Amazon Web Services · Free Practice Questions · Last reviewed May 2026
24real exam-style questions organised by domain, each with the correct answer highlighted and a plain-English explanation of why it's right — and why the others are wrong.
A company is planning to migrate its SAP S/4HANA system to AWS. The system requires high availability with an RTO of less than 30 minutes and RPO of less than 15 minutes. The SAP application layer runs on Linux. Which architecture should a solutions architect recommend to meet these requirements?
Deploy the SAP application on a single EC2 instance and use S3 for database backups with cross-region replication.
Deploy a single EC2 instance for the SAP application and database in one Availability Zone, and take hourly snapshots of the EBS volumes.
Use two EC2 instances in an Auto Scaling group with instance store volumes for the database, and store application files on S3.
Deploy the SAP application on two EC2 instances in different AZs with a shared EFS file system, and use a multi-AZ RDS for SAP HANA with synchronous replication.
Multi-AZ deployment with synchronous replication meets RPO; EFS provides shared storage for quick failover.
A company runs SAP Business Suite on an SAP HANA database on AWS. The database uses EBS gp2 volumes. The operations team notices high latency during peak hours. The metrics show that the volume queue depth is consistently above the recommended threshold. What is the MOST cost-effective change to reduce latency?
Migrate from gp2 to io2 EBS volumes with the same size.
Modify the volume to use Provisioned IOPS (io1) with a higher IOPS value.
Add an additional EBS volume and stripe the volumes using LVM.
Increase the size of the existing EBS gp2 volume to a larger size.
Larger gp2 volumes have higher baseline IOPS, reducing queue depth.
A company has an SAP HANA database running on an EC2 instance with 1.9 TB of memory. The database requires persistent storage. The solutions architect must choose a storage configuration that provides the highest IOPS and throughput while maintaining data durability. Which storage option should the architect choose?
Use multiple io2 EBS volumes with Block Express striped together using LVM.
Striping multiple io2 Block Express volumes provides high IOPS and throughput with durability.
Use a single io2 Block Express EBS volume of the required size.
Use multiple gp3 EBS volumes striped together with LVM.
Use NVMe instance store volumes for the HANA data and log areas.
A company runs its SAP ERP system on AWS. The database is SAP HANA on an EC2 instance. The system is critical and requires a recovery point objective (RPO) of less than 5 minutes and a recovery time objective (RTO) of less than 2 hours. Which solution meets these requirements with the LEAST operational overhead?
Use AWS Backup with the SAP HANA Backup and Restore feature (Backint integration) to perform continuous backups to S3.
Continuous backups provide low RPO; automated restore meets RTO with low overhead.
Use EBS snapshots of the root and data volumes taken every 5 minutes.
Set up HANA system replication across two EC2 instances in different Availability Zones with manual failover.
Schedule manual HANA backups to S3 using cron scripts and hdbsql commands.
A company is designing a new SAP environment on AWS. The SAP application servers communicate with the database over the network. The architect wants to minimize latency and maximize throughput. Which placement strategy should the architect use?
Place all servers in a single Availability Zone and use a cluster placement group.
Cluster placement group provides low latency and high throughput.
Place the application servers in one Availability Zone and the database in a different Availability Zone.
Place the application servers in one VPC and the database in a different VPC connected via VPC peering.
Place the application servers in one AWS Region and the database in another Region.
A company is migrating its SAP NetWeaver system to AWS and wants to implement a high-availability architecture for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which TWO of the following are required components in a recommended AWS HA setup for ASCS and ERS?
A shared file system (e.g., Amazon EFS) to store the SAP transport directory and global profile.
ASCS and ERS require shared storage for transport directory.
An Application Load Balancer to distribute traffic between ASCS and ERS instances.
A floating IP address (using Elastic IP or Route 53 health checks) to manage the ASCS virtual hostname.
A virtual IP is required for ASCS failover.
A read replica of the SAP HANA database to offload application traffic.
A secondary Windows Server Failover Cluster in a different Availability Zone.
Want more Design of SAP Workloads on AWS practice?
Practice this domainA company is running a web application on EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. During a flash sale, the application experiences a sudden spike in traffic, but the Auto Scaling group does not scale out quickly enough, causing some requests to fail. Which solution would improve the scaling responsiveness?
Increase the cooldown period for the dynamic scaling policy.
Add a scheduled scaling action to increase capacity before the flash sale.
Scheduled scaling proactively adds capacity ahead of known traffic spikes.
Decrease the cooldown period for the dynamic scaling policy.
Disable scale-in to prevent the Auto Scaling group from terminating instances during the sale.
A company is migrating a legacy application to AWS. The application uses a custom TCP protocol and requires session persistence. The application runs on a fleet of EC2 instances behind a Network Load Balancer (NLB). The current configuration uses a TCP listener with 'source IP' stickiness. However, some clients are being routed to different instances mid-session, causing application errors. What is the most likely cause and solution?
The NLB does not support source IP stickiness; use a Classic Load Balancer instead.
Clients are behind a NAT gateway, so the source IP changes between requests, breaking stickiness. Use a 'stitched' cookie or switch to an Application Load Balancer.
NAT changes the source IP, which defeats source IP stickiness.
The NLB has cross-zone load balancing enabled, which distributes traffic across instances in different Availability Zones.
The idle timeout of the NLB is too low, causing the NLB to close connections prematurely.
A solutions architect is designing a disaster recovery plan for a critical application that runs on Amazon RDS for PostgreSQL. The application requires a Recovery Point Objective (RPO) of less than 5 seconds and a Recovery Time Objective (RTO) of less than 1 minute. Which RDS deployment option meets these requirements?
A single-AZ deployment with cross-Region automated backups.
A single-AZ deployment with a standby instance manually promoted.
A Multi-AZ deployment with synchronous replication.
Multi-AZ provides synchronous replication and automatic failover.
A Multi-AZ deployment with a Read Replica in a different Region.
A company is using AWS CloudFormation to manage infrastructure. The development team wants to deploy a new version of a stack that updates an existing RDS DB instance's DB engine version. The update requires a replacement of the database. Which CloudFormation stack policy setting allows the update to proceed while preventing other resources from being replaced or updated?
Set a stack policy that allows updates to RDS resources only.
Set a stack policy that allows updates to the specific RDS DB instance resource.
Stack policies can be written to allow updates to specific resources.
Set a stack policy that denies all updates.
Set a stack policy that allows all updates.
A company is running a stateful application on EC2 instances in an Auto Scaling group. The instances store session state locally. The group uses a simple scaling policy based on network traffic. The company notices that when instances are terminated during scale-in, active sessions are lost. What is the MOST effective way to preserve session state during scaling events?
Use a step scaling policy instead of a simple scaling policy.
Use a lifecycle hook to gracefully drain sessions before instance termination.
Lifecycle hooks allow instances to perform custom actions before being terminated.
Increase the cooldown period for the Auto Scaling group.
Use a launch configuration that enables termination protection.
A company is designing a microservices architecture on Amazon ECS with Fargate. The services need to communicate securely and be accessible only within the VPC. Which TWO steps should the solutions architect take to meet these requirements? (Choose TWO.)
Attach an Internet Gateway to the VPC and configure route tables for the private subnets.
Place the Fargate tasks in public subnets to allow them to communicate with each other through the internet gateway.
Use AWS Cloud Map for service discovery and register a public DNS name for each service.
Use an internal Application Load Balancer to distribute traffic between services.
Internal ALB routes traffic within the VPC.
Create a VPC endpoint for Amazon ECS to allow the service to call the ECS API without internet access.
VPC endpoints keep API traffic within the VPC.
Want more Technology practice?
Practice this domainA company is migrating a legacy .NET application to AWS. The application uses Windows Authentication and relies on Active Directory for user authentication. The company wants to minimize changes to the application code. Which AWS service should be used to integrate Active Directory with the migrated application?
AWS Directory Service for Microsoft Active Directory
Provides full managed AD with native support for Windows Authentication.
Amazon Cognito
AD Connector
Simple AD
A company is migrating a 50 TB Oracle database to Amazon RDS for Oracle using AWS DMS. The source database is running on-premises and the network link has a bandwidth of 100 Mbps. The migration must complete within 5 days. What is the MOST effective approach to meet the deadline?
Provision a Direct Connect connection to increase bandwidth
Use AWS Snowball to transfer the data offline, then use DMS for CDC
Snowball transfers data physically, meeting the 5-day window; DMS handles ongoing changes.
Use AWS DMS with full load and change data capture (CDC) online
Use AWS Schema Conversion Tool (SCT) to convert schema, then DMS for data
A company is migrating a web application from an on-premises data center to AWS. The application uses a MySQL database that is 500 GB in size. The company wants to minimize downtime during the migration. Which approach should the company use?
Use an RDS read replica and promote it
Use AWS Database Migration Service (DMS) with ongoing replication
DMS migrates data while changes are replicated, minimizing downtime.
Stop the database, take a mysqldump, and restore to RDS
Use AWS Schema Conversion Tool (SCT) to migrate the schema and data
A company is migrating a multi-tier application to AWS. The application includes a load balancer, web servers, and an Oracle database. The migration plan includes using AWS DMS for the database. During the initial full load, the DMS task fails with an error indicating insufficient memory. The source database is on an EC2 instance with 4 GB RAM. What should the migration team do to resolve this issue?
Disable LOB support in the DMS task
Split the migration into multiple smaller tasks
Increase the size of the DMS replication instance
More memory on the replication instance can handle large data loads.
Increase the memory of the source EC2 instance
A company is migrating a legacy application to AWS that requires a static IP address for client whitelisting. The application will run on EC2 instances behind an Application Load Balancer (ALB). The company wants to ensure the IP address does not change over time. What should the company do?
Assign an Elastic IP to each EC2 instance
Use Route 53 latency-based routing to point to the ALB
Use AWS Global Accelerator to get two static IP addresses
Use a Network Load Balancer (NLB) with an Elastic IP address
NLB supports static IP via Elastic IP, which can be whitelisted.
A company is migrating a 10 TB SQL Server database to Amazon RDS for SQL Server using AWS DMS. The migration is taking longer than expected. Which TWO actions can improve the migration speed? (Choose two.)
Use a single DMS task with full LOB mode
Enable parallel loading by splitting tables into multiple tasks
Parallel tasks utilize more resources and speed up data transfer.
Use S3 multipart upload for the data
Increase the DMS replication instance size
Larger instance provides more network, CPU, and memory throughput.
Disable transaction logging on the source
Want more Migration practice?
Practice this domainA company runs a production EC2 instance that experiences intermittent connectivity issues. The instance is part of an Auto Scaling group behind an Application Load Balancer. Which step should be taken FIRST to diagnose the issue?
Modify the security group to allow all traffic temporarily
Review CloudWatch metrics for the instance and the ALB target group
CloudWatch metrics provide baseline data for troubleshooting connectivity issues.
Terminate the instance and let Auto Scaling launch a new one
Attach an additional Elastic Network Interface (ENI) to the instance
A company uses AWS Systems Manager Patch Manager to patch a fleet of EC2 instances. After a recent patching operation, some instances failed with the error 'Unable to retrieve patch baseline'. The instances are in a private subnet with a VPC endpoint for SSM. What is the MOST likely cause?
The VPC endpoint for SSM does not have a security group that allows HTTPS outbound to the endpoint
Missing outbound HTTPS from the instance to the SSM endpoint prevents communication.
The CodeDeploy agent on the instances is outdated
The instances are not registered as managed instances with the SSM ManagedInstance role
The instances do not have an IAM instance profile attached
A company runs a critical application on an EC2 instance that uses a large EBS volume for database storage. The volume is not encrypted at rest. To meet compliance requirements, the company must enable encryption on the volume with minimal downtime. Which solution meets these requirements?
Take a snapshot of the volume with encryption enabled, create a new encrypted volume from the snapshot, detach the original volume, and attach the new volume
Creating an encrypted snapshot and restoring it to a new encrypted volume is the standard procedure with minimal downtime.
Use the AWS Management Console to modify the volume and enable encryption in place
Take a snapshot of the volume, copy the snapshot with encryption enabled, then restore to a new volume and attach it to the instance
Detach the volume, enable encryption using the ModifyVolume API, then reattach
A DevOps engineer needs to automatically restart a specific service on an EC2 instance whenever the service crashes. The instance is running Amazon Linux 2. Which approach is the MOST operationally efficient?
Set up a CloudWatch alarm that triggers an SSM Run Command to restart the service
Write a cron job that checks the service status every minute and restarts it if needed
Configure the service as a systemd unit with Restart=on-failure
systemd is the native init system and handles restarts efficiently.
Use an AWS Lambda function that polls the service status and calls the EC2 reboot API
A company has a CloudFormation stack that creates an EC2 instance with a custom AMI. The stack fails with the error 'Resource creation cancelled' during creation. The engineer checks the stack events and sees that the EC2 instance creation succeeded, but the subsequent creation of an EBS volume failed. What is the MOST likely reason for the failure?
The EC2 instance creation failed and then was cancelled
The EC2 instance had a DeletionPolicy of Retain, which prevented rollback
The EBS volume creation failed, causing the stack to roll back and cancel the instance
If a subsequent resource fails, CloudFormation cancels previously created resources during rollback.
The EC2 instance depended on the EBS volume, and the dependency caused a timeout
A company is designing a disaster recovery strategy for a critical application that runs on EC2 instances with data stored on EBS volumes. The application requires RPO of 15 minutes and RTO of 1 hour. Which TWO approaches meet these requirements?
Use EBS Snapshots taken every 15 minutes and copy them to the DR region
EBS Snapshots can achieve 15-minute RPO.
Use AWS Backup with a backup plan that takes cross-region backups every 15 minutes
Use Amazon Machine Images (AMIs) backed by EBS snapshots, taken hourly
Use EBS Multi-Attach volumes to allow the DR instance to access the same volumes
Use EBS Reboot (not Stop/Start) to move the instance to the DR region with replicated volumes
Reboot can be used with volume replication to achieve RTO under 1 hour.
Want more Operations and Maintenance practice?
Practice this domainThe PAS-C01 exam has 65 questions and must be completed in 170 minutes. The passing score is 750/1000.
Scenario-based questions covering exam objectives with detailed answer explanations.
The exam covers 4 domains: Design of SAP Workloads on AWS, Technology, Migration, Operations and Maintenance. Questions are weighted by domain — higher-weight domains appear more on your actual exam.
No. These are original exam-style practice questions written against the official Amazon Web Services PAS-C01 exam objectives. They are not copied from the real exam. Courseiva focuses on genuine understanding, not memorisation of braindumps.
Courseiva tracks your accuracy per domain and routes you toward weak areas automatically. Free, no account required.