AWS Certified Solutions Architect - Professional (#159)

Which of the following rules must be added to a mount target security group to access Amazon Elastic File System (EFS) from an on-premises server?

Configure an NFS proxy between Amazon EFS and the on-premises server to route traffic.
Set up a Point-To-Point Tunneling Protocol Server (PPTP) to allow secure connection.
Permit secure traffic to the Kerberos port 88 from the on-premises server.
Allow inbound traffic to the Network File System (NFS) port (2049) from the on-premises server.