Question 313 of 1,733
Operations and MaintenancehardMultiple SelectObjective-mapped

Quick Answer

The answer is to verify the health check settings on the target group, as this directly addresses the root cause of ALB 503 errors. When an Application Load Balancer returns a 503, it means it has no healthy targets to route traffic to, and the CloudWatch HealthyHostCount metric dropping to zero confirms that all EC2 instances are failing health checks. On the AWS Certified SAP on AWS Specialty PAS-C01 exam, this scenario tests your understanding of how ALB health checks interact with SAP application availability, often trapping candidates who jump to network ACLs or security groups instead of first checking target group configuration. A common memory tip is to remember that 503 means “service unavailable” from the load balancer’s perspective, so always start by diagnosing the health of the targets themselves rather than external connectivity.

PAS-C01 Operations and Maintenance Practice Question

This PAS-C01 practice question tests your understanding of operations and maintenance. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A company runs a production web application on EC2 instances behind an ALB. The operations team receives an alert that the application is returning HTTP 503 errors. Which THREE steps should be taken to diagnose the issue?

Question 1hardmulti select
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Check the ALB's HealthyHostCount metric in CloudWatch.

The ALB's HealthyHostCount metric in CloudWatch shows the number of healthy targets registered to the target group. A value of zero or a persistent drop indicates that all EC2 instances are failing health checks, which directly causes HTTP 503 errors because the ALB has no healthy targets to forward traffic to. This metric is the first place to check when diagnosing 503 errors, as it pinpoints whether the issue is with target health rather than network connectivity or load.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Review VPC Flow Logs to identify if traffic is reaching the ALB.

    Why it's wrong here

    Flow logs show network-level traffic, not application-level errors.

  • Check the ALB's HealthyHostCount metric in CloudWatch.

    Why this is correct

    Indicates if targets are passing health checks.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Check the CPU utilization of the EC2 instances in the Auto Scaling group.

    Why this is correct

    High CPU can cause instances to fail health checks.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Verify the health check settings on the target group.

    Why this is correct

    Misconfigured health checks can cause all targets to be considered unhealthy.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the misconception that CPU utilization or instance-level metrics are the primary cause of 503 errors, when in reality the ALB's health check mechanism and target group configuration are the direct cause, and CPU issues are only one possible underlying reason for health check failures.

Trap categories for this question

  • Command / output trap

    Flow logs show network-level traffic, not application-level errors.

Detailed technical explanation

How to think about this question

HTTP 503 errors from an ALB are typically caused by all targets in the target group failing health checks, which can happen due to misconfigured health check paths, timeouts, or application-level failures. The ALB's health check mechanism uses HTTP/HTTPS or TCP probes at a configurable interval (default 30 seconds) and marks a target unhealthy after a configurable number of consecutive failures (default 3). Under the hood, the ALB maintains a routing table of healthy targets; if the count drops to zero, it immediately returns 503 for all incoming requests, even if the instances are running and have low CPU.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A healthcare organisation deploys an application with a public-facing web tier and a private database tier. The database subnet has no public IP and only accepts connections from the web tier's security group. Questions like this test whether you can design cloud network isolation using VNets/VPCs, subnets, and security group rules.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related PAS-C01 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free PAS-C01 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this PAS-C01 question test?

Operations and Maintenance — This question tests Operations and Maintenance — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Check the ALB's HealthyHostCount metric in CloudWatch. — The ALB's HealthyHostCount metric in CloudWatch shows the number of healthy targets registered to the target group. A value of zero or a persistent drop indicates that all EC2 instances are failing health checks, which directly causes HTTP 503 errors because the ALB has no healthy targets to forward traffic to. This metric is the first place to check when diagnosing 503 errors, as it pinpoints whether the issue is with target health rather than network connectivity or load.

What should I do if I get this PAS-C01 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

1 more ways this is tested on PAS-C01

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. A company has an SAP system running on AWS that uses an Application Load Balancer (ALB) to distribute traffic to multiple EC2 instances. The operations team notices that the ALB is returning 503 errors intermittently. Which of the following is the MOST likely cause?

easy
  • A.The security group attached to the ALB is blocking inbound traffic from the targets.
  • B.The target instances are failing health checks.
  • C.The ALB does not have enough capacity to handle the traffic.
  • D.The SSL certificate on the ALB has expired.

Why B: Option B is correct because 503 errors typically indicate that the target instances are unhealthy or not responding. Option A is wrong because SSL certificate expiration causes 502 errors, not 503. Option C is wrong because security group rules blocking traffic would cause timeout or 502 errors. Option D is wrong because insufficient capacity would cause 502 errors if targets are overloaded, but 503 specifically indicates unhealthy targets.

Keep practising

More PAS-C01 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This PAS-C01 practice question is part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the PAS-C01 exam.