AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 11261200

1733 questions total · 24pages · All types, answers revealed

Page 15

Page 16 of 24

Page 17
1126
Multi-Selecthard

A company has a mission-critical SAP S/4HANA system running on AWS with a multi-node HANA database. The system must be highly available with an RPO of 0 and an RTO of less than 30 minutes. The database uses SAP HANA System Replication (HSR) with synchronous replication. Which THREE components are essential for this high-availability architecture?

Select 3 answers
A.An Application Load Balancer to distribute traffic between HANA nodes.
B.A VPN connection between the two Availability Zones.
C.An ENSA2 (Enqueue Replication 2) enqueue server.
D.A secondary HANA instance in a different Availability Zone.
E.A cluster manager such as Pacemaker to orchestrate failover.
AnswersC, D, E

ENSA2 provides high availability for the enqueue service.

Why this answer

Options A, C, and D are correct: A secondary HANA instance in a different AZ provides failover; a cluster manager (e.g., Pacemaker) manages failover; an ENSA2 enqueue server ensures data consistency. Option B is wrong: An Application Load Balancer is for HTTP traffic, not HANA. Option E is wrong: A VPN connection is not required for AWS internal traffic.

1127
MCQhard

Refer to the exhibit. An operations team uses an EC2 instance with this IAM policy to manage EBS snapshots for SAP HANA backups. The backup script calls the DeleteSnapshot API for snapshot snap-0abcdef1234567890. What will happen?

A.The snapshot will be deleted because the Deny applies only to other snapshots.
B.The snapshot will be deleted because the Allow statement grants permission.
C.The policy is invalid and will cause an error.
D.The DeleteSnapshot API call will be denied.
AnswerD

Explicit Deny overrides Allow.

Why this answer

Option C is correct. The explicit Deny overrides the Allow, so the DeleteSnapshot will be denied for that specific snapshot. Option A is wrong because the Deny is explicit.

Option B is wrong because the Deny applies to the specific snapshot. Option D is wrong because the policy is not malformed.

1128
MCQeasy

A company running SAP on AWS needs to back up their SAP HANA database daily with point-in-time recovery. Which service should they use to achieve this with minimal operational overhead?

A.Amazon RDS automated backups.
B.Amazon EBS snapshots via a script.
C.AWS Backup with the SAP HANA backup plan.
D.Amazon S3 with lifecycle policies.
AnswerC

AWS Backup provides automated, policy-based backups for SAP HANA.

Why this answer

Option C is correct because AWS Backup supports SAP HANA with automated backups and point-in-time recovery. Option A is wrong because snapshots alone do not provide point-in-time recovery. Option B is wrong because S3 is object storage, not a backup service.

Option D is wrong because RDS does not support SAP HANA.

1129
MCQmedium

A company is running a critical SAP HANA database on a single EC2 instance with a large gp2 EBS volume. They need to ensure high availability with a Recovery Time Objective (RTO) of less than 15 minutes and a Recovery Point Objective (RPO) of less than 5 minutes. Which solution meets these requirements?

A.Deploy the SAP HANA database on Amazon RDS for SAP HANA in a Multi-AZ configuration.
B.Use AWS Backup to take daily snapshots of the EBS volume and restore to a new instance in another Availability Zone.
C.Use AWS Application Recovery Controller to continuously replicate data to a standby EC2 instance in another region.
D.Configure SAP HANA System Replication in scale-up mode with a standby HANA instance in a different Availability Zone.
AnswerD

SAP HANA System Replication provides near-synchronous replication and automatic failover, meeting RPO and RTO.

Why this answer

Option B is correct because SAP HANA System Replication in scale-up mode with a standby instance provides fast failover and near-synchronous replication, meeting the RTO and RPO requirements. Option A is wrong because manual snapshots have high RTO. Option C is wrong because Multi-AZ RDS is not supported for SAP HANA.

Option D is wrong because ASR has longer RTO.

1130
Multi-Selectmedium

An architect is designing a disaster recovery plan for an SAP system using SAP HANA. The primary site is in us-east-1 and the DR site is in us-west-2. The RPO is 15 minutes and RTO is 1 hour. Which TWO AWS services or features should the architect use to meet these requirements? (Choose TWO.)

Select 2 answers
A.AWS Transit Gateway with VPC peering
B.AWS Elastic Disaster Recovery (AWS DRS)
C.Amazon S3 Cross-Region Replication
D.SAP HANA System Replication
E.AWS CloudEndure Disaster Recovery
AnswersB, D

AWS DRS automates failover and recovery, meeting RTO.

Why this answer

SAP HANA System Replication (option D) is the native SAP mechanism for replicating HANA databases synchronously or asynchronously, supporting an RPO of 15 minutes with asynchronous replication. AWS Elastic Disaster Recovery (option B) provides continuous block-level replication for the entire SAP system (including OS and application volumes) and enables automated failover within the 1-hour RTO. Together, they ensure both database consistency and full infrastructure recovery.

Exam trap

Cisco often tests the distinction between native SAP replication (HANA System Replication) and AWS infrastructure-level DR services (AWS DRS), and the trap here is that candidates may think CloudEndure (option E) is a separate valid service, but it is simply the previous branding of AWS DRS, making it a duplicate and incorrect choice.

1131
MCQeasy

An SAP system uses Amazon EFS for shared file storage. The SAP application writes many small files concurrently, causing high metadata operations. Which EFS performance mode should be selected to optimize for this workload?

A.General Purpose
B.Throughput Optimized
C.Max I/O
D.Provisioned Throughput
AnswerC

Max I/O mode is designed for high throughput and parallel metadata operations.

Why this answer

Option A is correct because Max I/O mode is optimized for high throughput and metadata operations. Option B is incorrect because General Purpose mode is for latency-sensitive workloads. Option C is incorrect because there is no 'Throughput Optimized' mode.

Option D is incorrect because Provisioned Throughput is a throughput setting, not a performance mode.

1132
MCQmedium

A company is planning to migrate SAP S/4HANA to AWS. The system has a high transaction rate and requires low network latency between SAP application servers and the database. Which AWS infrastructure design minimizes network latency between the SAP application tier and the database tier?

A.Place the database server in one Availability Zone and application servers in another to improve fault tolerance.
B.Use a cluster placement group for the application servers and a separate placement group for the database.
C.Use a mix of instance types optimized for compute and memory across different Availability Zones.
D.Place all SAP application servers and the database server in the same Availability Zone.
AnswerD

Same AZ ensures minimal network hops and lowest latency.

Why this answer

Option D is correct because placing all SAP application servers and the database server in the same Availability Zone (AZ) minimizes network latency by keeping traffic within a single, high-bandwidth, low-latency AWS data center. SAP S/4HANA with a high transaction rate is sensitive to inter-AZ latency (typically 1-2 ms), which can degrade performance for synchronous database calls. Co-locating all tiers in one AZ ensures the lowest possible round-trip time for SAP's dialog work processes and database commits.

Exam trap

The trap here is that candidates often confuse high availability with performance, assuming that spreading resources across AZs improves both, but for SAP S/4HANA with high transaction rates, the primary design goal for latency is co-location in a single AZ, not fault tolerance.

How to eliminate wrong answers

Option A is wrong because placing the database and application servers in different Availability Zones introduces inter-AZ latency (typically 1-2 ms), which increases response time for SAP's synchronous database calls and can degrade transaction throughput. Option B is wrong because using separate placement groups for application and database servers does not guarantee they are in the same AZ or same rack; cluster placement groups are designed for low-latency within a single group, not across groups, and splitting them can still result in cross-AZ or cross-rack latency. Option C is wrong because mixing instance types across different Availability Zones does not address latency; it may actually increase network distance and variability, and SAP workloads require consistent low latency between tiers, not just optimized compute or memory.

1133
MCQhard

An SAP administrator is troubleshooting an issue where an AWS Lambda function is unable to start an EC2 instance. The Lambda execution role has the IAM policy shown in the exhibit. What is the likely cause of the failure?

A.The Lambda function is not configured with the correct VPC subnet or security group to reach the EC2 instance.
B.The policy does not allow ec2:DescribeInstances.
C.The policy does not allow ec2:StartInstances.
D.The policy does not allow s3:GetObject on the specific backup object.
AnswerA

Lambda may need VPC access to start instances in a VPC, but the policy is fine.

Why this answer

Option C is correct because the policy allows ec2:StartInstances on all resources, but if the instance is in a different account or region, or if there is a resource policy issue, it may fail. However, the most common issue is that the Lambda function does not have the correct region specified. Option A is wrong because the policy allows s3:GetObject.

Option B is wrong because the policy allows ec2:StartInstances. Option D is wrong because the policy allows ec2:DescribeInstances.

1134
MCQmedium

A company is migrating a legacy on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB and has a 1-hour maintenance window. The company needs to minimize downtime and ensure data consistency. Which migration strategy should be used?

A.Use AWS Database Migration Service (AWS DMS) with ongoing replication from the source to the target.
B.Use Oracle Data Pump to export and import the database during the maintenance window.
C.Use AWS Schema Conversion Tool (AWS SCT) to convert the schema and then copy data manually.
D.Export the database to flat files, upload to Amazon S3, and then import into RDS.
AnswerA

AWS DMS with CDC minimizes downtime by replicating changes continuously.

Why this answer

Option D is correct because AWS DMS with ongoing replication allows near-zero downtime by continuously replicating changes from the source to the target. Option A is wrong because native Oracle tools may require extended downtime. Option B is wrong because AWS SCT is only for schema conversion, not data migration.

Option C is wrong because exporting to flat files requires significant downtime.

1135
MCQmedium

A company is deploying SAP NetWeaver on AWS and needs to ensure high availability for the ASCS instance. They plan to use a shared file system for the transport directory. Which AWS storage service is most appropriate for this shared file system?

A.Amazon EFS
B.Amazon EBS volumes with multi-attach
C.EC2 Instance Store
D.Amazon S3
AnswerA

EFS provides a shared NFS file system that can be accessed from multiple EC2 instances.

Why this answer

Option C is correct because Amazon EFS is a managed NFS file system that can be mounted on multiple EC2 instances across AZs, suitable for shared storage like the SAP transport directory. Option A is incorrect because EBS volumes can only be attached to one instance at a time (unless using multi-attach, which is limited). Option B is incorrect because S3 is object storage, not a file system.

Option D is incorrect because Instance Store is ephemeral.

1136
MCQeasy

A company is running SAP on AWS and wants to automate the patching of SAP application servers. The servers are behind an Auto Scaling group. Which AWS service is BEST suited to apply OS patches without downtime?

A.AWS Config
B.AWS Systems Manager Patch Manager
C.AWS CloudFormation
D.AWS OpsWorks
AnswerB

Patch Manager automates OS patching; combined with Auto Scaling rolling updates, it minimizes downtime.

Why this answer

Option D is correct because AWS Systems Manager Patch Manager can automate patching, and by using a rolling update with Auto Scaling, you can avoid downtime. Option A is wrong because AWS Config is for compliance, not patching. Option B is wrong because CloudFormation is for infrastructure as code, not patching.

Option C is wrong because OpsWorks is for Chef/Puppet, but Systems Manager is more integrated.

1137
Multi-Selecteasy

Which TWO methods can be used to migrate an SAP system from on-premises to AWS while minimizing the need for re-architecture? (Choose two.)

Select 2 answers
A.Replatform by moving to Amazon RDS for SAP
B.Rehost by manually copying servers to Amazon EC2
C.Rehost using AWS Application Migration Service (AWS MGN)
D.Refactor the application to use microservices
E.Use AWS Database Migration Service to move the database to Amazon Aurora
AnswersB, C

Manual rehost also minimizes changes, though less automated.

Why this answer

Lift-and-shift (rehost) using AWS Application Migration Service and the 7-Migration Strategies (7Rs) rehost approach minimize re-architecture. Option A is wrong because replatforming involves some changes. Option D is wrong because refactoring involves significant re-architecture.

Option E is wrong because AWS DMS is for databases, not full systems.

1138
Multi-Selecthard

A company is migrating SAP HANA to AWS and needs to ensure that the database instances have high network throughput for replication traffic. Which THREE AWS features should be enabled? (Choose THREE.)

Select 3 answers
A.Placement Groups
B.EBS-optimized instances
C.Enhanced Networking (SR-IOV)
D.Elastic IP addresses
E.VPC peering connections
AnswersA, B, C

Placement Groups provide low-latency, high-throughput network.

Why this answer

Enhanced Networking provides higher network performance, Placement Groups provide low-latency network, and EBS-optimized instances provide dedicated bandwidth to EBS. Option D is wrong because Elastic IP does not improve throughput. Option E is wrong because VPC peering does not improve throughput, it connects VPCs.

1139
Multi-Selecthard

Which THREE AWS services are commonly used to implement high availability for SAP HANA databases on AWS? (Choose three.)

Select 3 answers
A.Amazon EC2 Auto Recovery
B.AWS Global Accelerator
C.Multi-AZ deployment of SAP HANA
D.Amazon Route 53
E.Elastic Load Balancing
AnswersA, C, E

Auto Recovery can automatically recover an instance from hardware failure.

Why this answer

Options A, B, and E are correct. Amazon EC2 Auto Recovery automatically recovers instances in case of failure. Multi-AZ deployment of SAP HANA uses multiple Availability Zones.

Elastic Load Balancing distributes traffic across healthy instances. Options C and D are incorrect: AWS Global Accelerator is for global traffic, Amazon Route 53 is for DNS, but both can be used for HA but are not as common for HANA HA.

1140
MCQhard

A company is running a stateful application on EC2 instances in an Auto Scaling group. The instances store session state locally. The group uses a simple scaling policy based on network traffic. The company notices that when instances are terminated during scale-in, active sessions are lost. What is the MOST effective way to preserve session state during scaling events?

A.Use a step scaling policy instead of a simple scaling policy.
B.Use a lifecycle hook to gracefully drain sessions before instance termination.
C.Increase the cooldown period for the Auto Scaling group.
D.Use a launch configuration that enables termination protection.
AnswerB

Lifecycle hooks allow instances to perform custom actions before being terminated.

Why this answer

A lifecycle hook is the most effective solution because it pauses the instance termination process during scale-in, allowing the application to drain active sessions (e.g., by transferring session state to a shared data store like ElastiCache or DynamoDB) before the instance is fully terminated. This preserves session continuity without requiring architectural changes to the application's stateful design.

Exam trap

The trap here is that candidates often confuse termination protection (which prevents manual termination) with lifecycle hooks (which manage the termination process), or they mistakenly believe that scaling policy types or cooldowns can influence session state preservation.

How to eliminate wrong answers

Option A is wrong because a step scaling policy only adjusts the number of instances to be added or removed based on alarm thresholds; it does not affect the termination process or provide any mechanism to preserve session state during scale-in. Option C is wrong because increasing the cooldown period merely delays the next scaling activity, but it does not prevent active sessions from being lost when an instance is eventually terminated. Option D is wrong because termination protection prevents an instance from being terminated via the EC2 console or API, but Auto Scaling can still terminate instances during scale-in unless the protection is set at the Auto Scaling group level (which is not supported); moreover, it would prevent scale-in entirely, defeating the purpose of dynamic scaling.

1141
Multi-Selecteasy

An SAP administrator wants to automate the patching of SAP application servers. Which TWO AWS services can be used together to achieve this?

Select 2 answers
A.AWS Systems Manager Patch Manager
B.AWS Lambda
C.AWS Systems Manager Maintenance Windows
D.AWS OpsWorks
E.Amazon CloudWatch Alarms
AnswersA, C

Patch Manager automates OS patching.

Why this answer

Options A and D are correct. A: AWS Systems Manager Patch Manager automates patching. D: AWS Systems Manager Maintenance Windows schedules the patching.

B is incorrect because CloudWatch Alarms is for monitoring. C is incorrect because Lambda can orchestrate but not directly patch. E is incorrect because OpsWorks is for Chef/Puppet, not direct patching.

1142
MCQeasy

A company is running SAP S/4HANA on AWS and needs to ensure high availability for the database layer. Which AWS service should be used to replicate the database to a standby instance in a different Availability Zone?

A.EC2 Auto Scaling
B.Amazon S3
C.Amazon RDS Multi-AZ
D.AWS Database Migration Service (DMS)
AnswerD

AWS DMS can perform ongoing replication to a standby HANA database.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication from an SAP HANA source database to a standby instance in a different Availability Zone using change data capture (CDC). This allows continuous data synchronization without requiring native SAP HANA replication features, making it suitable for high-availability setups where the database layer must be replicated across AZs.

Exam trap

The trap here is that candidates often confuse Amazon RDS Multi-AZ with a generic high-availability solution, but RDS Multi-AZ does not support SAP HANA, making DMS the correct choice for replicating SAP S/4HANA databases across Availability Zones.

How to eliminate wrong answers

Option A is wrong because EC2 Auto Scaling is designed to automatically adjust compute capacity based on demand, not to replicate databases or provide database-level high availability across AZs. Option B is wrong because Amazon S3 is an object storage service and cannot be used for real-time database replication or as a standby database instance. Option C is wrong because Amazon RDS Multi-AZ is a managed database service that provides automatic failover for supported database engines, but it does not support SAP HANA as a database engine, which is required for SAP S/4HANA workloads.

1143
Multi-Selecthard

A company is migrating a critical application to AWS using a phased approach. The application uses a custom Linux distribution that is not supported by AWS Application Migration Service. Which THREE steps should the company take to migrate the application? (Choose THREE)

Select 3 answers
A.Use AWS Server Migration Service (SMS) to replicate the on-premises server to AWS.
B.Convert the application to run on Amazon Linux 2 to simplify future management.
C.Perform a test migration to a non-production environment to validate the application.
D.Use AWS Database Migration Service (DMS) to migrate the application server.
E.Create a custom Amazon Machine Image (AMI) with the required Linux distribution and dependencies.
AnswersA, C, E

SMS can replicate servers even if the OS is not officially supported by AWS MGN.

Why this answer

AWS Server Migration Service (SMS) is the correct choice because it is an agentless service that can replicate on-premises servers running custom Linux distributions as long as they are supported by the underlying hypervisor. SMS uses incremental replication to create Amazon Machine Images (AMIs) from the source server, enabling a lift-and-shift migration without requiring the application to be converted to a different OS. This approach directly addresses the scenario where AWS Application Migration Service does not support the custom Linux distribution.

Exam trap

The trap here is that candidates often confuse AWS DMS as a general-purpose migration tool for servers, when in fact it is strictly for database migrations, leading them to incorrectly select Option D instead of recognizing that server migration requires a dedicated replication service like SMS or a custom AMI approach.

1144
MCQhard

A company plans to migrate a 10 TB on-premises SQL Server database to Amazon RDS for SQL Server. The migration must be completed within a 4-hour window. The network bandwidth is 1 Gbps. Which migration approach should they choose?

A.Use AWS SCT to convert schema and then export/import via native tools
B.Use AWS DMS over the internet
C.Set up an AWS Direct Connect connection and use DMS
D.Use AWS Snowball Edge to transfer data and then perform a cutover
AnswerD

Snowball provides physical transport, meeting the time constraint.

Why this answer

At 1 Gbps, transferring 10 TB over the internet would take ~22 hours, exceeding the window. AWS Snowball can physically transfer the data quickly. Option D is correct.

Option A is wrong because DMS over internet is too slow. Option B is wrong because DMS over Direct Connect still limited by bandwidth. Option C is wrong because SCT does not transfer data.

1145
MCQeasy

An SAP environment uses Amazon CloudWatch to monitor EC2 instances. The operations team wants to receive a notification when the CPU utilization exceeds 90% for 5 consecutive minutes. Which AWS service should they use?

A.Amazon CloudWatch Alarms with Amazon SNS.
B.AWS Config.
C.Amazon CloudWatch Logs.
D.AWS CloudTrail.
AnswerA

Alarms send notifications via SNS when thresholds are breached.

Why this answer

Option C is correct because CloudWatch Alarms can trigger Amazon SNS notifications. Option A is wrong because CloudWatch Logs is for log data. Option B is wrong because CloudTrail is for API auditing.

Option D is wrong because Config is for resource compliance.

1146
Multi-Selecthard

A company is designing a disaster recovery (DR) strategy for SAP HANA on AWS. Which TWO of the following are valid DR approaches? (Choose two.)

Select 2 answers
A.Configure HANA System Replication to a secondary Region.
B.Use S3 cross-Region replication (CRR) to copy HANA backups.
C.Copy EBS snapshots to another Region using cross-Region snapshot copy.
D.Use AWS Backup with cross-Region copy.
E.Use Amazon RDS cross-Region read replicas for HANA.
AnswersA, C

HANA System Replication provides near real-time replication.

Why this answer

Options A and D are correct. A is correct because HANA System Replication can replicate data to another Region. D is correct because cross-Region EBS snapshots can be used for DR.

B is incorrect because RDS is not used for SAP HANA (HANA runs on EC2). C is incorrect because S3 cross-Region replication is for S3 objects, not HANA data. E is incorrect because AWS Backup with cross-Region copy can be used, but it is not a DR approach on its own; it backs up EBS snapshots.

1147
MCQhard

A company runs SAP NetWeaver on AWS. The system uses a shared file system for transport files via Amazon EFS. Recently, the transport directory performance has degraded. Which configuration change is most likely to improve the I/O performance for the transport directory?

A.Enable EFS performance mode with Max I/O.
B.Migrate the transport directory to an Amazon EBS volume.
C.Use Amazon S3 with a mount point.
D.Use EFS with Bursting Throughput mode.
AnswerA

Max I/O mode optimizes for high throughput and large file operations.

Why this answer

The correct answer is A because enabling EFS Max I/O performance mode provides higher throughput and IOPS for workloads with high I/O demands, such as SAP transport directories. Max I/O mode scales horizontally by distributing file data across multiple servers, which improves performance for parallel access patterns common in SAP transport operations.

Exam trap

The trap here is that candidates often assume Bursting Throughput mode (Option D) is sufficient for all EFS workloads, but they overlook that SAP transport directories require sustained high I/O that can exhaust burst credits, making Max I/O mode the better choice for consistent performance.

How to eliminate wrong answers

Option B is wrong because migrating to an EBS volume would require re-architecting the shared file system, as EBS is a block-level storage attached to a single EC2 instance, not suitable for shared access across multiple SAP instances. Option C is wrong because Amazon S3 with a mount point (e.g., using S3FS or similar FUSE-based solutions) introduces significant latency and lacks POSIX compliance, making it unsuitable for SAP transport directories that require low-latency file locking and consistency. Option D is wrong because EFS Bursting Throughput mode relies on burst credits and may not sustain high I/O performance for continuous workloads like SAP transport, leading to throttling once credits are exhausted.

1148
MCQhard

An SAP administrator is troubleshooting why a user cannot stop a production EC2 instance. The IAM policy attached to the user is shown in the exhibit. Which action is likely causing the failure?

A.The instance does not have the tag Environment=production.
B.There is an explicit deny statement in another policy.
C.The policy does not allow the StopInstances action.
D.The policy does not include ec2:DescribeInstances action.
AnswerA

The condition requires the tag to be exactly 'production'.

Why this answer

Option B is correct because the policy explicitly allows StartInstances and StopInstances only when the tag Environment equals production. If the instance is tagged differently (e.g., 'prod' instead of 'production'), the condition will fail. Option A is wrong because the policy allows ec2:Describe* for all resources.

Option C is wrong because there is no explicit deny. Option D is wrong because the policy does allow StopInstances with the condition.

1149
Multi-Selecthard

A company runs SAP on AWS and uses an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances running SAP Web Dispatcher. The operations team needs to implement a health check that verifies the Web Dispatcher is ready to accept traffic. Which THREE configuration options should the team set for the health check? (Choose THREE.)

Select 3 answers
A.Set the unhealthy threshold to 5 consecutive failures
B.Set the health check path to /sap/wdisp/health
C.Set the health check port to 443 (HTTPS)
D.Set the health check interval to 10 seconds
E.Set the healthy threshold to 2 consecutive successes
AnswersA, B, D

This prevents premature marking of instances as unhealthy.

Why this answer

The health check should target a custom path that validates the application status, use a reasonable interval, and set a threshold for consecutive failures to mark the instance unhealthy. The healthy threshold determines how many consecutive successes are needed to mark the instance healthy. The path should be a specific endpoint like /sap/wdisp/health.

The interval and unhealthy threshold are important to detect failures quickly while avoiding flapping.

1150
MCQhard

A company is designing a disaster recovery (DR) solution for SAP HANA on AWS. The primary site is in us-east-1, and the DR site is in us-west-2. The RPO is 5 minutes, and the RTO is 1 hour. The company wants to use SAP HANA System Replication (HSR). Which configuration meets these requirements?

A.Use asynchronous HSR with multiple secondary instances (multi-target) in us-west-2.
B.Use synchronous HSR between us-east-1 and us-west-2.
C.Use asynchronous HSR with a single secondary instance in us-west-2.
D.Use EBS snapshots every 5 minutes and copy them to us-west-2.
AnswerA

Multi-target async replication provides better RPO by replicating to multiple targets.

Why this answer

Option A is correct because multi-target asynchronous HSR allows SAP HANA to replicate data to multiple secondary instances simultaneously, meeting the 5-minute RPO with asynchronous replication while providing the flexibility to fail over to a secondary instance in us-west-2 within the 1-hour RTO. Asynchronous replication is necessary over such a long distance (us-east-1 to us-west-2) to avoid latency impacting primary site performance, and multi-target enables multiple DR targets without additional primary-side overhead.

Exam trap

The trap here is that candidates often assume synchronous replication is always better for low RPO, but over long distances it introduces unacceptable latency, making asynchronous the only viable option for cross-region DR.

How to eliminate wrong answers

Option B is wrong because synchronous HSR over a cross-region distance (us-east-1 to us-west-2) would introduce significant network latency, causing transaction commit delays and potentially exceeding the RTO due to performance degradation or replication timeouts. Option C is wrong because a single secondary instance in us-west-2 does not provide the required high availability for DR; if that single instance fails or becomes unreachable, replication stops and the RPO/RTO cannot be guaranteed. Option D is wrong because EBS snapshots every 5 minutes cannot achieve a 5-minute RPO due to snapshot creation and copying latency, and restoring from snapshots typically takes longer than 1 hour, failing the RTO.

1151
MCQeasy

A company is migrating an SAP HANA database to AWS using AWS DMS. An IAM policy has been created for the DMS service role as shown in the exhibit. The migration fails with an error that the DMS task cannot access the source database. Which additional permission is most likely required?

A.dms:DescribeEndpoints and dms:CreateEndpoint
B.kms:Decrypt
C.rds:DescribeDBInstances
D.ec2:DescribeSubnets
AnswerA

DMS needs permissions to manage endpoints.

Why this answer

The policy allows DMS actions and S3 bucket access, but does not include permissions for source database endpoints (e.g., RDS or EC2). DMS needs permissions to describe and connect to the source. kms:Decrypt is not relevant unless encryption is used. ec2:DescribeSubnets is for network settings.

1152
MCQeasy

A company is planning to migrate its SAP environment to AWS. They have multiple SAP systems that are interconnected. Which migration approach is recommended to minimize dependency issues?

A.Migrate systems based on business process priority, ignoring technical dependencies
B.Migrate systems in logical groups that have dependencies on each other
C.Migrate systems individually based on size, starting with the smallest
D.Migrate all systems at the same time in a big bang approach
AnswerB

Grouping dependent systems ensures they are migrated together, preserving connections.

Why this answer

Option A is incorrect because migrating all systems at once is risky and complex. Option B is incorrect because migrating business processes first may not be feasible. Option C is correct because migrating by logical dependency groups (e.g., all systems in a landscape together) minimizes inter-system issues.

Option D is incorrect because migrating by system size may break dependencies.

1153
MCQeasy

A company is migrating its SAP ERP system to AWS and needs to choose a storage option for the SAP HANA database. Which AWS storage service is most suitable for SAP HANA data volumes?

A.Amazon S3
B.Amazon EBS io2 Block Express volumes
C.Amazon EBS gp3 volumes
D.Amazon EFS
AnswerB

io2 Block Express volumes provide high throughput and low latency, suitable for SAP HANA.

Why this answer

Option B is correct because Amazon EBS io2 Block Express volumes are designed for high-performance, low-latency workloads like SAP HANA. Option A is wrong because EBS gp3 is general purpose and may not meet HANA performance requirements. Option C is wrong because EFS is file storage, not block storage.

Option D is wrong because S3 is object storage.

1154
MCQhard

An SAP Basis team is implementing SAP HANA system replication across two AWS Availability Zones. The HANA primary instance uses Premium SSD v2 (P30) managed disks. The secondary instance must be kept in sync with minimal data loss. Which networking configuration is required to ensure low-latency, high-throughput replication traffic between the instances?

A.Use ClassicLink to connect the instances.
B.Set up a VPN connection between the instances.
C.Enable Enhanced Networking (ENA) and place the instances in a placement group with cluster placement.
D.Configure VPC peering between the two subnets.
AnswerC

ENA provides higher bandwidth and lower jitter; cluster placement groups offer the lowest latency between instances, but cross-AZ still benefits from ENA.

Why this answer

Option A is correct because placement groups with cluster placement provide low-latency networking within a single AZ, but for cross-AZ replication, enabling ENA and using enhanced networking is essential. Option B (ClassicLink) is obsolete. Option C (VPN) adds overhead.

Option D (VPC Peering) is for VPC-to-VPC, not within the same VPC.

1155
MCQeasy

An SAP administrator needs to apply an OS security patch to all SAP application servers running on EC2 instances in an Auto Scaling group. The patch requires a reboot. What is the most efficient way to apply the patch with minimal downtime?

A.SSH into each instance and apply the patch manually
B.Create a new AMI with the patch and update the Auto Scaling group
C.Use AWS CloudFormation to update the instances
D.Use AWS Systems Manager Patch Manager with a maintenance window
AnswerD

Patch Manager automates patching and reboots with minimal disruption.

Why this answer

Option D is correct because AWS Systems Manager Patch Manager can orchestrate patching across instances, and using a maintenance window with a reboot strategy minimizes downtime. Option A is wrong because manual patching is not efficient. Option B is wrong because CloudFormation is for infrastructure provisioning, not patching.

Option C is wrong because replacing instances with new AMIs requires more effort.

1156
MCQeasy

A company needs to back up its SAP HANA database running on AWS. The backup must be stored in a durable and cost-effective manner. Which AWS service should the company use for long-term backup storage?

A.Amazon EBS snapshots
B.Amazon Glacier
C.AWS Backup
D.Amazon S3
AnswerD

S3 is ideal for durable and cost-effective backup storage.

Why this answer

Option A is correct because Amazon S3 is durable, cost-effective, and suitable for long-term backup storage. Option B is wrong because Amazon Glacier is for archival, not regular backups. Option C is wrong because Amazon EBS snapshots are stored in S3 but are not directly accessible as files.

Option D is wrong because AWS Backup can orchestrate backups but uses S3 as the storage target.

1157
MCQhard

A company is migrating an SAP system to AWS and needs to ensure high availability for SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which architecture meets SAP's high availability requirements?

A.Use a cluster solution with a shared file system and a virtual IP address in a multi-AZ setup
B.Deploy ASCS and ERS in a single Availability Zone with an automatic restart
C.Use an Application Load Balancer to distribute traffic between ASCS and ERS
D.Configure Amazon Route 53 health checks to failover between ASCS and ERS
AnswerA

This is the recommended architecture for SAP ASCS/ERS HA, using Pacemaker and a floating IP.

Why this answer

Option D is correct because using a cluster with a shared file system and a virtual IP address in a multi-AZ deployment is the standard SAP HA architecture. Option A is wrong because a single AZ does not protect against AZ failure. Option B is wrong because an Application Load Balancer is not suitable for ASCS/ERS.

Option C is wrong because Route 53 health checks alone do not provide the fast failover required.

1158
Matchingmedium

Match the AWS service to its role in SAP high availability.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automatically adjusts capacity of SAP application servers

DNS failover and health checks

Distributes traffic across SAP instances

Infrastructure as code for multi-AZ deployment

Why these pairings

HA in SAP on AWS relies on these services.

1159
MCQmedium

Refer to the exhibit. An SAP administrator has the IAM policy shown. The administrator needs to attach an EBS volume to an EC2 instance that is tagged with SAPSystem=DEV. Will the administrator be able to perform the attach operation?

A.No, because the condition requires the tag SAPSystem=PRD
B.No, because the policy does not allow attaching volumes
C.Yes, because the policy allows the actions
D.Yes, because the resource is not restricted
AnswerA

The condition StringEquals requires the tag to be PRD, not DEV.

Why this answer

The policy allows AttachVolume and DetachVolume actions, but only when the volume or instance resource has the tag SAPSystem=PRD. Since the instance is tagged DEV, the condition is not met, and the operation will be denied.

1160
MCQhard

An SAP administrator is trying to run an AWS DMS replication task from an EC2 instance that has this IAM role. The task fails with an access denied error. What is the most likely cause?

A.The EC2 instance role is not attached to the instance.
B.The S3 bucket name is incorrect.
C.The S3 actions require additional permissions for the bucket.
D.The policy does not include permissions for dms:DescribeReplicationTasks.
AnswerD

To start a task, DMS may need to describe replication tasks first.

Why this answer

Option D is correct because the DMS actions require permissions on the DMS resources (replication instances, endpoints, etc.), but the policy uses "Resource": "*" which is allowed, but the issue is that the EC2 instance is trying to call DMS actions that are not listed, such as dms:DescribeEndpoints or dms:CreateReplicationInstance. However, the most likely cause is that the policy also needs permissions for S3 actions if the task uses S3 as a source or target, but the error is access denied for DMS. Actually, the policy allows dms:CreateReplicationTask and dms:StartReplicationTask on all resources, so that should be fine.

The error might be due to missing permissions for other DMS actions like dms:DescribeReplicationTasks. But the exhibit shows only two actions. The most likely cause is that the policy does not include permissions for dms:DescribeReplicationTasks or dms:TestConnection, which are needed before starting a task.

However, option D is about missing S3 permissions if the task uses S3 as a target. Given the policy allows S3 on the bucket, that should be fine. Wait, let's re-evaluate.

The error is access denied for DMS. The policy allows CreateReplicationTask and StartReplicationTask, so those should work. Perhaps the issue is that the task needs to list endpoints or replication instances.

The most plausible answer is that the policy lacks permissions for dms:DescribeReplicationInstances. But among options, D is about S3 permissions. Actually, looking at options, option B is about missing dms:DescribeReplicationTasks, which is likely needed.

The stem says the task fails with access denied, so it might be during the start. Option B is a good candidate. However, the exhibit action list is limited.

I'll go with B.

1161
MCQeasy

A company is planning to run SAP S/4HANA on AWS. They need to ensure that the SAP system can be restored within 4 hours in the event of a disaster. Which AWS service should be used to achieve this recovery time objective (RTO)?

A.AWS Elastic Disaster Recovery
B.EBS snapshots copied to another region
C.AWS CloudEndure Disaster Recovery
D.Amazon S3 cross-region replication
AnswerA

DRS provides fast recovery for SAP systems.

Why this answer

AWS Elastic Disaster Recovery (AWS DRS) is the correct service because it provides continuous replication of SAP S/4HANA workloads with sub-second RPO and supports automated recovery orchestration, enabling restoration within the 4-hour RTO. It is the direct successor to CloudEndure Disaster Recovery and is purpose-built for enterprise applications like SAP, offering non-disruptive testing and fast failover to a secondary AWS Region or Availability Zone.

Exam trap

The trap here is that candidates confuse AWS Elastic Disaster Recovery with its predecessor name 'CloudEndure Disaster Recovery' (Option C), which is the same service but the exam expects the current AWS branding, or they mistakenly think periodic EBS snapshots (Option B) can achieve a 4-hour RTO for SAP without considering the recovery time for snapshot restoration and database consistency.

How to eliminate wrong answers

Option B is wrong because EBS snapshots copied to another region provide only periodic, point-in-time backups (typically every 1-24 hours), which cannot guarantee the sub-minute RPO needed for SAP S/4HANA and may require manual steps to restore, exceeding the 4-hour RTO. Option C is wrong because AWS CloudEndure Disaster Recovery is the previous name for AWS Elastic Disaster Recovery; it is the same service, but the current AWS service name is 'AWS Elastic Disaster Recovery' (the exam uses the updated name), so selecting this option indicates a misunderstanding of the service naming. Option D is wrong because Amazon S3 cross-region replication is an object-level replication service for S3 buckets, not a block-level replication solution for EC2 instances or SAP databases, and it cannot replicate the entire SAP system state (OS, database, application) required for disaster recovery.

1162
MCQmedium

A company is migrating a critical SAP HANA database to AWS. The database size is 2 TB. They require the highest network throughput and low latency between EC2 instances. Which EC2 placement strategy should they use?

A.Spread Placement Group across multiple Availability Zones
B.Partition Placement Group
C.Dedicated Hosts
D.Cluster Placement Group
AnswerD

Cluster group provides low latency and high throughput within a single AZ.

Why this answer

Placement Groups with Cluster Placement provide low latency and high throughput within a single AZ. Option C is correct. Option A is wrong because Spread Placement is for high availability, not performance.

Option B is wrong because Partition Placement is for large distributed systems. Option D is wrong because Dedicated Hosts provide licensing benefits, not network performance.

1163
Multi-Selectmedium

A company is migrating its SAP HANA database to AWS. They need to validate that the target AWS environment meets SAP's certification requirements. Which two steps should they take? (Choose TWO.)

Select 2 answers
A.Configure the instance with 10 Gbps network bandwidth
B.Use an Amazon Machine Image (AMI) from the AWS Marketplace that includes SAP HANA
C.Ensure that the EBS volumes are optimized for high throughput
D.Confirm that the operating system is SAP certified for HANA
E.Verify that the EC2 instance type is listed in the SAP HANA certified instance list
AnswersD, E

OS certification is required.

Why this answer

SAP certification requires using certified instance types and operating systems. Option A ensures the instance is certified. Option D ensures the correct OS version.

Option B is not required because EBS optimization is standard for many instances. Option C is not a requirement. Option E is incorrect because the AMI ID is not relevant to certification.

1164
Multi-Selecthard

Which THREE factors should be considered when choosing an EC2 instance type for SAP HANA? (Choose three.)

Select 3 answers
A.The instance must have enough memory to fit the HANA database.
B.The instance must support high network throughput for data replication.
C.The instance should have GPU accelerators for faster query processing.
D.The instance must have local instance store volumes for data persistence.
E.The instance type must be listed in the SAP HANA hardware directory for AWS.
AnswersA, B, E

HANA is memory-optimized.

Why this answer

Option A is correct because SAP HANA is an in-memory database that loads the entire dataset into RAM for processing. The EC2 instance must have sufficient memory to accommodate the HANA database size, including overhead for system tables and temporary data, as specified in the SAP HANA memory sizing guidelines.

Exam trap

The trap here is that candidates may mistakenly think GPU accelerators are needed for SAP HANA's analytical queries or that local instance store volumes provide persistent storage, when in fact SAP HANA requires certified instance types and persistent storage like EBS.

1165
Multi-Selecteasy

Which TWO AWS services can be used to migrate an on-premises Microsoft SQL Server database to Amazon RDS for SQL Server with minimal downtime? (Choose two.)

Select 2 answers
A.AWS Snowball Edge
B.AWS Schema Conversion Tool (SCT)
C.Amazon EC2 with SQL Server
D.AWS Database Migration Service (DMS)
E.AWS Direct Connect
AnswersB, D

SCT converts schema and can optimize for RDS.

Why this answer

Correct options: A and D. AWS DMS can perform live migration with CDC; AWS SCT can convert schema and optimize for RDS. Options B, C, and E are incorrect: Snowball is for offline data; Direct Connect is for network; EC2 is not for migration.

1166
MCQeasy

A company runs production workloads on AWS. The Security Team requires that all Amazon S3 buckets with server access logging enabled must have logs delivered to a centralized S3 bucket in a separate account. Which solution meets this requirement?

A.Use S3 bucket policies to restrict log delivery to only the source account.
B.Use S3 replication rules to copy objects from source buckets to the centralized bucket.
C.Enable AWS CloudTrail to log all S3 API calls and store logs in the centralized bucket.
D.Configure the source bucket to deliver logs to the destination bucket. Attach a bucket policy on the destination bucket that grants the log delivery group (e.g., Amazon S3 Log Delivery) write permissions.
AnswerD

A is correct: cross-account S3 server access logging is supported with appropriate bucket policy.

Why this answer

Option A is correct because S3 server access logs can be delivered to a bucket in another account if the destination bucket policy grants the log delivery group write permissions. Option B is incorrect as bucket policies are not limited to the same account; cross-account delivery is supported. Option C is incorrect because CloudTrail is for API activity, not S3 access logs.

Option D is incorrect because replication copies objects after they are logged, not the logs themselves.

1167
MCQmedium

An SAP administrator needs to implement a disaster recovery (DR) strategy for SAP HANA with an RTO of 2 hours and RPO of 15 minutes. The primary site is in us-east-1, and the DR site is in us-west-2. The system uses SAP HANA System Replication (HSR) for data replication. Which AWS service should be used to automate failover and minimize downtime?

A.AWS Elastic Disaster Recovery (AWS DRS).
B.AWS Backup with cross-region backup copies.
C.AWS CloudEndure Disaster Recovery.
D.Amazon RDS for SAP HANA.
AnswerA

AWS DRS provides continuous replication and automated failover capabilities, meeting the RTO/RPO requirements.

Why this answer

Option A is correct because AWS Elastic Disaster Recovery (DRS) can replicate EC2 instances and automate failover, meeting the RTO and RPO requirements. Option B is wrong because AWS Backup is for backup, not real-time replication. Option C is wrong because CloudEndure is now AWS DRS.

Option D is wrong because RDS is not used for SAP HANA; it is a managed database service.

1168
MCQmedium

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. They need to minimize downtime and ensure data consistency. Which AWS service or feature should they use?

A.AWS Database Migration Service (AWS DMS) with ongoing replication
B.RDS Read Replica
C.VPC Peering
D.AWS Schema Conversion Tool (AWS SCT)
AnswerA

DMS with ongoing replication supports near-zero downtime migration.

Why this answer

Option D is correct because AWS DMS with ongoing replication enables minimal downtime migration by continuously replicating changes after the initial load. Option A is wrong because AWS SCT only converts schemas, not data. Option B is wrong because VPC Peering is a network feature.

Option C is wrong because a Read Replica is for read scaling, not migration.

1169
MCQeasy

A company is designing a disaster recovery (DR) strategy for its SAP environment on AWS. The primary region is us-east-1 and the DR region is us-west-2. The SAP application and database must be recoverable within 4 hours (RTO) and with a maximum data loss of 15 minutes (RPO). The database is SAP HANA. Which combination of services meets these requirements?

A.Use Amazon EBS snapshots replicated across regions, restoring in the DR region with a CloudFormation template.
B.Back up the HANA database to Amazon S3 and copy the backup to the DR region using cross-region replication.
C.Configure HANA System Replication (HSR) between the primary and DR regions, with a standby EC2 instance in us-west-2.
D.Use AWS Database Migration Service (DMS) with ongoing replication to an RDS for SAP HANA instance in the DR region.
AnswerC

HSR provides near-synchronous replication with RPO as low as seconds, meeting the 15-minute requirement.

Why this answer

Option B is correct because HANA System Replication with log shipping provides low RPO (15 minutes) and can be combined with a standby instance in the DR region for failover within 4 hours. Option A is wrong because EBS snapshots alone may not achieve 15-minute RPO. Option C is wrong because DMS is for homogeneous migrations, not real-time replication.

Option D is wrong because S3 is for backups, not replication.

1170
MCQeasy

An SAP administrator wants to deploy a SAP system across two Availability Zones for high availability. The administrator runs the command shown in the exhibit. How many subnets are available for the deployment?

A.4
B.2
C.3
D.1
AnswerB

Two subnets are listed.

Why this answer

Option B is correct because the output shows two subnets, one in us-east-1a and one in us-east-1b. Option A is wrong because there are two subnets. Option C is wrong because there are not four.

Option D is wrong because there are exactly two.

1171
Multi-Selectmedium

An organization runs SAP on AWS and wants to encrypt all data at rest for the SAP HANA database. The encryption keys must be managed by the customer and rotated annually. Which THREE AWS services can be used together to meet these requirements? (Choose THREE.)

Select 3 answers
A.Amazon S3 server-side encryption
B.Amazon EBS encryption
C.AWS Key Management Service (KMS)
D.AWS CloudHSM
E.AWS Certificate Manager (ACM)
AnswersB, C, D

EBS volumes can be encrypted using KMS keys.

Why this answer

Options A, B, and C are correct: AWS KMS manages customer master keys, CloudHSM provides hardware security module, and EBS encryption uses KMS. Option D is wrong because S3 encryption can use KMS but not directly for EBS. Option E is wrong because ACM is for SSL/TLS certificates.

1172
MCQeasy

A company is designing a network architecture for SAP S/4HANA on AWS. The architecture must support high availability by distributing application servers across two Availability Zones. Which AWS service can provide automatic failover for the SAP central services (ASCS) instance?

A.Amazon Route 53 with DNS failover routing
B.AWS Direct Connect
C.Application Load Balancer (ALB)
D.Amazon CloudFront
AnswerA

Route 53 can perform health checks and fail DNS to a standby ASCS in case of primary failure.

Why this answer

Option B is correct because Amazon Route 53 can route traffic to a health-checked endpoint and failover to a secondary ASCS in another AZ. Option A (ELB) operates at layer 4/7 but does not handle SAP-specific ASCS failover. Option C (CloudFront) is a CDN.

Option D (Direct Connect) is a dedicated network connection.

1173
Multi-Selecthard

Which TWO of the following are valid considerations when sizing an SAP HANA instance on AWS for a production environment? (Choose 2.)

Select 2 answers
A.Use EBS consistency groups for snapshot backups
B.Consider instance store volumes for temporary data and high I/O throughput
C.Ensure the instance type supports EBS optimization for dedicated network bandwidth
D.Select an instance with at least 64 GB memory per HANA node
E.Use a single large EBS volume to simplify management
AnswersB, C

Instance store provides high performance for temp data.

Why this answer

Options A and D are correct. EBS-optimized instances are required for consistent network performance, and instance store volumes provide high I/O throughput. Option B is incorrect because consistency group backups are not specific to sizing.

Option C is incorrect because a single EBS volume may not provide enough throughput for large databases. Option E is incorrect because HANA requires a minimum of 128 GB memory per node, but this is not a sizing consideration for instance choice.

1174
MCQmedium

An SAP system on AWS uses a multi-AZ deployment with an Application Load Balancer (ALB) to distribute traffic across application servers. The ALB health checks are failing intermittently. What is the most likely cause?

A.The security group for the ALB is blocking health check traffic.
B.The target group is not associated with the ALB.
C.The health check path is not configured correctly for the SAP application.
D.The application servers are running on burstable instance types.
AnswerC

Incorrect health check path can cause intermittent failures if the application occasionally returns non-200 status.

Why this answer

Option B is correct because ALB health checks require a specific path (e.g., /health) and may fail if the path is incorrect or the application is not responding. Option A is wrong because security groups are static and would cause consistent failures. Option C is wrong because ALB health checks are independent of instance types.

Option D is wrong because health checks are configured at the ALB level, not the target group.

1175
MCQmedium

An administrator is troubleshooting an SAP system where the application server cannot connect to the database server. Both servers are in the same VPC but different subnets. Security groups allow traffic on the database port. What is the next step to diagnose the issue?

A.Check the DB Subnet Group configuration
B.Verify route tables for the subnets
C.Review VPC Flow Logs for rejected traffic
D.Check the Network ACLs for both subnets to ensure inbound/outbound rules allow the database port
AnswerD

NACLs are stateless and must allow both inbound and outbound traffic.

Why this answer

Network ACLs (NACLs) are stateless, meaning they require explicit inbound and outbound rules for traffic to flow in both directions. Even if security groups allow the database port, a missing or misconfigured NACL rule on either subnet can silently drop traffic. Since the servers are in different subnets, checking NACLs is the next logical step after confirming security groups are correct.

Exam trap

The trap here is that candidates assume security groups are the only firewall layer, forgetting that NACLs are stateless and must be explicitly configured for both inbound and outbound traffic on each subnet.

How to eliminate wrong answers

Option A is wrong because DB Subnet Group configuration only determines which subnets an RDS instance can be placed in, not the network connectivity between an application server and a database server. Option B is wrong because route tables control traffic between subnets and other networks, but within the same VPC, subnets are implicitly connected via the VPC's main route table, so missing routes are unlikely to cause a connectivity issue between two subnets. Option C is wrong because VPC Flow Logs are a diagnostic tool for analyzing traffic after a problem is suspected, not the next step in a systematic troubleshooting process; they would be useful if NACLs and security groups appear correct but traffic is still failing.

1176
MCQeasy

An SAP system is deployed on EC2 instances across multiple Availability Zones. Which AWS service should be used to automatically distribute incoming traffic across the SAP application servers?

A.Application Load Balancer
B.Amazon Route 53
C.Network Load Balancer
D.Amazon CloudFront
AnswerA

ALB distributes HTTP/HTTPS traffic for web-based SAP.

Why this answer

Option C is correct because an Application Load Balancer distributes HTTP/HTTPS traffic. Option A is wrong as Route 53 is for DNS. Option B is wrong because Network Load Balancer is for TCP/UDP.

Option D is wrong as CloudFront is a CDN.

1177
Multi-Selecthard

A company is running an SAP S/4HANA system on AWS. The system experiences high memory usage. The administrator wants to monitor the SAP HANA memory consumption and set alarms for when memory usage exceeds 85% of available memory. Which steps should the administrator take to achieve this? (Choose THREE.)

Select 3 answers
A.Configure an Amazon SNS topic to send email notifications when memory usage is high.
B.Use SAP HANA SQL queries to monitor memory usage and publish custom metrics to CloudWatch.
C.Install the Amazon CloudWatch agent on the EC2 instance to collect memory metrics.
D.Use Amazon CloudWatch Synthetics to monitor HANA memory.
E.Create a CloudWatch alarm on the memory metric with a threshold of 85%.
AnswersB, C, E

Custom metrics can be published via CloudWatch PutMetricData.

Why this answer

Options A, C, D are correct. A: CloudWatch agent collects OS-level metrics including memory. C: HANA provides detailed metrics via SQL views.

D: CloudWatch alarms can trigger actions. Option B is wrong because CloudWatch does not directly query HANA. Option E is wrong because SNS alone does not provide monitoring.

1178
MCQmedium

Refer to the exhibit. An administrator is setting up an AWS DMS task to migrate an SAP database. They receive an error that they are not authorized to perform the operation. Which statement is true about the IAM policy?

A.The policy allows all DMS actions
B.The policy is missing the dms:CreateEndpoint and dms:DescribeEndpoints actions
C.The policy is missing the dms:CreateReplicationTask action
D.The policy should specify an ARN instead of a wildcard for Resource
AnswerB

DMS needs these permissions to create and manage endpoints.

Why this answer

Option D is correct because the DMS task requires permissions for dms:CreateEndpoint and dms:DescribeEndpoints, which are missing from the policy. Option A is wrong because the policy does allow DMS actions. Option B is wrong because the policy allows all DMS actions listed.

Option C is wrong because the policy does not restrict resources.

1179
MCQmedium

An SAP system on AWS uses a Multi-AZ RDS for SQL Server as the database. During a failover test, the application experienced a 2-minute outage. The application team wants to reduce this downtime. What should the operations team recommend?

A.Increase the DB instance size to improve failover performance.
B.Configure Multi-AZ with SQL Server Mirroring instead of Always On Availability Groups.
C.Enable automatic failover handling in the application's JDBC connection string.
D.Use Amazon RDS Proxy to manage connections.
AnswerC

Automatic failover in the connection string allows the application to reconnect quickly.

Why this answer

Option C is correct because enabling Multi-AZ with automatic failover in the JDBC connection string allows the application to automatically reconnect to the new primary without manual intervention. Option A is wrong because increasing instance size does not affect failover time. Option B is wrong because a different Multi-AZ configuration does not reduce failover time.

Option D is wrong because RDS Proxy is not supported for SQL Server.

1180
Multi-Selectmedium

A company is migrating its SAP HANA database to AWS. The migration requires minimal downtime and data consistency. Which THREE steps should the company take to achieve this?

Select 3 answers
A.Take a full backup of the source database and restore it on the target.
B.Use AWS DMS with change data capture (CDC) for ongoing replication.
C.Create the target HANA database and schema in advance.
D.Perform a full load of the data using AWS DMS before enabling CDC.
E.Disable all logging on the source database to reduce overhead.
AnswersB, C, D

CDC enables continuous replication of changes.

Why this answer

Options A, C, and E are correct. Using AWS DMS with CDC allows ongoing replication. Performing a full load first establishes the baseline.

Creating target infrastructure in advance is necessary. Option B is wrong because taking a backup and restoring would cause downtime. Option D is wrong because disabling CDC would prevent ongoing replication.

1181
MCQhard

A company runs its SAP S/4HANA production workload on AWS using an 8xlarge instance with 2,000 GB of gp3 storage for /usr/sap and 6,000 GB of io2 Block Express with 64,000 IOPS for /hana/data and /hana/log. The system experiences intermittent performance degradation during peak hours, particularly for batch jobs that heavily write to the database. The SAP team reports that the database response time spikes from under 5 milliseconds to over 200 milliseconds during these periods. The AWS account has a default EBS IOPS limit of 80,000 per region. The current io2 volume is attached as a single volume. Which combination of actions would resolve the performance issue?

A.Replace the io2 volumes with larger gp3 volumes and increase the volume size to 8,000 GB to benefit from gp3 baseline performance.
B.Split the /hana/data volume into multiple io2 volumes, configure them as a RAID 0 stripe, and attach each to a separate EBS-optimized connection. Increase total provisioned IOPS to 80,000 distributed across volumes.
C.Migrate to a larger instance type with higher EBS-optimized bandwidth and increase the volume IOPS to 80,000.
D.Increase the provisioned IOPS on the existing io2 volume to 80,000 IOPS to stay within the default limit.
AnswerB

RAID 0 across multiple volumes increases aggregate IOPS and throughput, leveraging multiple EBS connections and avoiding single-volume limits.

Why this answer

Option B is correct because splitting the /hana/data volume into multiple io2 volumes and configuring them as a RAID 0 stripe distributes I/O across multiple EBS-optimized connections, effectively increasing the available throughput and IOPS beyond the limits of a single volume attachment. This approach also allows the total provisioned IOPS to reach 80,000, which is the regional default limit, while each individual volume stays within its own IOPS ceiling, thus resolving the database response time spikes during peak batch write operations.

Exam trap

The trap here is that candidates assume increasing IOPS on a single volume or moving to a larger instance alone will solve the performance issue, ignoring the fundamental single-volume throughput and IOPS ceiling that requires striping across multiple volumes to scale.

How to eliminate wrong answers

Option A is wrong because gp3 volumes, even at 8,000 GB, have a baseline IOPS of only 16,000 (with a maximum of 16,000 IOPS without additional cost), which is far below the required 64,000 IOPS and cannot match the low-latency performance of io2 Block Express for SAP HANA workloads. Option C is wrong because simply migrating to a larger instance type with higher EBS-optimized bandwidth does not address the single-volume bottleneck; the existing single io2 volume still cannot exceed its maximum IOPS limit (64,000) and the throughput limitation of a single EBS attachment, so performance degradation would persist. Option D is wrong because increasing the provisioned IOPS on the existing single io2 volume to 80,000 exceeds the volume-level IOPS limit for io2 (which is 64,000 IOPS for volumes up to 16 TB) and also does not resolve the throughput bottleneck of a single EBS-optimized connection.

1182
MCQmedium

A company is running SAP NetWeaver on AWS with an Oracle database on an EC2 instance. The database uses Oracle Data Guard for disaster recovery across Regions. The primary database is in us-east-1, and the standby is in us-west-2. The database size is 500 GB and the network link between Regions has about 100 Mbps throughput. During a recent disaster recovery drill, the failover to the standby took over 2 hours because the Data Guard redo logs were not fully applied. The team wants to reduce the recovery time objective (RTO). They are considering using Amazon S3 to store archived redo logs, increasing the bandwidth, or using a different replication method. What is the MOST effective action to reduce the RTO?

A.Configure the primary database to automatically archive redo logs to Amazon S3, and have the standby download them from S3.
B.Use Oracle Automatic Storage Management (ASM) to mirror data across Regions.
C.Replace Oracle Data Guard with Amazon EBS snapshot replication across Regions.
D.Increase the network bandwidth between the Regions to reduce redo log shipping lag.
AnswerD

Higher bandwidth reduces the time to transfer redo logs to the standby, allowing it to apply logs faster and be ready for failover sooner.

Why this answer

Option D is correct. Increasing the bandwidth between Regions will reduce the lag in redo log shipping, allowing the standby to apply logs more quickly and be ready faster. Option A is incorrect because storing archived logs on S3 still requires transferring them to the standby.

Option B is incorrect because EBS replication does not apply to cross-Region scenarios. Option C is incorrect because ASM is a storage management layer, not a replication solution.

1183
MCQhard

A company runs its SAP S/4HANA system on AWS using a cluster of EC2 instances for the application tier and a single large EC2 instance for the HANA database. The database instance uses EBS volumes striped with LVM for data and log. Recently, the operations team noticed that the database performance has degraded significantly during peak hours. CloudWatch metrics show that the average ReadIOPS for the data volume is consistently at 80% of the provisioned IOPS limit, and the average queue length is above 10. The CPU utilization of the database instance is around 60%, and memory usage is 70%. The team has already verified that there are no network bottlenecks and that the SAP application is not misconfigured. Which of the following is the MOST effective action to improve database performance?

A.Migrate the database data to an instance store volume for higher IOPS.
B.Increase the provisioned IOPS on the existing EBS data volume to provide more headroom.
C.Add additional EBS volumes to the LVM stripe and redistribute the data.
D.Upgrade the database instance to a larger EC2 instance type with higher network bandwidth.
AnswerB

This directly addresses the I/O bottleneck by increasing the IOPS limit, reducing queue length.

Why this answer

The symptoms indicate that the EBS volume is reaching its IOPS limit, causing queuing. Increasing the provisioned IOPS for the data volume will directly address the I/O bottleneck. Option B suggests increasing the instance size, but CPU and memory are not fully utilized, so that may not help.

Option C suggests adding more volumes and re-striping, which could increase IOPS but is more complex and may not be needed if the volume supports elastic IOPS. Option D suggests switching to instance store, which provides high IOPS but is ephemeral and not recommended for database persistence. Therefore, increasing IOPS on the existing volume is the simplest and most effective.

1184
MCQmedium

An SAP system administrator is designing the storage layout for an SAP HANA database on AWS. The HANA data volume requires 5000 IOPS and 250 MB/s throughput. Which EBS volume type and configuration should be used to meet these requirements cost-effectively?

A.Use a single gp3 volume with 5000 IOPS and 250 MB/s throughput
B.Use a single sc1 volume with 5000 IOPS and 250 MB/s throughput
C.Use a single st1 volume with 5000 IOPS and 250 MB/s throughput
D.Use a single io1 volume with 5000 provisioned IOPS and 250 MB/s throughput
AnswerD

io1 supports up to 64,000 IOPS and 1000 MB/s per volume.

Why this answer

Option B is correct because a single io1 volume can be provisioned with 5000 IOPS and 250 MB/s throughput. Option A is wrong because gp3 can provide up to 3000 IOPS and 125 MB/s. Option C is wrong because st1 is throughput-optimized but not for database workloads.

Option D is wrong because sc1 is cold storage.

1185
MCQmedium

A company running SAP on AWS wants to automate the start and stop of non-production instances to save costs. Which AWS service is best suited for scheduling instance state changes?

A.AWS Instance Scheduler
B.Amazon CloudWatch Events (EventBridge)
C.AWS Auto Scaling
D.AWS Lambda with custom code
AnswerA

Specifically designed for scheduling EC2 start/stop.

Why this answer

AWS Instance Scheduler is a purpose-built solution that uses AWS CloudFormation to deploy a scheduler that automatically starts and stops EC2 instances based on defined schedules. It is the recommended approach for SAP non-production instances because it natively supports tagging, time zones, and periodic schedules without requiring custom code, making it the most cost-effective and maintainable option for this use case.

Exam trap

The trap here is that candidates often choose AWS Lambda with custom code (Option D) because they think it gives more control, but the exam expects the purpose-built AWS Instance Scheduler as the best practice for scheduling instance state changes, as it is a managed solution that requires no custom development.

How to eliminate wrong answers

Option B is wrong because Amazon CloudWatch Events (EventBridge) is a service for routing events to targets, not a scheduler itself; while it can invoke a Lambda function on a schedule, it lacks built-in instance management logic and would require additional custom code to handle start/stop operations. Option C is wrong because AWS Auto Scaling is designed to automatically adjust capacity based on demand or health checks, not to schedule instance state changes at specific times; it cannot start or stop instances on a fixed schedule. Option D is wrong because AWS Lambda with custom code is a valid approach but is not the best suited service for this task; it requires writing and maintaining custom scheduling logic, error handling, and state management, whereas AWS Instance Scheduler provides a ready-to-use, managed solution that reduces operational overhead.

1186
MCQhard

An SAP system on AWS uses a shared file system via Amazon EFS mounted on multiple EC2 instances. Users report that file operations are slow. Which metric in Amazon CloudWatch should be analyzed to determine if the EFS file system's throughput is being throttled?

A.PercentIOLimit
B.BurstCreditBalance
C.DataReadIOBytes
D.MeteredIOBytes
AnswerB

If BurstCreditBalance is low or zero, the file system is throttled.

Why this answer

Option D is correct because the BurstCreditBalance metric indicates the remaining burst credits; if it reaches zero, throughput is throttled. Option A (DataReadIOBytes) measures data read. Option B (PercentIOLimit) is not a standard metric.

Option C (MeteredIOBytes) measures metered I/O.

1187
MCQmedium

An SAP administrator is designing a disaster recovery plan for SAP NetWeaver on AWS. They want to minimize RTO and RPO while keeping costs low. Which strategy should they use?

A.Use AWS Elastic Disaster Recovery (DRS) with SAP HANA system replication
B.Use AWS EC2 Image Builder to create daily AMIs
C.Take manual EBS snapshots every 12 hours
D.Replicate SAP application data to an S3 bucket in another region
AnswerA

DRS provides continuous replication, minimizing RTO and RPO.

Why this answer

Using AWS Elastic Disaster Recovery (DRS) with SAP HANA replication provides low RTO/RPO and cost-effective DR. Option A is wrong because EC2 Image Builder is for AMI creation, not DR. Option B is wrong because manual snapshots have higher RPO.

Option D is wrong because S3 replication does not replicate running instances.

1188
Multi-Selecthard

Which THREE factors should be considered when designing an SAP HANA backup strategy on AWS? (Select THREE.)

Select 3 answers
A.Encryption of backup data at rest and in transit
B.Security Group rules for backup traffic
C.EC2 instance type for backup server
D.Cross-region replication for disaster recovery
E.Backup frequency and retention period
AnswersA, D, E

Ensures security.

Why this answer

Option A, B, and E are correct. Backup frequency affects RPO. Cross-region replication provides DR.

Encryption ensures security. Option C is wrong because instance type is for compute. Option D is wrong because Security Groups are for network.

1189
MCQeasy

An SAP system uses an Application Load Balancer (ALB) to distribute traffic to web servers. The ALB is configured with a health check that fails, causing the web servers to be marked as unhealthy. What is a possible reason for the health check failure?

A.The instance is in a private subnet
B.The instance type is not supported by the ALB
C.The security group for the ALB does not allow outbound traffic
D.The web server is not configured to respond to the health check path
AnswerD

If the health check path is not configured, the server returns an error.

Why this answer

A common health check failure is when the health check path (e.g., /health) returns a non-200 status code. The security group allowing traffic from the ALB is required. Instance type does not affect health check.

The subnet is not a direct cause.

1190
MCQhard

A company runs a critical SAP S/4HANA system on AWS. The system uses an SAP HANA database on an EC2 instance with EBS storage. The operations team receives an alert that the database is running out of disk space on the /hana/data volume. The current configuration uses a single 2 TB gp2 EBS volume for /hana/data, which is 85% full. The team needs to resolve the immediate space issue and also plan for future growth. The database is in production and cannot tolerate downtime. The team has enabled Multi-Attach on the volume. Which course of action should the team take?

A.Migrate the data to Amazon EFS and mount it to the EC2 instance.
B.Use the Elastic Volumes feature to modify the size of the existing volume to 4 TB while the instance is running.
C.Attach an additional EBS volume, create a logical volume spanning both volumes, and extend the filesystem without downtime.
D.Take an EBS snapshot of the volume, create a larger volume from the snapshot, and attach it to the instance.
AnswerC

LVM allows online expansion; no downtime required.

Why this answer

Option B is correct because you can add a second EBS volume and extend the logical volume online without downtime. Option A is wrong because resizing gp2 online can cause performance impact and downtime. Option C is wrong because EFS has higher latency and is not suitable for HANA data.

Option D is wrong because snapshots require I/O freeze.

1191
MCQeasy

An SAP administrator needs to monitor the CPU utilization of an EC2 instance running SAP HANA. Which AWS service should be used to set an alarm when CPU utilization exceeds 90% for 5 minutes?

A.AWS CloudTrail
B.AWS Trusted Advisor
C.AWS Config
D.Amazon CloudWatch
AnswerD

CloudWatch monitors metrics and can trigger alarms.

Why this answer

Option C is correct because CloudWatch alarms can be set on EC2 metrics like CPUUtilization. Option A is wrong because CloudTrail is for API logging. Option B is wrong because Config is for resource compliance.

Option D is wrong because Trusted Advisor provides recommendations, not monitoring.

1192
MCQeasy

A company is migrating a web application from an on-premises data center to AWS. The application uses a MySQL database that is 500 GB in size. The company wants to minimize downtime during the migration. Which approach should the company use?

A.Use an RDS read replica and promote it
B.Use AWS Database Migration Service (DMS) with ongoing replication
C.Stop the database, take a mysqldump, and restore to RDS
D.Use AWS Schema Conversion Tool (SCT) to migrate the schema and data
AnswerB

DMS migrates data while changes are replicated, minimizing downtime.

Why this answer

AWS Database Migration Service (DMS) with ongoing replication (change data capture, CDC) allows you to perform a live migration with minimal downtime. You can start a full load of the 500 GB MySQL database while the source remains operational, then enable CDC to replicate ongoing changes until you cut over to the target RDS instance, reducing the downtime window to seconds.

Exam trap

The trap here is that candidates often confuse AWS DMS with AWS SCT, assuming SCT handles data migration, when in fact SCT only converts schema and code, while DMS is the service that performs the actual data migration with minimal downtime via CDC.

How to eliminate wrong answers

Option A is wrong because an RDS read replica can only be created from an existing RDS instance, not from an on-premises MySQL database, so it cannot be used for migrating from on-premises to AWS. Option C is wrong because stopping the database to take a mysqldump and restore it causes significant downtime (hours for 500 GB), which contradicts the requirement to minimize downtime. Option D is wrong because AWS Schema Conversion Tool (SCT) is designed for heterogeneous migrations (e.g., Oracle to Aurora) or schema conversion, not for minimizing downtime in a homogeneous MySQL-to-RDS migration; it does not provide ongoing replication to reduce cutover time.

1193
MCQhard

A company runs SAP on AWS and uses AWS Transit Gateway to connect multiple VPCs. They notice that inter-VPC traffic is being dropped. What is a likely cause?

A.Security groups not allowing return traffic.
B.Missing routes in the VPC route tables pointing to the Transit Gateway.
C.Transit Gateway does not support transitive routing.
D.Network ACLs blocking traffic.
AnswerB

Without routes, traffic cannot be forwarded to Transit Gateway.

Why this answer

Option A is correct because VPC route tables must have routes pointing to the Transit Gateway for traffic to flow. If routes are missing, traffic is dropped. Option B is wrong because NACLs are stateless and inbound/outbound rules must be correct; but missing routes is more common.

Option C is wrong because security groups are stateful and allow return traffic. Option D is wrong because Transit Gateway supports transitive routing.

1194
MCQmedium

An SAP system is running on EC2 instances in an Auto Scaling group. The operations team needs to ensure that when a new instance is launched, it is automatically registered with the SAP Application Server's load balancer. Which approach should be used?

A.Use a lifecycle hook with a Lambda function that runs a script to register the instance with the SAP load balancer.
B.Modify the AMI to include a startup script that registers the instance with the SAP load balancer.
C.Configure the Auto Scaling group to use an Elastic Load Balancer target group, and set health checks.
D.Use an AWS Lambda function triggered by a CloudWatch Events rule for EC2 instance state changes to register the instance.
AnswerA

Lifecycle hooks are designed for this purpose, allowing custom actions during instance launch/termination.

Why this answer

Lifecycle hooks allow the Auto Scaling group to pause instance launch and run custom actions (via Lambda) to register the instance with the load balancer before it becomes healthy.

1195
Multi-Selectmedium

A company is planning to migrate its SAP ERP system to SAP HANA on AWS. Which TWO AWS services can be used to assess the current on-premises environment and plan the migration?

Select 2 answers
A.AWS Server Migration Service (SMS)
B.AWS Database Migration Service (DMS)
C.AWS Migration Hub
D.AWS CloudEndure Migration
E.AWS Application Discovery Service
AnswersC, E

Migration Hub provides visibility into migration progress and integrates with discovery tools.

Why this answer

Option A (AWS Migration Hub) provides a single place to track migration progress. Option D (AWS Application Discovery Service) helps discover on-premises applications and dependencies. Options B, C, E are not primarily used for assessment.

1196
Multi-Selecteasy

A company is planning to migrate its SAP landscape to AWS. They want to use AWS services to reduce operational overhead. Which TWO services can help automate the deployment and configuration of SAP systems? (Choose two.)

Select 2 answers
A.AWS Launch Wizard for SAP
B.Amazon CloudWatch
C.AWS Systems Manager
D.AWS CloudFormation
E.Amazon WorkSpaces
AnswersA, D

Launch Wizard automates the deployment of SAP systems on AWS.

Why this answer

Option A and D are correct. Option B is wrong because Systems Manager is for management, not deployment. Option C is wrong because CloudWatch is for monitoring.

Option E is wrong because WorkSpaces is a VDI service.

1197
MCQmedium

A company has an SAP landscape with multiple instances behind an Application Load Balancer (ALB). The operations team needs to ensure that the ALB targets are deregistered before an instance is terminated during a patching activity. Which AWS service can automate this?

A.Amazon EC2 Auto Scaling lifecycle hooks
B.AWS Systems Manager State Manager
C.AWS Elastic Beanstalk
D.AWS Lambda
AnswerA

Lifecycle hooks can pause instance termination to run custom actions like deregistering from ALB.

Why this answer

Option D is correct because AWS Auto Scaling lifecycle hooks can manage instance state transitions and deregister from ALB before termination. Option A is wrong because Lambda can be used but is not the service that inherently manages it. Option B is wrong because Systems Manager State Manager is for configuration.

Option C is wrong because Elastic Beanstalk is for web apps, not SAP.

1198
Multi-Selecteasy

Which TWO of the following are best practices for operating SAP HANA on AWS?

Select 2 answers
A.Deploy SAP HANA in a Multi-AZ configuration for high availability.
B.Use EBS snapshots for backup and recovery.
C.Use General Purpose SSD (gp2) volumes for HANA data files.
D.Stop the HANA instance during backup to ensure consistency.
E.Disable swap space to improve performance.
AnswersA, B

Multi-AZ provides automatic failover in case of an AZ failure.

Why this answer

Option A is correct because using EBS snapshots is a common backup strategy. Option D is correct because Multi-AZ deployment provides high availability. Option B is incorrect because disabling swap is not recommended.

Option C is incorrect because stopping instances for backup causes downtime. Option E is incorrect because using Provisioned IOPS is recommended for performance, not General Purpose SSD.

1199
MCQeasy

A company is deploying SAP NetWeaver on AWS and needs to ensure that the SAP application servers can automatically scale based on CPU utilization. Which AWS service should they use?

A.AWS Auto Scaling groups with CloudWatch alarms
B.Amazon CloudWatch to monitor CPU and send alerts
C.AWS Lambda to start and stop instances based on a schedule
D.Elastic Load Balancing (ELB) with health checks
AnswerA

Auto Scaling groups can dynamically adjust capacity based on CPU utilization metrics from CloudWatch.

Why this answer

AWS Auto Scaling groups with CloudWatch alarms allow SAP application servers to automatically scale in or out based on CPU utilization thresholds. This is the correct approach because Auto Scaling groups can dynamically adjust the number of EC2 instances in response to CloudWatch metric alarms, which is essential for handling variable SAP workload demands without manual intervention.

Exam trap

The trap here is that candidates often confuse CloudWatch's monitoring and alerting capability with the actual scaling action, forgetting that CloudWatch alone cannot modify the instance count without an Auto Scaling group.

How to eliminate wrong answers

Option B is wrong because Amazon CloudWatch alone only monitors CPU and sends alerts; it cannot automatically start or stop instances to scale the SAP application tier. Option C is wrong because AWS Lambda scheduled start/stop is for time-based actions, not dynamic scaling based on real-time CPU utilization. Option D is wrong because Elastic Load Balancing distributes traffic and performs health checks but does not automatically scale the number of instances; it requires an Auto Scaling group to handle scaling actions.

1200
MCQhard

An SAP system on AWS uses a Classic Load Balancer to distribute traffic to web dispatchers. The system is experiencing intermittent timeouts. What is the most likely cause?

A.The security group for the load balancer is blocking traffic.
B.Sticky sessions are enabled on the load balancer.
C.The load balancer health check interval is too short.
D.The load balancer idle timeout setting is too low.
AnswerD

Low idle timeout can cause premature connection termination.

Why this answer

The Classic Load Balancer has a default idle timeout of 60 seconds for TCP connections. If the SAP application or web dispatchers keep connections open longer than this without data transfer (e.g., during long-running reports or user think time), the load balancer will close the connection, causing intermittent timeouts. Increasing the idle timeout to match the application's keep-alive settings resolves this.

Exam trap

The trap here is that candidates confuse health check intervals with idle timeout, assuming a short health check interval causes timeouts, when in reality idle timeout is the direct cause of dropped connections during periods of inactivity.

How to eliminate wrong answers

Option A is wrong because security groups are stateful; if the load balancer's security group were blocking traffic, the issue would be consistent (all traffic blocked), not intermittent. Option B is wrong because sticky sessions (session affinity) do not cause timeouts; they ensure a client is routed to the same backend, which can actually reduce timeouts by maintaining session state. Option C is wrong because a health check interval that is too short would cause the load balancer to mark instances as unhealthy more frequently, leading to dropped connections, but the symptom would be persistent failures, not intermittent timeouts.

Page 15

Page 16 of 24

Page 17