A financial institution has the following security requirements: - Cloud-based users must be contained in a separate authentication domain. - Cloud-based users ...

A financial institution has the following security requirements:
- Cloud-based users must be contained in a separate authentication domain.
- Cloud-based users cannot access on-premises systems.
As part of standing up a cloud environment, the financial institution is creating a number of Amazon managed databases and Amazon EC2 instances. An ActiveDirectory service exists on-premises that has all the administrator accounts, and these must be able to access the databases and instances.
How would the organization manage its resources in the MOST secure manner? (Choose two.)