Amazon DVA-C01 Exam: Configuring Security Rules for Amazon EFS

Configuring Security Rules for Amazon Elastic File System (EFS) - DVA-C01 Exam

Prev Question Next Question

Question

Your team is building up an application, and an Amazon Elastic File System (EFS) is required to share data across different nodes.

For the EFS file system, you need to configure a policy to enforce some default security rules.

For example, the root access should be disabled, and connections from EFS clients must use TLS.

Which method is the most suitable?

Answers

A. Attach an IAM identity policy to each IAM entity to perform specific actions on the file system.

B. Configure an EFS file system policy to control NFS client access to the EFS resource.

C. Create an EFS service-linked role and attach it to the file system.

D. Add the TLS option when mounting the file system with the EFS mount helper.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - B.

Option A is incorrect: Because the EFS file system needs to enforce a default IAM policy.

The EFS resource policy should be used instead of the IAM identity policy.

Option B is CORRECT: Because the file system policy is suitable to control permissions for various EFS actions.

Option C is incorrect: Because the EFS service-linked role is managed by AWS and is used to call other AWS services on your behalf.

It cannot be used to enforce default security rules.

Option D is incorrect: Because the resource policy should be attached in the EFS file system.

It is not enough to configure the EFS mount helper.

Reference:

https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html

Option B is the most suitable method to configure a policy to enforce security rules on an Amazon Elastic File System (EFS).

Amazon EFS is a fully managed service that provides shared file storage for use with Amazon EC2 instances. EFS supports the Network File System version 4 (NFSv4) protocol, which allows EFS to be mounted as a file system by EC2 instances. When mounting the EFS file system, you can use the EFS mount helper, which simplifies the process of mounting the file system by handling authentication and authorization on behalf of the client.

To configure a policy to enforce security rules on the EFS file system, you can use the EFS file system policy. This policy controls NFS client access to the EFS resource and allows you to specify which clients can access the file system and what actions they can perform. You can use the EFS file system policy to enforce default security rules, such as disabling root access and requiring connections from EFS clients to use TLS.

Option A is incorrect because attaching an IAM identity policy to each IAM entity is used to grant permissions to access resources, but it does not enforce security rules on the EFS file system.

Option C is incorrect because creating an EFS service-linked role is used to delegate permissions to AWS services that need to access EFS resources. It is not used to enforce security rules on the EFS file system.

Option D is incorrect because adding the TLS option when mounting the file system with the EFS mount helper is used to enable encrypted connections between the client and the file system. However, it does not enforce security rules on the EFS file system, such as disabling root access.

Prev Question Next Question