AWS Certified Solutions Architect – Professional — Question 829

A company wants to use Amazon WorkSpaces in combination with thin client devices to replace aging desktops. Employees use the desktops to access applications that work with clinical trial data. Corporate security policy states that access to the applications must be restricted to only company branch office locations. The company is considering adding an additional branch office in the next 6 months.
Which solution meets these requirements with the MOST operational efficiency?

Answer options

• A. Create an IP access control group rule with the list of public addresses from the branch offices. Associate the IP access control group with the WorkSpaces directory.
• B. Use AWS Firewall Manner to create a web ACL rule with an IPSet with the list of public addresses from the branch office locations. Associate the web ACL with the WorkSpaces directory.
• C. Use AWS Certificate Manager (ACM) to issue trusted device certificates to the machines deployed in the branch office locations. Enable restricted access on the WorkSpaces directory.
• D. Create a custom WorkSpace image with Windows Firewall configured to restrict access to the public addresses of the branch offices. Use the image to deploy the WorkSpaces.

Correct answer: A

Explanation

Amazon WorkSpaces IP access control groups allow administrators to easily control which public IP addresses are permitted to access the WorkSpaces directory. This represents the most operationally efficient solution because adding a new branch office only requires a simple update to the centralized IP access control group. Other methods, such as configuring Windows Firewall on custom images or managing certificates with AWS Certificate Manager, introduce significant administrative overhead and do not scale as easily.