Which of the following rules must be added to a mount target security group to access Amazon Elastic File System (EFS) from an on-premises server?
Configure an NFS proxy between Amazon EFS and the on-premises server to route traffic.
Set up a Point-To-Point Tunneling Protocol Server (PPTP) to allow secure connection.
Permit secure traffic to the Kerberos port 88 from the on-premises server.
Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.
Explanations:
An NFS proxy is not required to access Amazon EFS from an on-premises server. Direct NFS access is supported, and routing traffic through a proxy would add unnecessary complexity.
Setting up a PPTP server is not necessary for accessing Amazon EFS. EFS uses the NFS protocol, which can be accessed directly over the internet or a VPN without requiring a PPTP tunnel.
Kerberos port 88 is not required for accessing Amazon EFS unless Kerberos authentication is specifically being used. Most access to EFS does not involve Kerberos, and traffic should be focused on NFS.
Inbound traffic to the NFS port (2049) must be allowed from the on-premises server to access Amazon EFS, as EFS uses the NFS protocol, which operates on this port.
My best guess is:
Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.