Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 421 discussion

First Serverless - EFS Second it says it is attached to the Linux instances at the same time, only EFS can do that.

Not A - Transfer Family canj't use EBS B - Possible and meets requirement Not C - S3 doesn't guarantee "high IOPS performance"; also there is no "public endpoint that allows only trusted IP addresses" (you can assign a Security Group to a public endpoint but that is not mentioned here) Not D - Endpoint would be in private subnet, not accessible from Internet at all

Option B best meets the company's requirements by leveraging AWS Transfer Family with an EFS volume, ensuring high availability, security, and performance.

A is incorrect as EBS is not an option C is incorrect as when I select public accessible, I don't see an option I can set up trusted IP address D isi incorrect as it is internal. B, followed the steps and I can set up a sftp in this way

B EFS has lower latency and higher throughput than S3 when accessed from within the same availability zone.

C: Because it is server-less. deffinitely not A or B because it utilizes server.

B, A), transfer family does not support EBS C,D), S3 has lower IOPS than EFS

Create an encrypted Amazon Elastic File System (Amazon EFS) volume. Create an AWS Transfer Family SFTP service with elastic IP addresses and a VPC endpoint that has internet-facing access. Attach a security group to the endpoint that allows only trusted IP addresses. Attach the EFS volume to the SFTP service endpoint. Grant users access to the SFTP service.

https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/

EFS is best to serve this purpose.

Answer C (from abylead.com) Transfer Family offers fully managed serverless support for B2B file transfers via SFTP, AS2, FTPS, & FTP directly in & out of S3 or EFS. For a controlled internet access you can use internet-facing endpts with Transfer SFTP servers & restrict trusted internet sources with VPC's default Sgrp. In addition, S3 Access Points aliases allows you to use S3 bkt names for a unique access control plcy on shared S3 datasets. Transfer SFTP & S3: https://aws.amazon.com/blogs/apn/how-to-use-aws-transfer-family-to-replace-and-scale-sftp-servers/ A)Transfer SFTP doesn’t support EBS, not for share data, & not serverless: infeasible. B)EFS mounts via ENIs not endpts: infeasible. D)pub endpt for internet access is missing: infeasible.

BBBBBBBBBBBBBB

EFS all day

https://aws.amazon.com/blogs/storage/use-ip-whitelisting-to-secure-your-aws-transfer-for-sftp-servers/ is worth a read

EFS is serverless. There is no reference in S3 about IOPS

Option D is incorrect because it suggests using an S3 bucket in a private subnet with a VPC endpoint, which may not meet the requirement of maintaining control over user permissions as effectively as the EFS-based solution.

It is D Refer https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html for further details.