You are working for a financial institute using AWS cloud infrastructure. All project-related data is uploaded to Amazon EFS. This data is retrieved from an on-premises data center connecting to VPC via AWS Direct Connect. You need to ensure that all client access to EFS is encrypted using TLS 1.2 to adhere to the security team`s latest security guidelines. Which of the following is a cost-effective recommended practice for securing data in transit while accessing data from Amazon EFS?

Answer options:

A.Use EFS mount helper to encrypt data in transit.
B.Use stunnel to connect to Amazon EFS & encrypt traffic in transit.
C.Use third-party tool to encrypt data in transit.
D.Use NFS client to encrypt data in transit.

Correct Answer – A
While mounting Amazon EFS, if encryption of data in transit is enabled, the EFS Mount helper initializes the client Stunnel process to encrypt data in transit. EFS Mount helper uses TLS 1.2 to encrypts data in transit.
Option B is incorrect as using Stunnel for encryption of data in transit will work fine, but additional admin work is needed to download & install Stunnel for each mount.
Option C is incorrect as using a third-party tool will be a costly option.
Option D is incorrect as the NFS client can’t be used to encrypt data in transit. The amazon-efs-utils package can be used, which consists of an EFS mount helper.
For more information on encrypting of data in transit for EFS, refer to the following URL-
https://docs.aws.amazon.com/efs/latest/ug/encryption-in-transit.html#encrypt-mount