Answer-first summary for fast verification
Answer: Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
## Explanation **Option B is the correct answer** because it provides a comprehensive solution that meets all requirements: ### Key Requirements Analysis: 1. **Secure access to confidential files** - Requires strong authentication and authorization 2. **Access only by authorized users** - Needs integration with existing identity management 3. **Secure download to employees' devices** - Requires encrypted connectivity 4. **On-premises Windows file server migration** - Needs Windows compatibility 5. **Capacity expansion** - Cloud scalability needed ### Why Option B Works Best: **Amazon FSx for Windows File Server:** - Provides fully managed Windows file server in AWS - Native Windows file system compatibility (SMB protocol) - Integrates with on-premises Active Directory for seamless authentication - Scales automatically to handle increased capacity **AWS Client VPN:** - Provides secure, encrypted VPN connection from employees' devices to AWS - Uses industry-standard VPN protocols (OpenVPN) - Integrates with Active Directory for user authentication - Ensures secure file transfers over encrypted tunnel ### Why Other Options Are Incorrect: **Option A:** - EC2 in public subnet exposes files to internet - IP-based restrictions are not secure (IPs can be spoofed) - No integration with existing Active Directory - Manual security group management is cumbersome **Option C:** - Amazon S3 is object storage, not file storage - Signed URLs are temporary and not suitable for ongoing file access - No native Windows file system compatibility - Complex for Windows file server migration **Option D:** - Public VPC endpoint defeats security requirements - IAM Identity Center may not integrate with existing Active Directory - S3 is not suitable for Windows file server replacement - Public access to confidential files is insecure ### Security Benefits of Option B: 1. **End-to-end encryption** via AWS Client VPN 2. **Active Directory integration** for centralized user management 3. **Private network connectivity** - files never traverse public internet 4. **AWS security controls** - VPC, security groups, network ACLs 5. **Audit logging** - CloudTrail and FSx audit logs This solution provides a seamless migration path while maintaining security, compatibility, and scalability.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees' devices.
The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity.
Which solution will meet these requirements?
A
Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees' IP addresses.
B
Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
C
Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
D
Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS IAM Identity Center (AWS Single Sign-On).