QUESTION 1 UNATTEMPTED

Your organization has an existing VPC in us-east-1 with two subnets in us-east-1b. They are running few EC2
instances each in both subnets and would need a low latency common File
Store for all instances to share files for heavy work loads. They have created an EFS, mounted on all the EC2
instances and able to share files across all the EC2 instances. You were tasked to increase the number of
instances due to the increase in work load. You created a new subnet in us-east-1c and launched few instances.
When you tried to mount the previously created EFS on new EC2 instances, operation getting failed. What
could be the reason?

A. AWS EFS does not support cross availability zone mounting.

B. By default EFS is only available in one availability zone. Create a case with AWS support to increase EFS
availability zones.
C. EFS created with mount targets in us-east-1b availability zone. Instances in us-east-1c cannot use EFS
mount target in us-east-1b.
D. EFS mount target security group inbound rules does not allow traffic from new EC2 instances.

Explanation :
Answer: D
Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances
to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple
instances
For options A, B, C EFS mount targets from one availability zone can be mounted on another availability zone although this approach
is not recommended. However, this approach will not cause operations to fail.

Creating or Deleting Mount Targets in a VPC

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using
private Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) addresses. For more information on VPC
peering, see What is VPC Peering? in the Amazon VPC Peering Guide.
You can mount Amazon EFS file systems over VPC connections by using VPC peering within a single AWS Region when using
the Amazon EC2 instance types T3, C5, C5d, I3.metal, M5, M5d, R5, R5d, and z1d. However, other VPC private connectivity
mechanisms such as inter-region VPC peering and VPC peering within an AWS Region using other instance types are not
supported.

Note the following restrictions:

You can mount an Amazon EFS file system on instances in only one VPC at a time.
Both the file system and VPC must be in the same AWS Region.

For option D, when using Amazon EFS, you specify Amazon EC2 security groups for the EFS mount targets associated with the file
system. Security groups act as a firewall, and the rules you add define the traffic flow.
You can authorize inbound and outbound access to your EFS file system. To do so, you add rules that allow your EC2 instance to
connect to your Amazon EFS file system through the mount target using the Network File System (NFS) port.

Ask our Experts

QUESTION 2 UNATTEMPTED

You have an AWS setup with an existing VPC in us-east-1. You have a fleet of 20 EC2 instances which are
attached to EFS with mount targets on all existing VPC’s availability zones. Your organization had requested
you to replicate the same setup in another VPC within us-east-1 keeping same EFS volume. How will you
achieve this?

A. Attach new VPC to existing EFS, create new mount targets for new VPC and mount
EFS on EC2 instances within new VPC
B. Peer both VPCs, launch C5 or M5 EC2 instances on new VPC and mount existing EFS on new EC2
instances.
C. EFS is available for all VPCs within a region by default. Mount EFS on new EC2 instances and configure
EFS security group to allow inbound traffic.
D. EFS can be used only within one VPC at a time. You need to launch EC2 instances in existing VPC.

Explanation :

Answer: B

Working with VPC Peering in Amazon EFS

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using
private Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) addresses. For more information on VPC
peering, see What is VPC Peering? in the Amazon VPC Peering Guide.
You can mount Amazon EFS file systems over VPC connections by using VPC peering within a single AWS Region when using
the Amazon EC2 instance types T3, C5, C5d, I3.metal, M5, M5d, R5, R5d, and z1d. However, other VPC private connectivity
mechanisms such as inter-region VPC peering and VPC peering within an AWS Region using other instance types are not
supported.

https://docs.aws.amazon.com/efs/latest/ug/manage-fs-access-change-vpc.html#manage-fs-access-vpc-peering

For options A and C, you can use an Amazon EFS file system in one VPC at a time. That is, you create mount targets in a VPC for
your file system, and use those mount targets to provide access to the file system from EC2 instances in that VPC.

Note the following restrictions:

You can mount an Amazon EFS file system on instances in only one VPC at a time.
Both the file system and VPC must be in the same AWS Region.

For option D, although the statement is correct, launching EC2 instances within same VPC is not a solution when you were asked to
do in a new VPC. Correct answer from given options would be to peer the VPC and use appropriate instance types.

Ask our Experts

QUESTION 3 UNATTEMPTED

Which of the following statements is correct in terms of the newly created security group to allows Secure
Shell (SSH) to connect to instances and communication between EC2 instance and EFS?

A. Open port 22(SSH) on EC2 security group and port 2049(NFS) on EFS security group.
B. Open port 22(SSH) on EC2 security group and ports 111(NFS) & 2049(NFS) on EFS security group.
C. Open port 2049(NFS) on EC2 security group and ports 111(NFS) & 2049(NFS) on EFS security group.
D. Open port 111(NFS) on EC2 security group and ports 111(NFS) & 2049(NFS) on EFS security group.

Explanation :

Answer: A
 https://docs.aws.amazon.com/efs/latest/ug/accessing-fs-create-security-groups.html#create-security-groups-console

AWS EFS does not require any other port to be open except NFS (2049) on its security group.

Ask our Experts

QUESTION 4 UNATTEMPTED

You have two VPCs (VPC A and VPC B) peered with each other. You have created an EFS for VPC A. When
you tried to mount the EFS on EC2 instances on VPC B, you are getting connection timed out. What can
cause this?(choose 2 options)

A. AWS EFS takes upto an hour after creation to make mount targets available.
B. VPC B could be in different region than VPC A.
C. Security group on mount targets does not have NFS port open to VPC B’s EC2 instances.
D. VPC B’s EC2 instance types are not M5 or C5.
E. EFS cannot be mounted through VPC peering.

Explanation :

Answer: C, D
Option A is not true. Usually, EFS and its mount targets get created within a few moments.

Option B is not true. You can now connect to Amazon EFS file systems from EC2 instances in other AWS regions using an inter-region
VPC peering connection, and from on-premises servers using an AWS VPN connection.

Option C is true. Inbound rule for NFS port must be added on mount target’s security group for the EC2 instances which will mount the
EFS.
 Option D is true.

Option E is false. Refer above screen shot.

Please find the below AWS docs link:
https://docs.aws.amazon.com/efs/latest/ug/manage-fs-access-vpc-peering.html
https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-efs-now-supports-aws-vpn-and-inter-region-vpc-peering/

Ask our Experts

QUESTION 5 UNATTEMPTED

You have created AWS EFS with default settings and mounted on an EC2instance. Due to regulatory policies,
your organization had asked you toencrypt data stored on EFS. What would you do to enable encryption?

A. Edit EFS volume and enable “encryption at rest” setting. All existing data automatically gets encrypted as
a background process. You will be notified once the process is completed.
B. Encryption at rest option can only be set during EFS creation. You need to create encryption-at-rest EFS,
copy data from old EFS to new EFS and delete old EFS.
C. You can enable encryption at rest during mounting of EFS on EC2. To encrypt an existing EFS mount,
unmount the EFS and remount with encryption option.
D. EFS does not support encryption. Use S3 for encrypting data at rest.

Explanation :
Answer: B
AWS EFS supports encrypting data at rest. It can only be done during EFS creation.
 Enforcing Encryption at Rest
Your organization might require the encryption at rest of all data that meets a specific classification or that is associated with a
particular application, workload, or environment. You can enforce policies for data encryption at rest for Amazon EFS file systems by
using detective controls. These controls detect the creation of a file system and verify that encryption at rest is enabled.
If a file system that doesn't have encryption at rest is detected, you can respond in a number of ways. These range from deleting the file
system and mount targets to notifying an administrator.
If you want to delete an unencrypted-at-rest file system but want to retain the data, first create a new encrypted-at-rest file system.
Next, copy the data over to the new encrypted-at-rest file system. After the data is copied over, you can delete the unencrypted-at-rest
file system.

Option A is incorrect. You cannot enable encryption once EFS is created.

Option C is incorrect. You cannot enable encryption at rest through mounting options.Option D is incorrect. Refer to above sc
reen shots.

Ask our Experts

QUESTION 6 UNATTEMPTED

You have created AWS EFS with default settings and mounted on an EC2instance. Due to regulatory policies,
your organization had asked you toencrypt data during transit to EFS. What would you do to enableencryption
during transit?

A. AWS EFS uses NFS protocol which encrypts the data in transit by default.
B. Edit EFS to enable “encryption during transit” setting.
C. Encryption during transit can only be enabled during EFS creation. You need to create encryption during
transit EFS, copy data from old EFS to new EFS and delete old EFS.
D. Enable encryption during mounting on EC2 using Amazon EFS mount helper. Unmount unencrypted
mount and remount using mount helper encryption during transit option.

Explanation :
Answer: D
AWS uses NFS protocol for EFS. NFS is not an encrypted protocol and anyone on thesame physical network could sniff the traffic an
d reassemble the information beingpassed back and forth.
However, AWS provides an option to encrypt data at transit through NFS to EFS.
For information on how to enable encryption during transit, refer documentation here.
https://docs.aws.amazon.com/efs/latest/ug/encryption.html#encryption-in-transit
Option A is incorrect. Refer above statements.
Option B and C are incorrect. Encryption during transit is not an option on EFS during orafter creation.
 Option D is correct. Refer above documentation link for more information on usingAmazon EFS
mount helper to enable encryption during transit.

Ask our Experts

QUESTION 7 UNATTEMPTED

You are building a content serving web application with 20 EC2 instancesload balanced. For all the instances,
content storage remains the same.You have chosen AWS EFS to act as common storage repository. Yourapplic
ation need to have as low latency as possible when serving contentto the web users. Which of the following op
tion would you choose andwhy?

A. Performance mode = General Purpose, AWS can handle performance with general purpose mode till 10s
of EC2 instances.
B. Performance mode = General Purpose, provides low-latency access to EFS.
C. Performande mode = Max I/O, provides better performance when sharing EFS across more than 10 EC2
instances.
 D. Performance mode = Max I/O, provides low-latency access to EFS.

Explanation :
Answer: B
Although Max I/O is recommended to be used when tens, hundreds or thousands ofEC2 instances sharing same EFS, it can sl
ightly increase the latency. In this case, thequestion states the latency need to be as low as possible.

Performance Modes
To support a wide variety of cloud storage workloads, Amazon EFS offers two performance modes. You select a file system's
performance mode when you create it.
The two performance modes have no additional costs, so your Amazon EFS file system is billed and metered the same,
regardless of your performance mode. For information about file system limits, see Limits for Amazon EFS File Systems.
Note
An Amazon EFS file system's performance mode can't be changed after the file system has been created.

General Purpose Performance Mode

We recommend the General Purpose performance mode for the majority of your Amazon EFS file systems. General Purpose
is ideal for latency-sensitive use cases, like web serving environments, content management systems, home directories, and
general file serving. If you don't choose a performance mode when you create your file system, Amazon EFS selects the
General Purpose mode for you by default.

Max I/O Performance Mode

File systems in the Max I/O mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff
of slightly higher latencies for file operations. Highly parallelized applications and workloads, such as big data analysis, media
processing, and genomics analysis, can benefit from this mode.

https://docs.aws.amazon.com/efs/latest/ug/performance.html#performancemodes
 From above explanation, only option B is a correct statement

Ask our Experts

QUESTION 8 UNATTEMPTED

You are building a content serving web application on 5 EC2 instancesload balanced. Total content size stored
may not exceed 25 GB. You havechosen EFS for content storage. The content is accessed frequently bylarge
number of users. Which throughput mode would you chooseinorder to make sure that application on EC2 inst
ances to EFS datatransfer will not have performance bottleneck?

A. Throughput mode = Bursting, provides a consistent high throughput for smaller data sizes.
B. Throughput mode = Bursting, automatically bursts throughput based on the requests irrespective of EFS
data size
C. Throughput mode = Provisioned, you can configure specific throughput irrespective of EFS data size.
D. Throughput mode = Provisioned, AWS provisions high throughput for smaller data sizes and vice versa.

Explanation :
Answer: C
With Bursting Throughput mode, throughput on Amazon EFS scales as a file systemgrows.
 In this case, data size is 25 GB can burst through 100 MiB/s only for 18 mins/day. Rest ofthe day, it uses baseline aggregate th
roughput and gives 1.25 MiB/s throughput. Thebaseline rate is 50
MiB/s per TiB of storage (equivalently, 50 KiB/s per GiB of storage).

Specifying Throughput with Provisioned Mode

"Provisioned Throughput mode is available for applications with high throughput to storage (MiB/s per TiB) ratios, or with
requirements greater than those allowed by the Bursting Throughput mode. For example, say you're using Amazon EFS for
development tools, web serving, or content management applications where the amount of data in your file system is low relative to
throughput demands. Your file system can now get the high levels of throughput your applications require without having to pad your
file system".

https://docs.aws.amazon.com/efs/latest/ug/performance.html#throughput-modes

For this case, since the data is low compared to the throughput demand, provisionedmode is the right choice for throughput m
ode.

Ask our Experts

QUESTION 9 UNATTEMPTED

Your organization is planning to use AWS for BigData analysis. Total data isexpected to be 400
TB. They were planning to use 150 EC2 instances with EFS because ofbetter performance needs for the analy
sis. They have reached out to youasking for recommendation on performance mode. What would yousuggest?

A. Performance mode = General Purpose, AWS can handle performance with general purpose mode till 10s
of EC2 instances.
B. Performance mode = General Purpose, provides low-latency access to EFS.
C. Performance mode = General Purpose, provides higher levels of aggregate throughput and operations per
second.
D. Performance mode = Max I/O, provides higher levels of aggregate throughput and operations per second
with a tradeoff of slightly higher latencies.

Explanation :
 Answer: D

Max I/O Performance Mode

"File systems in the Max I/O mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of
slightly higher latencies for file operations. Highly parallelized applications and workloads, such as big data analysis, media processing,
and genomics analysis, can benefit from this mode".

For more information, Please check following AWS Docs:

https://docs.aws.amazon.com/efs/latest/ug/performance.html

Ask our Experts

QUESTION 10 MARKED AS REVIEW UNATTEMPTED

Which of the following are characteristics of EFS? (choose 2 options)

A. Data is stored redundantly in a single AZ.

B. Up to thousands of Amazon EC2 instances, from multiple AZs, can connect concurrently to a file system.
C. Boot volumes, transactional and NoSQL databases, data warehousing, and ETL.
D. Big data and analytics, media processing workflows, content management, web serving, and home
directories.
E. Cross region replication.

Explanation :
Answer: B, D
Following table shows the characteristics of EFS vs EBS.

Option A is characteristic of EBS. Option B is characteristic of EFS. Option C ischaracteristic of EBS. Option D is characteris
tic of EFS. Option E is charactersitic of S3.
For more information on AWS EFS use cases, refer documentation here.
https://docs.aws.amazon.com/efs/latest/ug/performance.html#performance-usecases