ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 122 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 122
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company is using an organization in AWS Organizations to manage multiple AWS accounts. The company’s development team wants to use AWS Lambda functions to meet resiliency requirements and is rewriting all applications to work with Lambda functions that are deployed in a VPC. The development team is using Amazon Elastic File System (Amazon EFS) as shared storage in Account A in the organization.

The company wants to continue to use Amazon EFS with Lambda. Company policy requires all serverless projects to be deployed in Account B.

A DevOps engineer needs to reconfigure an existing EFS file system to allow Lambda functions to access the data through an existing EFS access point.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

  • A. Update the EFS file system policy to provide Account B with access to mount and write to the EFS file system in Account A.
  • B. Create SCPs to set permission guardrails with fine-grained control for Amazon EFS.
  • C. Create a new EFS file system in Account B. Use AWS Database Migration Service (AWS DMS) to keep data from Account A and Account B synchronized.
  • D. Update the Lambda execution roles with permission to access the VPC and the EFS file system.
  • E. Create a VPC peering connection to connect Account A to Account B.
  • F. Configure the Lambda functions in Account B to assume an existing IAM role in Account A.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by Jeanphi72 at May 9, 2023, 9:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
OrganizedChaos25
Highly Voted 1 year, 11 months ago
Selected Answer: ADE
I got ADE
upvoted 12 times
...
learnwithaniket
Highly Voted 1 year, 5 months ago
Selected Answer: ADE
Initially, I thought of A,E,F. But after reading the docs I came to conclusion A,D,E is correct answer. E: https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html#configuration-filesystem-cross-account A,D: https://docs.aws.amazon.com/lambda/latest/dg/configuration-filesystem.html#configuration-filesystem-permissions
upvoted 7 times
...
jamesf
Most Recent 9 months, 1 week ago
Selected Answer: ADE
Should be ADE VPC peering required.
upvoted 2 times
...
dkp
1 year ago
Selected Answer: ADE
A,D,E is correct
upvoted 3 times
...
DanShone
1 year, 1 month ago
A,D,E is correct
upvoted 3 times
...
kyuhuck
1 year, 2 months ago
Selected Answer: AEF
1.need to update the file system plocy on efs to allow mounting the file system into account b 2.need vpc peering between account account a and account b as the pre-requisite 3.need to assume cross-account iam role to descibe the mounts so that a specific mount can be chosen
upvoted 1 times
...
thanhnv142
1 year, 2 months ago
Selected Answer: ADE
ADE are correct: <The company wants to continue to use Amazon EFS with Lambda. Company policy requires all serverless projects to be deployed in Account B.> means we need assign relevant IAM policies to lambda in account b B: no mention of policy C: no mention of policy F: <assume an existing IAM role in Account A>: What role?
upvoted 5 times
...
a54b16f
1 year, 3 months ago
Selected Answer: ADE
NOT F: account B will mount EFS and would read/write as a local folder. There is no way/no need to assume role. Option D would assign permission that allow account B to read/write the EFS.
upvoted 5 times
...
zain1258
1 year, 5 months ago
Selected Answer: ADE
It's ADE.
upvoted 3 times
...
hzhang
1 year, 5 months ago
Selected Answer: AEF
D only works if both lamda function and EFS are in the same account.
upvoted 2 times
zain1258
1 year, 5 months ago
When peering enabled between two VPCs, this is possible even if the function and EFS are in different account.
upvoted 1 times
...
...
YR4591
1 year, 6 months ago
Selected Answer: ADE
1) Lambda in account a can get access directly to EFS using cross account policy on the efs. 2) Access to the efs is via network, thats why vpc peering is needed. https://aws.amazon.com/blogs/storage/mount-amazon-efs-file-systems-cross-account-from-amazon-eks/
upvoted 3 times
...
RVivek
1 year, 8 months ago
Selected Answer: AEF
A & E are obvious answers. D is wrong Lamda execuation role is in account B. You cannot directly assign permission to that role . Instead you add AWS STS AssumeRole API call to your Lambda function's code in account B
upvoted 4 times
...
sb333
1 year, 9 months ago
Selected Answer: ADE
https://docs.aws.amazon.com/efs/latest/ug/create-file-system-policy.html (Answer A) https://aws.amazon.com/blogs/compute/using-amazon-efs-for-aws-lambda-in-your-serverless-applications/ (Answer D) https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html (Answer E)
upvoted 4 times
...
unknownuser123
1 year, 9 months ago
Selected Answer: AEF
AEF Makes more sense
upvoted 3 times
...
emupsx1
1 year, 9 months ago
The answer is AEF because: A few hours ago, I just finished the DOP-C02 exam. My score is 1000 points. This question has come up, I choose AEF.
upvoted 4 times
CirusD
1 year, 9 months ago
I am sure you didn't get 1000 if you got this answer wrong
upvoted 3 times
...
sb333
1 year, 9 months ago
Please provide supporting links, since the documentation points to ADE. https://docs.aws.amazon.com/efs/latest/ug/create-file-system-policy.html (Answer A) https://aws.amazon.com/blogs/compute/using-amazon-efs-for-aws-lambda-in-your-serverless-applications/ (Answer D) https://docs.aws.amazon.com/lambda/latest/dg/services-efs.html (Answer E)
upvoted 3 times
sb333
1 year, 9 months ago
Another support for D and not F. https://repost.aws/knowledge-center/access-efs-across-accounts This talks about assigning IAM permissions on the account B side, with EFS located in account A. For Lambda, those IAM permissions are part of the execution role. There is nothing indicating the need for using roles from account A. Only an EFS file system policy in account A. And of course peering is needed between the two accounts. If you did get 1000 points, and you selected AEF, this could have been one of those questions that did not count against your raw score. AWS will have some questions that are not included in your score, but are questions that may be new and are being evaluated.
upvoted 2 times
...
...
zain1258
1 year, 5 months ago
In exam there are a few questions that does not have any impact on your score. No matter you mark them right or wrong.
upvoted 1 times
...
...
ogwu2000
1 year, 9 months ago
ADF for me
upvoted 1 times
ogwu2000
1 year, 9 months ago
E is wrong . All accounts in same VPC so, you cant do VPC peering.
upvoted 1 times
...
...
devnv
1 year, 11 months ago
AEF are correct
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago