Reinforce PAS-C01 concepts with active-recall study cards covering all 4 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For PAS-C01 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the PAS-C01 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your PAS-C01 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real PAS-C01 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass PAS-C01.
Sample cards from the PAS-C01 flashcard bank. Read the question, think of the answer, then read the explanation below.
A company is planning to migrate its SAP S/4HANA system to AWS. The system requires high availability with an RTO of less than 30 minutes and RPO of less than 15 minutes. The SAP application layer runs on Linux. Which architecture should a solutions architect recommend to meet these requirements?
Deploy a single EC2 instance for the SAP application and database in one Availability Zone, and take hourly snapshots of the EBS volumes.
Option B is the only viable choice to meet the RTO of less than 30 minutes and RPO of less than 15 minutes for an SAP S/4HANA system on AWS. Although the option states hourly snapshots, in practice snapshots can be taken more frequently (e.g., every 5 minutes) to achieve the required RPO. On instance failure, a new EC2 instance can be launched from the latest snapshot, and with automation the RTO can be under 30 minutes. The SAP application layer is stateless and can be restored quickly. Options A and C do not provide adequate recovery for the database (A relies on backups, C uses ephemeral instance store). Option D is invalid because Amazon RDS does not support SAP HANA as a managed database service.
A company is running a web application on EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. During a flash sale, the application experiences a sudden spike in traffic, but the Auto Scaling group does not scale out quickly enough, causing some requests to fail. Which solution would improve the scaling responsiveness?
Add a scheduled scaling action to increase capacity before the flash sale.
Option B is correct because a scheduled scaling action proactively increases capacity before the flash sale, eliminating the lag inherent in dynamic scaling policies. Dynamic scaling reacts to metrics like average CPU utilization, which can take minutes to trigger and propagate, causing request failures during sudden spikes. By pre-scaling, the Auto Scaling group has sufficient instances ready to handle the traffic surge immediately.
A company is migrating a legacy .NET application to AWS. The application uses Windows Authentication and relies on Active Directory for user authentication. The company wants to minimize changes to the application code. Which AWS service should be used to integrate Active Directory with the migrated application?
AWS Directory Service for Microsoft Active Directory
AWS Directory Service for Microsoft Active Directory is the correct choice because it provides a fully managed Microsoft Active Directory in the AWS cloud, which natively supports Windows Authentication and Kerberos-based authentication without requiring any code changes. This service allows the migrated .NET application to seamlessly integrate with the existing on-premises Active Directory through a trust relationship or by extending the directory directly into AWS, preserving the application's authentication logic.
A company runs a production EC2 instance that experiences intermittent connectivity issues. The instance is part of an Auto Scaling group behind an Application Load Balancer. Which step should be taken FIRST to diagnose the issue?
Review CloudWatch metrics for the instance and the ALB target group
Reviewing CloudWatch metrics for the instance and the ALB target group is the correct first step because it provides immediate visibility into the root cause of intermittent connectivity issues. Metrics such as TargetResponseTime, RequestCount, and HealthyHostCount can reveal whether the problem is due to high latency, request failures, or the instance being marked unhealthy by the ALB health checks. This data-driven approach avoids unnecessary changes and aligns with the AWS Well-Architected Framework's principle of observability.
A company runs SAP S/4HANA on AWS. The environment includes an SAP HANA database on an EC2 instance with multiple EBS volumes for data, log, and backup. The backup strategy uses AWS Backup to create daily snapshots of all EBS volumes. During a disaster recovery test, the team discovers that the snapshots are not crash-consistent and the database cannot be restored to a consistent state. The backup window is set to 2 AM daily. What should the team do to ensure crash-consistent backups?
Configure AWS Backup to create multi-volume crash-consistent snapshots for the instance.
Option A is correct. AWS Backup supports creating multi-volume crash-consistent snapshots, which ensures that all EBS volumes are snapshotted at the same point in time. This provides crash consistency for the SAP HANA database. Option B is incorrect because while SAP HANA backup to S3 is a valid backup method, the question specifically asks about ensuring crash-consistent EBS snapshots. Option C is incorrect because taking individual snapshots sequentially does not guarantee cross-volume consistency. Option D is incorrect because stopping the instance causes unnecessary downtime; crash-consistent snapshots can be achieved without stopping the instance.
A company runs SAP S/4HANA on AWS with a High Availability (HA) cluster spanning two Availability Zones (us-east-1a and us-east-1b). The cluster uses an Amazon FSx for NetApp ONTAP file system for the global transport directory. Recently, the cluster experienced a split-brain situation, leading to data corruption. The administrator wants to prevent this from recurring. The current setup uses a single FSx file system mounted on both cluster nodes. What should the administrator do to prevent split-brain?
Configure a STONITH (Shoot The Other Node In The Head) mechanism using AWS Lambda
Option C is correct because STONITH (Shoot The Other Node In The Head) is a fencing mechanism that ensures a failed node is forcefully isolated or powered off before the other node takes over, preventing split-brain scenarios in High Availability clusters. Option A is incorrect because adding a third node increases complexity without addressing the root cause of split-brain. Option B is incorrect because increasing memory does not affect cluster communication or fencing. Option D is incorrect because cross-region replication is for disaster recovery, not for preventing split-brain.
A company is planning to migrate its SAP landscape to AWS. The landscape includes development, quality assurance, and production systems. The company wants to minimize costs by reusing resources across environments. Which AWS feature should be used to enforce resource tagging and compliance?
AWS Service Catalog with tag options.
Option D is correct because AWS Service Catalog allows organizations to create and manage a catalog of approved IT services, and with tag options, it can enforce tagging and compliance policies. Option A is incorrect because AWS CloudFormation templates can include tags but do not enforce tagging policies across environments; they are for provisioning infrastructure. Option B is incorrect because AWS Resource Access Manager is used to share resources across accounts, not to enforce tagging or compliance. Option C is incorrect because AWS Config rules can monitor and enforce tagging compliance, but they are reactive rather than proactive governance; Service Catalog provides a more comprehensive solution for enforcing tagging during provisioning.
A company is migrating its SAP ERP system running on Oracle Database to SAP HANA on AWS. The current on-premises environment has a 5 TB Oracle database with high transaction volume. The migration must be completed within a 4-hour downtime window. The target environment on AWS uses an SAP-certified instance with 1 TB of RAM. The company has a 1 Gbps AWS Direct Connect connection. The migration team is considering using SAP DMO with SUM. However, during a test run, the database export took 6 hours, exceeding the downtime window. What should the migration team do to meet the 4-hour downtime window?
Use the SAP HANA Database Migration Option (DMO) with the 'load and move' method
Option B is correct because using the SAP HANA Database Migration Option (DMO) with the 'load and move' method allows the initial data load to be performed during the preparation phase before the downtime window, and only a delta transfer (incremental data) during the actual downtime. This significantly reduces the downtime required compared to the standard DMO method that does the full export and import during downtime. Option A is wrong because performing a system copy to Oracle on AWS first does not directly migrate to SAP HANA and adds unnecessary steps and time. Option C is wrong because upgrading to a larger EC2 instance may improve processing speed but does not address the bottleneck of the 1 Gbps network bandwidth; the export time is limited by network speed. Option D is wrong because AWS Snowball Edge introduces additional time for shipping and data transfer, which would likely exceed the 4-hour window, and it is not optimized for the delta sync required for such a short downtime.
An SAP administrator is migrating an on-premises SAP system to AWS using this IAM policy. When attempting to launch a new EC2 instance from an AMI stored in the S3 bucket, the launch fails. What is the likely cause?
The IAM policy does not include ec2:RunInstances.
The launch fails because the IAM policy does not include the ec2:RunInstances permission, which is required to launch new EC2 instances. Option A is incorrect because the ability to stop or start instances is not relevant to launching new instances. Option C is incorrect because the failure is due to the IAM policy, not the S3 bucket policy; the IAM policy may allow s3:GetObject but that does not overcome the lack of ec2:RunInstances. Option D is incorrect because describing instances is not a prerequisite for launching.
An SAP administrator receives an alert that the SAP application server is not responding. The administrator checks the EC2 console and sees that the instance state is 'running' but the status checks have failed. Which step should be taken first to restore the SAP application?
Use the EC2 console to stop and start the instance, which will move it to new underlying hardware.
When status checks fail, the instance may have underlying hardware issues. Stopping and starting the instance (Option B) moves it to new hardware, which can resolve hardware-related failures and restore the SAP application. Option A is incorrect because terminating the instance loses the existing configuration and EBS volumes (unless termination protection is disabled and volumes are set to survive). Option C is incorrect because rebooting only restarts the OS; it does not change the underlying hardware, so hardware issues persist. Option D is incorrect because creating a new instance and attaching existing volumes is more time-consuming and complex; the simpler stop/start action should be attempted first.
A company is migrating a large SAP HANA system to AWS. The SAP system has strict latency requirements for storage and requires high IOPS. Which storage solution should be used for the SAP HANA data volume?
Amazon EBS io2 Block Express volumes
SAP HANA on AWS requires high-performance storage with high IOPS and sub-millisecond latency. Amazon EBS io2 Block Express volumes provide up to 256K IOPS and sub-millisecond latency, making them the appropriate choice for the SAP HANA data volume. Option A (Amazon S3) is object storage, not block storage, and is unsuitable for database volumes. Option C (Amazon EFS) is file storage, also not block storage. Option D (Amazon EBS gp3 volumes) is general purpose SSD but does not match the performance of io2 Block Express for HANA workloads.
A company manages a multi-account AWS environment using AWS Organizations. The operations team needs to ensure that all accounts have CloudTrail enabled and that logs are delivered to a centralized S3 bucket. What is the MOST efficient way to enforce this configuration?
Deploy an AWS CloudFormation StackSet with a template that enables CloudTrail and configures the S3 bucket in every account and region.
Option B is correct because AWS CloudFormation StackSets allow you to deploy a CloudTrail configuration template across multiple accounts and regions in a single, automated operation. This approach ensures consistent enforcement of the policy without manual intervention, leveraging the centralized management capabilities of AWS Organizations.
A company is running SAP HANA on an r5.8xlarge instance. They want to scale up to meet increased memory requirements. Which instance family would be the MOST suitable for a scale-up scenario?
x1e.32xlarge
The x1e.32xlarge instance is part of the X1e family, which is specifically designed for high-memory workloads like SAP HANA. With 3,904 GiB of memory, it provides the largest memory capacity among AWS instances, making it the most suitable for scaling up SAP HANA to meet increased memory requirements. SAP HANA is an in-memory database, so scaling up requires instances with high memory-to-vCPU ratios, which the X1e family delivers.
A company is running SAP on AWS and needs to design a disaster recovery (DR) solution with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 4 hours. The primary region is us-east-1 and the DR region is us-west-2. The SAP application uses an SAP HANA database with a size of 2 TB. Which combination of AWS services should be used to meet the DR requirements most cost-effectively?
Configure HANA System Replication (HSR) across regions and use a standby HANA instance in us-west-2 with a smaller instance size.
Option D is correct because HANA System Replication (HSR) is the native SAP HANA replication technology that can achieve an RPO of 15 minutes or less by asynchronously replicating data across regions. By using a smaller standby instance in us-west-2, the solution meets the RTO of 4 hours (since the standby can be scaled up or promoted quickly) while minimizing ongoing DR costs. This approach is purpose-built for SAP HANA and avoids the overhead of third-party tools or backup-based restores.
A company runs a containerized application on Amazon ECS with Fargate launch type. The application needs to access an Amazon RDS database that is in a private subnet. The ECS tasks are also in private subnets. The security group for the RDS instance allows inbound traffic on port 3306 from the security group attached to the ECS tasks. However, the application cannot connect to the database. Which solution should the company implement to resolve this issue?
Attach the same security group to the ECS tasks and the RDS instance, and ensure the security group has an inbound rule allowing traffic from itself on port 3306
Option B is correct because when using security group IDs in inbound rules, the traffic is evaluated based on the source security group's network interfaces, not the IP addresses. However, for this to work, the security group must be attached to the ECS tasks' elastic network interfaces (ENIs). By attaching the same security group to both the ECS tasks and the RDS instance, and adding a self-referencing inbound rule for port 3306, the RDS instance will accept traffic from any resource that has that security group attached, including the ECS tasks. This resolves the connectivity issue because the security group rule correctly identifies the source by the security group ID, not by IP.
A company is migrating a legacy monolithic application to a microservices architecture on AWS. The application currently uses an Oracle database with complex stored procedures. The company wants to minimize changes to the application code during migration. Which database migration strategy should the company use?
Replatform the application by migrating the Oracle database to Amazon RDS for Oracle
Option D is correct because the company wants to minimize changes to the application code during migration. By replatforming the Oracle database to Amazon RDS for Oracle, the application can continue to use the same Oracle database engine, stored procedures, and SQL dialect with minimal or no code changes. This approach avoids the need to rewrite complex stored procedures or adapt to a different database engine, which would be required with other migration strategies.
A company runs a stateful web application on EC2 instances in an Auto Scaling group with a dynamic scaling policy based on CPU utilization. The application maintains session state in memory on each instance. Users report that they are frequently logged out and lose their session data during scaling events. What should the company do to resolve this issue?
Modify the application to store session state in an Amazon ElastiCache cluster
Option C is correct because storing session state externally in ElastiCache decouples session data from individual EC2 instances. This ensures that when instances are terminated or added during scaling events, users retain their session state regardless of which instance serves their request. ElastiCache provides a low-latency, in-memory cache that is ideal for session persistence in stateful web applications.
A company is migrating a legacy .NET application to AWS. The application uses Windows Authentication and relies on Active Directory for user authentication. The company wants to minimize changes to the application code. Which AWS service should be used to integrate Active Directory with the migrated application?
AWS Directory Service for Microsoft Active Directory
AWS Directory Service for Microsoft Active Directory is the correct choice because it provides a fully managed Microsoft Active Directory in the AWS cloud, which natively supports Windows Authentication and Kerberos-based authentication without requiring any code changes. This service allows the migrated .NET application to seamlessly integrate with the existing on-premises Active Directory through a trust relationship or by extending the directory directly into AWS, preserving the application's authentication logic.
A company is migrating a web application from an on-premises data center to AWS. The application uses a MySQL database that is 500 GB in size. The company wants to minimize downtime during the migration. Which approach should the company use?
Use AWS Database Migration Service (DMS) with ongoing replication
AWS Database Migration Service (DMS) with ongoing replication (change data capture, CDC) allows you to perform a live migration with minimal downtime. You can start a full load of the 500 GB MySQL database while the source remains operational, then enable CDC to replicate ongoing changes until you cut over to the target RDS instance, reducing the downtime window to seconds.
A company is migrating a multi-tier application to AWS. The application includes a load balancer, web servers, and an Oracle database. The migration plan includes using AWS DMS for the database. During the initial full load, the DMS task fails with an error indicating insufficient memory. The source database is on an EC2 instance with 4 GB RAM. What should the migration team do to resolve this issue?
Increase the size of the DMS replication instance
Option C is correct because the error 'insufficient memory' during the initial full load in AWS DMS typically indicates that the replication instance does not have enough memory to handle the data volume or LOB processing. Increasing the size of the DMS replication instance provides more memory for caching, transformation, and LOB handling, directly resolving the resource constraint without altering the source database or task structure.
A company is migrating a web application to AWS and wants to use a blue/green deployment strategy to minimize downtime. Which AWS service should be used to route traffic between the blue and green environments?
Amazon Route 53
Amazon Route 53 is correct because it supports weighted DNS routing, which allows you to shift traffic gradually between blue and green environments by adjusting the weight values for DNS records. This enables a blue/green deployment strategy with minimal downtime, as Route 53 can route a percentage of traffic to the new environment while keeping the old environment active for rollback.
An organization is migrating a large data lake (500 TB) from on-premises HDFS to Amazon S3. The migration must be completed within 3 weeks. The network bandwidth between on-premises and AWS is 1 Gbps. What is the MOST efficient migration approach?
Use multiple AWS Snowball Edge devices to transfer the data in parallel.
Given the 500 TB data volume and a 3-week deadline, the 1 Gbps network bandwidth yields a theoretical maximum transfer of only ~340 TB in 3 weeks (1 Gbps * 21 days * 86400 seconds / 8 bits per byte), which is insufficient. AWS Snowball Edge devices provide a petabyte-scale, offline data transfer solution that bypasses network constraints entirely, allowing parallel transfers to meet the timeline. This is the most efficient approach because it avoids network bottlenecks and leverages physical shipping for massive datasets.
The PAS-C01 flashcard bank covers all 4 official blueprint domains published by Amazon Web Services. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Design of SAP Workloads on AWS
Technology
Migration
Operations and Maintenance
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that PAS-C01 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.PAS-C01 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective PAS-C01 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
Yes. Courseiva provides free PAS-C01 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.
Courseiva has 1733+ original PAS-C01 flashcards across all 4 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official Amazon Web Services exam objectives.
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official PAS-C01 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included