Which combination of actions should the Database Specialist take?
(Choose three.)
Disable Transparent Data Encryption (TDE) on the RDS SQL Server DB instance.
Modify the RDS SQL Server DB instance to use the directory for Windows authentication. Create appropriate new logins.
Use the AWS Management Console to create an AWS Managed Microsoft AD. Create a trust relationship with the corporate AD.
Stop the RDS SQL Server DB instance, modify it to use the directory for Windows authentication, and start it again. Create appropriate new logins.
Use the AWS Management Console to create an AD Connector. Create a trust relationship with the corporate AD.
Configure the AWS Managed Microsoft AD domain controller Security Group.
Explanations:
Modifying the RDS SQL Server DB instance to use the directory for Windows authentication is essential for AD-based login. This allows users to log in using their corporate AD credentials.
Creating an AWS Managed Microsoft AD and establishing a trust relationship with the corporate AD enables integration of AWS RDS with the corporate AD for authentication.
Configuring the security group for the AWS Managed Microsoft AD domain controller ensures that network traffic is allowed, supporting connectivity between the RDS instance and AD for authentication.
Disabling Transparent Data Encryption (TDE) is unrelated to Active Directory authentication. TDE affects data-at-rest encryption, not user authentication mechanisms.
Stopping the RDS instance is unnecessary to enable Windows authentication. Modifying the instance without stopping it suffices for this configuration change.
An AD Connector is not required here; AWS Managed Microsoft AD is the appropriate choice for enabling integration with the corporate AD.