Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 421 discussion

Not A - Transfer Family canj't use EBS B - Possible and meets requirement Not C - S3 doesn't guarantee "high IOPS performance"; also there is no "public endpoint that allows only trusted IP addresses" (you can assign a Security Group to a public endpoint but that is not mentioned here) Not D - Endpoint would be in private subnet, not accessible from Internet at all

First Serverless - EFS Second it says it is attached to the Linux instances at the same time, only EFS can do that.

D, the description "VPC endpoint that has internal access in a private subnet" is technically incorrect and doesn't make sense for AWS Transfer Family. AWS Transfer Family actually supports: Public endpoints (internet-facing) VPC endpoints (private network access) The VPC endpoint doesn't have "internal access" - it's about how the SFTP service is configured to interact with your VPC network resources.

Amazon S3 provides high throughput and performance suitable for many use cases, including those requiring high IOPS (Input/Output Operations Per Second). S3 is not a block storage solution (like EBS) or a file system (like EFS). While its performance is exceptional for its intended use case (object storage), it may not match the millisecond latency or consistent high IOPS required for transactional databases or other ultra-low latency applications. For applications where sub-millisecond latency or extremely high random IOPS (e.g., 64,000 IOPS) is required, solutions like EBS or EFS would be better.

Actually AWS Transfer Family can use S3, so it's a toss-up between Options B & C but I tend to favour Option B for the following reasons (based on the keys in STEM): company runs a highly available SFTP service. The SFTP service uses two Amazon EC2 Linux instances that run with elastic IP addresses to accept traffic from trusted IP sources on the internet. The SFTP service is backed by shared storage that is attached to the instances. User accounts are created and managed as Linux users in the SFTP servers. 1. Requires a serverless option that provides high IOPS performance and highly configurable security. 2. User also wants to maintain control over user permissions

Option B best meets the company's requirements by leveraging AWS Transfer Family with an EFS volume, ensuring high availability, security, and performance.

A is incorrect as EBS is not an option C is incorrect as when I select public accessible, I don't see an option I can set up trusted IP address D isi incorrect as it is internal. B, followed the steps and I can set up a sftp in this way

B EFS has lower latency and higher throughput than S3 when accessed from within the same availability zone.

C: Because it is server-less. deffinitely not A or B because it utilizes server.

B, A), transfer family does not support EBS C,D), S3 has lower IOPS than EFS

Create an encrypted Amazon Elastic File System (Amazon EFS) volume. Create an AWS Transfer Family SFTP service with elastic IP addresses and a VPC endpoint that has internet-facing access. Attach a security group to the endpoint that allows only trusted IP addresses. Attach the EFS volume to the SFTP service endpoint. Grant users access to the SFTP service.

https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/

EFS is best to serve this purpose.

Answer C (from abylead.com) Transfer Family offers fully managed serverless support for B2B file transfers via SFTP, AS2, FTPS, & FTP directly in & out of S3 or EFS. For a controlled internet access you can use internet-facing endpts with Transfer SFTP servers & restrict trusted internet sources with VPC's default Sgrp. In addition, S3 Access Points aliases allows you to use S3 bkt names for a unique access control plcy on shared S3 datasets. Transfer SFTP & S3: https://aws.amazon.com/blogs/apn/how-to-use-aws-transfer-family-to-replace-and-scale-sftp-servers/ A)Transfer SFTP doesn’t support EBS, not for share data, & not serverless: infeasible. B)EFS mounts via ENIs not endpts: infeasible. D)pub endpt for internet access is missing: infeasible.

BBBBBBBBBBBBBB

EFS all day

https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/ is worth a read