SAP-C02 第 319 题
题目
A company’s solutions architect needs to provide secure Remote Desktop connectivity to users for Amazon EC2 Windows instances that are hosted in a VPC. The solution must integrate centralized user management with the company's on-premises Active Directory. Connectivity to the VPC is through the internet. The company has hardware that can be used to establish an AWS Site-to-Site VPN connection. Which solution will meet these requirements MOST cost-effectively?
中文翻译:
公司的解决方案架构师需要为 VPC 中托管的 Amazon EC2 Windows 实例的用户提供安全的远程桌面连接。该解决方案必须将集中式用户管理与公司的本地 Active Directory 集成。与 VPC 的连接是通过互联网进行的。该公司拥有可用于建立 AWS 站点到站点 VPN 连接的硬件。哪种解决方案能够最具成本效益地满足这些要求?
选项
A. Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy an EC2 instance as a bastion host in the VPC. Ensure that the EC2 instance is joined to the domain. Use the bastion host to access the target instances through RDP.
中文翻译:
使用 AWS Directory Service for Microsoft Active Directory 部署托管 Active Directory。与本地 Active Directory 建立信任。在 VPC 中部署 EC2 实例作为堡垒主机。确保 EC2 实例已加入域。使用堡垒主机通过RDP访问目标实例。
B. Configure AWS IAM Identity Center (AWS Single Sign-On) to integrate with the on-premises Active Directory by using the AWS Directory Service for Microsoft Active Directory AD Connector. Configure permission sets against user groups for access to AWS Systems Manager. Use Systems Manager Fleet Manager to access the target instances through RDP.
中文翻译:
使用 AWS Directory Service for Microsoft Active Directory AD Connector 将 AWS IAM Identity Center (AWS Single Sign-On) 配置为与本地 Active Directory 集成。针对用户组配置权限集以访问 AWS Systems Manager。使用 Systems Manager Fleet Manager 通过 RDP 访问目标实例。
C. Implement a VPN between the on-premises environment and the target VPEnsure that the target instances are joined to the on-premises Active Directory domain over the VPN connection. Configure RDP access through the VPN. Connect from the company’s network to the target instances.
中文翻译:
在本地环境和目标 VP 之间实施 VPN 确保目标实例通过 VPN 连接加入本地 Active Directory 域。通过 VPN 配置 RDP 访问。从公司网络连接到目标实例。
D. Deploy a managed Active Directory by using AWS Directory Service for Microsoft Active Directory. Establish a trust with the on-premises Active Directory. Deploy a Remote Desktop Gateway on AWS by using an AWS Quick Start. Ensure that the Remote Desktop Gateway is joined to the domain. Use the Remote Desktop Gateway to access the target instances through RDP.
中文翻译:
使用 AWS Directory Service for Microsoft Active Directory 部署托管 Active Directory。与本地 Active Directory 建立信任。使用 AWS 快速入门在 AWS 上部署远程桌面网关。确保远程桌面网关已加入域。使用远程桌面网关通过 RDP 访问目标实例。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 使用 AWS Directory Service for Microsoft Active Directory AD Connector 将 AWS IAM Identity Center (AWS Single Sign-On) 配置为与本地 Active Directory 集成。针对用户组配置权限集以访问 AWS Systems Manager。使用 Systems Man...