Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 9 Question 10 Discussion

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company's development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic Pile System (Amazon EFS) as shared storage in Account A in the organization.The company wants to continue to use Amazon EPS with Lambda Company policy requires all serverless projects to be deployed in Account B.A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EPS access point.Which combination of steps should the DevOps engineer take to meet these requirements? (Select THREE.)
A) Update the EFS file system policy to provide Account B with access to mount and write to the EFS file system in Account A. and E) Create a VPC peering connection to connect Account A to Account B. and F) Configure the Lambda functions in Account B to assume an existing IAM role in Account A. A Lambda function in one account can mount a file system in a different account. For this scenario, you configure VPC peering between the function VPC and the file system VPC. https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html https://aws.amazon.com/ru/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/ 1. Need to update the file system policy on EFS to allow mounting the file system into Account B. ## File System Policy $ cat file-system-policy.json { 'Statement': [ { 'Effect': 'Allow', 'Action': [ 'elasticfilesystem:ClientMount', 'elasticfilesystem:ClientWrite' ], 'Principal': { 'AWS': 'arn:aws:iam:::root' # Replace with AWS account ID of EKS cluster } } ] } 2. Need VPC peering between Account A and Account B as the pre-requisite 3. Need to assume cross-account IAM role to describe the mounts so that a specific mount can be chosen.
B) Create SCPs to set permission guardrails with fine-grained control for Amazon EFS.
C) Create a new EFS file system in Account B Use AWS Database Migration Service (AWS DMS) to keep data from Account A and Account B synchronized.
D) Update the Lambda execution roles with permission to access the VPC and the EFS file system.

Amazon DOP-C02 Exam - Topic 9 Question 10 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 10
Topic #: 9
[All DOP-C02 Questions]

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company's development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic Pile System (Amazon EFS) as shared storage in Account A in the organization.

The company wants to continue to use Amazon EPS with Lambda Company policy requires all serverless projects to be deployed in Account B.

A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EPS access point.

Which combination of steps should the DevOps engineer take to meet these requirements? (Select THREE.)

Show Suggested Answer Hide Answer
Suggested Answer: A, E, F

by Janine at Aug 05, 2023, 04:35 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nilsa
6 months ago
Don't forget about updating the Lambda execution roles too!
upvoted 0 times
...
Gwenn
7 months ago
Isn't creating a new EFS in Account B a simpler solution?
upvoted 0 times
...
Christiane
7 months ago
Wait, can Lambda really access EFS across accounts like that?
upvoted 0 times
...
Ernest
7 months ago
Totally agree, that's a must for cross-account access!
upvoted 0 times
...
Glendora
7 months ago
A needs to update the EFS file system policy for Account B access.
upvoted 0 times
...
Alverta
7 months ago
Updating the Lambda execution roles sounds right, but I can't remember if we also need to configure anything specific for the VPC. I hope I don't mix that up during the exam!
upvoted 0 times
...
Chantell
8 months ago
I practiced a similar question where we had to set up VPC peering for cross-account access. I think we might need that here too, especially since the Lambda functions are in a different account.
upvoted 0 times
...
Veronica
8 months ago
I'm a bit unsure about whether we need to create SCPs for EFS. I think they might help with permissions, but I'm not entirely confident if they're necessary for this scenario.
upvoted 0 times
...
Sharee
8 months ago
I remember that for cross-account access, we definitely need to update the EFS file system policy to allow Account B to mount it. That seems like a crucial step.
upvoted 0 times
...
Verda
8 months ago
Based on my understanding, the Business Critical edition is the minimum required for periodic rekeying of micro-partitions. But I'll verify that in the exam.
upvoted 0 times
...
Rolland
8 months ago
I'm not entirely sure, but didn't we cover cases where the network types had to match? Could that be the problem?
upvoted 0 times
...
Shalon
8 months ago
This seems like a straightforward question about fair processing practices. I'll carefully read through the options and think about which one doesn't align with the transparency principle.
upvoted 0 times
...
Diego
8 months ago
This seems like a straightforward question about the order-to-cash cycle. I'll focus on understanding the key steps in that process.
upvoted 0 times
...

Save Cancel