Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 774 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 774
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is serving files to its customer through an SFTP server that is accessible over the Internet. The SFTP server is running on a single Amazon EC2 instance with an Elastic IP address attached. Customers connect to the SFTP server through its Elastic IP address and use SSH for authentication. The EC2 instance also has an attached security group that allows access from all customer IP addresses.
A solutions architect must implement a solution to improve availability, minimize the complexity of infrastructure management, and minimize the disruption to customers who access files. The solution must not change the way customers connect.
Which solution will meet these requirements?

  • A. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a publicly accessible endpoint. Associate the SFTP Elastic IP address with the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.
  • B. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting. Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted, Internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint. Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to the S3 bucket.
  • C. Disassociate the Elastic IP address from the EC2 instance. Create a new Amazon Elastic File System (Amazon EFS) file system to be used for SFTP file hosting. Create an AWS Fargate task definition to run an SFTP server. Specify the EFS file system as a mount in the task definition. Create a Fargate service by using the task definition, and place a Network Load Balancer (NLB) in front of the service. When configuring the service, attach the security group with customer IP addresses to the tasks that run the SFTP server. Associate the Elastic IP address with the NLB. Sync all files from the SFTP server to the S3 bucket.
  • D. Disassociate the Elastic IP address from the EC2 instance. Create a multi-attach Amazon Elastic Block Store (Amazon EBS) volume to be used for SFTP file hosting. Create a Network Load Balancer (NLB) with the Elastic IP address attached. Create an Auto Scaling group with EC2 instances that run an SFTP server. Define in the Auto Scaling group that instances that are launched should attach the new multi-attach EBS volume. Configure the Auto Scaling group to automatically add instances behind the NLB. Configure the Auto Scaling group to use the security group that allows customer IP addresses for the EC2 instances that the Auto Scaling group launches. Sync all files from the SFTP server to the new multi-attach EBS volume.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by pkboy78 at Aug. 20, 2021, 8:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
mericov
Highly Voted 3 years ago
I would say B. Reasons: "The EC2 instance also has an attached security group that allows access from all customer IP addresses" - There is no option to put a security group in the publicly accessible endpoint (A).
upvoted 12 times
...
evargasbrz
Most Recent 1 year, 9 months ago
Selected Answer: B
I'll go with B
upvoted 1 times
...
jj22222
2 years, 6 months ago
Selected Answer: B
BBBBBBBBBB
upvoted 2 times
...
tkanmani76
2 years, 8 months ago
Why B ? What does "Attach the security group with customer IP addresses to the new endpoint." mean ? How do we attach so many IP addresses of customers ? And how will such solution minimize infra complexity ? A looks reasonable. Some additional reading link https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/
upvoted 2 times
tkanmani76
2 years, 8 months ago
Realize their is SG with client IP already which can be attached to endpoint - Option B will give access through Elastic IP.
upvoted 2 times
...
...
AzureDP900
2 years, 10 months ago
I will go with B
upvoted 1 times
...
andylogan
2 years, 11 months ago
It's B
upvoted 1 times
...
mgurkan
2 years, 11 months ago
How about availability? one EC2 does not provide high availability.
upvoted 1 times
andylogan
2 years, 11 months ago
It's hosted with managed AWS Transfer Family server and S3 now, no need for EC2 - then B
upvoted 1 times
...
...
tgv
2 years, 11 months ago
BBB ---
upvoted 1 times
...
blackgamer
2 years, 11 months ago
B is correct. https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html
upvoted 1 times
...
tvs
3 years ago
B.https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/
upvoted 2 times
...
vjawscert
3 years ago
Correct Answer: B CD - Maintenance overhead with EC2 A - You can't use a static elastic ip with public hosted one (ref: https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/)
upvoted 2 times
...
denccc
3 years ago
Would go for B: https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/. Only this way you can use security groups to restrict sources.
upvoted 2 times
...
pkboy78
3 years ago
It is A
upvoted 1 times
tvs
3 years ago
B. Not able to attaché EIP to public facing SFTP endpoint of AWS Transfer Family server.
upvoted 2 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel