AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 13511425

1733 questions total · 24pages · All types, answers revealed

Page 18

Page 19 of 24

Page 20
1351
Multi-Selecthard

Which THREE components are required to set up SAP HANA System Replication (HSR) on AWS for high availability? (Choose THREE.)

Select 3 answers
A.A dedicated replication network interface with low latency.
B.Two EC2 instances in different Availability Zones.
C.An Amazon S3 bucket for storing backup logs.
D.Shared storage (e.g., Amazon EFS) for log replication.
E.A Network Load Balancer to distribute database connections.
AnswersA, B, D

Low-latency network is critical for replication performance.

Why this answer

Options A, C, and E are correct. HSR requires two instances, replication network, and shared storage for log replication. Option B is not required; HSR uses its own replication.

Option D is optional.

1352
MCQeasy

An SAP administrator needs to back up the SAP HANA database daily to Amazon S3 using the Backint agent. What is the prerequisite for this integration?

A.Install the AWS Systems Manager Agent (SSM Agent) on the HANA host.
B.Create a backup vault in AWS Backup.
C.Mount an Amazon EFS file system to the HANA host for backup storage.
D.Configure AWS Database Migration Service (DMS) to replicate data to S3.
AnswerA

SSM Agent is required to run the Backint installation document.

Why this answer

Option A is correct because the AWS Backint agent for SAP HANA requires the AWS Systems Manager Agent (SSM Agent) to be installed on the HANA host. The Backint agent uses SSM Agent to securely communicate with AWS Systems Manager, which orchestrates the backup workflow and enables the agent to write backup data directly to Amazon S3. Without the SSM Agent, the Backint agent cannot authenticate or transfer data to S3, making it a mandatory prerequisite.

Exam trap

The trap here is that candidates may assume AWS Backup is required for any backup to S3, but the Backint agent bypasses AWS Backup and writes directly to S3, making the SSM Agent the actual prerequisite.

How to eliminate wrong answers

Option B is wrong because creating a backup vault in AWS Backup is not a prerequisite for the Backint agent integration; AWS Backup is a separate service for centralized backup management, but the Backint agent writes directly to S3 without requiring AWS Backup. Option C is wrong because mounting an Amazon EFS file system is not required; the Backint agent streams backup data directly to S3 via the Backint API, not through a file system mount. Option D is wrong because AWS Database Migration Service (DMS) is used for database migration and continuous replication, not for backing up SAP HANA to S3 via the Backint agent; DMS does not integrate with the Backint protocol.

1353
Multi-Selecteasy

Which TWO AWS services can be used to automate the backup of SAP HANA databases? (Choose two.)

Select 2 answers
A.Amazon RDS
B.AWS Lambda
C.AWS Storage Gateway
D.AWS Backup
E.SAP HANA Backint agent for Amazon S3
AnswersD, E

AWS Backup can schedule and manage EBS snapshots for HANA volumes.

Why this answer

Options A and B are correct. AWS Backup can automate EBS snapshots, and SAP HANA Backint with S3 can perform database-level backups. Option C is wrong because Lambda is not a backup service.

Option D is wrong because RDS is for relational databases, not HANA. Option E is wrong because Storage Gateway is for on-premises backup.

1354
Multi-Selecteasy

Which THREE actions should be taken to secure an SAP environment running on AWS?

Select 3 answers
A.Open all ports to allow any traffic for flexibility.
B.Disable AWS CloudTrail to reduce costs.
C.Enable encryption at rest for Amazon EBS volumes.
D.Use security groups to restrict inbound and outbound traffic to necessary ports.
E.Use AWS Identity and Access Management (IAM) roles to grant permissions to EC2 instances.
AnswersC, D, E

Encryption protects data stored on EBS.

Why this answer

Options A, B, and D are correct. A (Use security groups) controls traffic. B (Enable encryption at rest for EBS) protects data.

D (Use IAM roles for EC2) avoids long-term credentials. C (Open all ports) is insecure. E (Disable CloudTrail) reduces auditability.

1355
MCQeasy

A company is migrating SAP ECC to AWS and needs to ensure low-latency connectivity between the SAP application and database servers. Which AWS service is most appropriate to achieve this?

A.VPC peering between the application and database subnets.
B.Placement groups for the application and database instances.
C.AWS Direct Connect to connect the application and database servers.
D.AWS Transit Gateway to connect the application and database subnets.
AnswerB

Cluster placement groups provide low-latency, high-throughput network.

Why this answer

Placement groups, specifically cluster placement groups, provide low-latency, high-throughput network connectivity by placing instances in a single Availability Zone within a low-latency, 10 Gbps network. This is ideal for SAP ECC where the application and database servers require consistent, sub-millisecond latency for optimal performance.

Exam trap

The trap here is that candidates confuse network connectivity services (VPC peering, Transit Gateway, Direct Connect) with compute-level placement strategies, assuming any 'connection' service can reduce latency, when only placement groups provide the physical proximity required for low-latency inter-instance communication.

How to eliminate wrong answers

Option A is wrong because VPC peering connects VPCs, not subnets within the same VPC, and does not inherently provide low-latency guarantees beyond normal VPC routing. Option C is wrong because AWS Direct Connect is a hybrid connectivity service for on-premises to AWS, not for inter-instance communication within the same AWS region. Option D is wrong because AWS Transit Gateway is a hub-and-spoke router for connecting multiple VPCs and on-premises networks, not a mechanism to reduce latency between instances in the same VPC.

1356
MCQeasy

A company is migrating its SAP ERP system to AWS and wants to use SAP HANA as the database. Which AWS service can be used to automate the installation and configuration of SAP HANA?

A.AWS CodePipeline
B.AWS CloudFormation
C.AWS OpsWorks
D.AWS Systems Manager
AnswerD

Systems Manager automates tasks via runbooks and can install SAP HANA.

Why this answer

Option A is correct: AWS Systems Manager can automate installation and configuration using runbooks. Option B is wrong because AWS OpsWorks is for Chef/Puppet. Option C is wrong because AWS CloudFormation is for infrastructure provisioning, not software installation.

Option D is wrong because AWS CodePipeline is for CI/CD.

1357
MCQhard

A company runs its SAP ERP system on AWS using SAP HANA as the database. The HANA database is deployed on an EC2 instance with 2 TB of memory. The system has been running for months, but recently the application team reported that some queries are taking significantly longer than usual. The operations team checks the CloudWatch metrics and sees that the database instance's CPU utilization is consistently above 90% during peak hours. They also notice that the EBS volume used for HANA data files has a read latency of over 20 ms. The volume is a gp3 volume with 16,000 IOPS. The instance type is an x1e.8xlarge. The team suspects that the instance is not optimized for the workload. What should they do to resolve the performance issue?

A.Change the EBS volume type to gp2 with a larger size.
B.Increase the gp3 volume IOPS to 32,000 to reduce read latency.
C.Replace the instance with an x1e.16xlarge instance to increase CPU and memory capacity.
D.Enable EBS optimization on the EC2 instance.
AnswerC

More vCPUs and memory will handle the workload.

Why this answer

Option D is correct: The high CPU and read latency suggest that the instance type is insufficient. Switching to an x1e.16xlarge doubles vCPUs and memory, addressing both issues. Option A is wrong because increasing IOPS may help latency but does not address CPU.

Option B is wrong because enabling EBS optimization is already default on x1e instances. Option C is wrong because moving to gp2 may reduce performance.

1358
MCQhard

You are an AWS administrator for a company running SAP S/4HANA on AWS. The system uses a three-tier architecture: web dispatchers, application servers, and a HANA database. All components are in a single VPC. Security requirements demand that the web dispatchers are in a public subnet, application servers in private subnets, and the database in a private subnet. The web dispatchers need to communicate with the application servers on port 443, and application servers communicate with the database on port 31341. You have configured security groups accordingly. However, the web dispatchers cannot connect to the application servers. The network ACL for the public subnet allows inbound HTTPS from the internet and outbound all traffic. The private subnet NACL allows inbound HTTPS from the public subnet and outbound all traffic. The security group for the web dispatchers allows outbound HTTPS to the application security group. The application security group allows inbound HTTPS from the web security group. What is the issue?

A.The network ACL for the public subnet does not allow inbound ephemeral ports from the private subnet.
B.The security group for the application servers does not allow inbound HTTPS from the web dispatchers.
C.The security group for the web dispatchers does not allow outbound HTTPS to the application security group.
D.The VPC does not have a route between the public and private subnets.
AnswerA

The response traffic from the application servers uses ephemeral ports; the public NACL must allow inbound on those ports from the private subnet.

Why this answer

Option B is correct because security groups are stateful; if the application security group allows inbound HTTPS from the web security group, the return traffic is automatically allowed. However, network ACLs are stateless, so the private subnet NACL must allow inbound traffic from the public subnet, which it does, but it must also allow outbound return traffic from the application servers to the web dispatchers. The outbound rule in the private NACL allows all traffic, so that is not the issue.

Actually, the problem is likely that the web dispatchers are in a public subnet with a NACL that allows inbound HTTPS from the internet, but the application servers are in a private subnet and need to send return traffic. Since NACLs are stateless, the private subnet NACL must allow inbound HTTPS from the web dispatchers, which is configured, but also outbound traffic from the application servers. The outbound rule allows all, so that's fine.

The real issue could be that the web dispatchers' security group does not allow inbound traffic from the application servers for the return traffic? But security groups are stateful, so no. Let's re-evaluate: The web dispatchers initiate connection to application servers on port 443. The application servers respond.

The web dispatchers' security group must allow outbound HTTPS to the application servers, which it does. The application servers' security group must allow inbound HTTPS from the web dispatchers, which it does. Since security groups are stateful, the return traffic is allowed.

So the issue might be with routing? But all in same VPC. Perhaps the web dispatchers are in a public subnet without a route to the private subnet? Actually, by default, VPC has local route. So routing is fine.

The most common issue is that the network ACL for the private subnet must allow inbound ephemeral ports for the response traffic. Since NACLs are stateless, the outgoing response from application servers uses ephemeral ports, and the private subnet NACL must allow outbound traffic on those ports. The outbound rule allows all, so that's fine.

But the public subnet NACL must allow inbound ephemeral ports for the response traffic coming back to the web dispatchers. The public subnet NACL allows inbound HTTPS from the internet, but not necessarily ephemeral ports from the private subnet. So the issue is that the public subnet NACL does not allow inbound traffic on ephemeral ports from the private subnet.

Option A is incorrect because security groups are fine. Option C is incorrect because security groups are stateful. Option D is incorrect because routing should work.

1359
MCQhard

A company is migrating SAP applications to AWS and needs to test the migration process without affecting the production environment. Which AWS service should be used to create an isolated test environment?

A.AWS CodePipeline
B.AWS Service Catalog
C.AWS OpsWorks
D.AWS CloudFormation
AnswerD

CloudFormation can create isolated stacks for testing.

Why this answer

AWS CloudFormation allows you to create a test environment using infrastructure as code. Option A is wrong because AWS Service Catalog is for product portfolios. Option B is wrong because AWS CodePipeline is for CI/CD.

Option D is wrong because AWS OpsWorks is for configuration management.

1360
MCQmedium

A company is running SAP BusinessObjects on AWS. The application servers are behind an Application Load Balancer (ALB). The ALB is configured to use a single target group. The company wants to deploy a new version of the application with zero downtime. Which deployment strategy should be used?

A.Perform a rolling update by terminating one instance at a time and launching a new one.
B.Implement a blue/green deployment by creating a new target group and updating the ALB listener.
C.Create a new ALB and update the DNS record to point to the new ALB.
D.Use a canary release by routing 10% of traffic to the new version.
AnswerB

Blue/green allows instant traffic switch with no downtime.

Why this answer

Option D is correct: Blue/green deployment creates a new target group with new instances, then updates the ALB listener rule to route traffic to the new group, enabling zero downtime. Option A is wrong: Rolling update with in-place replacement can cause downtime. Option B is wrong: Canary releases are for gradual rollout, not necessarily zero downtime.

Option C is wrong: Creating a new ALB and updating DNS can cause DNS propagation delays.

1361
Multi-Selectmedium

A company is planning to migrate its SAP ERP system to AWS. The system requires high availability with automatic failover and minimal data loss. Which TWO strategies should the company implement to meet these requirements?

Select 2 answers
A.Implement daily snapshots of all SAP EBS volumes using AWS Backup.
B.Deploy the SAP ASCS instance in a Multi-AZ configuration using AWS services.
C.Configure SAP HANA System Replication with synchronous data replication and automatic takeover.
D.Use AWS Elastic Disaster Recovery to replicate the entire SAP environment to a different Region.
E.Use Amazon S3 cross-region replication for all SAP application files.
AnswersB, C

Multi-AZ provides automatic failover for the central services.

Why this answer

Option B is correct because deploying the SAP ASCS instance in a Multi-AZ configuration using AWS services (such as an Amazon RDS Multi-AZ DB instance for the SAP system database or a Multi-AZ deployment for the SAP Central Services) provides automatic failover to a standby instance in a different Availability Zone, ensuring high availability with minimal data loss. This setup leverages synchronous replication to keep the standby synchronized, so failover occurs without significant data loss.

Exam trap

The trap here is that candidates often confuse backup strategies (like snapshots or cross-region replication) with high-availability solutions, failing to recognize that automatic failover and minimal data loss require synchronous replication and active standby components, not periodic backups or asynchronous replication.

1362
Multi-Selectmedium

Which TWO of the following are recommended best practices for running SAP HANA on AWS? (Choose two.)

Select 2 answers
A.Install HANA on a separate EBS volume mounted under /hana/data
B.Configure swap space on the instance to handle memory pressure
C.Enable multi-attach on EBS volumes for HANA shared storage in scale-out
D.Use EBS io2 Block Express volumes for HANA data and log
E.Change the hostname after the HANA installation to match the DNS name
AnswersC, D

Multi-attach allows multiple nodes to access the same EBS volume for shared /hana/shared.

Why this answer

Option C is correct because SAP HANA scale-out configurations require shared storage for /hana/shared, and EBS multi-attach allows multiple EC2 instances to concurrently access the same EBS volume, which is necessary for the shared file system. Option D is correct because EBS io2 Block Express volumes provide the high IOPS, low latency, and consistent performance required for SAP HANA data and log volumes, meeting SAP's storage performance recommendations.

Exam trap

Cisco often tests the misconception that general Linux administration practices (like configuring swap or changing hostnames post-installation) apply to SAP HANA, when in fact SAP HANA has strict, specific requirements that override these defaults.

1363
Multi-Selectmedium

Which TWO options are valid methods for encrypting data at rest in an SAP HANA database running on Amazon EBS? (Choose two.)

Select 2 answers
A.Use SSL/TLS connections to the database.
B.Enable SAP HANA native encryption for the database.
C.Use AWS KMS to encrypt the database schema.
D.Store database files in Amazon S3 with SSE-S3.
E.Enable EBS encryption when launching the EC2 instance.
AnswersB, E

HANA can encrypt data at rest.

Why this answer

Options A and C are correct. Option A: EBS encryption at launch provides at-rest encryption. Option C: SAP HANA native encryption also encrypts data at rest.

Option B is wrong because SSL/TLS is for data in transit. Option D is wrong because KMS encrypts EBS volumes, not the database directly. Option E is wrong because S3 encryption is for S3 objects, not EBS.

1364
MCQhard

A company runs SAP on AWS and wants to automate the failover of their SAP HANA database across Availability Zones using a multi-AZ setup. They are using Pacemaker and STONITH fencing. Which AWS resource is commonly used as a fencing device for SAP HANA multi-AZ clusters?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon RDS
D.Amazon CloudWatch alarm and EC2 API
AnswerD

The AWS STONITH agent uses CloudWatch and EC2 API to stop an unresponsive node.

Why this answer

Option A is correct because AWS provides a STONITH agent that uses EC2 API to stop/fence instances (e.g., via CloudWatch alarm). Option B is incorrect because SQS is a queue service, not a fencing mechanism. Option C is incorrect because RDS is a managed database service, not used for EC2 fencing.

Option D is incorrect because SNS is a notification service.

1365
MCQmedium

An SAP Basis administrator is deploying a new SAP S/4HANA system on AWS. The architecture uses a multi-AZ deployment for high availability: primary database in us-east-1a, standby in us-east-1b. The ASCS instance is in us-east-1a with a replicated enqueue server (ERS) in us-east-1b. For the application servers, two instances are in us-east-1a and two in us-east-1b. The administrator needs to ensure that the SAP system remains available if an entire Availability Zone fails. What is the MOST important configuration step to achieve this?

A.Configure Amazon Route53 with a failover routing policy for the SAP application URLs.
B.Place an Application Load Balancer in front of the database instances.
C.Enable HANA system replication and configure ASCS with enqueue replication across the two AZs.
D.Use larger instance types for all SAP instances to handle the load.
AnswerC

These are the standard SAP HA mechanisms for cross-AZ failover.

Why this answer

Option D is correct because cross-AZ failover for both database and SAP central services requires proper configuration of HANA system replication and enqueue replication. Option A is wrong because Route53 routing is not sufficient for automatic failover of SAP services; it only handles DNS. Option B is wrong because a single ELB does not provide cross-AZ failover for the database.

Option C is wrong because increasing instance size does not improve availability.

1366
MCQhard

A company runs its SAP HANA database on an EC2 instance with Amazon EBS volumes. The system is experiencing high write latency. The current EBS volume type is gp2. Which change should a solutions architect recommend to improve write performance for the SAP HANA data volume?

A.Use an io2 Block Express volume with sufficient IOPS.
B.Migrate the data to an instance store volume.
C.Change the volume type to gp3 with increased IOPS.
D.Use a Throughput Optimized HDD (st1) volume.
AnswerA

io2 Block Express provides high IOPS and low latency suitable for SAP HANA.

Why this answer

SAP HANA requires consistently low-latency, high-IOPS storage for its data volume. The io2 Block Express volume is the only EBS volume type that can deliver up to 256,000 IOPS per volume with sub-millisecond latency, meeting SAP HANA's demanding performance requirements. In contrast, gp2 volumes have burst limitations and cannot sustain the high write throughput needed for SAP HANA workloads.

Exam trap

The trap here is that candidates often choose gp3 (Option C) thinking increased IOPS alone solves latency, but they overlook that SAP HANA requires the specific io2 Block Express volume type for guaranteed low latency and durability, as gp3's performance can degrade under sustained high write loads due to its shared architecture.

How to eliminate wrong answers

Option B is wrong because instance store volumes are ephemeral and do not persist data across instance stops or terminations, making them unsuitable for SAP HANA's data volume which requires durability and high availability. Option C is wrong because gp3 volumes, while offering baseline IOPS up to 16,000, cannot match the ultra-low latency and high IOPS consistency of io2 Block Express, and SAP HANA explicitly requires io2 or io1 volumes for production workloads. Option D is wrong because Throughput Optimized HDD (st1) volumes are designed for sequential, throughput-intensive workloads and have poor random I/O performance, which is critical for SAP HANA's write operations.

1367
MCQmedium

An SAP administrator needs to back up an SAP HANA database running on an EC2 instance with EBS volumes. The backup must be consistent and restorable to any point in time. Which approach meets these requirements?

A.Use S3 lifecycle policies to transition backups to Glacier.
B.Take manual EBS snapshots of the database volumes before each backup.
C.Use AWS Backup with pre and post scripts for application-consistent snapshots and enable continuous backup.
D.Use AWS Backup with EBS snapshots every hour.
AnswerC

Pre/post scripts ensure consistency; continuous backup enables point-in-time recovery.

Why this answer

Option C is correct because AWS Backup with pre and post scripts enables application-consistent snapshots by quiescing the SAP HANA database (via commands like hdbsql to trigger a snapshot or log flush) before taking the EBS snapshot, ensuring crash-consistent data. Enabling continuous backup (using AWS Backup's continuous backup and point-in-time recovery for EBS snapshots) allows restoration to any point in time within the retention window, meeting the requirement for point-in-time recovery.

Exam trap

The trap here is that candidates often assume any EBS snapshot (manual or scheduled) is sufficient for database backup, overlooking the need for application consistency and continuous point-in-time recovery, which are explicitly required for SAP HANA workloads.

How to eliminate wrong answers

Option A is wrong because S3 lifecycle policies to transition backups to Glacier only manage storage tiering of existing backups; they do not create backups or ensure application consistency or point-in-time recovery for SAP HANA. Option B is wrong because manual EBS snapshots without pre/post scripts do not quiesce the database, resulting in crash-consistent snapshots that may not be restorable to a consistent state for SAP HANA, and they cannot provide point-in-time recovery across multiple snapshots. Option D is wrong because AWS Backup with EBS snapshots every hour provides only periodic recovery points (hourly), not continuous point-in-time recovery, and without pre/post scripts the snapshots are not application-consistent.

1368
MCQeasy

A company wants to migrate its SAP HANA database to AWS and needs to minimize downtime. Which AWS service should be used for a near-zero downtime migration?

A.AWS Direct Connect
B.AWS Snowball
C.AWS Database Migration Service (DMS)
D.AWS Server Migration Service (SMS)
AnswerC

DMS supports continuous replication for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication and can migrate SAP HANA to AWS with minimal downtime. Server Migration Service (SMS) is for server migrations, Snowball is for large data transfers offline, and Direct Connect is for network connectivity.

1369
MCQmedium

An SAP HANA database is running on a Dedicated Host in us-east-1a. The system requires a disaster recovery site in us-west-2. What limitation does the use of a Dedicated Host impose on the DR setup?

A.The DR site must also use a Dedicated Host, which cannot be reserved in advance.
B.The DR site requires a separate Dedicated Host in us-west-2, increasing cost.
C.The Dedicated Host cannot be used with SAP HANA System Replication.
D.The HANA instance cannot be migrated to a different host, so DR is not possible.
AnswerB

Dedicated Hosts are per-AZ, so a new host is needed in the DR region.

Why this answer

Option B is correct because a Dedicated Host in us-east-1a is a physical server dedicated to your use, and to set up disaster recovery in us-west-2, you must provision a separate Dedicated Host in that region. This increases costs as you are paying for two Dedicated Hosts instead of one, and the DR host cannot be shared or reserved in advance for a specific instance type without an active allocation.

Exam trap

The trap here is that candidates assume Dedicated Hosts are regionally bound or that DR can reuse the same host, but AWS requires a separate Dedicated Host per region, which directly impacts cost and provisioning planning.

How to eliminate wrong answers

Option A is wrong because Dedicated Hosts can be reserved in advance via a Dedicated Host Reservation, which offers a billing discount for a 1- or 3-year term; the limitation is not about inability to reserve but about the requirement for a separate host. Option C is wrong because SAP HANA System Replication works over the network and does not require both hosts to be on the same Dedicated Host; it can replicate across regions regardless of the underlying host type. Option D is wrong because HANA instances can be migrated to different hosts using AWS tools like AWS Launch Wizard or manual stop/start on a different Dedicated Host, and DR is fully possible with cross-region replication.

1370
MCQhard

During an SAP system refresh, the operations team needs to restore an SAP HANA database from an S3 backup to a new EC2 instance. The backup was created using SAP HANA Backint. Which AWS service is required to read the backup from S3?

A.Amazon EBS snapshots
B.AWS Backup
C.AWS Storage Gateway
D.SAP HANA Backint agent for Amazon S3
AnswerD

The Backint agent is required to read backups from S3.

Why this answer

Option A is correct because SAP HANA Backint is a certified backup tool that integrates with S3. Option B is wrong because AWS Storage Gateway is not used for Backint. Option C is wrong because AWS Backup offers SAP HANA support but not via Backint.

Option D is wrong because EC2 Snapshots are not used with Backint.

1371
MCQeasy

An SAP application on AWS needs to access an S3 bucket containing sensitive data. Which IAM policy element should be used to enforce encryption in transit?

A."Condition": {"Bool": {"aws:SecureTransport": "true"}}
B."Condition": {"StringEquals": {"s3:x-amz-server-side-encryption": "AES256"}}
C."Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}}
D."Condition": {"IpAddress": {"aws:SourceIp": "10.0.0.0/8"}}
AnswerA

This ensures requests are made over HTTPS.

Why this answer

Option D is correct because the aws:SecureTransport condition enforces HTTPS for S3 API requests. Options A, B, and C are not conditions that enforce encryption in transit.

1372
MCQmedium

A company is designing an SAP HANA workload on AWS. They need to ensure high availability for the SAP HANA database with automatic failover in case of an instance failure. Which AWS service should they use to achieve this?

A.Amazon RDS for SAP HANA
B.Pacemaker cluster on Amazon EC2 with EBS multi-attach
C.AWS Elastic Beanstalk
D.Amazon Route 53 health checks with DNS failover
AnswerB

Correct. Pacemaker coordinates failover using shared storage via EBS multi-attach.

Why this answer

SAP HANA supports system replication, and using a cluster manager like Pacemaker on Amazon EC2 with EBS multi-attach enables automatic failover. AWS does not offer a managed SAP HANA HA service.

1373
MCQeasy

A company is migrating their SAP Business Warehouse (BW) system to AWS. They want to use Amazon S3 for BW near-line storage (NLS). They have set up an S3 bucket and configured the SAP BW NLS connection. However, when they test the connection, it fails. What is the MOST likely cause?

A.The S3 bucket is encrypted with AWS KMS and SAP cannot access it
B.The S3 bucket name does not match the AWS region
C.The S3 bucket is not configured for multipart uploads
D.Missing AWS Storage Gateway File Gateway setup between SAP and S3
AnswerD

SAP BW NLS needs a file interface like File Gateway.

Why this answer

Option A is correct because SAP BW NLS requires an S3-compatible interface, and AWS Storage Gateway File Gateway provides that. Option B is wrong because KMS encryption does not prevent connection. Option C is wrong because S3 bucket names are globally unique; if they could create it, it's available.

Option D is wrong because S3 supports multipart upload by default.

1374
MCQmedium

A company is designing a disaster recovery solution for a critical SAP HANA database running on AWS. The primary site is in us-east-1 and the recovery site must be in us-west-2. The database must have a Recovery Point Objective (RPO) of less than 15 minutes and a Recovery Time Objective (RTO) of less than 2 hours. Which approach meets these requirements with the least operational overhead?

A.Use AWS Backup to take snapshots of the HANA data volume every 5 minutes and copy them to us-west-2.
B.Use Amazon S3 Cross-Region Replication to copy HANA data files to us-west-2.
C.Set up AWS Database Migration Service (DMS) with ongoing replication from the primary to a secondary HANA database.
D.Configure SAP HANA System Replication (HSR) in active/standby mode between the primary and secondary regions.
AnswerD

HSR provides synchronous or near-synchronous replication with low RPO and fast failover, meeting requirements.

Why this answer

Option A is correct: Using SAP HANA System Replication with HANA's own replication mechanism to a secondary HANA instance in us-west-2 meets RPO <15 min and RTO <2h with minimal overhead, as it is native and automated. Option B is wrong: Cross-Region snapshot copy can take longer than 15 min for RPO. Option C is wrong: DMS is not suitable for real-time HANA replication.

Option D is wrong: S3 is for object storage, not direct database replication.

1375
MCQmedium

A company is migrating its on-premises SAP HANA database to AWS. The database size is 2 TB, and the acceptable downtime is 4 hours. The company needs to ensure minimal data loss during the migration. Which AWS service should be used for the initial data transfer?

A.AWS Storage Gateway
B.AWS Snowball Edge
C.AWS Direct Connect
D.AWS DataSync
AnswerB

Snowball Edge can physically ship the data, meeting the 2 TB transfer within 4 hours downtime.

Why this answer

AWS Snowball Edge is designed for large data transfers where network bandwidth is limited or downtime is constrained. It can transfer 2 TB within the required time frame. AWS Direct Connect requires setup time and may not meet the 4-hour downtime.

AWS DataSync is for smaller transfers over the network. AWS Storage Gateway is not optimized for initial large-scale migrations.

1376
MCQmedium

A company is migrating an SAP HANA database to AWS. The source system uses a Linux filesystem with a specific block size. After migration, the performance is lower than expected. What is the most likely cause?

A.The EC2 instance is not in a placement group
B.The Amazon EBS volume is not provisioned with enough IOPS
C.The Amazon EBS volume block size does not match the SAP HANA requirements
D.The EBS volume encryption is enabled, causing overhead
AnswerC

SAP HANA requires 4 KiB block size on AWS, mismatch reduces performance.

Why this answer

SAP HANA on AWS requires specific block sizes for optimal performance. Option B is wrong because IOPS is provisioned. Option C is wrong because encryption does not affect block size.

Option D is wrong because placement groups affect latency, not block size.

1377
Multi-Selecteasy

A company is migrating an on-premises data center to AWS. The company needs to transfer 50 TB of data to Amazon S3. Which TWO AWS services can be used for this data transfer?

Select 2 answers
A.AWS Snowball Edge
B.AWS Application Migration Service (MGN)
C.AWS CloudFormation
D.AWS DataSync
E.AWS Database Migration Service (DMS)
AnswersA, D

Physical device for offline transfer.

Why this answer

AWS Snowball Edge is a petabyte-scale data transport solution that uses secure physical devices to transfer large amounts of data into and out of AWS. For a 50 TB migration, Snowball Edge provides a faster and more reliable option than internet-based transfers, as it avoids bandwidth limitations and long transfer times. The device is shipped to the customer, data is copied locally, and then returned to AWS for ingestion into Amazon S3.

Exam trap

The trap here is that candidates may confuse AWS DataSync with AWS DMS or think that AWS Application Migration Service can handle bulk file transfers, but DataSync is specifically optimized for large-scale file and object transfers to S3, while Snowball Edge is the offline alternative for very large datasets.

1378
Multi-Selecthard

A company is using SAP S/4HANA on AWS and wants to optimize costs. Which THREE actions would help reduce costs without impacting performance? (Choose THREE.)

Select 3 answers
A.Implement automatic start/stop for development and test instances
B.Use AWS Compute Optimizer to right-size EC2 instances
C.Use Dedicated Hosts for better isolation
D.Replace io2 Block Express volumes with gp2 volumes
E.Purchase Reserved Instances for the production database server
AnswersA, B, E

Stopping instances when not in use reduces costs.

Why this answer

Options A, C, and E are correct. Using Reserved Instances for predictable workloads reduces cost. Rightsizing instances ensures you are not over-provisioned.

Automating start/stop for non-production instances saves costs. Option B is wrong because gp2 is less expensive than io2 but may not meet performance requirements. Option D is wrong because Dedicated Hosts are more expensive.

1379
MCQeasy

An SAP NetWeaver administrator needs to patch the operating system of an SAP application server running in an Auto Scaling group. The instances are behind an Application Load Balancer. What is the correct procedure to minimize downtime?

A.Use an Auto Scaling rolling update with lifecycle hooks to launch new instances from a patched AMI and gradually deregister old ones.
B.Detach one instance from Auto Scaling, patch it, test, then reattach.
C.Stop accepting traffic at the ALB, patch all instances manually, then re-enable traffic.
D.Terminate all instances at once and let Auto Scaling launch new ones with a patched AMI.
AnswerA

This minimizes downtime by replacing instances one at a time while maintaining capacity.

Why this answer

Option C is correct because it uses a rolling update with lifecycle hooks to safely drain connections and replace instances. Option A is wrong because stopping traffic to ALB causes full downtime. Option B is wrong because terminating all instances simultaneously causes full downtime.

Option D is wrong because detaching from Auto Scaling does not automate replacement.

1380
Multi-Selectmedium

Which TWO actions should be taken to improve the performance of an SAP HANA database running on AWS? (Choose TWO.)

Select 2 answers
A.Increase the size of the HANA instance to allocate more memory.
B.Enable termination protection on EC2 instances.
C.Use an Application Load Balancer to distribute traffic.
D.Use EBS-optimized instances to ensure dedicated network bandwidth for EBS.
E.Enable detailed monitoring on EC2 instances.
AnswersA, D

More memory improves HANA performance.

Why this answer

Options A and C are correct because they improve I/O and memory respectively. Option B does not directly improve HANA performance. Option D is unrelated to database.

Option E is unrelated to performance.

1381
Multi-Selecteasy

Which TWO AWS services can be used to provide shared storage for SAP systems running on multiple EC2 instances?

Select 2 answers
A.EC2 Instance Store
B.Amazon S3
C.Amazon EBS
D.Amazon FSx for NetApp ONTAP
E.Amazon EFS
AnswersD, E

FSx for ONTAP provides shared NFS/SMB storage.

Why this answer

Options A and D are correct. Amazon EFS provides NFS shared storage for Linux instances. Amazon FSx for NetApp ONTAP provides NFS and SMB shared storage.

Option B is incorrect because EBS volumes cannot be attached to multiple instances. Option C is incorrect because S3 is object storage, not a file system. Option E is incorrect because Instance Store is ephemeral and not shared.

1382
Multi-Selecthard

An SAP administrator is troubleshooting an issue where the SAP system is not responding. The administrator checks the AWS Management Console and finds that the EC2 instance status checks are failing. Which three actions should the administrator take to recover the instance? (Choose THREE.)

Select 3 answers
A.Change the instance type
B.Check the system logs for errors
C.Attach a new EBS volume
D.Reboot the instance
E.Stop and start the instance
AnswersB, D, E

Logs help identify the cause of failure.

Why this answer

Option A (Stop and start the instance) is correct because it moves the instance to new hardware. Option C (Reboot the instance) is correct because it may resolve transient issues. Option E (Check system logs) is correct because it helps diagnose the root cause.

Option B is wrong because attaching a new EBS volume won't fix the instance health. Option D is wrong because changing instance type might not help if the issue is underlying hardware.

1383
Multi-Selecteasy

Which TWO of the following AWS services can be used to create and manage SAP system backups in an automated manner?

Select 2 answers
A.AWS Backup
B.AWS CloudTrail
C.SAP HANA Cloud Platform (SAP BTP)
D.AWS Lambda
E.AWS CloudFormation
AnswersA, C

AWS Backup provides centralized backup automation.

Why this answer

Option A is correct because AWS Backup can schedule and manage backups of various AWS resources including EC2 instances. Option D is correct because SAP HANA Cloud Platform (now SAP Business Technology Platform) provides backup services for SAP systems. Option B is wrong because CloudFormation is for infrastructure as code, not backup.

Option C is wrong because CloudTrail is for auditing. Option E is wrong because Lambda can be used to automate backup scripts but is not a dedicated backup service.

1384
Multi-Selecteasy

An SAP administrator is setting up backup for an SAP HANA database running on an EC2 instance. The database is 1 TB in size. Which TWO AWS services can be used to create a cost-effective backup strategy?

Select 2 answers
A.AWS Database Migration Service (DMS)
B.AWS Storage Gateway
C.AWS Backup
D.Amazon EBS snapshots
E.Amazon S3 with lifecycle policies
AnswersC, D

AWS Backup can automate EBS snapshots for HANA volumes.

Why this answer

Options B and E are correct. AWS Backup is a managed service that can back up EBS volumes, and EBS snapshots are a direct way to back up the database volumes. Option A is wrong because S3 is not directly used for HANA backups without additional tools.

Option C is wrong because Storage Gateway is for on-premises integration. Option D is wrong because DMS is for migration, not backup.

1385
MCQmedium

A company runs SAP S/4HANA on AWS with a High Availability (HA) cluster spanning two Availability Zones (us-east-1a and us-east-1b). The cluster uses an Amazon FSx for NetApp ONTAP file system for the global transport directory. Recently, the cluster experienced a split-brain situation, leading to data corruption. The administrator wants to prevent this from recurring. The current setup uses a single FSx file system mounted on both cluster nodes. What should the administrator do to prevent split-brain?

A.Add a third cluster node in a third Availability Zone
B.Increase the memory on both EC2 instances
C.Configure a STONITH (Shoot The Other Node In The Head) mechanism using AWS Lambda
D.Set up cross-region replication for the FSx file system
AnswerC

STONITH ensures a failed node is terminated, preventing split-brain.

Why this answer

Option B is correct because using the Stonith mechanism ensures a failed node is forcefully isolated before the other node takes over, preventing split-brain. Option A is wrong as more nodes increase complexity. Option C is wrong because replication doesn't prevent split-brain.

Option D is wrong as memory upgrade doesn't affect cluster communication.

1386
MCQmedium

A company runs SAP on AWS using an SAP HANA database on an R5.8xlarge EC2 instance. The SAP application generates alerts about high disk I/O latency. Which AWS service should the administrator use to identify the root cause?

A.AWS Trusted Advisor
B.Amazon CloudWatch
C.AWS Systems Manager
D.AWS Config
AnswerB

CloudWatch collects and monitors disk I/O latency metrics for EC2 instances.

Why this answer

Option B is correct because Amazon CloudWatch provides detailed metrics for disk I/O, including latency. Option A is wrong because AWS Config is for resource compliance. Option C is wrong because AWS Systems Manager automates operational tasks, not performance monitoring.

Option D is wrong because AWS Trusted Advisor provides best-practice checks, not real-time performance metrics.

1387
MCQeasy

A company is migrating a custom CRM application to AWS. The application uses a PostgreSQL database. Which migration approach minimizes downtime?

A.Use AWS Database Migration Service (DMS) with ongoing replication (CDC).
B.Use AWS Backup to create a snapshot and restore to RDS.
C.Take a full backup of the source database, restore to RDS for PostgreSQL, and then cut over.
D.Use pg_dump to export the database and pg_restore to import into RDS.
AnswerA

DMS with CDC allows continuous sync and minimal downtime.

Why this answer

Option B is correct because DMS with CDC enables near-zero downtime. Option A is incorrect because it requires downtime. Option C is incorrect because it adds complexity.

Option D is incorrect because AWS Backup is for backups, not migration.

1388
MCQmedium

An SAP Basis administrator is monitoring the health of an SAP HANA database on AWS. The administrator wants to receive alerts when the CPU utilization of the HANA instance exceeds 90% for 5 consecutive minutes. Which combination of AWS services should be used?

A.AWS X-Ray and Amazon CloudWatch Logs
B.AWS CloudTrail and AWS Lambda
C.AWS Config and Amazon Simple Email Service (SES)
D.Amazon CloudWatch metrics and CloudWatch Alarms with Amazon SNS
AnswerD

CloudWatch monitors CPU, alarms trigger on threshold, SNS sends notifications.

Why this answer

Option A is correct: CloudWatch collects metrics and Alarms trigger notifications via SNS. Option B (Lambda) is not needed for simple alarm. Option C (Config) is for compliance.

Option D (X-Ray) is for tracing.

1389
Multi-Selecthard

An administrator deploys the CloudFormation stack above. The EC2 instance launches but the s3fs mount fails. Which TWO actions are needed to fix the issue? (Choose two.)

Select 2 answers
A.Create an IAM role with permissions to access the S3 bucket and attach it to the EC2 instance.
B.Add an IAM instance profile to the EC2 instance resource in the CloudFormation template.
C.Modify the security group to allow outbound HTTPS traffic.
D.Ensure the S3 bucket is in the same region as the EC2 instance.
E.Add 'sudo' before the s3fs command in the UserData script.
AnswersA, B

s3fs requires IAM credentials; an instance profile provides them.

Why this answer

Options A and C are correct. The instance needs an IAM role with S3 access (A) and the instance profile must be attached (C). Option B is wrong because the bucket region is not the issue.

Option D is wrong because security group does not affect S3 access. Option E is wrong because the script runs as root, so sudo is not needed.

1390
MCQmedium

A company is migrating its SAP Business Warehouse (BW) system to AWS. The source system runs on an on-premises IBM AIX server with an Oracle database. The target AWS environment will use SAP HANA as the database. The migration tool is SAP Software Provisioning Manager (SWPM). The company has a requirement to minimize downtime during the migration. The SAP BW system has 5 TB of data. The network bandwidth between on-premises and AWS is 1 Gbps. The migration team plans to use AWS Direct Connect for the data transfer. They estimate that the initial data load will take approximately 12 hours. However, the cutover window is limited to 8 hours. What should the migration team do to meet the cutover window?

A.Use AWS DataSync to accelerate the data transfer and then import into HANA.
B.Use SAP Landscape Transformation (SLT) to replicate data in real-time after the initial load, and then perform a final delta sync during the cutover window.
C.Perform a HANA system replication from the source to the target after the initial load.
D.Request a higher bandwidth Direct Connect connection to reduce the initial load time to under 8 hours.
AnswerB

SLT enables delta replication, reducing cutover time.

Why this answer

Option B is correct because SAP Landscape Transformation (SLT) can replicate data in near real-time from the source Oracle database to the target SAP HANA using trigger-based replication. After the initial 12-hour data load is completed before the cutover window, SLT captures ongoing changes and applies them during the final delta sync within the 8-hour cutover window, minimizing downtime. This approach decouples the lengthy initial load from the limited cutover period, meeting the requirement.

Exam trap

The trap here is that candidates may assume increasing network bandwidth (Option D) is the only solution to meet the cutover window, overlooking the fact that the initial data load time is dominated by database export and import processing, not just network transfer speed.

How to eliminate wrong answers

Option A is wrong because AWS DataSync is designed for file-based data transfer, not for direct database replication into SAP HANA; it cannot handle the SAP-specific schema and delta synchronization required for a live migration. Option C is wrong because HANA system replication is a native HANA feature that requires both source and target to be SAP HANA databases, but the source is an Oracle database on IBM AIX, making this incompatible. Option D is wrong because even with increased bandwidth, the initial data load of 5 TB at 1 Gbps is constrained by the 12-hour estimate due to factors like disk I/O and database export overhead, not just network speed; requesting higher bandwidth alone cannot reduce the load time to under 8 hours.

1391
MCQmedium

A company runs an SAP HANA database on an AWS EC2 instance. The database experiences high latency during peak hours. The operations team suspects network bottlenecks. Which AWS service should be used to analyze network traffic patterns and identify the source of latency?

A.VPC Flow Logs
B.AWS X-Ray
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerA

VPC Flow Logs capture IP traffic information for network interfaces, enabling analysis of traffic patterns and bottlenecks.

Why this answer

VPC Flow Logs capture IP traffic information for network interfaces, enabling analysis of traffic patterns and bottlenecks. AWS CloudTrail logs API calls, not network traffic. AWS Trusted Advisor provides best-practice checks but not detailed network analysis.

AWS X-Ray traces application requests, not network-level traffic.

1392
Multi-Selecteasy

An SAP system on AWS is experiencing performance issues. The operations team wants to set up monitoring to identify bottlenecks. Which TWO AWS services should they use to collect and analyze SAP performance metrics? (Select TWO.)

Select 2 answers
A.AWS Config
B.AWS X-Ray
C.Amazon CloudWatch
D.AWS CloudTrail
E.AWS Trusted Advisor
AnswersC, D

CloudWatch can collect and store SAP performance metrics such as CPU, memory, and custom application metrics.

Why this answer

Options A and D are correct. Amazon CloudWatch can collect custom metrics from SAP and EC2. AWS CloudTrail logs API calls for auditing.

Option B (X-Ray) is for tracing microservices, not SAP. Option C (Config) is for resource compliance. Option E (Trusted Advisor) provides recommendations but not granular monitoring.

1393
MCQmedium

An SAP administrator notices that the SAP HANA database on an r5.8xlarge instance is experiencing high swap usage. The instance has 256 GB of RAM. The SAP HANA memory usage is 200 GB. What is the most likely cause?

A.The instance memory is exhausted
B.HANA is using huge pages instead of swap
C.The swap space is too small for the HANA workload
D.Swap is disabled on the instance
AnswerC

HANA recommends swap equal to RAM; 256 GB swap is needed.

Why this answer

Option C is correct because SAP HANA requires a swap space equal to at least the amount of RAM for HANA to function correctly during memory overcommit scenarios. Option A is incorrect because 200 GB is within the 256 GB RAM limit, so memory is not exhausted. Option B is incorrect because swap is not disabled by default.

Option D is incorrect because HANA typically uses huge pages, not swap, for memory allocation.

1394
MCQeasy

An SAP system on AWS is experiencing intermittent connectivity issues between the application server and the HANA database. The application team confirms the database is healthy. Which AWS service should be used to analyze network traffic between the two instances?

A.AWS Config
B.AWS CloudTrail
C.VPC Flow Logs
D.Amazon CloudWatch Logs
AnswerC

VPC Flow Logs capture network traffic metadata.

Why this answer

Option A is correct because VPC Flow Logs capture IP traffic information for network interfaces, helping to identify dropped packets or blocked traffic. Option B is incorrect because CloudTrail logs API calls, not network traffic. Option C is incorrect because Config records resource configurations.

Option D is incorrect because CloudWatch logs application and system logs, not network flows.

1395
MCQmedium

An SAP system running on AWS is experiencing performance issues. The operations team suspects that the Amazon EBS volumes attached to the SAP application server are not providing sufficient IOPS. Which AWS service should be used to monitor the IOPS performance of the EBS volumes?

A.AWS Config
B.AWS CloudTrail
C.Amazon Inspector
D.Amazon CloudWatch
AnswerD

Amazon CloudWatch provides detailed metrics for EBS volumes, including IOPS.

Why this answer

Option D is correct because Amazon CloudWatch provides metrics for EBS volumes including IOPS. Option A is wrong because AWS CloudTrail logs API calls, not performance metrics. Option B is wrong because Amazon Inspector is for security assessment.

Option C is wrong because AWS Config tracks resource configuration changes.

1396
Matchingmedium

Match the SAP transport type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

For ABAP development objects

For configuration changes

Copies transport without original history

Moves objects between systems preserving change history

Why these pairings

SAP transports are used for moving changes across the landscape.

1397
Multi-Selectmedium

Which TWO of the following are valid options for implementing high availability for SAP NetWeaver on AWS?

Select 2 answers
A.Use Amazon RDS Multi-AZ for SAP Central Services.
B.Use Amazon S3 for shared storage and configure manual failover.
C.Deploy two EC2 instances across Availability Zones with a shared file system (EFS) and a cluster manager.
D.Run SAP Central Services on a single large EC2 instance.
E.Use Windows Server Failover Cluster with Amazon FSx for Windows File Server.
AnswersC, E

This is a common HA pattern for SAP.

Why this answer

Options A and C are correct. A: SAP NetWeaver can use a multi-AZ deployment with Amazon EFS as a shared file system for the SAP transport directory, and a cluster manager (e.g., Pacemaker) to handle failover. C: SAP NW HA can also be achieved using a Windows Server Failover Cluster with shared storage (e.g., Amazon FSx for Windows File Server).

Option B is incorrect because Amazon RDS does not support SAP NetWeaver. Option D is incorrect because a single EC2 instance does not provide HA. Option E is incorrect because S3 is not a file system suitable for SAP transport directory.

1398
MCQmedium

An SAP workload running on AWS is experiencing intermittent performance issues. The operations team suspects that a recent change to a security group is causing traffic to be dropped. Which AWS service should the team use to analyze network traffic patterns and identify the source of the issue?

A.Amazon Inspector
B.AWS Config
C.AWS CloudTrail
D.VPC Flow Logs
AnswerD

VPC Flow Logs capture IP traffic information and can be analyzed to identify dropped packets due to security group rules.

Why this answer

VPC Flow Logs capture IP traffic information and can be used to analyze network traffic patterns, helping to diagnose security group rule issues.

1399
Multi-Selecteasy

Which TWO AWS services can be used to monitor the health of SAP systems and send notifications? (Select TWO.)

Select 2 answers
A.AWS Config
B.Amazon CloudWatch
C.AWS CloudTrail
D.Amazon Athena
E.Amazon Simple Notification Service (SNS)
AnswersB, E

CloudWatch monitors metrics and creates alarms.

Why this answer

Option A is correct - CloudWatch can monitor metrics and send alarms. Option C is correct - SNS can send notifications. Option B is incorrect - CloudTrail logs API calls, not health.

Option D is incorrect - Config tracks configuration changes. Option E is incorrect - Athena is for querying data.

1400
MCQeasy

A company is planning to migrate its SAP system from on-premises to AWS. The current system consists of two application servers and one database server running SAP HANA on SUSE Linux. The company wants to use a lift-and-shift migration approach to minimize changes. The migration team has set up an AWS Application Migration Service (AWS MGN) replication environment. The team has completed the test migration and is ready for the final cutover. However, during the final cutover, the team realizes that the source application servers have static IP addresses that are used by other systems for communication. The company cannot change these IP addresses immediately. Which step should the team take to ensure that the AWS instances can use the same IP addresses after migration?

A.Configure the AWS MGN launch template to use the same private IP addresses as the source servers within the target subnet.
B.Use AWS Database Migration Service (AWS DMS) to replicate the database and keep the source servers running with the same IPs.
C.Assign Elastic IP addresses to the source servers and configure the DNS to point to these IPs after migration.
D.Set up an AWS Transit Gateway to route traffic between on-premises and AWS with the same IP addresses.
AnswerA

AWS MGN allows specifying private IP addresses in the launch template to match source IPs.

Why this answer

AWS MGN allows launching instances with the same private IP addresses by choosing the appropriate subnet and optionally using a secondary IP address. Option A is wrong because AWS Transit Gateway does not provide IP address preservation. Option B is wrong because Elastic IP addresses are public IPs, not private.

Option D is wrong because AWS DMS is for databases, not IP addresses.

1401
Multi-Selectmedium

Which THREE AWS services can be used to automate the patching of SAP application servers on EC2? (Choose 3).

Select 3 answers
A.AWS Auto Scaling
B.AWS OpsWorks
C.AWS CodeDeploy
D.AWS CloudFormation
E.AWS Systems Manager Patch Manager
AnswersB, C, E

OpsWorks can manage configurations and patching.

Why this answer

AWS OpsWorks is correct because it provides a configuration management service that uses Chef or Puppet to automate the patching and lifecycle management of SAP application servers on EC2. You can define custom recipes or manifests to apply OS and application patches consistently across your SAP infrastructure, ensuring compliance and reducing manual effort.

Exam trap

The trap here is that candidates often confuse infrastructure provisioning tools like CloudFormation with operational automation tools, or assume Auto Scaling can handle patching because it can replace instances with new AMIs, but it does not patch existing instances directly.

1402
Multi-Selecthard

Which THREE considerations are important when designing a SAP workload for high availability on AWS? (Select three.)

Select 3 answers
A.Use EBS Multi-Attach to share volumes between two EC2 instances
B.Deploy the SAP application across multiple Availability Zones
C.Run the SAP system on a single large instance
D.Use Amazon S3 for long-term backup storage
E.Configure SAP HANA System Replication between primary and standby
AnswersA, B, E

Multi-Attach enables shared storage for HA scenarios like SAP enqueue replication.

Why this answer

Option A is correct because EBS Multi-Attach allows a single Provisioned IOPS (io1/io2) EBS volume to be attached to multiple EC2 instances in the same Availability Zone, enabling shared storage for SAP workloads that require active-active or active-passive clustering. This is critical for SAP ASCS/ERS and SAP HANA scale-out configurations where multiple instances need concurrent read/write access to the same data volume without relying on network file systems.

Exam trap

The trap here is that candidates confuse high availability design (which requires redundancy across instances and AZs) with backup strategies (S3), leading them to select Option D instead of recognizing that backup storage is a data protection concern, not an HA architecture component.

1403
MCQhard

Refer to the exhibit. An administrator runs the CLI command to check the status of SAP application instances. The output shows two instances. The administrator needs to stop the running instance and start the stopped instance for a planned migration. Which command should they run?

A.aws ec2 start-instances --instance-ids i-0dcba4321hgfe8765 && aws ec2 stop-instances --instance-ids i-0abcd1234efgh5678
B.aws ec2 start-instances --instance-ids i-0abcd1234efgh5678 && aws ec2 stop-instances --instance-ids i-0dcba4321hgfe8765
C.aws ec2 start-instances --instance-ids i-0abcd1234efgh5678 && aws ec2 stop-instances --instance-ids i-0abcd1234efgh5678
D.aws ec2 stop-instances --instance-ids i-0dcba4321hgfe8765 && aws ec2 start-instances --instance-ids i-0dcba4321hgfe8765
AnswerB

This correctly starts the stopped instance and stops the running instance.

Why this answer

Option B is correct because they need to start i-0abcd1234efgh5678 (stopped) and then stop i-0dcba4321hgfe8765 (running). Option A is wrong because the order is reversed. Option C is wrong because they start the wrong instance.

Option D is wrong because they stop the wrong instance.

1404
Multi-Selectmedium

An SAP system administrator needs to perform a backup of an SAP HANA database running on EC2. Which TWO AWS services can be used together to create consistent backups? (Choose TWO.)

Select 2 answers
A.Amazon S3
B.Amazon EBS snapshots
C.AWS Backup
D.AWS CloudFormation
E.AWS Storage Gateway
AnswersB, C

EBS snapshots provide consistent backups when used with application quiescing.

Why this answer

Option A (AWS Backup) can orchestrate backups, and Option D (Amazon EBS snapshots) capture block-level data. Option B (Amazon S3) is not for database backup directly. Option C (AWS Storage Gateway) is for hybrid storage.

Option E (AWS CloudFormation) is for infrastructure as code.

1405
MCQeasy

An SAP administrator notices that the SAP application performance has degraded over the past week. The system is running on Amazon EC2 with EBS volumes. Which AWS service should be used to analyze the performance impact of the EBS volumes?

A.Amazon Inspector
B.AWS CloudTrail
C.Amazon CloudWatch
D.AWS Trusted Advisor
AnswerC

CloudWatch provides detailed metrics for EBS performance analysis.

Why this answer

Option C (Amazon CloudWatch) is correct because it provides metrics for EBS volumes like throughput, IOPS, and latency. Option A (AWS Trusted Advisor) provides best practices but not detailed performance analysis. Option B (AWS CloudTrail) logs API calls.

Option D (Amazon Inspector) is for security assessment.

1406
MCQhard

An SAP system on AWS is experiencing high latency for database queries. The administrator notices that the EBS volume used for /hana/log has a baseline IOPS of 5000 but the workload requires 8000 IOPS. What should the administrator do to resolve this?

A.Enable EBS Multi-Attach
B.Enable volume bursting
C.Migrate to an io2 Block Express volume
D.Increase the volume size to gain additional baseline IOPS
AnswerD

Increasing gp3 volume size increases baseline IOPS proportionally.

Why this answer

Option D is correct because increasing the volume size of a gp3 or io1/io2 EBS volume directly increases its baseline IOPS performance. For gp3 volumes, baseline IOPS scales at a rate of 3 IOPS per GiB up to 16,000 IOPS, so increasing the volume size from approximately 1667 GiB (5000/3) to at least 2667 GiB (8000/3) would raise the baseline IOPS to 8000. This ensures consistent performance for /hana/log without relying on burst credits or migrating to a different volume type.

Exam trap

The trap here is that candidates may assume enabling bursting (Option B) solves sustained high IOPS requirements, but AWS EBS bursting is designed for spiky workloads and cannot guarantee consistent performance for a constant 8000 IOPS demand, whereas increasing volume size directly raises baseline IOPS for gp3 volumes.

How to eliminate wrong answers

Option A is wrong because EBS Multi-Attach allows a single volume to be attached to multiple EC2 instances, but it does not increase the IOPS capacity of the volume itself; it is designed for clustered applications like SAP HANA scale-out, not for resolving IOPS deficits. Option B is wrong because enabling volume bursting (available on gp2 volumes) relies on burst credits that can be exhausted, and the question specifies a baseline IOPS of 5000 (typical of gp3 or io1), where bursting is not the mechanism to sustain a constant 8000 IOPS workload; gp3 volumes do not use burst credits for IOPS. Option C is wrong because migrating to an io2 Block Express volume provides higher durability and IOPS per GiB, but it does not inherently grant additional baseline IOPS without also increasing the provisioned IOPS (which incurs cost) or volume size; the question's scenario requires a simple increase in baseline IOPS, which can be achieved by resizing the existing volume.

1407
MCQhard

A company is migrating a multi-tier application to AWS and wants to ensure high availability. The application has a web tier, application tier, and database tier. The database is currently running on a single on-premises server. Which migration strategy minimizes downtime and provides the HIGHEST availability for the database tier?

A.Use AWS Database Migration Service (DMS) to migrate to Amazon RDS in a single-AZ deployment, then manually take snapshots.
B.Migrate the database to a single large Amazon EC2 instance using AWS Application Migration Service.
C.Use AWS DMS to migrate the database to Amazon RDS Multi-AZ deployment.
D.Migrate to Amazon RDS with Multi-AZ deployment and use DMS for initial load.
AnswerC

DMS can perform the initial migration with minimal downtime, and RDS Multi-AZ provides synchronous standby for automatic failover, ensuring high availability.

Why this answer

Option C is correct because AWS DMS can perform a live migration with minimal downtime by continuously replicating changes from the source database to the target Amazon RDS Multi-AZ deployment. Multi-AZ provides automatic failover to a standby replica in a different Availability Zone, ensuring the highest availability for the database tier. This combination minimizes downtime during migration and provides built-in high availability post-migration.

Exam trap

The trap here is that candidates often think migrating to a single-AZ RDS with snapshots is sufficient for high availability, but they overlook that Multi-AZ is required for automatic failover and that DMS should be used for the migration itself, not as an afterthought.

How to eliminate wrong answers

Option A is wrong because a single-AZ RDS deployment does not provide high availability; if the AZ fails, the database becomes unavailable until manual recovery from snapshots, which incurs significant downtime. Option B is wrong because migrating to a single large EC2 instance creates a single point of failure; if the instance or its underlying hardware fails, the database is unavailable, and there is no automatic failover. Option D is wrong because it reverses the recommended order: you should use DMS for the initial load and ongoing replication to a Multi-AZ target, not migrate first and then use DMS; the described approach would require an additional migration step and does not leverage DMS for minimizing downtime.

1408
MCQeasy

A company is migrating an SAP NetWeaver system to AWS. The system uses SAProuter for secure network communication. What is the recommended approach to preserve the SAProuter functionality during the migration?

A.Deploy SAProuter on an EC2 instance with an Elastic IP address
B.Use an AWS NAT Gateway to route traffic
C.Establish an AWS Site-to-Site VPN connection
D.Use an AWS Application Load Balancer
AnswerA

EC2 with Elastic IP provides a stable endpoint and allows existing SAProuter rules to be reused.

Why this answer

Option C is correct because deploying SAProuter on an EC2 instance with an Elastic IP ensures a stable endpoint and maintains existing SAProuter rules. Option A is wrong because a NAT Gateway does not support SAProuter directly. Option B is wrong because a VPN connection does not replace SAProuter.

Option D is wrong because an Application Load Balancer is for HTTP/HTTPS traffic, not SAProuter.

1409
MCQeasy

An organization is planning a migration of SAP applications to AWS. Which AWS service should be used to track and manage the migration project's tasks and milestones?

A.AWS Config
B.AWS Systems Manager
C.AWS Migration Hub
D.AWS CloudFormation
AnswerC

Migration Hub tracks migration tasks and milestones.

Why this answer

Option B is correct because AWS Migration Hub provides a single location to track migration progress across multiple AWS and partner tools. Option A is wrong because AWS Systems Manager is for operational management. Option C is wrong because AWS CloudFormation is for infrastructure as code.

Option D is wrong because AWS Config is for compliance and resource tracking.

1410
MCQhard

An SAP application on AWS is experiencing high network latency and packet loss between the SAP application server and the SAP HANA database. The application and database are in the same AWS Region and Availability Zone. What is the most likely cause?

A.Jumbo frames are enabled on the application server but not on the database server.
B.The instances are not in a placement group.
C.TCP segmentation offloading (TSO) is enabled on the HANA database instance.
D.The Elastic Network Adapter (ENA) driver is not installed.
AnswerC

TSO can cause performance issues with HANA; it's recommended to disable it.

Why this answer

C is correct because TCP segmentation offloading (TSO) on the HANA database instance can cause the network interface to deliver oversized TCP segments to the SAP application server, which may not handle them correctly, leading to packet loss and high latency. This is a known issue in SAP on AWS environments where TSO offloads segmentation to the NIC, but if the receiving side lacks proper support or the network path has MTU mismatches, fragmentation and retransmissions occur.

Exam trap

The trap here is that candidates often assume jumbo frames or placement groups are the root cause of latency and packet loss, but the real issue is a TCP offload feature (TSO) causing segment size mismatches, which is a subtle but common problem in SAP HANA on AWS deployments.

How to eliminate wrong answers

Option A is wrong because jumbo frames (MTU 9001) are supported on both instances in the same Availability Zone, and enabling them on one but not the other would cause fragmentation only if the path MTU is mismatched, but the question states they are in the same AZ and the symptom is packet loss, not fragmentation; jumbo frames are actually recommended for SAP HANA to reduce overhead. Option B is wrong because placement groups improve network throughput and reduce latency by ensuring instances are in close proximity, but they are not required for low latency in the same AZ; the issue is packet loss, not placement. Option D is wrong because the ENA driver is essential for high-performance networking on supported instance types, but its absence would cause reduced throughput or connectivity issues, not specifically packet loss and high latency between two instances in the same AZ; the symptom described matches TSO misconfiguration.

1411
MCQeasy

A company has an SAP system running on AWS with a production database on an RDS for SAP ASE instance. The operations team needs to perform a minor version upgrade of the database engine. The upgrade must be applied with minimal downtime. The team has a maintenance window scheduled for the upcoming weekend. Which action should the team take to apply the upgrade?

A.Enable auto minor version upgrade on the DB instance and let the upgrade occur during the maintenance window.
B.Manually upgrade the DB instance using the AWS Management Console immediately.
C.Modify the DB instance to specify the new engine version and apply immediately.
D.Create a new DB instance with the new version and migrate the data.
AnswerA

This minimizes downtime and is automated.

Why this answer

Option A is correct because setting the AutoMinorVersionUpgrade flag to true allows RDS to apply minor upgrades automatically during the maintenance window with minimal downtime. Option B is wrong because manual upgrade via the console can cause downtime if not done during a maintenance window. Option C is wrong because modifying the DB instance to a new version immediately can cause downtime.

Option D is wrong because creating a new instance and migrating requires additional setup and downtime.

1412
MCQmedium

A company runs its SAP HANA database on an EC2 instance in a single Availability Zone. The system is critical and requires high availability. The current setup uses an EBS volume for data storage. During a recent failure simulation, the database took 45 minutes to recover because the EBS volume had to be reattached and the database had to replay logs. The operations team wants to reduce recovery time to less than 15 minutes. Which solution should they implement?

A.Deploy a second EC2 instance in a different Availability Zone and configure SAP HANA system replication.
B.Use AWS Backup to create more frequent snapshots.
C.Increase the provisioned IOPS of the EBS volume.
D.Move the database to Amazon S3 for faster access.
AnswerA

Multi-AZ setup with HANA replication enables fast failover.

Why this answer

Option C is correct because using Multi-AZ deployment with synchronous replication ensures that a standby database is ready to take over immediately, reducing recovery time significantly. Option A is wrong because increasing EBS volume size does not reduce recovery time. Option B is wrong because Amazon S3 is not suitable for low-latency database storage.

Option D is wrong because manual snapshots take time to restore and do not provide automatic failover.

1413
MCQmedium

An SAP system on AWS uses a large memory instance (x1e.32xlarge) for HANA. The administrator notices that the system is experiencing high swap usage. The HANA memory usage is at 90% of physical RAM. The instance has 4 TB of RAM, and the HANA data size is 3.8 TB. The administrator wants to avoid swap usage to maintain performance. Which solution should be implemented?

A.Migrate to a larger instance type, such as u-6tb1, with more RAM.
B.Enable swap space on the instance store volumes to offload memory pressure.
C.Optimize HANA column store compression to reduce memory footprint.
D.Increase the provisioned IOPS on the EBS volumes to reduce I/O latency.
AnswerA

More RAM eliminates need for swap.

Why this answer

The x1e.32xlarge instance has 4 TB of RAM, and with HANA using 90% (3.6 TB) and the data size at 3.8 TB, the memory is insufficient to hold the entire dataset, causing swap usage. Migrating to a u-6tb1 instance with 6 TB of RAM provides enough physical memory to accommodate the full HANA data footprint, eliminating the need for swap and maintaining performance.

Exam trap

The trap here is that candidates may think compression (Option C) is a quick fix, but they overlook that HANA's memory usage already includes compressed data, and the instance's RAM is simply too small for the dataset, making a larger instance the only viable solution.

How to eliminate wrong answers

Option B is wrong because enabling swap on instance store volumes does not resolve the root cause—it merely shifts swap to faster storage, but swap usage still degrades HANA performance due to latency. Option C is wrong because while column store compression can reduce memory footprint, the data size (3.8 TB) already exceeds physical RAM (4 TB), and compression gains are typically modest (20-30%), not enough to fit 3.8 TB into 3.6 TB of available memory. Option D is wrong because increasing EBS IOPS addresses I/O latency for storage operations, not memory pressure or swap usage, which is a RAM capacity issue.

1414
MCQmedium

A company is designing a disaster recovery (DR) strategy for SAP S/4HANA on AWS. The primary site is in us-east-1 and the DR site is in us-west-2. The SAP HANA database is 2 TB and requires Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 4 hours. Which solution meets these requirements?

A.Use AWS S3 Cross-Region Replication to copy database backups every 15 minutes.
B.Configure SAP HANA System Replication (HSR) to an EC2 instance in us-west-2 with log replication in sync mode.
C.Take EBS snapshots of the HANA data volume every hour and copy them to us-west-2.
D.Use AWS Database Migration Service (DMS) to continuously replicate changes to a HANA instance in us-west-2.
AnswerB

HSR provides near real-time replication, meeting RPO.

Why this answer

SAP HANA System Replication (HSR) with synchronous log replication meets the RPO of 15 minutes and RTO of 4 hours because it continuously replicates transaction logs to the DR site in us-west-2, ensuring near-zero data loss. In sync mode, the primary waits for the secondary to acknowledge log writes, which keeps the DR database consistent and ready for takeover within minutes, well under the 4-hour RTO. This is the only option that provides continuous, database-level replication with the required recovery objectives.

Exam trap

The trap here is that candidates often confuse asynchronous backup-based solutions (like S3 CRR or EBS snapshots) with continuous replication, failing to recognize that only SAP HANA System Replication provides the sub-15-minute RPO and fast failover required for enterprise SAP DR scenarios.

How to eliminate wrong answers

Option A is wrong because S3 Cross-Region Replication (CRR) copies objects asynchronously and can take minutes to hours to propagate, making it impossible to guarantee a 15-minute RPO; additionally, it only replicates backup files, not live database changes, so recovery would require restoring from those backups, which exceeds the 4-hour RTO. Option C is wrong because EBS snapshots taken every hour cannot achieve a 15-minute RPO, and copying snapshots across regions adds further delay; moreover, restoring from snapshots requires stopping the database and replaying logs, which typically takes longer than 4 hours for a 2 TB HANA database. Option D is wrong because AWS DMS does not support SAP HANA as a target for continuous change data capture (CDC) replication in a way that maintains transactional consistency for HSR; DMS is designed for heterogeneous migrations, not for real-time HANA-to-HANA replication with the required RPO/RTO.

1415
MCQmedium

A company is migrating its SAP ERP system to AWS and wants to use storage that offers the highest IOPS for the SAP HANA database. Which storage option should be used?

A.General Purpose SSD (gp3) volumes
B.Provisioned IOPS SSD (io2) volumes
C.Instance Store volumes
D.Throughput Optimized HDD (st1) volumes
AnswerB

io2 volumes provide the highest IOPS and are recommended for production SAP HANA databases.

Why this answer

For SAP HANA databases on AWS, the highest IOPS is achieved using Provisioned IOPS SSD (io2) volumes, which are designed for latency-sensitive, I/O-intensive workloads. io2 volumes offer up to 256,000 IOPS per volume with 99.999% durability, making them the optimal choice for SAP HANA's demanding performance requirements.

Exam trap

The trap here is that candidates often confuse General Purpose SSD (gp3) as sufficient for SAP HANA due to its lower cost, but fail to recognize that SAP HANA's certified configurations on AWS explicitly require io1/io2 volumes for production workloads to meet the strict IOPS and latency SLAs.

How to eliminate wrong answers

Option A is wrong because General Purpose SSD (gp3) volumes provide a baseline of 3,000 IOPS with a maximum of 16,000 IOPS per volume, which is insufficient for the high IOPS demands of SAP HANA. Option C is wrong because Instance Store volumes are ephemeral and do not persist data across instance stops or terminations, making them unsuitable for a production SAP HANA database that requires durable, persistent storage. Option D is wrong because Throughput Optimized HDD (st1) volumes are designed for throughput-intensive workloads with low IOPS (maximum 500 IOPS per volume) and are not suitable for the random I/O patterns and high IOPS requirements of SAP HANA.

1416
MCQeasy

An SAP administrator needs to ensure that an EC2 instance hosting SAP HANA is rebooted automatically after a hardware failure. Which AWS feature provides this capability?

A.Placement group
B.Auto Scaling group
C.EC2 Auto Recovery
D.Elastic IP address
AnswerC

Auto Recovery automatically recovers an instance from hardware failure.

Why this answer

EC2 Auto Recovery is the correct AWS feature because it automatically recovers an EC2 instance when a hardware failure on the underlying physical host is detected. For SAP HANA workloads, this ensures the instance is rebooted on a healthy host without manual intervention, maintaining high availability for critical database operations.

Exam trap

The trap here is that candidates often confuse Auto Scaling groups (which replace instances) with EC2 Auto Recovery (which recovers the same instance), leading them to choose Auto Scaling for automatic reboot, but Auto Scaling does not reboot the same instance and can cause data loss for stateful applications like SAP HANA.

How to eliminate wrong answers

Option A is wrong because a placement group controls the physical proximity of instances (e.g., cluster placement groups for low-latency networking) but does not provide automatic recovery from hardware failures. Option B is wrong because an Auto Scaling group replaces instances based on scaling policies or health checks, but it does not reboot the same instance; it terminates and launches a new one, which would lose the SAP HANA instance's state and attached EBS volumes unless properly configured. Option D is wrong because an Elastic IP address is a static public IPv4 address that can be remapped to another instance, but it has no capability to detect or recover from hardware failures.

1417
Multi-Selecteasy

Which TWO AWS services can be used to perform automated backups of an SAP HANA database running on EC2? (Choose 2.)

Select 2 answers
A.Amazon CloudWatch Events
B.Amazon S3
C.AWS CloudTrail
D.AWS Backup
E.Amazon Data Lifecycle Manager
AnswersD, E

AWS Backup supports HANA backups via pre-scripts.

Why this answer

Option A (AWS Backup) and Option D (Amazon Data Lifecycle Manager) can automate backups. Option B (CloudWatch) does not perform backups. Option C (CloudTrail) audits.

Option E (S3) is storage, not backup automation.

1418
Multi-Selecthard

A company is migrating its SAP landscape to AWS and plans to use an SAP HANA multi-node scale-out configuration. Which THREE considerations are important for the network design?

Select 3 answers
A.Use a placement group to ensure nodes are in close proximity
B.Dedicate a separate network interface for HANA inter-node traffic
C.Use a NAT Gateway for inter-node traffic
D.Use public IP addresses for inter-node communication
E.Ensure low latency (less than 1ms RTT) between all nodes
AnswersA, B, E

Placement groups reduce latency between instances.

Why this answer

For HANA scale-out, low latency between nodes (less than 1ms RTT) is required, placement groups ensure proximity, and dedicated network for HANA ensures performance. Option A (public IPs) is not required. Option D (NAT Gateway) is for internet access.

Option E (separate VPC) is not needed.

1419
MCQhard

A company is migrating a large SAP S/4HANA system (8 TB total data, high I/O) from on-premises to AWS. The SAP system runs on HANA database and uses a three-tier architecture with application servers and database servers. The migration plan must minimize downtime and ensure data consistency. The company has a 10 Gbps direct connection to AWS. They have considered using AWS DMS, but the database is SAP HANA, which is not supported as a source by DMS. The migration team needs to transfer the HANA database and also the application files. They also need to replicate ongoing changes to minimize downtime. Which combination of AWS services should the migration team use? (Choose the best answer.)

A.Use AWS Application Migration Service (MGN) for the application servers. Use HANA Backint agent to back up the database to S3 and perform incremental backups for ongoing replication.
B.Use AWS DataSync to copy the entire HANA database files (data and log volumes) and application files to AWS. Then restore from the copied files.
C.Use AWS Database Migration Service (DMS) with SAP HANA as a source by installing a custom connector. Use AWS DataSync for application files.
D.Use AWS DMS for the HANA database using a homogeneous migration. Use AWS MGN for the application servers.
AnswerA

MGN can replicate the application servers with minimal downtime. HANA Backint to S3 allows full and incremental backups, enabling point-in-time recovery and minimal downtime.

Why this answer

AWS DataSync can transfer large files efficiently over Direct Connect. HANA database backup to S3 using Backint allows incremental backups and can be used with S3 for ongoing replication. AWS HANA replication is not a service; SAP HANA system replication is a feature.

AWS MGN can replicate the entire server including OS and application. The best combination is to use MGN for the application servers and Backint to S3 for HANA database backup and recovery. Option C is correct.

Option A is not suitable because DMS cannot migrate HANA. Option B is not efficient for ongoing replication. Option D includes AWS DMS which is not supported.

1420
MCQeasy

A company is running SAP on AWS and wants to automate the creation of consistent snapshots of EBS volumes attached to SAP HANA instances. Which AWS service is BEST suited for this task?

A.AWS Lambda
B.AWS CloudFormation
C.Amazon S3
D.AWS Backup
AnswerD

AWS Backup is a fully managed backup service that can automate EBS snapshots with scheduling.

Why this answer

Option B is correct because AWS Backup is designed for creating automated, scheduled backups of EBS volumes and other resources. Option A is wrong because AWS CloudFormation is for infrastructure provisioning. Option C is wrong because Amazon S3 is object storage, not snapshot management.

Option D is wrong because AWS Lambda can be used but requires custom code; AWS Backup is a managed service.

1421
MCQhard

An SAP administrator attaches this IAM policy to a user. Which action will the user be allowed to perform on an EC2 instance with the tag 'Environment: Production'?

A.Start the instance
B.Terminate the instance
C.Reboot the instance
D.Modify the instance type
AnswerC

Reboot is allowed under the Allow statement.

Why this answer

Option A is correct because the policy allows StartInstances, StopInstances, and RebootInstances on instances with the tag Environment=Production. TerminateInstances is denied. B and C are denied.

D is allowed but not listed in the options; however, only reboot is correct among the given.

1422
MCQhard

An SAP administrator is troubleshooting a performance issue on an SAP HANA database running on an r5.24xlarge instance. The database is I/O bound during high load periods. The administrator has already verified that the EBS volumes are not saturated. What should the administrator check next?

A.Verify that EBS optimization is enabled
B.Increase the SWAP space on the instance
C.Upgrade to a compute-optimized instance like c5.24xlarge
D.Check the Elastic Network Adapter (ENA) settings and consider tuning the ring buffer size
AnswerD

Tuning ENA can improve network throughput, which may be the bottleneck for I/O bound operations.

Why this answer

The correct answer is D because on an r5.24xlarge instance, EBS optimization is always enabled by default, so verifying it again is unnecessary. The issue is I/O bound during high load, but EBS volumes are not saturated, indicating the bottleneck is likely at the network layer. The Elastic Network Adapter (ENA) ring buffer size can become overwhelmed under high network traffic, causing packet drops and increased latency, which manifests as I/O wait.

Tuning the ring buffer size (e.g., using `ethtool -G eth0 rx 4096 tx 4096`) can reduce drops and improve throughput for SAP HANA's network-intensive operations.

Exam trap

The trap here is that candidates assume EBS optimization must be manually verified or enabled, but on modern Nitro-based instances like r5, it is always active, so the real bottleneck is often the network adapter configuration.

How to eliminate wrong answers

Option A is wrong because EBS optimization is always enabled on r5.24xlarge instances by default; checking it again would not resolve an I/O performance issue when EBS volumes are not saturated. Option B is wrong because increasing SWAP space would only help with memory pressure, not I/O-bound performance; in fact, swapping can worsen I/O issues by adding disk writes. Option C is wrong because upgrading to a compute-optimized instance like c5.24xlarge would reduce CPU resources (c5 instances have fewer vCPUs and less memory than r5 instances) and is not designed for memory-intensive SAP HANA workloads; the bottleneck is network-related, not CPU-related.

1423
MCQeasy

A company is migrating an on-premises application to AWS. The application requires low-latency access to a shared file system that can be mounted by multiple EC2 instances simultaneously. Which storage solution should they use?

A.Amazon Elastic File System (EFS)
B.Amazon Elastic Block Store (EBS)
C.Amazon Simple Storage Service (S3)
D.Amazon EC2 Instance Store
AnswerA

EFS is a managed NFS file system for multiple instances.

Why this answer

Amazon EFS provides a scalable, shared file system for multiple EC2 instances. Option A is correct. Option B is wrong because EBS volumes can be attached to only one instance.

Option C is wrong because S3 is object storage, not a file system. Option D is wrong because Instance Store is ephemeral.

1424
MCQhard

A company is migrating an SAP landscape to AWS. They have a requirement to retain the same hostnames and IP addresses for the SAP application servers after migration. How can they achieve this?

A.Use a NAT Gateway and assign public IPs
B.Use VPC endpoints to assign private IPs
C.Use Elastic IP addresses and a private hosted zone in Amazon Route 53
D.Use AWS Global Accelerator to assign static IP addresses
AnswerC

EIPs provide static public IPs; private hosted zone maintains custom hostnames.

Why this answer

Using AWS Elastic IP addresses (EIP) and Private Hosted Zones with Route 53 allows static IPs and custom DNS. Option A is wrong because NAT Gateway is for outbound traffic. Option C is wrong because AWS Global Accelerator uses anycast IPs, not fixed hostnames.

Option D is wrong because VPC endpoints are for private connectivity to AWS services.

1425
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. They want to minimize downtime. Which AWS service should they use for the initial data load and ongoing replication?

A.AWS Schema Conversion Tool (SCT)
B.AWS Database Migration Service (DMS)
C.AWS Snowball
D.AWS DataSync
AnswerB

DMS supports ongoing replication for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication from Oracle to RDS Oracle, enabling minimal downtime migration. Option A is incorrect because AWS Snowball is for large-scale data transfer, not continuous replication. Option B is incorrect because AWS DataSync is optimized for file storage, not databases.

Option D is incorrect because AWS SCT is a schema conversion tool, not a replication service.

Page 18

Page 19 of 24

Page 20