AWS Certified Solutions Architect – Associate (SAA-C02) — Question 432

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.
The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?

Answer options

• A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees' IP addresses.
• B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
• C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
• D. Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS Single Sign-On.

Correct answer: B

Explanation

Amazon FSx for Windows File Server provides a fully managed, highly reliable, and scalable share that integrates natively with an on-premises Active Directory, preserving existing access controls. Using AWS Client VPN ensures that remote employees can securely access the FSx file system over an encrypted connection. Other options either expose the server to the public internet (Option A) or fail to provide a seamless, secure Windows-compatible file share migration path (Options C and D).