Exam DOP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 244

A DevOps engineer is building the infrastructure for an application. The application needs to run on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that includes Amazon EC2 instances. The EC2 instances need to use an Amazon Elastic File System (Amazon EFS) file system as a storage backend. The Amazon EFS Container Storage Interface (CSI) driver is installed on the EKS cluster.

When the DevOps engineer starts the application, the EC2 instances do not mount the EFS file system.

Which solutions will fix the problem? (Choose three.)

    Correct Answer: B, C, E

    To resolve the issue of the EC2 instances not mounting the EFS file system, the following solutions are appropriate: First, ensure that the EFS file system's security group allows NFS traffic from the EKS cluster to facilitate communication. Second, create an IAM role that provides the necessary permissions for the Amazon EFS CSI driver to interact with the file system, ensuring proper authorization. Lastly, create a mount target for the EFS file system in the subnet of the EKS nodes to enable the instances to establish a connection to the file system.

Discussion
KaranNishadOptions: BCE

So, the correct solutions are: B. Add an inbound rule to the EFS file system’s security group to allow NFS traffic from the EKS cluster. C. Create an IAM role that allows the Amazon EFS CSI driver to interact with the file system. E. Create a mount target for the EFS file system in the subnet of the EKS nodes.

tgvOptions: BCE

---> B C E

trungtdOptions: BCE

B. EFS file system’s security group must allow inbound NFS traffic (typically on port 2049) from the security group or IP range of the EKS cluster nodes. C. Ensure that the EFS CSI driver has the necessary IAM permissions to interact with the EFS file system, such as "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", and other relevant permissions.