AWS Certified Security – Specialty — Question 112

A company uses Microsoft Active Directory for access management for on-premises resources, and wants to use the same mechanism for accessing its AWS accounts. Additionally, the Development team plans to launch a public-facing application for which they need a separate authentication solution.
Which combination of the following would satisfy these requirements? (Choose two.)

Answer options

• A. Set up domain controllers on Amazon EC2 to extend the on-premises directory to AWS.
• B. Establish network connectivity between on-premises and the user's VPC.
• C. Use Amazon Cognito user pools for application authentication.
• D. Use AD Connector for application authentication.
• E. Set up federated sign-in to AWS through ADFS and SAML.

Correct answer: C, E

Explanation

The correct answers are C and E. Amazon Cognito user pools provide a robust solution for application authentication, particularly for public-facing applications. Meanwhile, federated sign-in through ADFS and SAML allows for seamless integration with Active Directory, aligning with the company's desire to use the existing on-premises authentication mechanism. Options A, B, and D do not directly address the need for public application authentication or do not fit the requirement for AWS account access management.