Which of the following is a key prerequisite for creating an AWS Managed Microsoft AD directory? Choose 2 answers from the options given below.

Answer options:

A.A VPC with 2 subnets
B.Usage of a NAT Instance in the VPC
C.Opening of several ports including port 53
D.A NAT gateway in the public subnet

Answer – A and C
The AWS Documentation mentions the following.
To create an AWS Managed Microsoft AD directory, you need a VPC with the following.
· At least two subnets. Each of the subnets must be in a different Availability Zone.
· The following ports must be open between the two subnets that you deploy your directory into. This is necessary to allow the domain controllers that AWS Directory Service creates for you to communicate with each other. A security group will be created and attached to your directory to enable communication between the domain controllers.
oTCP/UDP 53 - DNS
oTCP/UDP 88 - Kerberos authentication
oUDP 123 - NTP
oTCP 135 - RPC
oUDP 137-138 - Netlogon
oTCP 139 - Netlogon
oTCP/UDP 389 - LDAP
oTCP/UDP 445 - SMB
oTCP 636 - LDAPS (LDAP over TLS/SSL)
oTCP 873 - Rsync
oTCP 3268 - Global Catalog
oTCP/UDP 1024-65535 - Ephemeral ports for RPC
· The VPC must have default hardware tenancy.
· You cannot create an AWS Managed Microsoft AD in a VPC using addresses in the 198.19.0.0/16 address space.
· AWS Directory Service does not support using Network Address Translation (NAT) with Active Directory. Using NAT can result in replication errors.
Options B and D are clearly invalid because it is clearly mentioned that NAT should not be used.
For more information on the pre-requisites, please visit the following URL
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started_prereqs.html