Home › Forums › AWS › AWS Certified Solutions Architect Associate › Incorrect question & answer › Reply To: Incorrect question & answer
-
Hello Privat33r,
Thank you for posting here. Let me explain the difference between options 3 and 4.
Option 3 establishes a one-way trust where the AWS Managed Microsoft AD (cloud) trusts the on-premises Active Directory. This configuration allows users from the on-premises AD to access AWS resources like RDS and EC2 instances while ensuring that cloud-based users cannot access on-premises systems. This meets the organization’s security policy, which requires isolating cloud-based users from accessing on-premises systems while allowing on-premises admin accounts to manage cloud resources.
In contrast, Option 4 establishes a one-way trust in the opposite direction, where the on-premises AD trusts the AWS AD. This would allow cloud-based users to access on-premises systems, which violates the organization’s requirement to prevent cloud-based users from accessing on-premises environments.
Option 3 is correct because it ensures that only on-premises users can access cloud resources, which aligns with the security policy. Option 4 would break this isolation by allowing cloud-based users to access on-premises systems, making it an unsuitable choice for this scenario.
If you have any further concerns, please don’t hesitate to contact us.
Regards,
Nikee @ Tutorials Dojo