SOA-C03 · Question #46
SOA-C03 Question #46: Real Exam Question with Answer & Explanation
The correct answer is D: The security group for the mount target does not allow inbound NFS connections from the. When you add a new EFS mount target in a new Availability Zone, that mount target has its own security group. For the EC2 instances in that AZ to mount the file system over NFS, the mount target’s security group must allow inbound TCP 2049 (NFS) from the EC2 instances’ security I
Question
A company runs an application on a large fleet of Amazon EC2 instances to process financial transactions. The EC2 instances share data by using an Amazon Elastic File System (Amazon EFS) file system. The company wants to deploy the application to a new Availability Zone and has created new subnets and a mount target in the new Availability Zone. When a SysOps administrator launches new EC2 instances in the new subnets, the EC2 instances are unable to mount the file system. What is a reason for this issue?
Options
- AThe EFS mount target has been created in a private subnet.
- BThe IAM role that is associated with the EC2 instances does not allow the efs:MountFileSystem
- CThe route tables have not been configured to route traffic to a VPC endpoint for Amazon EFS in
- DThe security group for the mount target does not allow inbound NFS connections from the
Explanation
When you add a new EFS mount target in a new Availability Zone, that mount target has its own security group. For the EC2 instances in that AZ to mount the file system over NFS, the mount target’s security group must allow inbound TCP 2049 (NFS) from the EC2 instances’ security If that rule isn’t there, the instances can see the mount target in the same VPC/AZ but can’t complete the NFS connection, so the mount fails.
Community Discussion
No community discussion yet for this question.