AWS Certified Solutions Architect – Professional SAP-C01 – Question381 - AWS Certified Solutions Architect

Which of the following rules must be added to a mount target security group to access Amazon Elastic File System (EFS) from an on-premises server?

A. Configure an NFS proxy between Amazon EFS and the on-premises server to route traffic.
B. Set up a Point-To-Point Tunneling Protocol Server (PPTP) to allow secure connection.
C. Permit secure traffic to the Kerberos port 88 from the on-premises server.
D. Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.

Correct Answer: D

Explanation:

Explanation: By mounting an Amazon EFS file system on an on-premises server, on-premises data can be migrated into the AWS Cloud. Any one of the mount targets in your VPC can be used as long as the subnet of the mount target is reachable by using the AWS Direct Connect connection. To access Amazon EFS from an on-premises server, a rule must be added to the mount target security group to allow inbound traffic to the NFS port (2049) from the on-premises server.
Reference:
http://docs.aws.amazon.com/efs/latest/ug/how-it-works.html