AWS Certified Solutions Architect – Professional — Question 49

Which of the following rules must be added to a mount target security group to access Amazon Elastic File System (EFS) from an on-premises server?

Answer options

• A. Configure an NFS proxy between Amazon EFS and the on-premises server to route traffic.
• B. Set up a Point-To-Point Tunneling Protocol Server (PPTP) to allow secure connection.
• C. Permit secure traffic to the Kerberos port 88 from the on-premises server.
• D. Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.

Correct answer: D

Explanation

The correct answer is D because allowing inbound traffic to NFS port 2049 is essential for the on-premises server to communicate with Amazon EFS. Options A, B, and C are not relevant to the required access for EFS, as they pertain to different protocols or methods not directly associated with EFS access.