AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 10511125

1733 questions total · 24pages · All types, answers revealed

Page 14

Page 15 of 24

Page 16
1051
MCQhard

A company runs SAP S/4HANA on AWS with a three-tier architecture. The operations team receives alerts that the application server's CPU utilization is consistently above 90%. The team wants to add an additional application server to distribute the load. Which AWS service should be used to register the new instance with the SAP system's load balancer?

A.Amazon CloudFront
B.Network Load Balancer (NLB)
C.Amazon Route 53
D.Application Load Balancer (ALB)
AnswerD

Registers EC2 instances as targets.

Why this answer

Option A is correct because ALB can register EC2 instances as targets. Option B is wrong because NLB is for TCP/UDP. Option C is wrong because CloudFront is for CDN.

Option D is wrong because Route 53 is for DNS.

1052
MCQhard

An organization is migrating a SAP ERP system to AWS. The system has a requirement for high availability for the SAP Central Services (ASCS) instance. Which architecture should be used to meet this requirement?

A.Deploy the ASCS on a single EC2 instance with a Multi-AZ RDS database.
B.Deploy two ASCS instances in different Availability Zones with a shared Amazon EFS or FSx for Windows File Server and a floating IP using Route 53.
C.Deploy two ASCS instances in different Availability Zones with an EBS volume attached to both.
D.Use an Application Load Balancer to distribute traffic between two ASCS instances.
AnswerB

Shared storage and floating IP meet ASCS HA requirements.

Why this answer

Option D is correct because SAP ASCS requires a shared filesystem and a floating IP for high availability. AWS provides this using EFS or FSx for shared storage and a Route 53 health check with a secondary IP or an NLB with a static IP. Option A is wrong because Multi-AZ RDS is for databases, not ASCS.

Option B is wrong because ALB does not support floating IPs. Option C is wrong because EBS volumes cannot be attached to multiple instances simultaneously.

1053
MCQhard

An SAP system running on AWS is experiencing high memory utilization on the application server. The team suspects a memory leak in the SAP ABAP application. Which tool or process should be used to identify the root cause?

A.Run SAP transaction STAD to analyze memory consumption per user and program.
B.Use the Linux 'top' command to identify the process consuming the most memory.
C.Use SAP HANA Studio to check memory consumption of the database.
D.Enable detailed CloudWatch memory metrics on the EC2 instance.
AnswerA

STAD provides detailed memory usage breakdown for ABAP programs.

Why this answer

Option A is correct because SAP STAD (Transaction STAD) provides detailed analysis of memory consumption by user and program. Option B is wrong because CloudWatch can show overall memory usage but not per-process details. Option C is wrong because OS-level tools like 'top' show memory per process but not ABAP-specific memory allocation.

Option D is wrong because SAP HANA Studio is for database, not application server memory.

1054
MCQhard

An SAP system on AWS is using a Multi-AZ deployment for high availability. The SAP Central Services (ASCS) and Enqueue Replication Server (ERS) are running on separate EC2 instances. During a failover test, the ASCS instance fails, but the ERS does not take over. What is the most likely cause?

A.The ERS instance does not have the required security group rules
B.The DNS TTL is set too high
C.The ERS instance is in a different subnet
D.The floating IP address is not configured to move to the ERS instance
AnswerD

Without floating IP reassignment, clients cannot reach the ERS.

Why this answer

SAP Enqueue Replication requires a floating IP address (using AWS Elastic IP or Route 53) that moves from ASCS to ERS during failover. If the floating IP is not properly configured, the ERS cannot take over. DNS resolution is not the primary method.

Health checks are not the issue. Instance type is irrelevant.

1055
MCQeasy

A company is migrating a legacy Oracle database to Amazon RDS for Oracle. The source database is 11.2.0.4 and the target is 12.1.0.2. Which AWS service should be used for the migration with minimal downtime?

A.Create an RDS read replica from the source database using Oracle Data Guard.
B.Use AWS Database Migration Service (DMS) with change data capture (CDC) from the source Oracle database.
C.Export the database to flat files, upload to Amazon S3, and restore using an RDS read replica.
D.Use AWS Schema Conversion Tool (SCT) to convert the schema and then use AWS Database Migration Service (DMS) for data replication.
AnswerB

DMS with CDC enables continuous replication with minimal downtime.

Why this answer

AWS DMS supports heterogeneous migrations and can replicate data with minimal downtime. Option B is correct because DMS can handle the version upgrade. Options A, C, and D are incorrect: SCT is for schema conversion, not data migration; Snowball is for offline data transfer; RDS CreateDBSnapshot is for backups, not live migration.

1056
Multi-Selectmedium

Which TWO AWS services can be used to monitor the performance of SAP HANA on AWS and set alarms? (Select TWO.)

Select 2 answers
A.AWS CloudTrail
B.AWS Config
C.AWS Trusted Advisor
D.Amazon CloudWatch
E.AWS Systems Manager
AnswersD, E

For monitoring and alarms.

Why this answer

Option A and C are correct. CloudWatch is for monitoring and alarms. Systems Manager can run scripts to collect metrics.

Option B is wrong because Config is for configuration. Option D is wrong because CloudTrail is for API logging. Option E is wrong because Trusted Advisor is for best practices.

1057
MCQmedium

An SAP system is experiencing high CPU utilization on the application server. The administrator wants to automatically scale the EC2 instance based on CPU usage. Which AWS service should be used?

A.Elastic Load Balancing
B.AWS Auto Scaling
C.AWS Lambda
D.Amazon CloudWatch
AnswerB

Auto Scaling can add or remove EC2 instances based on CPU utilization.

Why this answer

Auto Scaling with scaling policies based on CloudWatch alarms can automatically adjust the number of instances. Option B is correct. Option A is wrong because Elastic Load Balancing distributes traffic, not scaling.

Option C is wrong because CloudWatch monitors but does not scale. Option D is wrong because Lambda can be used but is not the primary service for EC2 scaling.

1058
MCQmedium

A company runs SAP ERP on AWS with an Oracle database on an r5.4xlarge instance. The system experiences performance degradation during month-end closing. Monitoring shows high CPU and I/O wait on the database server. The storage is EBS gp2 volumes. The company plans to migrate to SAP HANA in the future. What immediate change should be made to improve performance?

A.Implement AWS RDS Oracle read replicas to offload reporting queries.
B.Migrate the database to SAP HANA immediately to improve performance.
C.Change the EBS volumes from gp2 to gp3 to improve I/O performance and throughput.
D.Increase the EC2 instance size to r5.8xlarge to provide more CPU and memory.
AnswerC

gp3 offers more consistent performance and higher throughput at lower cost than gp2.

Why this answer

Switching from gp2 to gp3 provides better baseline performance and higher throughput at lower cost. Option A (increase instance size) might help but is more expensive. Option C (add read replicas) is for RDS, not self-managed Oracle.

Option D (migrate to HANA) is a longer-term solution, not immediate. Option B is the most immediate and cost-effective change.

1059
MCQeasy

A company uses an SAP HANA database on AWS. The database administrator wants to back up the database using Backint integration with AWS. Which AWS service is the recommended target for Backint backups?

A.Amazon EFS
B.Amazon EBS
C.Amazon S3 Glacier
D.Amazon S3
AnswerD

S3 is the recommended target for Backint.

Why this answer

Option A is correct because Amazon S3 is the standard target for SAP HANA Backint backups on AWS. Option B is incorrect because EBS is not directly used by Backint. Option C is incorrect because Glacier is not directly integrated with Backint.

Option D is incorrect because EFS is not used for Backint.

1060
MCQhard

A company is running SAP S/4HANA on AWS. The SAP application servers and database are in the same VPC. The security team requires encryption in transit between all SAP components. Which combination of services and configurations meets this requirement?

A.Use AWS Transit Gateway with encryption enabled.
B.Enable SAP SNC with TLS certificates on all SAP instances.
C.Use AWS VPN to connect all SAP instances to a single endpoint.
D.Create a VPC peering connection between the application and database subnets.
AnswerB

SNC encrypts SAP-specific communications.

Why this answer

Option B is correct because SAP SNC (Secure Network Communications) with TLS certificates provides end-to-end encryption for communication between SAP components, including application servers and databases, regardless of network topology. Since all SAP components reside in the same VPC, the encryption requirement is satisfied at the application layer without relying on network-level encryption. SNC ensures that data in transit between SAP systems is encrypted using X.509 certificates, meeting the security team's mandate.

Exam trap

The trap here is that candidates often assume network-level encryption services like Transit Gateway or VPN are required for in-transit encryption, but the question specifically requires encryption between SAP components, which is natively achieved through SAP SNC at the application layer, not through AWS networking features.

How to eliminate wrong answers

Option A is wrong because AWS Transit Gateway is a network transit hub for routing traffic between VPCs and on-premises networks, but it does not natively encrypt traffic between resources within the same VPC; encryption would require additional VPN or TLS configurations. Option C is wrong because AWS VPN creates an encrypted tunnel between a VPC and an external network, but it does not encrypt traffic between SAP components within the same VPC; using it to connect all instances to a single endpoint would add unnecessary complexity and latency without addressing internal encryption. Option D is wrong because VPC peering connects subnets or VPCs at Layer 3 without providing any encryption; traffic between peered subnets remains unencrypted unless additional measures like TLS are applied.

1061
MCQmedium

A company runs an SAP HANA database on an EC2 instance in a single Availability Zone. The database experiences performance degradation during peak hours. Which action should be taken to improve performance without changing the instance type?

A.Increase the provisioned IOPS on the EBS volumes
B.Enable detailed CloudWatch monitoring
C.Change the EBS volumes to gp3
D.Enable Enhanced Networking on the EC2 instance
AnswerD

Enhanced Networking reduces latency and improves network throughput.

Why this answer

Option B is correct because enabling Enhanced Networking reduces latency and improves throughput for HANA. Option A is wrong as increasing EBS IOPS may not address network bottlenecks. Option C is wrong because CloudWatch detailed monitoring does not improve performance.

Option D is wrong because switching to gp3 may not provide enough performance for HANA.

1062
MCQeasy

A DevOps engineer needs to automatically restart a specific service on an EC2 instance whenever the service crashes. The instance is running Amazon Linux 2. Which approach is the MOST operationally efficient?

A.Set up a CloudWatch alarm that triggers an SSM Run Command to restart the service
B.Write a cron job that checks the service status every minute and restarts it if needed
C.Configure the service as a systemd unit with Restart=on-failure
D.Use an AWS Lambda function that polls the service status and calls the EC2 reboot API
AnswerC

systemd is the native init system and handles restarts efficiently.

Why this answer

Option C is correct because systemd, the default init system on Amazon Linux 2, provides a built-in `Restart=` directive that can be set to `on-failure`. This instructs systemd to automatically restart the service unit when it exits with a non-zero exit code or is terminated by a signal, without requiring any external monitoring or additional infrastructure. This is the most operationally efficient approach as it leverages the native service manager functionality with zero external dependencies.

Exam trap

The trap here is that candidates often over-engineer the solution by choosing external AWS services (CloudWatch, Lambda) or traditional cron-based polling, overlooking the fact that the operating system's native service manager (systemd) already provides a simple, built-in mechanism for automatic service restart.

How to eliminate wrong answers

Option A is wrong because it introduces unnecessary complexity and latency: a CloudWatch alarm requires metric data, evaluation periods, and an SSM Run Command invocation, which is not immediate and adds operational overhead compared to a local restart mechanism. Option B is wrong because a cron job running every minute creates a polling loop that wastes CPU cycles and introduces a delay of up to 60 seconds before detecting a crash, whereas systemd reacts instantly to process termination. Option D is wrong because using a Lambda function to poll service status and call the EC2 reboot API is extremely inefficient, introduces cold start latency, requires IAM roles and network configuration, and rebooting the entire instance is a heavy-handed action when only a single service needs restarting.

1063
MCQmedium

A company runs SAP S/4HANA on AWS. The environment includes an SAP HANA database on an EC2 instance with multiple EBS volumes for data, log, and backup. The backup strategy uses AWS Backup to create daily snapshots of all EBS volumes. During a disaster recovery test, the team discovers that the snapshots are not crash-consistent and the database cannot be restored to a consistent state. The backup window is set to 2 AM daily. What should the team do to ensure crash-consistent backups?

A.Configure AWS Backup to create multi-volume crash-consistent snapshots for the instance.
B.Use SAP HANA backup to S3 instead of EBS snapshots for database backups.
C.Take individual EBS snapshots of each volume sequentially within the backup window.
D.Stop the EC2 instance before the backup window and start it after the snapshots complete.
AnswerA

Multi-volume snapshots ensure all volumes are snapshotted at the same point in time, providing crash consistency.

Why this answer

Option B is correct. To achieve crash consistency across multiple EBS volumes attached to a single instance, the volumes should be snapshotted together using the same snapshot request. AWS Backup can be configured to create multi-volume snapshots.

Option A is wrong because stopping the instance causes downtime. Option C is wrong because individual snapshots are not crash-consistent across volumes. Option D is wrong because HANA backup to S3 does not address the EBS snapshot consistency issue.

1064
Multi-Selectmedium

A company is planning to run SAP HANA on AWS. Which TWO of the following are required to ensure the system is supported by SAP? (Choose TWO.)

Select 2 answers
A.Place all instances in a cluster placement group
B.Use only EBS io2 Block Express volumes for all HANA data
C.Use an operating system that is on the SAP HANA supported OS list
D.Enable termination protection on all instances
E.Use an SAP-certified EC2 instance type
AnswersC, E

SAP requires specific OS versions.

Why this answer

Option C is correct because SAP requires the operating system to be listed on the SAP HANA supported OS list. Running an unsupported OS violates SAP's support policy and can lead to denial of support for the entire HANA system.

Exam trap

The trap here is that candidates often confuse operational best practices (like placement groups or termination protection) with mandatory SAP support requirements, leading them to select options that are not explicitly required by SAP.

1065
Multi-Selectmedium

A company is designing a disaster recovery strategy for a critical application that runs on EC2 instances with data stored on EBS volumes. The application requires RPO of 15 minutes and RTO of 1 hour. Which TWO approaches meet these requirements?

Select 2 answers
A.Use EBS Snapshots taken every 15 minutes and copy them to the DR region
B.Use AWS Backup with a backup plan that takes cross-region backups every 15 minutes
C.Use Amazon Machine Images (AMIs) backed by EBS snapshots, taken hourly
D.Use EBS Multi-Attach volumes to allow the DR instance to access the same volumes
E.Use EBS Reboot (not Stop/Start) to move the instance to the DR region with replicated volumes
AnswersA, E

EBS Snapshots can achieve 15-minute RPO.

Why this answer

Option A is correct because EBS Snapshots can be taken as frequently as every 15 minutes, and copying them to a DR region ensures that the most recent snapshot is available for recovery. When a disaster occurs, you can create a new EBS volume from the latest snapshot in the DR region, attach it to an EC2 instance, and achieve an RPO of 15 minutes and an RTO of under 1 hour (assuming the instance is pre-provisioned or launched quickly). This approach directly satisfies the stated recovery objectives without relying on instance-level operations.

Exam trap

Cisco often tests the misconception that AWS Backup can support sub-hourly backup intervals, but the minimum is 1 hour, so candidates may incorrectly select Option B thinking it meets the 15-minute RPO.

1066
MCQmedium

A company is migrating its SAP landscape to AWS and has a requirement to use existing software licenses to reduce costs. Which AWS pricing model should be used?

A.Dedicated Hosts
B.Compute Savings Plans
C.Reserved Instances (RI)
D.Dedicated Instances
AnswerA

Dedicated Hosts allow per-socket/core licensing.

Why this answer

Dedicated Hosts allow you to use your own licenses per core/socket. Option A is wrong because Reserved Instances are for capacity reservation, not license flexibility. Option C is wrong because Dedicated Instances are for isolation, not license management.

Option D is wrong because Savings Plans are for compute usage, not license.

1067
Multi-Selectmedium

A company uses AWS CloudTrail to log API calls. The security team wants to detect unauthorized attempts to modify security group rules and send real-time alerts. Which TWO AWS services should be used together to achieve this?

Select 2 answers
A.Amazon Simple Notification Service (SNS)
B.Amazon CloudWatch Events (or EventBridge)
C.AWS Lambda
D.AWS Config
E.Amazon GuardDuty
AnswersA, B

Can send alerts via email, SMS, etc.

Why this answer

Amazon CloudWatch Events (or EventBridge) can capture CloudTrail API calls related to security group modifications (e.g., AuthorizeSecurityGroupIngress, RevokeSecurityGroupEgress) and route them to an SNS topic. SNS then sends real-time alerts (e.g., email, SMS) to the security team. This combination provides event-driven, near-instantaneous notification without polling or custom code.

Exam trap

The trap here is that candidates often over-engineer by adding Lambda or GuardDuty, not realizing that CloudWatch Events (EventBridge) can directly trigger SNS for real-time alerting without additional compute or security services.

1068
MCQhard

An SAP HANA database on EC2 is experiencing high I/O latency. The database uses a single EBS volume for /hana/log. The volume is a gp2 volume with 1000 GB size. The administrator notices that the volume's burst balance is depleted. Which action should be taken to improve latency?

A.Change the volume type to Throughput Optimized HDD (st1)
B.Add additional gp2 volumes and stripe them in a RAID 0
C.Increase the volume size to 2000 GB to double the baseline IOPS
D.Change the volume type to Provisioned IOPS SSD (io1) with sufficient IOPS
AnswerD

io1 provides consistent IOPS without burst credits.

Why this answer

Option D is correct because switching to io1 provides consistent IOPS without burst balance. Option A (increasing size) would increase baseline IOPS but not eliminate burst dependency. Option B (adding more volumes) may help but is more complex.

Option C (using st1) is for throughput, not low latency.

1069
MCQmedium

A company is migrating its on-premises SAP landscape to AWS. The SAP system uses Oracle Database. The migration must minimize downtime. Which AWS service should be used for the database migration?

A.AWS Snowball Edge
B.AWS Database Migration Service (DMS)
C.AWS CloudEndure Migration
D.Amazon S3 Transfer Acceleration
AnswerB

AWS DMS supports ongoing replication to minimize downtime during migration.

Why this answer

Option D is correct because AWS DMS supports minimal downtime migrations for Oracle to Amazon RDS or EC2. Option A is incorrect because Snowball is for large data transfers, not continuous replication. Option B is incorrect because S3 is for object storage, not database migration.

Option C is incorrect because CloudEndure is for server migration, not database-specific replication.

1070
Multi-Selecteasy

Which TWO of the following are valid storage options for SAP HANA data files on AWS?

Select 2 answers
A.Amazon EBS gp3 volumes with sufficient IOPS
B.Amazon S3
C.Amazon EBS io2 Block Express volumes
D.Instance Store volumes
E.Amazon EFS
AnswersA, C

gp3 can be provisioned with adequate IOPS.

Why this answer

Amazon EBS gp3 volumes are a valid storage option for SAP HANA data files because they provide consistent baseline performance of 3,000 IOPS and 125 MB/s throughput, with the ability to provision additional IOPS independently of storage capacity. SAP HANA requires high IOPS and low latency for its data persistence layer, and gp3 volumes meet these requirements when configured with sufficient IOPS, making them a cost-effective choice for many HANA workloads on AWS.

Exam trap

The trap here is that candidates often confuse Amazon S3 or EFS as viable storage for SAP HANA data files because they are durable and scalable, but they fail to recognize that HANA requires block-level storage with low latency and high IOPS that only EBS volumes can provide.

1071
MCQeasy

A company needs to ensure that only authorized users can access the SAP S/4HANA system running on AWS. Which AWS service can be used to manage user identities and permissions?

A.AWS Directory Service
B.AWS Organizations
C.AWS Identity and Access Management (IAM)
D.Amazon Cognito
AnswerC

IAM manages user identities and permissions.

Why this answer

Option B is correct because AWS IAM manages user identities and permissions for AWS resources. Option A is wrong because Amazon Cognito is for customer-facing apps. Option C is wrong because AWS Directory Service can integrate with IAM but IAM is the core service.

Option D is wrong because AWS Organizations manages multiple accounts.

1072
MCQmedium

A company is planning to migrate its SAP ECC system to SAP S/4HANA on AWS. The current system uses an IBM Db2 database on-premises. The target system will use SAP HANA as the database. The company wants to perform the migration with minimal downtime. Which tool or method should be used?

A.Use IBM Db2 native tools to export the database and import into HANA.
B.Use AWS Database Migration Service (DMS) to replicate data from Db2 to HANA.
C.Use SAP Software Update Manager (SUM) with the Database Migration Option (DMO).
D.Use SAP Landscape Transformation (SLT) to replicate data in real-time.
AnswerC

SUM with DMO supports migration from Db2 to HANA with minimal downtime.

Why this answer

SAP provides the Software Update Manager (SUM) with Database Migration Option (DMO) that supports migration from Db2 to HANA. Option A (IBM tools) are not applicable. Option B (AWS DMS) does not support Db2 to HANA well.

Option C (SAP LT) is for ongoing replication, not one-time migration. Option D is correct.

1073
MCQhard

A company is migrating a critical application to AWS and needs to ensure compliance with PCI DSS. The application handles credit card numbers. Which AWS service should be used to encrypt the data at rest?

A.Amazon S3 server-side encryption
B.AWS Key Management Service (KMS)
C.AWS CloudHSM
D.AWS Secrets Manager
AnswerC

CloudHSM provides dedicated hardware security modules meeting PCI DSS requirements.

Why this answer

Option A is correct because AWS CloudHSM provides dedicated HSM for PCI DSS. Option B is incorrect because KMS is not FIPS 140-2 Level 3. Option C is incorrect because S3 SSE is not for database encryption.

Option D is incorrect because Secrets Manager manages secrets, not encryption keys.

1074
MCQhard

A company is migrating an SAP ERP system to AWS using the SAP Landscape Virtualization Management (LVM) tool. During the migration, the team encounters a timeout error when replicating the database. The source database is an SAP HANA multi-tenant database container (MDC) system. What is the most likely cause of the timeout?

A.The SAP Landscape Virtualization Management (LVM) agent is incompatible with the SAP HANA version
B.The SAP HANA multi-tenant database container (MDC) configuration is not supported by LVM
C.The SSH session between LVM and the target server timed out due to a missing ServerAliveInterval setting
D.The SAP Router is not configured to forward traffic between the source and target
AnswerC

LVM uses SSH; without keep-alive settings, idle SSH sessions can timeout during long-running operations.

Why this answer

Option C is correct because LVM uses SSH for communication; if the SSH session times out due to inactivity, the replication fails. Option A is incorrect because LVM does not require SCT. Option B is incorrect because HANA MDC is supported by LVM.

Option D is incorrect because the migration does not require an SAP router.

1075
MCQmedium

An administrator needs to apply a critical OS security patch to multiple SAP application servers in an Auto Scaling group without disrupting ongoing operations. Which strategy should be used?

A.Stop all instances, apply the patch using AWS Systems Manager, then restart all instances.
B.Use AWS CloudFormation with a rolling update policy to gradually replace instances in the Auto Scaling group.
C.Use AWS Systems Manager Patch Manager to patch instances at the next maintenance window.
D.Create a new Amazon Machine Image (AMI) with the patch, update the Auto Scaling group's launch configuration, and terminate all instances.
AnswerB

Rolling update minimizes downtime by replacing instances one by one.

Why this answer

Option D (Use a rolling update via AWS CloudFormation with UpdatePolicy) is correct because it allows gradual replacement of instances. Option A (Stop all instances, apply patch, restart) causes downtime. Option B (Use AWS Systems Manager Patch Manager) is good but may not handle Auto Scaling gracefully.

Option C (Create new AMI, update Auto Scaling group) is a blue/green approach but may be slower.

1076
Multi-Selecthard

Which THREE security best practices should be implemented for SAP systems on AWS? (Choose three.)

Select 3 answers
A.Disable SSH key pair access and use only password authentication.
B.Use security groups to restrict inbound and outbound traffic to SAP systems.
C.Deploy all SAP systems in a single VPC for simplified management.
D.Use IAM roles for EC2 instances to access AWS services.
E.Enable encryption at rest for all EBS volumes used by SAP.
AnswersB, D, E

Security groups provide stateful filtering.

Why this answer

Security groups act as a virtual firewall for EC2 instances, controlling inbound and outbound traffic at the instance level. For SAP systems, this is critical to restrict access to only necessary ports (e.g., 3200 for SAP Application Server, 36xx for SAProuter, 443 for HTTPS) and trusted IP ranges, reducing the attack surface. Unlike network ACLs, security groups are stateful, meaning return traffic is automatically allowed, simplifying rule management for SAP communication flows.

Exam trap

The trap here is that candidates may confuse security groups with network ACLs or assume that a single VPC simplifies management, but AWS best practices emphasize isolation and least privilege for SAP workloads, not consolidation.

1077
MCQmedium

A company is running a production SAP HANA database on an AWS EC2 instance with a single EBS gp3 volume. The database frequently experiences high write latency during peak hours. Which design change would MOST effectively reduce write latency?

A.Replace the single gp3 volume with multiple io2 Block Express volumes configured in a RAID 0 stripe.
B.Increase the size of the existing gp3 volume to maximize its baseline throughput.
C.Migrate the database to a larger EC2 instance type with higher network bandwidth.
D.Move the SAP HANA database to Amazon RDS for SAP HANA.
AnswerA

io2 Block Express volumes provide very high IOPS and low latency; RAID 0 stripes I/O across volumes to maximize performance.

Why this answer

Option C is correct because using multiple EBS io2 Block Express volumes with a RAID 0 stripe distributes the I/O and provides higher throughput and lower latency than a single gp3 volume. Option A (Increase gp3 volume size) might improve throughput but not latency as much as io2. Option B (Switch to a larger EC2 instance) does not directly address disk latency.

Option D (Move to Amazon RDS) is not applicable for SAP HANA.

1078
Multi-Selecthard

Which THREE of the following are valid considerations when designing an SAP HANA backup strategy on AWS?

Select 3 answers
A.Use EBS snapshots for backing up HANA data volumes.
B.Store backups in Amazon S3 for long-term retention.
C.Use the AWS Backint agent for SAP HANA to back up to S3.
D.Back up HANA data directly to Amazon S3 using standard tools.
E.Replicate backups to another AWS Region using S3 Cross-Region Replication.
AnswersA, B, C

EBS snapshots are a valid backup method.

Why this answer

Option A is correct because EBS snapshots provide a consistent, point-in-time backup of HANA data volumes when the database is in backup mode (e.g., using hdbsql to create a snapshot). This method is supported by SAP and AWS, and it allows for fast recovery by restoring the entire volume without needing to replay transaction logs from a separate backup.

Exam trap

The trap here is that candidates may assume any S3-based backup method (like direct copy) is valid, but AWS and SAP require certified tools (Backint or snapshot integration) to guarantee HANA consistency and supportability.

1079
Multi-Selectmedium

Which TWO of the following are required when integrating SAP HANA with AWS Direct Connect for hybrid connectivity?

Select 2 answers
A.A Public Virtual Interface to access the VPC.
B.A Virtual Private Gateway attached to the VPC.
C.A Direct Connect Gateway for the connection.
D.BGP peering between on-premises router and AWS router.
E.A VPN tunnel between on-premises and AWS.
AnswersB, D

VGW is required for Direct Connect private VIF.

Why this answer

A Virtual Private Gateway (VGW) is required to attach the VPC to the Direct Connect connection, enabling private IP traffic between on-premises and the VPC. Without a VGW, the Direct Connect virtual interface cannot terminate within the VPC, making hybrid connectivity impossible for SAP HANA workloads that require low-latency, private network paths.

Exam trap

The trap here is that candidates confuse a Public Virtual Interface with a Private Virtual Interface, assuming any Direct Connect interface can reach the VPC, but only a Private Virtual Interface combined with a VGW provides private VPC access.

1080
Multi-Selectmedium

Which TWO AWS services can be used to automate the patching of SAP EC2 instances? (Choose 2)

Select 2 answers
A.AWS Systems Manager Patch Manager
B.AWS Backup
C.Amazon Inspector
D.AWS Config
E.EC2 Image Builder
AnswersA, E

Automates OS patching for EC2 instances.

Why this answer

Options A and C are correct. AWS Systems Manager Patch Manager automates patching, and EC2 Image Builder creates and updates AMIs with patches. Option B (AWS Config) is for configuration compliance, not patching.

Option D (Amazon Inspector) is for vulnerability scanning. Option E (AWS Backup) is for backups.

1081
MCQeasy

Refer to the exhibit. An operations team sees this log entry in CloudWatch Logs for an SAP system. What is the MOST likely cause?

A.The HANA database has crashed.
B.The SAP system user password has expired.
C.The network connection between the ABAP application server and HANA is down.
D.The ABAP program Z_MONITOR has a bug.
AnswerC

RFC communication failure typically indicates a network issue.

Why this answer

Option B is correct. The error indicates an RFC communication failure, which is typically due to a network issue. Option A is wrong because there is no indication of HANA crash.

Option C is wrong because the error is about communication, not authentication. Option D is wrong because the error is not about the ABAP program itself.

1082
MCQeasy

A company runs SAP ERP on AWS using an Oracle database. To meet disaster recovery requirements, they need to replicate the database to a second AWS Region with low RPO. Which AWS service should be used for continuous, asynchronous replication of the Oracle database?

A.Copy the EC2 instance with the Oracle database as an AMI to the DR Region.
B.AWS Database Migration Service (DMS) with ongoing replication from the source Oracle database to a target Oracle database in the DR Region.
C.Amazon S3 Cross-Region Replication (CRR) to replicate database backups.
D.Amazon RDS for Oracle Read Replicas in the DR Region.
AnswerB

DMS supports continuous replication with low RPO.

Why this answer

Option A is correct because AWS DMS with ongoing replication can continuously replicate Oracle data to another Region with low latency. Option B is wrong because S3 Cross-Region Replication is for objects, not databases. Option C is wrong because RDS for Oracle Read Replicas only work within the same Region.

Option D is wrong because EC2 AMI copy is not continuous.

1083
Multi-Selecthard

A company runs a web application on Amazon ECS with Fargate launch type. The application's memory utilization spikes periodically, causing tasks to be killed. The operations team wants to automatically scale the service based on memory usage. Which THREE steps are necessary to implement this?

Select 3 answers
A.Attach an EC2 Auto Scaling group to the ECS service to handle capacity.
B.Create an Application Auto Scaling target tracking scaling policy based on memory utilization.
C.Configure step scaling policies to add multiple tasks at once.
D.Create a CloudWatch alarm that triggers the scaling policy when memory exceeds a threshold.
E.Enable the ECS service to publish custom CloudWatch metrics for memory utilization.
AnswersB, D, E

Target tracking automatically adjusts desired count.

Why this answer

Option B is correct because Application Auto Scaling with a target tracking scaling policy allows the ECS service to automatically adjust its desired count based on a CloudWatch metric, such as memory utilization. This ensures the service scales out when memory usage spikes and scales in when it drops, preventing tasks from being killed due to OOM (out-of-memory) errors.

Exam trap

The trap here is that candidates often confuse the need for EC2 Auto Scaling groups with Fargate, or assume step scaling is required for memory-based scaling, when in fact target tracking is the recommended and simpler approach for metric-based auto scaling.

1084
Multi-Selecteasy

Which TWO AWS services can be used to automate the deployment of SAP infrastructure during migration? (Choose 2.)

Select 2 answers
A.AWS OpsWorks
B.AWS Service Catalog
C.AWS CloudFormation
D.AWS Elastic Beanstalk
E.AWS CodePipeline
AnswersC, D

CloudFormation enables infrastructure as code for SAP.

Why this answer

Option A is correct because AWS CloudFormation can provision infrastructure as code. Option C is correct because AWS Elastic Beanstalk can deploy applications, but for SAP, CloudFormation is more common. Option B is wrong because AWS CodePipeline is for CI/CD, not infrastructure deployment.

Option D is wrong because AWS OpsWorks is for Chef/Puppet, but not typical for SAP. Option E is wrong because AWS Service Catalog is for governance, not automation. So correct: A and C.

1085
Multi-Selecteasy

A company is planning to run SAP NetWeaver on AWS and needs to ensure that the architecture supports high availability for the application layer. Which TWO components are essential for an HA SAP NetWeaver application server setup? (Choose TWO.)

Select 2 answers
A.Amazon ElastiCache for session management
B.Multiple EC2 instances in different Availability Zones
C.A single large EC2 instance for all application servers
D.An Application Load Balancer to distribute traffic
E.Amazon RDS for database layer
AnswersB, D

Multiple instances across AZs provide failover capability.

Why this answer

For high availability of the SAP NetWeaver application layer, you need multiple EC2 instances distributed across different Availability Zones (AZs) to eliminate a single point of failure. An Application Load Balancer (ALB) is essential to distribute incoming traffic across these instances and perform health checks, ensuring that if one instance or AZ fails, traffic is routed to healthy instances. This combination provides fault tolerance and automatic failover for the SAP application servers.

Exam trap

The trap here is that candidates often confuse the database layer (RDS) or caching services (ElastiCache) as part of the application layer HA, when in fact the core requirement is multiple EC2 instances across AZs and a load balancer to distribute traffic.

1086
MCQmedium

An SAP HANA administrator runs the AWS CLI command shown in the exhibit. The volume is attached to an SAP HANA server. The HANA database is experiencing low write throughput. Which action would most likely improve performance?

A.Detach the volume and reattach it to a different instance.
B.Increase the volume size to 1 TB to double the baseline IOPS.
C.Change the volume type to io2 and provision 6000 IOPS.
D.Enable EBS optimization on the attached instance.
AnswerC

io2 provides consistent high IOPS.

Why this answer

Option B is correct: gp2 volumes have baseline IOPS of 3 per GB, so a 500 GB volume has 1500 IOPS. Changing to io2 allows provisioning higher IOPS. Option A is wrong because increasing size increases baseline IOPS but not as effectively as io2.

Option C is wrong because the volume is already in use. Option D is wrong because optimizing the instance is not the issue.

1087
MCQmedium

An SAP customer is using AWS KMS to encrypt EBS volumes for an SAP HANA database. The database administrator reports that the database is slow after enabling encryption. What is the MOST likely cause?

A.The KMS key is not rotated frequently enough.
B.The KMS API request rate limit is being exceeded, causing throttling.
C.The EBS volume is not using the correct instance type for encrypted volumes.
D.The KMS key is using a symmetric algorithm that degrades CPU performance.
AnswerB

High request rate can cause throttling and delays.

Why this answer

When EBS volumes are encrypted, every I/O operation to the volume must call AWS KMS to decrypt the data key. If the database workload generates a high rate of these requests, it can exceed the KMS API request rate limit (default 5,500 requests per second per Region for symmetric keys), causing throttling and increased latency. This is the most likely cause of the observed slowdown after enabling encryption.

Exam trap

The trap here is that candidates often attribute performance degradation to CPU overhead from encryption algorithms, but AWS KMS throttling is the real bottleneck because EBS encryption relies on API calls for key decryption, not on-instance cryptographic processing.

How to eliminate wrong answers

Option A is wrong because KMS key rotation does not affect the performance of ongoing encryption/decryption operations; it only changes the backing key used for new data, and the old key remains available for decryption. Option C is wrong because there is no 'correct instance type for encrypted volumes' — all EBS volume types and instance types support encryption without inherent performance degradation from the instance itself. Option D is wrong because symmetric encryption algorithms (like AES-256 used by KMS) are hardware-accelerated on modern AWS instances (e.g., using Intel AES-NI) and do not degrade CPU performance; the slowdown is due to API call throttling, not CPU overhead.

1088
MCQeasy

An SAP system administrator needs to ensure that an EC2 instance running SAP can access an S3 bucket containing installation media. The instance is in a private subnet without internet access. What is the recommended way to provide access to S3?

A.Set up a VPN connection to S3.
B.Create a VPC Gateway Endpoint for S3.
C.Set up a NAT Gateway in the public subnet.
D.Use AWS Direct Connect to connect to S3.
AnswerB

Gateway Endpoints provide private access to S3.

Why this answer

A VPC Gateway Endpoint for S3 allows instances in a private subnet to access S3 without internet access. NAT Gateway is for internet access, Direct Connect is for on-premises connectivity, and VPN is for site-to-site.

1089
MCQhard

A company runs SAP on AWS and uses an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances running SAP Web Dispatcher. The operations team notices that some instances are failing health checks intermittently. The ALB health check is configured with a 5-second interval, 2 healthy threshold, and 5 unhealthy threshold. The instances are all in the same Auto Scaling group. What is the most likely cause of the intermittent health check failures?

A.The Auto Scaling group health check grace period is too short
B.The ALB health check interval is too long
C.The health check path returns a 200 status only when the application is fully loaded
D.The health check path returns a non-200 status periodically due to a short-lived issue
AnswerD

Intermittent short-lived issues cause temporary failures; the ALB marks the instance unhealthy after multiple consecutive failures.

Why this answer

If the health check path returns a non-200 status due to a brief glitch (e.g., temporary resource exhaustion), the ALB will consider the instance unhealthy after 5 consecutive failures (25 seconds). The instances are not being replaced quickly because the Auto Scaling group health check type is likely not set to ELB, or the cooldown period delays replacement.

1090
MCQhard

A company runs SAP ERP on AWS using a single Availability Zone. The system includes an SAP HANA database on an EC2 instance with 2 TB of memory. The operations team plans to perform a major version upgrade of the SAP HANA database, which requires approximately 4 hours of downtime. The company's SLA allows a maximum of 2 hours of downtime. The team decides to use a blue/green deployment strategy by creating a new HANA instance in a different Availability Zone and replicating data using HANA System Replication (HSR). After setting up replication, they perform a failover to the new instance. However, the failover takes 3 hours due to the large amount of data that needs to be synchronized. What should the team do to meet the 2-hour downtime requirement?

A.Scale up the source HANA instance to a larger instance type to speed up replication.
B.Increase the network bandwidth between the two Availability Zones to 10 Gbps.
C.Use HANA System Replication with initial snapshot by taking a backup of the source, restoring on the target, and then setting up replication.
D.Use Amazon RDS for SAP HANA instead of self-managed EC2.
AnswerC

Initial snapshot reduces sync time by using a backup restore instead of full data transfer over the network.

Why this answer

Option C is correct. Using initial snapshot with HSR reduces the initial sync time significantly because it avoids copying all data over the network. Instead, the snapshot is restored on the target and then replication catches up.

Option A is wrong because increasing bandwidth may help but not enough for 2 TB of memory; the initial sync will still take hours. Option B is wrong because multi-AZ for RDS is for RDS databases, not for self-managed HANA on EC2. Option D is wrong because scaling up the source does not help; the issue is data transfer time.

1091
MCQmedium

A company uses AWS Systems Manager to automate patching of SAP EC2 instances. The patching fails for some instances with the error 'SSM Agent not running'. What should the administrator do to resolve this?

A.Reboot the instances.
B.Install the Amazon CloudWatch Agent on the instances.
C.Configure a VPC endpoint for Systems Manager.
D.Verify that the SSM Agent is installed and running on the instances.
AnswerD

SSM Agent must be running for patching.

Why this answer

Option B is correct because SSM Agent must be running. Option A is wrong because CloudWatch Agent is unrelated. Option C is wrong because VPC endpoint is not needed if instances have internet access.

Option D is wrong because restarting the instance may not fix the agent if it's not installed.

1092
Drag & Dropmedium

Drag and drop the steps to configure an SAP Fiori front-end server on AWS behind an Application Load Balancer (ALB) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Fiori ALB setup requires EC2 instances, target group, ALB listener, certificate, and DNS update.

1093
MCQhard

A company runs SAP Business Suite on AWS with an Oracle database. The database is stored on Amazon EBS volumes. The architect wants to implement a backup strategy that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 2 hours. Which solution is the most cost-effective?

A.Maintain a standby Oracle database in another Availability Zone using Oracle Data Guard
B.Use Oracle Recovery Manager (RMAN) to back up to Amazon S3 every 15 minutes
C.Take EBS snapshots of the database volumes every 15 minutes and store them in Amazon S3
D.Use AWS Database Migration Service (DMS) with ongoing replication to a separate EC2 instance
AnswerC

EBS snapshots are incremental and cost-effective; automation can achieve 15-minute RPO.

Why this answer

Option C is the most cost-effective because EBS snapshots are incremental, storing only changed blocks, and can be automated via Amazon Data Lifecycle Manager to meet a 15-minute RPO. Restoring from an EBS snapshot to a new volume typically completes within minutes, easily satisfying the 2-hour RTO, and there are no ongoing compute costs for a standby instance or replication server.

Exam trap

The trap here is that candidates often assume a standby database (Data Guard) or continuous replication (DMS) is required for low RPO/RTO, overlooking that EBS snapshots taken every 15 minutes can achieve the same RPO at a fraction of the cost without ongoing compute overhead.

How to eliminate wrong answers

Option A is wrong because maintaining a standby Oracle database with Oracle Data Guard requires a second EC2 instance and additional EBS storage, incurring continuous compute and storage costs that are not cost-effective compared to snapshot-based backups. Option B is wrong because using RMAN to back up to Amazon S3 every 15 minutes would require frequent full or incremental backups that consume significant CPU and I/O on the database server, and RMAN backups to S3 typically involve higher latency and cost per backup than native EBS snapshots. Option D is wrong because AWS DMS with ongoing replication requires a separate replication instance and target EC2 instance, incurring ongoing costs and complexity, and is designed for migration rather than as a primary backup strategy for an Oracle database on EBS.

1094
MCQeasy

A company needs to back up its SAP HANA database running on Amazon RDS. The database is 500 GB. What is the recommended approach for backups?

A.Enable automated backups and configure the backup retention period
B.Create manual EBS snapshots of the RDS instance
C.Export the database using mysqldump and store the dump in S3
D.Use SAP HANA Studio to back up to an S3 bucket directly
AnswerA

RDS automated backups provide point-in-time recovery.

Why this answer

Option B is correct because RDS automatically performs automated backups and enables point-in-time recovery. Option A (EBS snapshots) is not recommended for RDS. Option C (SAP HANA Studio backup) is not integrated with AWS.

Option D (manual S3 copy) is inefficient.

1095
Multi-Selectmedium

A company is designing a disaster recovery solution for SAP HANA on AWS. The primary site is in us-east-1, and the DR site is in us-west-2. Which TWO strategies can be used to replicate HANA data to the DR region? (Choose TWO.)

Select 2 answers
A.Use AWS Database Migration Service (DMS) for ongoing replication
B.Use SAP HANA System Replication (HSR) with ASYNC mode
C.Copy EBS snapshots to the DR region using AWS CLI
D.Configure S3 Cross-Region Replication for HANA data files
E.Use AWS CloudEndure Disaster Recovery
AnswersA, B

DMS can perform continuous replication to a target database in DR.

Why this answer

Options A and C are correct. SAP HANA System Replication can be configured across regions for continuous replication. AWS DMS can also replicate data to a target database in another region.

Option B is wrong because EBS snapshots are not real-time and require manual copying. Option D is wrong because S3 Cross-Region Replication is for objects, not block storage. Option E is wrong because CloudEndure is for server migration, not HANA replication.

1096
MCQhard

An SAP system administrator needs to monitor the memory usage of SAP HANA on AWS. Which CloudWatch metric or log should be used to track HANA memory consumption?

A.CloudWatch Logs from HANA trace files
B.SAP HANA CloudWatch integration via SQL queries
C.EC2 instance-level memory metrics
D.AWS CloudWatch Agent for OS metrics
AnswerB

HANA exposes memory metrics via SQL, which can be sent to CloudWatch.

Why this answer

Option B is correct because SAP HANA exposes memory consumption metrics via built-in SQL views (e.g., M_HOST_MEMORY, M_MEMORY), and the SAP HANA CloudWatch integration uses a dedicated AWS Lambda function to execute these SQL queries and push the results as custom CloudWatch metrics. This is the only option that directly captures HANA-specific memory usage, such as allocation limit, used memory, and heap memory, rather than generic OS-level metrics.

Exam trap

The trap here is that candidates often confuse OS-level memory metrics (which require the CloudWatch Agent) with HANA-specific memory metrics, not realizing that HANA’s internal memory management (e.g., column store, row store, heap) is only accessible through its SQL views, not through standard OS monitoring tools.

How to eliminate wrong answers

Option A is wrong because HANA trace files contain diagnostic logs (e.g., error traces, SQL traces) but do not expose structured, real-time memory consumption metrics suitable for CloudWatch monitoring. Option C is wrong because EC2 instance-level memory metrics are not available by default in CloudWatch; they require the CloudWatch Agent or a custom script, and even then they report OS-level memory (e.g., RAM usage) rather than HANA-specific memory allocation. Option D is wrong because the AWS CloudWatch Agent for OS metrics collects operating system metrics (e.g., memory utilization, disk I/O) from the EC2 instance, but it cannot query SAP HANA’s internal memory views or provide HANA-specific memory consumption data.

1097
Drag & Dropmedium

Drag and drop the steps to implement disaster recovery for SAP S/4HANA using AWS Elastic Disaster Recovery (DRS) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

DRS involves agent installation, configuration, testing, recovery initiation, and post-recovery steps.

1098
Multi-Selecthard

Which THREE metrics should an operations team monitor to detect performance issues in an SAP HANA database running on EC2?

Select 3 answers
A.CPU utilization
B.Disk I/O (read/write latency)
C.Network packets in/out
D.Memory usage
E.Swap usage
AnswersA, B, D

High CPU can indicate performance issues.

Why this answer

Options A, C, and D are correct. A: CPU utilization indicates compute pressure. C: Memory usage is critical for HANA as it is an in-memory database.

D: Disk I/O indicates storage performance. Option B is wrong because network packets in/out is less relevant for HANA performance. Option E is wrong because swap usage should be minimal in HANA; high swap indicates memory pressure.

1099
MCQmedium

A healthcare company is migrating its SAP Business Suite system to AWS. The system includes an SAP HANA database (1.5 TB) and an SAP NetWeaver application server. They plan to use SAP HANA System Replication (HSR) for the database and AWS Application Migration Service (MGN) for the application server. The network connection is AWS Direct Connect with 500 Mbps bandwidth. During a test migration, the HSR replication is working, but the MGN replication for the application server is extremely slow. The MGN console shows that the replication is progressing at only 10 Mbps. The source application server is a physical machine with a 300 GB disk, 60% utilized. The administrator has verified that there are no other applications consuming significant network bandwidth. Which action is most likely to improve the MGN replication speed?

A.Increase the bandwidth limit setting in the MGN agent configuration on the source server.
B.Change the target EC2 instance type to a larger size.
C.Request an increase in the Direct Connect bandwidth to 1 Gbps.
D.Change the staging area disk on the source server from HDD to SSD.
AnswerA

MGN agent has a configurable bandwidth throttle.

Why this answer

MGN uses a replication server in AWS. The source server may be throttled by the MGN agent's default bandwidth limit. Option A is correct because increasing the agent's bandwidth limit can improve speed.

Option B is wrong because changing the staging area disk type on the source does not affect replication speed. Option C is wrong because the network bandwidth is 500 Mbps, higher than 10 Mbps, so network is not the bottleneck. Option D is wrong because changing the target instance type does not affect data transfer.

1100
MCQmedium

Refer to the exhibit. An administrator is setting up a migration from on-premises VMware VMs to AWS using AWS Server Migration Service (SMS). The IAM policy shown is attached to the SMS service role. The migration fails with an error indicating insufficient permissions. Which additional permission is required for SMS to successfully replicate VMs?

A.ec2:DeleteSnapshot
B.ec2:ImportImage
C.ec2:DescribeRegions
D.ec2:CreateSnapshot
AnswerB

SMS uses ImportImage to import VMs as EC2 instances.

Why this answer

Option D is correct because SMS requires the ec2:ImportImage action to import VM images into EC2. The policy in the exhibit allows creating images but does not allow importing. Option A is wrong because SMS does not need to create snapshots directly.

Option B is wrong because SMS does not need to delete snapshots. Option C is wrong because describeRegions is not required for the replication process.

1101
MCQmedium

A company is migrating its SAP ERP system to AWS and needs to retain the same SAP system ID (SID) and hostnames. The migration must be completed with minimal downtime. Which AWS service or feature supports this requirement?

A.SAP Software Update Manager (SUM) with Database Migration Option (DMO)
B.AWS CloudEndure Migration (now AWS Application Migration Service)
C.AWS Application Migration Service (MGN) with custom scripts
D.AWS Database Migration Service (DMS)
AnswerA

SUM with DMO can migrate the entire SAP system while preserving SID and hostnames.

Why this answer

SAP SID and hostnames are part of the application configuration. AWS does not have a service that directly preserves these; however, using Amazon Route53 private hosted zones can ensure hostname resolution. The migration itself is done using SAP tools.

Option A (AWS CloudEndure Migration) now part of MGN. Option B (AWS DMS) is for databases. Option C (SAP Software Update Manager with DMO) can perform the migration while preserving SID and hostnames.

Option D (AWS MGN) can preserve hostnames if configured, but for SAP, SUM is the standard tool.

1102
Multi-Selecthard

A company is migrating a large SAP HANA database to AWS. They want to use SAP HANA Backup and Recovery with AWS storage. Which THREE options can be used as backup targets? (Choose THREE.)

Select 3 answers
A.Amazon S3
B.Amazon EFS
C.Amazon FSx for NetApp ONTAP
D.Amazon EBS volumes
E.Amazon S3 Glacier
AnswersA, C, D

S3 is a supported backup target using SAP HANA backup to S3.

Why this answer

SAP HANA backups can be stored on EBS (Option A), S3 (Option C), and FSx (Option E) as file systems. Option B (EFS) is also possible but not always recommended due to performance. Option D (Glacier) is not directly supported as a backup target by SAP HANA.

1103
MCQmedium

A company runs SAP on AWS and uses a Network Load Balancer (NLB) to distribute traffic to multiple EC2 instances. The Operations team needs to ensure that the NLB only sends traffic to instances that are healthy. Which health check configuration is appropriate for TCP traffic?

A.ICMP ping
B.TCP health check on the application port
C.HTTP health check on port 80
D.HTTPS health check on port 443
AnswerB

NLB supports TCP health checks which verify that the port is open and accepting connections.

Why this answer

Option D is correct because for TCP traffic, a TCP health check is the most efficient and appropriate. Option A is wrong because HTTP health checks are for HTTP/HTTPS traffic. Option B is wrong because HTTPS is for encrypted web traffic.

Option C is wrong because while ICMP can test reachability, NLB does not support ICMP health checks.

1104
MCQhard

A financial services company runs a multi-tier application on AWS. The application consists of an Application Load Balancer (ALB), a fleet of EC2 instances for the web tier, and an Amazon RDS for MySQL database for the backend. The operations team uses AWS CloudFormation to manage infrastructure. During a recent deployment, a change to the database security group caused an outage because the web tier lost connectivity to the database. The team wants to prevent similar incidents in the future. They need a solution that allows them to review and approve changes to critical resources before deployment, while still enabling rapid deployment for non-critical changes. The team uses AWS CodePipeline for CI/CD. Which approach should the team implement?

A.Use AWS Config rules to automatically remediate non-compliant changes before they are applied.
B.Use CloudFormation Change Sets in the pipeline and add a manual approval step for any change that modifies the database security group.
C.Use AWS Service Catalog to create a portfolio of approved stacks and require all deployments to use the portfolio.
D.Use AWS CloudTrail to monitor changes to the security group and trigger a rollback if unauthorized changes are detected.
AnswerB

Change Sets show the impact, and manual approval gates allow review before deployment.

Why this answer

Option B is correct because CloudFormation Change Sets allow you to preview how proposed changes will affect your resources before execution. By integrating a manual approval step in the CodePipeline that triggers specifically when the change set modifies the database security group, the team can review and approve critical changes while allowing non-critical changes to proceed automatically. This directly addresses the requirement to prevent outages from unapproved security group modifications.

Exam trap

The trap here is that candidates often confuse reactive auditing tools (Config, CloudTrail) with proactive approval mechanisms, or they overestimate Service Catalog's ability to handle per-resource approval workflows within a single stack.

How to eliminate wrong answers

Option A is wrong because AWS Config rules are reactive — they evaluate resources after they have been deployed and can trigger auto-remediation, but they cannot prevent a change from being applied in the first place, so the outage would already occur. Option C is wrong because AWS Service Catalog enforces approved templates at deployment time but does not provide a per-change review and approval workflow for specific resource modifications within a stack; it would block all non-approved stacks, not allow rapid deployment for non-critical changes. Option D is wrong because AWS CloudTrail logs API calls after they happen, so it cannot prevent the outage; triggering a rollback after detection still means the outage has already occurred, which does not meet the requirement to prevent similar incidents.

1105
MCQmedium

A company runs SAP HANA on AWS and wants to implement a backup strategy using AWS Backint agent for SAP HANA. Which storage service is best suited for storing the backup files when using Backint?

A.Amazon S3 Glacier
B.Amazon EFS
C.Amazon S3
D.Amazon EBS
AnswerC

Backint is designed to use S3 as the backup target.

Why this answer

Option A is correct because AWS Backint for SAP HANA is designed to stream backups directly to Amazon S3. Option B is wrong because EBS volumes are for block storage, not the target for Backint. Option C is wrong because S3 Glacier is for archival, not for frequent backups.

Option D is wrong because EFS is file storage, not the intended target.

1106
Multi-Selectmedium

Which TWO statements are true regarding Amazon EBS volume types for SAP HANA data volumes?

Select 2 answers
A.io1 volumes are the recommended choice for SAP HANA
B.io2 Block Express volumes provide up to 256,000 IOPS
C.gp3 volumes can be provisioned with up to 16,000 IOPS
D.st1 volumes are suitable for SAP HANA log volumes
E.sc1 volumes are cost-effective for SAP HANA data volumes
AnswersB, C

io2 Block Express offers high IOPS and durability for critical workloads.

Why this answer

Option A is correct because gp3 volumes provide baseline IOPS of 3000 and can be provisioned up to 16,000 IOPS. Option C is correct because io2 Block Express volumes offer up to 256,000 IOPS and 99.999% durability. Option B is wrong because io1 volumes are legacy and io2 Block Express is recommended.

Option D is wrong because st1 volumes are throughput-optimized HDD, not suitable for SAP HANA. Option E is wrong because sc1 volumes are cold HDD, not for database workloads.

1107
MCQmedium

A company runs a production SAP HANA database on AWS using an EC2 instance with EBS volumes. The database is experiencing high latency during peak hours. The operations team needs to identify the root cause. Which steps should the team take to diagnose the issue?

A.Migrate the EBS volumes to Provisioned IOPS SSD (io1) immediately.
B.Monitor the EBS volume queue length and latency using Amazon CloudWatch metrics.
C.Move the SAP HANA database to Amazon RDS for SAP.
D.Increase the instance size to improve performance.
AnswerB

CloudWatch metrics for EBS can identify performance bottlenecks.

Why this answer

Option C is correct because CloudWatch metrics for EBS volume queue depth and latency can pinpoint the bottleneck. Option A is wrong because increasing instance size without diagnosis may not resolve the issue and could increase cost. Option B is wrong because switching to Provisioned IOPS without understanding the workload may be premature.

Option D is wrong because migrating to RDS for SAP HANA is not a standard solution and may not address the specific latency issue.

1108
MCQhard

An SAP administrator needs to ensure that a critical SAP system on AWS is highly available with automatic failover across Availability Zones. The system uses an SAP HANA database with replication. Which configuration meets these requirements with minimal operational overhead?

A.Use a DNS failover record with manual update
B.Use a Network Load Balancer with static IP addresses
C.Use an Application Load Balancer with health checks and Route 53 failover routing
D.Deploy a single EC2 instance in one Availability Zone
AnswerC

Provides automatic failover across AZs.

Why this answer

Option C is correct because using Amazon Route 53 with health checks and an Application Load Balancer provides automatic failover with minimal overhead. Option A is wrong because a single EC2 instance in one AZ does not provide high availability. Option B is wrong because manual DNS update is not automatic.

Option D is wrong because ELB alone cannot handle failover without health checks.

1109
MCQmedium

An SAP administrator created an IAM policy to allow an EC2 instance to upload backups to an S3 bucket. The policy is shown in the exhibit. However, the backup job fails with an access denied error. What is the most likely cause?

A.The KMS key policy does not grant the EC2 instance permission to use the key
B.The policy requires server-side encryption with KMS, but the backup job does not include the required encryption header
C.The resource ARN is incorrect because it does not include the bucket name correctly
D.The IAM role does not have permission to call s3:PutObject
AnswerB

The condition requires the encryption header, which may be missing.

Why this answer

The policy only allows s3:PutObject when the request includes the header x-amz-server-side-encryption with value aws:kms. If the backup job does not include that header, the request is denied. Option A is correct.

The resource is specific to backups/ prefix, so that is fine. The policy does not require KMS key permissions, so D is not the issue.

1110
MCQeasy

A company wants to automate the backup of SAP HANA database on AWS. Which AWS service is best suited for creating consistent snapshots of HANA data volumes?

A.AWS Backup
B.AWS Lambda
C.Amazon CloudWatch
D.Amazon S3
AnswerA

AWS Backup supports application-consistent backups for SAP HANA.

Why this answer

Option D is correct because AWS Backup integrates with SAP HANA via pre and post scripts to ensure consistent snapshots. Option A is wrong because CloudWatch is for monitoring. Option B is wrong because S3 is not for snapshots.

Option C is wrong because Lambda can be used but requires custom scripting, not the best native solution.

1111
MCQhard

During a migration of an SAP system to AWS, the administrator notices that the SAP application servers are experiencing high network latency when communicating with the SAP HANA database. The application and database servers are in different VPCs connected via VPC peering. Which design change would most effectively reduce the latency?

A.Set up an AWS Direct Connect connection.
B.Enable Enhanced Networking on the EC2 instances.
C.Increase the bandwidth of the VPC peering connection.
D.Place the application and database servers in the same subnet.
AnswerD

Same subnet eliminates network hops, reducing latency.

Why this answer

Placing the SAP application servers and the SAP HANA database in the same subnet eliminates the need for traffic to traverse a VPC peering connection, which introduces additional network hops and potential latency. In a single subnet, all traffic stays within the same VPC and uses the local network infrastructure, providing the lowest possible latency for SAP HANA communication, which is critical for performance.

Exam trap

The trap here is that candidates assume VPC peering is a low-latency solution and overlook that any inter-VPC traffic introduces additional network hops, while the simplest and most effective fix is to co-locate the servers in the same subnet to avoid the peering overhead entirely.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect is a hybrid connectivity service that connects an on-premises data center to AWS, not a solution for reducing latency between two VPCs within the same AWS region; it would not address the inter-VPC latency issue. Option B is wrong because Enhanced Networking uses the SR-IOV (Single Root I/O Virtualization) driver to provide higher packet-per-second performance and lower jitter, but it does not reduce the physical network distance or the number of hops introduced by VPC peering. Option C is wrong because VPC peering connections do not have a configurable bandwidth limit; bandwidth is determined by the instance type and network performance, and increasing it is not a valid operation—the latency issue stems from the additional network hops, not bandwidth constraints.

1112
MCQmedium

An SAP system running on AWS uses a large memory-optimized instance (e.g., u-6tb1.metal). The system administrator notices that SAP workloads are occasionally hitting memory swap, causing performance degradation. The SAP application is configured to use SAP HANA. What is the most effective solution to address this issue?

A.Enable HANA memory overcommit and use Kernel Same-page Merging (KSM) to reduce memory pressure
B.Configure HANA Large Pages to reduce memory fragmentation
C.Set up a CloudWatch alarm to notify when memory usage exceeds 90%
D.Increase swap space on an attached EBS volume
AnswerA

Reduces memory usage by sharing identical pages.

Why this answer

Option A is correct because enabling HANA memory overcommit with KSM allows the kernel to share memory pages, reducing overall memory usage. Option B is incorrect because enabling swap on EBS volume adds latency. Option C is incorrect because HANA Large Pages are for CPU efficiency, not memory capacity.

Option D is incorrect because CloudWatch alarm does not solve the issue.

1113
MCQmedium

A company runs SAP NetWeaver on AWS and needs to ensure that the SAP application server instances are evenly distributed across two Availability Zones. Which AWS service should be used to distribute traffic?

A.AWS Global Accelerator
B.Application Load Balancer
C.Amazon CloudFront
D.Amazon Route 53 weighted routing
AnswerB

ALB can distribute incoming traffic across multiple AZs and instances.

Why this answer

Option D is correct. An Application Load Balancer (ALB) can distribute traffic across multiple EC2 instances in different Availability Zones. Option A is wrong because Route 53 is for DNS, not for load balancing traffic.

Option B is wrong because AWS Global Accelerator provides static IPs and traffic management, but not application-level load balancing. Option C is wrong because Amazon CloudFront is a CDN.

1114
MCQhard

A company uses AWS CloudFormation to manage infrastructure. During an update, a stack fails to roll back and is left in UPDATE_ROLLBACK_FAILED state. The stack contains a DynamoDB table and a Lambda function. The operations team needs to fix the stack with minimal disruption. What should they do?

A.Manually delete the DynamoDB table and then retry the stack update.
B.Delete the stack and recreate it from the template.
C.Use the ContinueUpdateRollback API to resume the rollback.
D.Update the stack again with a different change set to bypass the failed resource.
AnswerC

This allows CloudFormation to retry rolling back the failed resource.

Why this answer

When a CloudFormation stack is in UPDATE_ROLLBACK_FAILED state, the recommended recovery action is to use the ContinueUpdateRollback API (or the AWS Management Console equivalent). This API instructs CloudFormation to skip the resources that failed to roll back and continue rolling back the remaining resources, bringing the stack to a consistent UPDATE_ROLLBACK_COMPLETE state. This approach minimizes disruption because it does not require deleting the stack or manually intervening with the DynamoDB table or Lambda function.

Exam trap

The trap here is that candidates often assume the only way to recover from a failed rollback is to delete the stack or manually fix the resource, but AWS provides the ContinueUpdateRollback API specifically to handle this state with minimal disruption.

How to eliminate wrong answers

Option A is wrong because manually deleting the DynamoDB table will cause the stack to become orphaned and may lead to data loss; CloudFormation expects to manage the resource lifecycle, and deleting it outside of CloudFormation does not resolve the rollback failure. Option B is wrong because deleting the stack and recreating it from the template would destroy all resources, including the DynamoDB table and Lambda function, causing significant disruption and potential data loss; it is an unnecessarily destructive approach. Option D is wrong because updating the stack with a different change set while in UPDATE_ROLLBACK_FAILED state is not supported; CloudFormation requires the stack to be in a stable state (e.g., UPDATE_ROLLBACK_COMPLETE) before initiating a new update, and attempting to bypass the failed resource will result in an error.

1115
MCQeasy

An operations team needs to back up the SAP HANA database running on an EC2 instance. The database is 1 TB in size and the team wants to minimize backup time and cost. Which backup strategy should they use?

A.Use SAP HANA Studio to back up the database to Amazon S3
B.Use Amazon S3 lifecycle policies to move old backups to Glacier
C.Use AWS Systems Manager to run a script that copies data to S3
D.Use AWS Backup to create EBS snapshots of the attached EBS volumes
AnswerD

EBS snapshots are incremental and fast, suitable for large databases.

Why this answer

EBS snapshots provide point-in-time backups that are incremental after the first full snapshot, reducing backup time and cost. HANA Studio backup to S3 requires more manual steps and is slower. AWS Backup can be used but EBS snapshots are more direct.

S3 lifecycle policies are for object management, not database backups.

1116
MCQhard

An SAP administrator configures SAP HANA backup using Backint as shown in the exhibit. The backup job fails with an error indicating that the bucket 'sap-hana-backup-prod' does not exist. The administrator confirms that the bucket name is correct. What is the most likely cause of the failure?

A.The IAM role used by the instance does not have s3:PutObject permission.
B.The chunk size is too large for the bucket.
C.The bucket is in a different AWS region than the EC2 instance.
D.The bucket has a bucket policy that denies access.
AnswerC

Backint by default uses the region of the instance; if bucket is in different region, need to specify region.

Why this answer

The SAP HANA Backint agent communicates with Amazon S3 using the AWS SDK, which resolves the bucket endpoint based on the region configured in the agent or the instance metadata. If the bucket 'sap-hana-backup-prod' exists in a different AWS region than the EC2 instance, the Backint agent will attempt to access the bucket using the wrong regional endpoint, resulting in a 'bucket does not exist' error. This is a common misconfiguration when the Backint parameter file does not explicitly set the correct region or when the instance's default region differs from the bucket's region.

Exam trap

The trap here is that candidates often assume the error message 'bucket does not exist' always means the bucket name is incorrect or the bucket was deleted, overlooking the region mismatch issue that causes the S3 API to return a 404 when the bucket is in a different region.

How to eliminate wrong answers

Option A is wrong because the error message specifically states the bucket does not exist, not a permissions issue; an s3:PutObject permission failure would produce an 'Access Denied' or '403 Forbidden' error. Option B is wrong because the chunk size parameter in SAP HANA Backint controls the size of data segments sent to S3, and an oversized chunk would cause a 'Request entity too large' error, not a 'bucket does not exist' error. Option D is wrong because a bucket policy that denies access would result in an 'Access Denied' or '403 Forbidden' error, not a 'bucket does not exist' error.

1117
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to ensure high availability for the SAP Central Services (ASCS) instance. Which TWO AWS features should be used together to achieve this?

Select 2 answers
A.Network Load Balancer (NLB)
B.Amazon RDS Multi-AZ
C.Application Load Balancer (ALB)
D.Amazon S3
E.Amazon EFS
AnswersA, E

NLB provides a virtual IP address for the ASCS cluster.

Why this answer

Amazon EFS provides a shared filesystem for the ASCS cluster, and a Network Load Balancer (NLB) is used to distribute traffic to the active ASCS instance. S3 is not suitable for shared files, and Multi-AZ for RDS is for databases, not ASCS.

1118
MCQhard

A company is migrating SAP applications to AWS and uses the CloudFormation template snippet shown in the exhibit. The SAP ASCS instance requires a shared file system for the transport directory. However, the template does not create any shared storage. Which AWS resource should be added to the template to provide a shared file system?

A.Amazon EFS file system
B.Instance Store
C.Additional Amazon EBS volume
D.Amazon S3 bucket
AnswerA

Provides shared file system for multiple instances.

Why this answer

Amazon EFS provides a scalable shared file system that can be used for SAP transport directory. Option A (Additional EBS volume) is block storage that cannot be shared across instances. Option B (Amazon S3 bucket) is object storage.

Option C (Instance Store) is ephemeral.

1119
MCQmedium

An SAP system running on AWS uses a Multi-AZ deployment with an Application Load Balancer (ALB) distributing traffic across two application servers in different Availability Zones. The ALB health checks are configured to check the /sap/public/health endpoint on each instance. Recently, the operations team noticed that one of the instances is being marked as unhealthy intermittently, causing a slight increase in response times. The instance's CPU utilization is under 40%, memory is sufficient, and the health endpoint returns a 200 OK status when tested manually. What is the most likely cause?

A.The health check endpoint is configured with the wrong path.
B.The security group for the instances does not allow inbound traffic from the ALB.
C.The health check requests are blocked by a network ACL.
D.The health check interval is too frequent or the timeout is too short.
AnswerD

Intermittent failures often due to timeout; increasing timeout may help.

Why this answer

Option C is correct because the health check request may be timing out due to a short timeout setting. The health endpoint works manually but may take longer under load, causing intermittent failures. Option A is wrong because the health check URL is correct.

Option B is wrong because health checks are sent from the ALB, not the internet. Option D is wrong because security group allows inbound from ALB.

1120
Multi-Selecthard

A company is migrating its SAP ERP system to AWS. The system includes an SAP Central Services (ASCS) instance and an SAP application server. Which TWO of the following are required for high availability? (Choose TWO.)

Select 2 answers
A.Use an EBS Multi-Attach volume for shared /sapmnt
B.Enqueue replication server (ERS) must be set up for the ASCS cluster
C.Configure an Elastic Load Balancer for ASCS
D.Set up a cluster for ASCS using AWS cluster management tools
E.Deploy at least two application servers in different Availability Zones
AnswersB, D

ERS is required for enqueue replication in HA.

Why this answer

Options A and D are required for HA. Option B is optional. Option C is for networking, not HA.

Option E is for redundancy of application servers, but not a requirement for HA per se.

1121
MCQmedium

A company is migrating its SAP ERP system to AWS. They need to ensure high availability for the SAP Central Services (ASCS) instance. Which AWS architecture should they implement?

A.Configure a two-node cluster with a virtual IP (VIP) using AWS Route 53 health checks and failover
B.Run ASCS on Amazon RDS for SAP with Multi-AZ
C.Deploy ASCS on a single large EC2 instance
D.Use an Auto Scaling group with a minimum of 2 instances
AnswerA

Cluster with VIP provides HA for ASCS.

Why this answer

ASCS high availability requires a cluster with a virtual IP address managed by a load balancer or route table update. Option A is wrong because a single instance is not HA. Option B is wrong because Auto Scaling does not handle ASCS failover properly.

Option D is wrong because Multi-AZ RDS is for databases, not ASCS.

1122
Multi-Selecthard

Which TWO AWS services can be used to automate the restart of an SAP application server when it becomes unresponsive? (Choose 2.)

Select 2 answers
A.Amazon ECS service auto-recovery
B.Amazon CloudWatch alarm with an EC2 action to recover the instance
C.AWS Systems Manager Automation document
D.EC2 Auto Scaling group with a health check
E.Amazon EventBridge with a Lambda function
AnswersB, C

Alarm can trigger instance recovery.

Why this answer

Option A (CloudWatch Alarm & EC2 Action) and Option C (Systems Manager Automation) can restart an instance. Option B (Auto Scaling) works for replacement. Option D (Lambda) can be used but requires custom code.

Option E (ECS) is for containers.

1123
MCQeasy

A company is migrating an SAP system to AWS and wants to use an existing AWS Direct Connect connection for data transfer. The migration involves transferring 10 TB of data. Which AWS service is designed to accelerate data transfer over Direct Connect?

A.Amazon S3 Transfer Acceleration
B.AWS VPN
C.AWS DataSync
D.AWS Snowball
AnswerC

DataSync uses a purpose-built protocol to accelerate transfers over Direct Connect.

Why this answer

Option A is correct. AWS DataSync accelerates data transfer over Direct Connect by optimizing network usage. Option B (S3 Transfer Acceleration) is for internet transfers.

Option C (AWS Snowball) is offline. Option D (AWS VPN) is not optimized for bulk transfer.

1124
MCQeasy

A company is using AWS Systems Manager to automate patching of SAP EC2 instances. The patching fails for some instances with the error 'Unable to retrieve SSM Agent registration'. What is the MOST likely cause?

A.The patching window is too short and the instance times out.
B.The IAM role attached to the instance does not have permissions to list patches.
C.The instance does not have outbound internet access or a VPC endpoint for Systems Manager.
D.The SSM Agent is not installed because the instance is running in a container.
AnswerC

SSM requires connectivity to Systems Manager endpoints.

Why this answer

Option B is correct because the SSM Agent needs to connect to the Systems Manager endpoints. If the instance does not have internet access or a VPC endpoint, the agent cannot communicate. Option A is wrong because the SSM Agent runs on the instance, not in a container.

Option C is wrong because the error is about registration, not permissions. Option D is wrong because patching does not require a reboot by default.

1125
MCQmedium

A company is deploying SAP Business Suite on AWS and wants to minimize network latency between the SAP application servers and the database server. Which placement strategy is best?

A.Place the servers in the same placement group within a single Availability Zone.
B.Place the servers in different VPCs connected via VPC Peering.
C.Place the application and database servers in different Availability Zones within the same region.
D.Place the servers in different AWS Regions.
AnswerA

Placement groups ensure low-latency, high-bandwidth connectivity.

Why this answer

Placement groups in AWS allow you to influence the placement of a group of interdependent instances to meet the needs of your workload. For SAP Business Suite, which is sensitive to network latency between application and database servers, using a cluster placement group within a single Availability Zone ensures the lowest possible latency and maximum throughput, as instances are placed in close proximity to each other, often within the same rack, enabling high-bandwidth, low-latency networking.

Exam trap

The trap here is that candidates often assume that distributing servers across multiple Availability Zones provides high availability, but for latency-sensitive SAP workloads, the question specifically asks for minimizing latency, not maximizing fault tolerance, so the single-AZ placement group is the correct answer.

How to eliminate wrong answers

Option B is wrong because placing servers in different VPCs connected via VPC Peering introduces additional network hops and latency, as traffic must traverse the VPC peering connection and potentially transit gateways, which is counterproductive for minimizing latency. Option C is wrong because placing servers in different Availability Zones within the same region introduces inter-AZ latency, typically 1-2 milliseconds, which is significantly higher than the sub-millisecond latency achievable within a single AZ using a placement group. Option D is wrong because placing servers in different AWS Regions introduces inter-region latency, often tens of milliseconds, which is unacceptable for the tight latency requirements of SAP Business Suite's application-to-database communication.

Page 14

Page 15 of 24

Page 16