AWS Certified Solutions Architect – Associate (SAA-C03) — Question 311

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees’ devices.

The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
.
Which solution will meet these requirements?

Answer options

• A. Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees’ IP addresses.
• B. Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
• C. Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
• D. Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS IAM Identity Center (AWS Single Sign-On).

Correct answer: B

Explanation

Amazon FSx for Windows File Server provides a fully managed share that natively integrates with on-premises Active Directory, preserving existing access controls for authorized users. Combining this with AWS Client VPN allows remote employees to securely connect to the AWS environment and download files over an encrypted connection. Other options either introduce security risks by placing servers in public subnets or fail to natively support Windows file share permissions and Active Directory integration as effectively as FSx.