AWS Certified SysOps Administrator – Associate (legacy) — Question 692

The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?

Answer options

• A. Create a second, independent LOAP server in AWS for your application to use for authentication
• B. Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers
• C. Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication
• D. Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

Correct answer: B

Explanation

Establishing a VPN connection to authenticate directly against the existing on-premises LDAP servers (Option B) satisfies the requirement for minimal changes to the company's user management processes, as it leverages the current infrastructure directly. While options involving replicas (Option C) or new domains (Option D) might offer lower latency, they introduce administrative overhead and changes to user management, violating the policy of minimal changes. Creating a separate independent server (Option A) would require duplicating user management efforts entirely.