Topic 1 Question 244
3 つ選択A DevOps engineer is building the infrastructure for an application. The application needs to run on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes Amazon EC2 instances. The EC2 instances need to use an Amazon Elastic File System (Amazon EFS) file system as a storage backend. The Amazon EFS Container Storage Interface (CSI) driver is installed on the EKS cluster.
When the DevOps engineer starts the application, the EC2 instances do not mount the EFS file system.
Which solutions will fix the problem?
Switch the EKS nodes from Amazon EC2 to AWS Fargate.
Add an inbound rule to the EFS file system’s security group to allow NFS traffic from the EKS cluster.
Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system
Set up AWS DataSync to configure file transfer between the EFS file system and the EKS nodes.
Create a mount target for the EFS file system in the subnet of the EKS nodes.
Disable encryption or the EFS file system.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: BCE
So, the correct solutions are:
B. Add an inbound rule to the EFS file system’s security group to allow NFS traffic from the EKS cluster. C. Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system. E. Create a mount target for the EFS file system in the subnet of the EKS nodes.
👍 3KaranNishad2024/06/29 - 正解だと思う選択肢: BCE
B: The EFS file system’s security group must allow inbound traffic on the NFS port (2049) from the EC2 instances in the EKS cluster. Without this rule, the EC2 instances won't be able to communicate with the EFS file system.
C: The EFS CSI driver needs permissions to interact with the EFS file system. This involves creating an IAM role with the necessary permissions and associating it with the EFS CSI driver.
E: EFS requires a mount target in each subnet where the EC2 instances reside. This mount target facilitates the network connectivity between the EFS file system and the EC2 instances.
👍 3jamesf2024/07/30 - 正解だと思う選択肢: BCE
B. EFS file system’s security group must allow inbound NFS traffic (typically on port 2049) from the security group or IP range of the EKS cluster nodes. C. Ensure that the EFS CSI driver has the necessary IAM permissions to interact with the EFS file system, such as "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", and other relevant permissions.
👍 2trungtd2024/07/14
シャッフルモード