Free AWS SAA-C03 Actual Exam Questions – Solutions Architect Questions - Question 8 Discussion
Backend service applications run in an on-premises data center. The data center has an AWS Direct
Connect connection into AWS. The applications that run in the VPC need to resolve DNS requests to
an on-premises Active Directory domain that runs in the data center.
Which solution will meet these requirements with the LEAST administrative overhead?
D imo, setting up a new domain controller and trust sounds like overkill just for DNS resolution. That adds complexity and ongoing admin work. A also feels heavy since you’re managing EC2 instances as DNS servers yourself. Between B and C, B looks simpler since it just uses Route 53 private hosted zones with NS records pointing to on-prem DNS—no extra endpoints or rules to manage. C might be nice but could require more setup and maintenance with resolver endpoints and conditional forwarders. So overall, B probably has the least overhead while still meeting the requirement.
Maybe B, since it avoids managing extra servers or complex trusts and just forwards DNS.
C/B? Setting up Route 53 Resolver endpoints with conditional forwarding (C) seems like the cleanest way to integrate DNS without spinning up extra servers or managing trusts. It also directly forwards queries to on-prem DNS, which should cover AD-specific records better than just NS records in a private hosted zone (B). Option A adds admin overhead with EC2 caching servers, and D seems overkill since managing trusts and new DCs is complex. So C probably hits the balance between functionality and lower maintenance.
This is tricky, but option B seems less admin-heavy than setting up new servers or domain controllers. Using Route 53 private hosted zones with NS records to on-premises DNS keeps things simple and avoids extra maintenance. B
It’s C, Route 53 Resolver with conditional forwarding is easiest here.