Home › Forums › AWS › AWS Certified Security – Specialty › Active Directory Trust › Reply To: Active Directory Trust
-
<div>I am very dissapointed that this question has still not been addressed satisfactorily. The addition of the trust diagram and the nature of direction of trust does not provide a good reason not for tutorialsdojo to neglect tidying up the wording of the answers.</div>
The answer “Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.”, that is marked as being correct is not correct. Either the answers should be updated to reflect this, or the wording should be clarified.
Option 4 is incorrect becaue setting up a one-way incoming trust in the existing on-premises Active Directory (AD) means that the on-premises AD will trust the AWS AD for authentication, allowing users authenticated by AWS AD to access on-premises resources. This setup violates the requirement to prevent cloud-based users from accessing on-premises systems. The correct configuration is to set up a one-way incoming trust in the new Active Directory in AWS and a one-way outgoing trust in the existing on-premises AD. This ensures that only on-premises authenticated users can access AWS resources, maintaining the separation and security required by the organization’s policy.
Please put the A team onto this.