Home › Forums › AWS › AWS Certified Security – Specialty › Active Directory Trust › Reply To: Active Directory Trust
-
Hi Again Jon,
I’ve thought about how you might adress this and I can present two options.
This is the wording of the two answers (relating to trust and which are mutually exclusive)as they stand now :
Answer 1 “Set up a one-way incoming trust relationship in the new Active Directory in AWS and a one-way outgoing trust in the existing on-premises Active Directory.”
Answer 2 “Set up a one-way incoming trust in the existing on-premises Active Directory and a one-way outgoing trust in the new Active Directory in AWS.”
The first option is to simply change the correct answer from 2 (above) to 1 (above).
The second option is to change both answers 1 and 2 to the following (This approach explicitly clarifies the direction and scope of the trust relationship, making it clear which Active Directory trusts the other and what access is permitted.)
Answer 1 “Set up a one-way trust where the new Active Directory in AWS trusts the existing on-premises Active Directory. This means that users from the on-premises Active Directory can access AWS resources, but AWS-based users cannot access on-premises systems.”
Answer 2 “Set up a one-way trust where the on-premises Active Directory trusts the new Active Directory in AWS. This means that users from the AWS-based Active Directory can access on-premises resources, but on-premises users cannot access AWS systems.”
In these rephrased questions, answer 1 is correct.
I hope this helps.
Peter.