real Exam Question with Answer & Explanation

Question

A software development company has multiple engineers who are working remotely. The company is running Active Directory Domain Services (AD DS) on an Amazon EC2 instance. The company's security policy states that all internal, nonpublic services that are deployed in a VPC must be accessible through a VPN. Multi-factor authentication (MFA) must be used for access to a VPN. What should a solutions architect do to meet these requirements?

Options

• ACreate an AWS Site-to-Site VPN connection. Configure integration between a VPN and AD DS.
• BCreate an AWS Client VPN endpoint. Create an AD Connector directory for integration with AD
• CCreate multiple AWS Site-to-Site VPN connections by using AWS VPN CloudHub. Configure
• DCreate an Amazon WorkLink endpoint. Configure integration between Amazon WorkLink and AD

Explanation

To enable remote engineers to securely access internal services in a VPC via VPN with MFA, the solution architect should deploy an AWS Client VPN integrated with Active Directory.

Common mistakes.

• A. An AWS Site-to-Site VPN connection is designed for connecting an on-premises network to a VPC, not for individual remote client access from engineers' devices.
• C. AWS VPN CloudHub is used for connecting multiple on-premises branch offices to a central AWS VPC, which is not suitable for individual remote user access.
• D. Amazon WorkLink provides secure access to internal websites and web applications for mobile devices, but it does not offer general VPN access to internal nonpublic services.

Concept tested. Client VPN with AD authentication and MFA

Reference. https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html

No community discussion yet for this question.