Amazon AWS Certified Solutions Architect - Professional SAP-C02 Exam Question & Answer: Secure and scalable containerized solution

Question

A company is planning to migrate an application to AWS. The application runs as a Docker container and uses an NFS version 4 file share.

A solutions architect must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure.

Which solution will meet these requirements?

A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.
B. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon FSx for Lustre for shared storage. Reference the FSx for Lustre file system ID, container mount point, and FSx for Lustre authorization IAM role in the ECS task definition.
C. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic File System (Amazon EFS) for shared storage. Mount the EFS file system on the ECS container instances. Add the EFS authorization IAM role to the EC2 instance profile.
D. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic Block Store (Amazon EBS) volumes with Multi-Attach enabled for shared storage. Attach the EBS volumes to ECS container instances. Add the EBS authorization IAM role to an EC2 instance profile.

Answer

Explanation 1

The solution that will meet the requirements is Option A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

Option B is incorrect because Amazon FSx for Lustre is not supported by Fargate launch type.
Option C is incorrect because it requires provisioning and management of the underlying infrastructure.
Option D is incorrect because Amazon Elastic Block Store (Amazon EBS) volumes do not support Multi-Attach.

Regarding security, you can specify an optional task execution IAM role with Fargate to allow your Fargate tasks to make API calls to Amazon ECR. The API calls pull container images. They also call CloudWatch to store container application logs.

Explanation 2

The requirements of this scenario are to have a secure and scalable containerized solution without provisioning or managing the underlying infrastructure. Amazon ECS with the Fargate launch type is suitable for this requirement, as it abstracts away the underlying infrastructure management, and you only pay for the vCPU and memory resources that your containerized application requests.

Since the application is using an NFS version 4 file share, Amazon EFS is the best choice for shared storage, as it provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources.

By referencing the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition, the application containers can securely and seamlessly access the shared storage provided by Amazon EFS.

Option B is incorrect because Amazon FSx for Lustre is designed for high-performance computing (HPC) workloads and not for general-purpose file sharing. It does not support NFS version 4 file share.

Option C is incorrect because it requires provisioning and management of the underlying infrastructure (EC2 instances), which is against the requirements.

Option D is incorrect because Amazon EBS volumes with Multi-Attach enabled are designed for block storage and not for shared file systems like NFS. Additionally, it requires provisioning and management of the underlying infrastructure (EC2 instances).

Explanation 3

The question you asked is about how to migrate an application to AWS that runs as a Docker container and uses an NFS version 4 file share. You must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure. The solution that will meet these requirements is A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

Amazon ECS is a fully managed container orchestration service that allows you to run and scale Docker containers on AWS. You can use ECS with two launch types: Fargate or EC2. Fargate is a serverless compute engine that abstracts away the underlying infrastructure and lets you focus on your containers. EC2 is a scalable compute service that lets you choose and manage your own EC2 instances for your containers.
Amazon EFS is a fully managed file storage service that provides a simple, scalable, and elastic NFS file system for use with AWS cloud services and on-premises resources. You can use EFS to share data across multiple containers or instances within a VPC or across multiple VPCs using VPC peering or transit gateway.
An ECS task definition is a JSON document that describes one or more containers that form your application. It contains parameters such as container image, CPU and memory requirements, environment variables, network mode, volumes, and IAM role.
By using ECS with Fargate and EFS, you can deploy your application containers without provisioning or managing any servers or clusters. You can also use EFS for shared storage across your containers and leverage its high availability, durability, scalability, and security features. You can reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition to enable your containers to access the EFS file system.

The other options are not correct because:

B. Deploy the application containers by using Amazon ECS with the Fargate launch type. Use Amazon FSx for Lustre for shared storage. Reference the FSx for Lustre file system ID, container mount point, and FSx for Lustre authorization IAM role in the ECS task definition. This option is not correct because Amazon FSx for Lustre is not compatible with NFS version 4 file share. FSx for Lustre is a fully managed file system that provides high-performance storage for compute-intensive workloads such as machine learning, high performance computing (HPC), video processing, and financial modeling. FSx for Lustre supports POSIX-compliant file systems and can be accessed from Linux-based instances using the Lustre client.
C. Deploy the application containers by using Amazon ECS with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic File System (Amazon EFS) for shared storage. Mount the EFS file system on the ECS container instances. Add the EFS authorization IAM role to the EC2 instance profile. This option is not correct because it requires provisioning or management of the underlying infrastructure. Using ECS with EC2 launch type means that you have to choose and manage your own EC2 instances for your containers. You also have to mount the EFS file system on each ECS container instance manually or using a user data script. This adds complexity and overhead to your solution.
D. Deploy the application containers by using Amazon ECS with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic Block Store (Amazon EBS) volumes with Multi-Attach enabled for shared storage. Attach the EBS volumes to ECS container instances. Add the EBS authorization IAM role to an EC2 instance profile. This option is not correct because it requires provisioning or management of the underlying infrastructure as well as additional configuration steps for shared storage. Using ECS with EC2 launch type means that you have to choose and manage your own EC2 instances for your containers. Using EBS volumes with Multi-Attach means that you have to enable Multi-Attach on each volume manually or using an API call, attach each volume to up to 16 Nitro-based instances in the same Availability Zone manually or using an API call, format each volume with a supported file system manually or using a user data script, and mount each volume on each instance manually or using a user data script. This adds complexity and overhead to your solution.

Explanation 4

The correct answer is A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

Here are the reasons why this solution is the best fit:

Amazon ECS with Fargate is a serverless compute service that allows you to run containers without having to provision or manage servers. This makes it a good choice for a solution that does not require provisioning or management of the underlying infrastructure.
Amazon EFS is a fully managed file system that can be used to store data for containerized applications. It is a good choice for shared storage because it is scalable and can be easily accessed by multiple containers.
The ECS task definition is a JSON file that defines the configuration of an ECS task. In this case, the task definition would need to specify the container image, the container port, and the EFS mount point.

The other options are not as good a fit for this solution:

Amazon FSx for Lustre is a high-performance file system that is designed for large-scale data processing. It is not as well-suited for general-purpose workloads as EFS.
Amazon EC2 with auto scaling is a good choice for a solution that requires provisioning or management of the underlying infrastructure. However, it is not necessary for this solution, because Fargate can automatically scale the number of containers as needed.
Amazon EBS volumes with Multi-Attach can be used to provide shared storage for containerized applications. However, they are not as scalable or cost-effective as EFS.

Explanation 5

To design a secure and scalable containerized solution for migrating an application to AWS that does not require provisioning or management of the underlying infrastructure, while using an NFS version 4 file share, the recommended solution is:

A. Deploy the application containers using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type is a fully managed container orchestration service provided by AWS. It removes the need for managing the underlying infrastructure, allowing you to focus on deploying and running containerized applications.

Amazon Elastic File System (Amazon EFS) is a fully managed, scalable file storage service that provides shared access to files for multiple Amazon EC2 instances or containers. NFS version 4 is supported by Amazon EFS, making it suitable for this scenario.

By deploying the application containers using Amazon ECS with the Fargate launch type, you can take advantage of the benefits of serverless container deployment, eliminating the need to manage the underlying infrastructure. Fargate provides the necessary compute resources to run the containers without requiring you to provision or manage EC2 instances.

Using Amazon EFS as the shared storage solution allows the application containers to access the required NFS version 4 file share. You can reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition. This ensures that the containers have the necessary permissions to access the EFS file system.

Option B, using Amazon FSx for Lustre, is not suitable for this scenario as it is a high-performance file system designed for use with compute-intensive workloads and is not compatible with NFS version 4.

Options C and D involve using Amazon EC2 instances and managing the underlying infrastructure, which contradicts the requirement of not needing to provision or manage the infrastructure.

In summary, to meet the requirements of a secure and scalable containerized solution without provisioning or managing the underlying infrastructure, while using an NFS version 4 file share, deploying the application containers using Amazon ECS with the Fargate launch type and utilizing Amazon EFS for shared storage is the recommended solution.

Explanation 6

This solution meets all of the requirements:

Amazon ECS with the Fargate launch type allows the company to deploy and manage containers without provisioning or managing any underlying infrastructure.
Amazon EFS provides a scalable and secure shared file system for the containers.
The EFS authorization IAM role allows the containers to access the EFS file system.

The other options do not meet all of the requirements:

Amazon FSx for Lustre is a high-performance file system that is not required for this application.
Deploying the application containers on Amazon EC2 instances with auto scaling turned on would require the company to provision and manage the underlying infrastructure.
Using Amazon EBS volumes with Multi-Attach enabled would not provide a scalable and secure shared file system for the containers.

Explanation 7

The explanation is as follows:

The question asks for a containerized solution that does not require provisioning or management of the underlying infrastructure. This means that the Fargate launch type is the best option, as it allows you to run containers without having to manage servers or clusters.

The question also specifies that the application uses an NFS version 4 file share, which is compatible with Amazon EFS. Amazon EFS provides a scalable and secure file system that can be accessed by multiple containers concurrently. Amazon FSx for Lustre, on the other hand, is optimized for high-performance computing workloads and does not support NFS version 4.

The question also requires a secure and scalable solution. By using Amazon EFS, you can leverage encryption at rest and in transit, as well as lifecycle management policies to reduce costs. By referencing the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition, you can ensure that the containers have the necessary permissions and access to the shared storage.

Therefore, option A is the correct answer.

Option B is incorrect because Amazon FSx for Lustre does not support NFS version 4 and is not suitable for this use case.
Option C is incorrect because it uses the EC2 launch type, which requires provisioning and management of the underlying infrastructure. It also introduces additional complexity by mounting the EFS file system on the ECS container instances, which is not necessary with the Fargate launch type.
Option D is incorrect because Amazon EBS volumes with Multi-Attach enabled are not supported by ECS. Moreover, Amazon EBS volumes are not designed for concurrent access by multiple containers and may result in data inconsistency or corruption.

Explanation 8

This solution meets all of the requirements:

It uses Amazon ECS, which is a fully managed container orchestration service. This means that the solutions architect does not need to worry about provisioning or managing the underlying infrastructure.
It uses Amazon EFS, which is a scalable, highly available, and durable file system. This ensures that the application data is always available and protected.
It uses the Fargate launch type, which allows the solutions architect to focus on developing the application and not on managing the underlying infrastructure.

The other options do not meet all of the requirements:

Option B uses Amazon FSx for Lustre, which is a high-performance file system. However, it is more expensive than Amazon EFS.
Option C uses Amazon EC2, which is a virtual machine service. This requires the solutions architect to provision and manage the underlying infrastructure.
Option D uses Amazon EBS, which is a block storage service. However, it is not as scalable or durable as Amazon EFS.

Here are some additional details about the solution:

Amazon ECS is a fully managed container orchestration service that makes it easy to deploy, manage, and scale containerized applications.
Amazon EFS is a scalable, highly available, and durable file system that can be used to store application data.
The Fargate launch type allows the solutions architect to focus on developing the application and not on managing the underlying infrastructure.

Explanation 9

The requirement is to design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure. Amazon ECS with the Fargate launch type meets this requirement as it abstracts the underlying infrastructure, allowing you to focus on deploying and managing your containerized application.

Since the application uses an NFS version 4 file share, Amazon Elastic File System (Amazon EFS) is the most suitable storage option. EFS provides a scalable and managed NFS file system that can be used across multiple instances or containers. With Amazon ECS task definition, you can reference the EFS file system ID, container mount point, and EFS authorization IAM role to seamlessly integrate EFS with your containerized application.

Option B is not suitable because Amazon FSx for Lustre is a high-performance file system designed for compute-intensive workloads and does not provide NFS version 4 support.

Option C is not suitable because it requires managing the underlying EC2 instances, which is against the requirement of not managing the underlying infrastructure.

Option D is not suitable because Amazon EBS volumes with Multi-Attach enabled do not support NFS version 4 and also require managing the underlying EC2 instances, which is against the requirement.

Reference

Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.

Amazon AWS Certified Solutions Architect – Professional SAP-C02 Exam Question & Answer: Secure and scalable containerized solution