Topic 1 Question 421
A company runs a highly available SFTP service. The SFTP service uses two Amazon EC2 Linux instances that run with elastic IP addresses to accept traffic from trusted IP sources on the internet. The SFTP service is backed by shared storage that is attached to the instances. User accounts are created and managed as Linux users in the SFTP servers.
The company wants a serverless option that provides high IOPS performance and highly configurable security. The company also wants to maintain control over user permissions.
Which solution will meet these requirements?
Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume. Create an AWS Transfer Family SFTP service with a public endpoint that allows only trusted IP addresses. Attach the EBS volume to the SFTP service endpoint. Grant users access to the SFTP service.
Create an encrypted Amazon Elastic File System (Amazon EFS) volume. Create an AWS Transfer Family SFTP service with elastic IP addresses and a VPC endpoint that has internet-facing access. Attach a security group to the endpoint that allows only trusted IP addresses. Attach the EFS volume to the SFTP service endpoint. Grant users access to the SFTP service.
Create an Amazon S3 bucket with default encryption enabled. Create an AWS Transfer Family SFTP service with a public endpoint that allows only trusted IP addresses. Attach the S3 bucket to the SFTP service endpoint. Grant users access to the SFTP service.
Create an Amazon S3 bucket with default encryption enabled. Create an AWS Transfer Family SFTP service with a VPC endpoint that has internal access in a private subnet. Attach a security group that allows only trusted IP addresses. Attach the S3 bucket to the SFTP service endpoint. Grant users access to the SFTP service.
ユーザの投票
コメント(17)
Should not it B, according to ChatGPT? Amazon EFS provides a serverless file storage option with high IOPS performance, which is suitable for the shared storage requirement of the SFTP service. The AWS Transfer Family allows you to create an SFTP service with highly configurable security. By configuring a VPC endpoint with internet-facing access and attaching a security group that allows only trusted IP addresses, you can control access to the SFTP service. By attaching an encrypted Amazon EFS volume to the SFTP service endpoint, you can ensure data at rest is encrypted, meeting the security requirements. Granting users access to the SFTP service allows you to maintain control over user permissions, as user accounts are managed as Linux users within the SFTP servers.
👍 2LONGMEN2023/05/17- 正解だと思う選択肢: B
Option D is incorrect because it suggests using an S3 bucket in a private subnet with a VPC endpoint, which may not meet the requirement of maintaining control over user permissions as effectively as the EFS-based solution.
👍 2willyfoogg2023/05/27 - 正解だと思う選択肢: B
EFS is serverless. There is no reference in S3 about IOPS
👍 2odjr2023/05/27
シャッフルモード