Home › Forums › AWS › AWS Certified Security – Specialty › Active Directory Trust › Reply To: Active Directory Trust
-
Hi Peter,
Jon Bonso here from Tutorials Dojo here. First of all, I would like to thank you for sharing your detailed thoughts, especially your correction, on the ambiguous parts of our content.
We acknowledge that this particular item can be further improved. I am actually the one who answered this question way back in 2020, and I apologize if my team and I failed to update this particular item more comprehensively than we should.
My associate, @JR-TutorialsDojo , and I will further update this to properly reflect the correct solution that’s properly supported by the official Microsoft Azure documentation.
Our goal here is to have a correct option that simply says that we need a one-way trust relationship that allows requests from on-premises users to access the VPC resources, but not vice-versa.
Could you kindly share a better wording for the solution please? I honestly would want to hear from you so we can further improve our content.
Currently, the question and the list of options are shown below:
An organization is implementing a security policy in which their cloud-based users must be contained in a separate authentication domain and prevented from accessing on-premises systems. Their IT Operations team is launching and maintaining a number of Amazon RDS for SQL Server databases and EC2 instances. The organization also has an on-premises Active Directory service that contains the administrator accounts that must have access to the databases and EC2 instances.
How would the Security Engineer manage the AWS resources of the organization in the MOST secure manner? (Select TWO.)
✅ Using AWS Directory Service, set up an AWS Managed Microsoft AD to manage the RDS databases and EC2 instances.
❌ Set up and configure AWS Service Catalog to manage the RDS databases and EC2 instances.
❌ Set up a one-way incoming trust relationship in the new Active Directory in AWS and a one-way outgoing trust in the existing on-premises Active Directory.
❌ Set up a two-way trust relationship between the new Active Directory in AWS and the existing Active Directory service in the on-premises data center.
✅ Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.
I understand that the issue here is the wording for the last option that’s tagged as correct (if I am not mistaken)
Thank you in advance for sharing your expertise with this. Technical discussions like this truly help improve our content and remediate any ambiguous answers in our question bank.
Cheers,
Jon Bonso