AWS Certified Database – Specialty — Question 66

A company's Security department established new requirements that state internal users must connect to an existing Amazon RDS for SQL Server DB instance using their corporate Active Directory (AD) credentials. A Database Specialist must make the modifications needed to fulfill this requirement.
Which combination of actions should the Database Specialist take? (Choose three.)

Answer options

• A. Disable Transparent Data Encryption (TDE) on the RDS SQL Server DB instance.
• B. Modify the RDS SQL Server DB instance to use the directory for Windows authentication. Create appropriate new logins.
• C. Use the AWS Management Console to create an AWS Managed Microsoft AD. Create a trust relationship with the corporate AD.
• D. Stop the RDS SQL Server DB instance, modify it to use the directory for Windows authentication, and start it again. Create appropriate new logins.
• E. Use the AWS Management Console to create an AD Connector. Create a trust relationship with the corporate AD.
• F. Configure the AWS Managed Microsoft AD domain controller Security Group.

Correct answer: B, C, F

Explanation

The correct actions involve modifying the RDS instance for Windows authentication (B), creating an AWS Managed Microsoft AD and establishing trust with the corporate AD (C), and configuring the security group for the domain controller (F). Disabling TDE (A) and stopping the RDS instance (D) are not required for this authentication method, while using an AD Connector (E) is not necessary if using AWS Managed Microsoft AD.