AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 319

Your company has decided to use AWS WorkSpaces for its hosted desktop solution. Your company has an existing AD of about 57,000 users, and you want to minimize authentication traffic from AWS to your datacenter. Your company has a lot of personnel changes, and it is crucial that these changes are reflected reliably.
What two steps should you take? (Choose two.)

Answer options

• A. Deploy Hosted AD in AWS.
• B. Deploy an AD Connector in AWS.
• C. Create a DX connection between the datacenter and AWS.
• D. Create a VPN between the datacenter AWS.

Correct answer: A, C

Explanation

Deploying a Hosted AD (AWS Managed Microsoft AD) in AWS and configuring a trust relationship allows directory queries to be resolved locally in the cloud, significantly reducing authentication traffic back to the on-premises datacenter. To ensure this high volume of directory traffic and frequent updates are synchronized reliably and with consistent performance, an AWS Direct Connect (DX) connection is required instead of a standard VPN. AD Connector is incorrect because it proxies all authentication requests directly back to the on-premises domain controllers, which would increase datacenter traffic.