AWS Certified Solutions Architect – Professional (SAP-C02) — Question 396
A company is creating a solution that can move 400 employees into a remote working environment in the event of an unexpected disaster. The user desktops have a mix of Windows and Linux operating systems. Multiple types of software, such as web browsers and mail clients, are installed on each desktop.
A solutions architect needs to implement a solution that can be integrated with the company’s on-premises Active Directory to allow employees to use their existing identity credentials. The solution must provide multifactor authentication (MFA) and must replicate the user experience from the existing desktops.
Which solution will meet these requirements?
Answer options
- A. Use Amazon WorkSpaces for the cloud desktop service. Set up a VPN connection to the on-premises network. Create an AD Connector, and connect to the on-premises Active Directory. Activate MFA for Amazon WorkSpaces by using the AWS Management Console.
- B. Use Amazon AppStream 2.0 as an application streaming service. Configure Desktop View for the employees. Set up a VPN connection to the on-premises network. Set up Active Directory Federation Services (AD FS) on premises. Connect the VPC network to AD FS through the VPN connection.
- C. Use Amazon WorkSpaces for the cloud desktop service. Set up a VPN connection to the on-premises network. Create an AD Connector, and connect to the on-premises Active Directory. Configure a RADIUS server for MFA.
- D. Use Amazon AppStream 2.0 as an application streaming service. Set up Active Directory Federation Services on premises. Configure MFA to grant users access on AppStream 2.0.
Correct answer: C
Explanation
Amazon WorkSpaces is designed to provide a full, persistent desktop experience for both Windows and Linux, making it the correct choice over AppStream 2.0 which is meant for application streaming. To integrate on-premises Active Directory and enable multifactor authentication (MFA) for WorkSpaces, you must use AD Connector alongside a RADIUS server. Option A is incorrect because WorkSpaces MFA cannot be enabled directly through the console without integrating a RADIUS server.