A company is planning on using Amazon Athena along with datasets hosted in S3. They want to allow their On-premise Active Directory users to use the AWS Athena service for querying purposes. Which of the following can be used for authentication for the existing users ensuring the least maintenance overhead?

Answer options:

A.Create IAM Access Keys for the users
B.Create X.509 Certificates for the users
C.Use the Security Token service
D.Use the AD Connect service

Answer - C
An example of this is given in the AWS Documentation
########
Connect to Amazon Athena with federated identities using temporary credentials
Many organizations have standardized on centralized user management, most commonly Microsoft Active Directory or LDAP.Access to AWS resources is no exception.Amazon Athena is a serverless query engine for data on Amazon S3 that is popular for quick and cost-effective queries of data in a data lake.To allow users or applications to access Athena, organizations are required to use an AWS access key and an access secret key from which appropriate policies are enforced. To maintain a consistent authorization model across, organizations must enable authentication and authorization for Athena by using federated users.
This blog post shows the process of enabling federated user access with the AWS Security Token Service (AWS STS). This approach lets you create temporary security credentials and provides them to trusted users for running queries in Athena.
########
Since this is clearly mentioned in the AWS Documentation, all other options are incorrect
For more information on using STS with Amazon Athena, please refer to the below URL
https://aws.amazon.com/blogs/big-data/connect-to-amazon-athena-with-federated-identities-using-temporary-credentials/