AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 15011575

1733 questions total · 24pages · All types, answers revealed

Page 20

Page 21 of 24

Page 22
1501
Multi-Selecthard

A company runs SAP on AWS and needs to monitor the performance of its SAP HANA database. The operations team wants to receive alerts when the CPU utilization exceeds 90% for more than 5 minutes. Which THREE steps should be taken to set up this monitoring and alerting?

Select 3 answers
A.Configure an Amazon SNS topic to send email or SMS notifications when the alarm state is reached.
B.Create a CloudWatch alarm that triggers when CPU utilization exceeds 90% for 5 consecutive minutes.
C.Create a CloudWatch metric filter on the HANA host's CPU utilization.
D.Enable CloudWatch Logs for the SAP application logs to detect performance issues.
E.Install the SAP Host Agent on the HANA instance and configure it to send metrics to SAP Solution Manager.
AnswersA, B, C

SNS delivers the alert to the operations team.

Why this answer

Option A is correct because Amazon SNS is the standard AWS service for distributing notifications from CloudWatch alarms. By configuring an SNS topic to send email or SMS, the operations team receives alerts when the CPU utilization alarm triggers, enabling timely response to performance issues.

Exam trap

The trap here is that candidates may confuse log-based monitoring (CloudWatch Logs) with metric-based monitoring (CloudWatch Metrics), or assume SAP-specific tools like SAP Host Agent are required for basic AWS monitoring, when in fact CloudWatch and SNS provide the native, simpler solution for CPU utilization alerting.

1502
MCQhard

An SAP administrator receives an alert that the SAP application server is not responding. The administrator checks the EC2 console and sees that the instance state is 'running' but the status checks have failed. Which step should be taken first to restore the SAP application?

A.Terminate the instance and launch a new one using the same AMI.
B.Use the EC2 console to stop and start the instance, which will move it to new underlying hardware.
C.Reboot the EC2 instance from the AWS Management Console.
D.Create a new EC2 instance from the latest AMI and attach the existing EBS volumes.
AnswerB

Stop/start recovers from hardware issues and preserves the instance ID, EBS volumes, and Elastic IP.

Why this answer

If status checks fail, the instance may have OS or network issues. Recovering the instance with the same Elastic IP and EBS volumes restores the SAP application. Option A is wrong because creating a new instance takes time and may not have the same configuration.

Option B is wrong because rebooting might not fix underlying issues. Option C is correct. Option D is wrong because terminating loses data.

1503
Multi-Selecthard

Which TWO AWS services can be used to monitor SAP system availability and send notifications when a system goes down? (Choose two.)

Select 2 answers
A.AWS Trusted Advisor
B.Amazon CloudWatch Events
C.Amazon S3 event notifications
D.Amazon CloudWatch Alarms
E.AWS Config
AnswersB, D

Can trigger notifications based on events.

Why this answer

Options B and D are correct. Option B: CloudWatch alarms can monitor health checks and metrics. Option D: CloudWatch Events can trigger notifications on state changes.

Option A is wrong because Config tracks configuration, not availability. Option C is wrong because Trusted Advisor provides best practices, not monitoring. Option E is wrong because S3 is storage, not monitoring.

1504
MCQeasy

A company is migrating an SAP S/4HANA system to AWS and needs to choose the storage for the HANA database. The database requires high IOPS and low latency. Which AWS storage solution is most suitable?

A.Amazon EFS
B.Amazon EBS io2 Block Express volumes
C.Amazon S3
D.Amazon EBS st1 volumes
AnswerB

io2 Block Express offers high IOPS and low latency for HANA.

Why this answer

Amazon EBS io2 Block Express volumes are designed for mission-critical SAP HANA workloads, offering up to 256,000 IOPS per volume and sub-millisecond latency. They provide 99.999% durability and are the only EBS volume type certified by SAP for production HANA databases on AWS, meeting the high IOPS and low latency requirements.

Exam trap

The trap here is that candidates often confuse high-throughput HDD volumes (st1) with high-IOPS requirements, or mistakenly think that any EBS volume type can support SAP HANA, but only io2 Block Express meets SAP's certification and the specific low-latency, high-IOPS demands.

How to eliminate wrong answers

Option A is wrong because Amazon EFS is a shared file system (NFS) that does not provide the consistent, low-latency block-level IOPS required for SAP HANA database storage; it is suitable for shared file storage, not database volumes. Option C is wrong because Amazon S3 is an object storage service with higher latency and no support for database block-level operations; it cannot be used as the primary storage for a running HANA database. Option D is wrong because Amazon EBS st1 volumes are throughput-optimized HDD volumes designed for large, sequential workloads like big data and log processing, not for the high IOPS and low latency needed by SAP HANA; they cannot meet the performance requirements.

1505
Multi-Selecthard

Which THREE steps should an administrator take to troubleshoot an issue where an SAP application server cannot connect to the database server after a security group change? (Choose THREE.)

Select 3 answers
A.Check the outbound rules of the application server's security group
B.Modify the route tables to ensure direct communication
C.Restart both the application and database servers
D.Review the network ACL rules for the subnets
E.Verify the inbound rules of the database server's security group allow traffic from the application server
AnswersA, D, E

Security groups are stateful, but outbound rules can affect traffic if not configured properly.

Why this answer

The first step is to verify the security group rules. Then check network ACLs. VPC Flow Logs can confirm if traffic is allowed or denied.

Checking the OS firewall is also important. Restarting instances and changing route tables are too disruptive and unlikely to be the root cause. Changing security groups again without analysis is guesswork.

1506
MCQmedium

A company is migrating a Windows-based .NET application to AWS. The application currently uses Active Directory for authentication. Which AWS service should they use to maintain a similar authentication experience?

A.AWS Directory Service for Microsoft Active Directory
B.AWS Directory Service Simple AD
C.AWS Identity and Access Management (IAM)
D.Amazon Cognito
AnswerA

Provides managed AD compatible with Windows apps.

Why this answer

AWS Managed Microsoft AD allows the application to authenticate against Active Directory without change. Option C is correct. Option A is wrong because Cognito is for external user pools.

Option B is wrong because IAM is for AWS services. Option D is wrong because Directory Service Simple AD is a Samba-based AD, not fully compatible.

1507
MCQmedium

A retail company is migrating its SAP ERP system from on-premises to AWS. The system includes an SAP HANA database (2 TB) and an SAP NetWeaver application server. The migration strategy is to use SAP HANA System Replication (HSR) to replicate the database to an EC2 instance running SAP HANA, then perform a takeover. The application server will be migrated using AWS Application Migration Service (MGN). The network connection is AWS Direct Connect with 1 Gbps bandwidth. During a test migration, the HSR replication is working, but the application server replication through MGN is taking much longer than expected. The MGN console shows that the data replication progress is stuck at 45% for several hours. The source server is a physical server with a 500 GB disk, 75% utilized. Which action is most likely to resolve the issue?

A.Increase the disk queue depth on the source server or add additional disks to improve I/O performance.
B.Convert the source disks to dynamic disks to improve replication speed.
C.Increase the staging area size in the MGN replication settings.
D.Increase the Direct Connect bandwidth to 10 Gbps.
AnswerA

MGN replication can be throttled by disk I/O.

Why this answer

MGN replication stalls often due to disk queue depth issues on the source. Option A is correct because increasing disk throughput can help. Option B is wrong because MGN uses block-level replication, not file-based.

Option C is wrong because the network bandwidth is 1 Gbps, which is adequate. Option D is wrong because MGN does not have a staging area that can be increased; the staging area is on the source.

1508
MCQmedium

A company is migrating on-premises servers to AWS. After migrating, the administrator runs the AWS CLI command shown in the exhibit. The company wants to ensure that all EC2 instances are in the 'running' state. Which action should the administrator take?

A.Run aws ec2 start-instances --instance-ids i-1a2b3c4d5e6f7g8h
B.Run aws ec2 stop-instances --instance-ids i-0a1b2c3d4e5f6g7h
C.Run aws ec2 reboot-instances --instance-ids i-2a3b4c5d6e7f8g9h
D.Run aws ec2 terminate-instances --instance-ids i-2a3b4c5d6e7f8g9h
AnswerA

Starts the stopped instance.

Why this answer

The instance i-1a2b3c4d5e6f7g8h is stopped. The administrator needs to start it using the start-instances command. Option A (stop-instances) would stop running instances.

Option C (terminate-instances) would delete instances. Option D (reboot-instances) would reboot.

1509
MCQeasy

A company is migrating an SAP BusinessObjects environment to AWS. The migration must ensure that the legacy reporting system remains accessible during the transition. Which AWS service can help facilitate this by allowing the company to redirect traffic gradually?

A.Amazon CloudFront
B.Elastic Load Balancer (ELB)
C.AWS Global Accelerator
D.Amazon Route53 with weighted routing policies
AnswerD

Weighted routing allows gradual redirection of traffic.

Why this answer

AWS Route53 with weighted routing policies can gradually shift traffic from on-premises to AWS. Option A (AWS Global Accelerator) is for performance improvement. Option B (AWS CloudFront) is for content delivery.

Option C (AWS Route53 with weighted routing) is correct. Option D (AWS ELB) is for load balancing within AWS.

1510
MCQmedium

A company is migrating an SAP HANA database to AWS and needs to ensure high availability with automatic failover. Which solution meets this requirement with the least administrative overhead?

A.Configure SAP HANA System Replication across two EC2 instances in different Availability Zones and use a custom script for failover.
B.Use AWS SAP HANA Multi-AZ deployment.
C.Deploy a single EC2 instance with an EBS volume and take regular snapshots.
D.Use an Application Load Balancer to distribute traffic to multiple HANA instances.
AnswerB

AWS manages automatic failover and replication, reducing overhead.

Why this answer

Option D is correct because AWS SAP HANA Multi-AZ is a managed service that automatically handles failover. Option A is wrong because manual scripts require administrative overhead. Option B is wrong because it does not provide automatic failover.

Option C is wrong because it requires manual intervention.

1511
MCQhard

A company is running SAP ERP on a single EC2 instance with an SAP HANA database. The operations team receives an alert that the /hana/data filesystem is 85% full. The filesystem is mounted from an EBS volume. Which of the following actions should be taken to resolve the issue with MINIMAL downtime?

A.Increase the size of the existing EBS volume and extend the filesystem.
B.Add an additional EBS volume and mount it to /hana/data2, then relocate some data.
C.Delete unnecessary log files from the /hana/data directory.
D.Create a new, larger EBS volume, attach it to the instance, and copy the data.
AnswerA

EBS volumes can be resized online, and the filesystem can be extended without stopping the instance.

Why this answer

Option C is correct because increasing the EBS volume size and extending the filesystem can be done online without stopping the instance. Option A is wrong because it would require stopping the instance. Option B is wrong because cleaning up data is not practical for a production system with critical data.

Option D is wrong because it introduces a new EBS volume which requires additional configuration.

1512
MCQhard

A financial services company is migrating its SAP HANA-based system from on-premises to AWS. The system is critical and must have a recovery point objective (RPO) of less than 1 minute and recovery time objective (RTO) of less than 15 minutes. The migration strategy is to use SAP HANA System Replication (HSR) in synchronous mode to an EC2 instance in the same region, then perform a takeover. However, during the test, the HSR replication latency is consistently above 100 ms, which prevents synchronous replication from working. The network between on-premises and AWS uses AWS Direct Connect with 1 Gbps bandwidth, and the physical distance is about 50 miles. Which action should the administrator take to achieve the RPO/RTO requirements?

A.Deploy the target EC2 instance in an AWS Local Zone closer to the on-premises data center.
B.Use a Site-to-Site VPN instead of Direct Connect.
C.Use asynchronous HSR mode instead of synchronous.
D.Increase the Direct Connect bandwidth to 10 Gbps.
AnswerA

Local Zones reduce physical distance and latency.

Why this answer

Synchronous HSR over long distance is challenging due to latency. Option A is correct because using AWS Local Zones reduces latency. Option B is wrong because increasing bandwidth does not reduce latency.

Option C is wrong because asynchronous mode does not meet the RPO. Option D is wrong because VPN is slower and adds more latency.

1513
MCQhard

An SAP customer is using AWS Direct Connect to connect their on-premises network to AWS. They have multiple SAP systems in different VPCs. The network team wants to centralize connectivity and simplify routing. Which AWS service should they use to connect all VPCs to the on-premises network?

A.Use a VPN connection from each VPC to the on-premises network
B.Use VPC Peering between each VPC and the Direct Connect VIF
C.Use AWS Transit Gateway to connect all VPCs and the Direct Connect gateway
D.Use AWS PrivateLink to connect services across VPCs
AnswerC

Transit Gateway provides a hub for multiple VPCs and Direct Connect.

Why this answer

Option B is correct because AWS Transit Gateway simplifies connectivity between multiple VPCs and on-premises networks via Direct Connect. Option A is incorrect because VPC Peering does not support transitive routing. Option C is incorrect because VPN is not centralized.

Option D is incorrect because PrivateLink is for service access, not routing.

1514
Multi-Selecteasy

A company is migrating an SAP ERP system to AWS. The migration must be completed within a limited time window. Which THREE services can be used to accelerate the migration? (Choose three.)

Select 3 answers
A.AWS CloudEndure Migration
B.AWS Database Migration Service (DMS)
C.AWS Server Migration Service (SMS)
D.AWS Trusted Advisor
E.AWS CloudFormation
AnswersA, B, C

CloudEndure provides continuous replication for servers.

Why this answer

Options A, B, and C are correct: AWS SMS (now MGN) can automate server replication, AWS DMS can migrate databases, and AWS CloudEndure (now part of MGN) can replicate servers. Option D is incorrect because Trusted Advisor is for optimization, not migration. Option E is incorrect because CloudFormation is for infrastructure provisioning, not data migration.

1515
Multi-Selectmedium

Which TWO of the following are best practices for securing SAP workloads on AWS?

Select 2 answers
A.Use IAM roles to grant EC2 instances access to AWS services.
B.Use security groups to control traffic to SAP application servers.
C.Disable encryption in transit between application and database tiers.
D.Allow SSH access from the internet for administration.
E.Store SAP backup files in a public S3 bucket for easy access.
AnswersA, B

IAM roles are secure and avoid storing credentials.

Why this answer

IAM roles allow EC2 instances to securely access AWS services (e.g., S3, DynamoDB) without embedding long-term credentials. By attaching an IAM role to an EC2 instance, the instance can obtain temporary credentials via the instance metadata service, which is a best practice for securing SAP workloads on AWS.

Exam trap

The trap here is that candidates might think disabling encryption in transit is acceptable for performance reasons, but AWS best practices mandate encryption in transit for all SAP data flows, especially between application and database tiers.

1516
MCQmedium

A company is running a production SAP HANA database on an AWS EC2 instance with multiple EBS volumes. The operations team notices that the database performance degrades during peak hours. Which AWS service can be used to analyze the disk I/O performance and identify bottlenecks?

A.AWS Trusted Advisor
B.AWS Config
C.Amazon CloudWatch
D.AWS Config
AnswerC

CloudWatch provides detailed EBS metrics for performance analysis.

Why this answer

CloudWatch provides metrics for EBS volumes including read/write throughput and IOPS, which can be used to analyze disk I/O performance. Option A is wrong because AWS Config tracks configuration changes, not performance. Option B is wrong because Trusted Advisor provides best-practice checks but not real-time performance analysis.

Option C is correct. Option D is wrong because AWS Config is not for performance monitoring.

1517
MCQhard

A company is migrating a critical SAP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which AWS service can be used to manage the virtual IP address required for the SAP high availability setup?

A.AWS Transit Gateway
B.Elastic Load Balancer (ELB)
C.Amazon Route 53 Application Recovery Controller
D.AWS Global Accelerator
AnswerC

Manages routing and failover for SAP HA.

Why this answer

Amazon Route 53 Application Recovery Controller (ARC) can manage routing and failover for SAP HA. Option A (Elastic Load Balancer) is for load balancing traffic, not virtual IP management. Option C (AWS Global Accelerator) provides static IP addresses but is not designed for SAP HA.

Option D (AWS Transit Gateway) is for network connectivity.

1518
MCQhard

An SAP administrator runs the command shown in the exhibit. The volume is attached to an EC2 instance. The administrator plans to increase the volume size to 1000 GiB. After resizing, the volume type remains gp2. What is the expected baseline IOPS for the resized volume?

A.4500 IOPS
B.16,000 IOPS
C.3000 IOPS
D.1500 IOPS
AnswerC

Baseline IOPS = 3 * 1000 = 3000.

Why this answer

Option C is correct because gp2 baseline IOPS is 3 IOPS per GiB for volumes up to 533 GiB, then 16,000 IOPS maximum. For 1000 GiB, baseline IOPS = min(1000 * 3, 16000) = 3000 IOPS. Option A is wrong because 1500 is the previous IOPS.

Option B is wrong because 16000 is the max, not baseline. Option D is wrong because 4500 is incorrect calculation.

1519
MCQmedium

An SAP system is running on AWS and uses Amazon EFS for the /sapmnt directory. The system is experiencing high latency during file operations. Which configuration change could improve the performance of the EFS file system?

A.Enable the Max I/O performance mode on the EFS file system.
B.Change the performance mode from Max I/O to General Purpose.
C.Migrate the /sapmnt directory to an Amazon EBS volume.
D.Increase the provisioned throughput of the EFS file system.
AnswerA

Max I/O mode provides higher throughput for large-scale workloads.

Why this answer

Option D is correct because enabling EFS Max I/O performance mode allows higher throughput for large workloads. Option A is wrong because Provisioned Throughput increases cost but may not address latency. Option B is wrong because changing to General Purpose mode is the default and may not help.

Option C is wrong because EBS is not shared across multiple instances like EFS.

1520
Multi-Selecteasy

Which TWO of the following are valid methods for monitoring SAP system performance on AWS? (Choose two.)

Select 2 answers
A.Enable AWS CloudTrail to capture system performance logs.
B.Configure SAP Solution Manager to send monitoring data to Amazon CloudWatch via the SAP Cloud Platform.
C.Use AWS Trusted Advisor to monitor real-time CPU utilization.
D.Use Amazon CloudWatch custom metrics to monitor SAP application metrics.
E.Use VPC Flow Logs to monitor database query performance.
AnswersB, D

Solution Manager integration provides comprehensive monitoring.

Why this answer

Options B and D are correct. B: CloudWatch can publish custom metrics. D: SAP Solution Manager integrates with AWS.

A: CloudTrail is for API auditing, not performance. C: Trusted Advisor is for best-practice checks, not real-time performance.

1521
Multi-Selecthard

A company runs SAP S/4HANA on AWS using a multi-ABAP application server setup with a central services instance (ASCS) and enqueue replication. After a recent OS patching, the secondary application server fails to start, with errors indicating it cannot connect to the enqueue replication server (ERS). The ERS process is running on the ASCS instance. The network team confirms that security groups and NACLs are properly configured. Which THREE steps should be taken to resolve this issue? (Choose three.)

Select 3 answers
A.Change the secondary application server instance type to a larger size.
B.Check the SAP instance profile for the enqueue replication parameters (e.g., rdisp/enq_repl_server).
C.Confirm that the ERS process (enre) is running on the ASCS instance and is listening on the correct port.
D.Verify that the DNS or /etc/hosts file on the secondary application server resolves the ERS hostname correctly.
E.Update the SAP kernel on the secondary application server to the latest version.
AnswersB, C, D

Profile parameters define ERS connection details.

Why this answer

Option A is correct because the hostname resolution for the ERS instance may have changed after patching. Option C is correct because the SAP profile must contain the correct enqueue replication parameters. Option E is correct because the ERS service must be running and reachable.

Option B is wrong because kernel compatibility is not typically affected by OS patching. Option D is wrong because changing the instance type is not a troubleshooting step for connectivity.

1522
MCQeasy

An SAP administrator needs to back up an SAP HANA database running on an Amazon EC2 instance. The requirement is to perform daily backups to Amazon S3 with minimal cost and impact on database performance. Which backup strategy should be used?

A.Use AWS Backup with the SAP HANA plugin
B.Use SAP HANA Backint integration to back up to S3
C.Create EBS snapshots of the database volumes
D.Configure S3 Lifecycle policies to move logs
AnswerB

Backint agent sends data directly to S3 with low overhead.

Why this answer

Option B is correct because SAP HANA Backint integration allows direct, streaming backups from the HANA database to Amazon S3, which minimizes performance impact by offloading backup processing to the Backint agent and avoids intermediate storage. This approach is cost-effective as it uses S3's low-cost storage and eliminates the need for additional infrastructure, meeting the requirement for daily backups with minimal cost and database performance impact.

Exam trap

The trap here is that candidates often confuse EBS snapshots as a simple, low-cost backup method for databases, but they fail to recognize the performance impact and lack of application consistency without additional configuration, making Backint integration the correct choice for SAP HANA on AWS.

How to eliminate wrong answers

Option A is wrong because AWS Backup with the SAP HANA plugin is not natively supported; AWS Backup does not have a direct SAP HANA plugin for Backint integration, and using it would require additional scripting or third-party tools, increasing complexity and cost. Option C is wrong because creating EBS snapshots of the database volumes captures the entire block-level data, which can cause performance degradation due to I/O freezing or snapshot latency, and does not provide application-consistent backups without additional steps like pre-freeze scripts. Option D is wrong because S3 Lifecycle policies are used for managing object lifecycle transitions and deletions, not for performing backups; they cannot initiate or manage the backup process of an SAP HANA database.

1523
MCQhard

An SAP HANA database is running on an EC2 instance with a gp3 EBS volume. The database workload requires high IOPS and throughput. The current configuration shows 16,000 IOPS and 1,000 MB/s throughput. Which change could improve performance?

A.Increase the EC2 instance size.
B.Increase the volume size to 1,000 GB.
C.Change the volume type to gp2.
D.Increase the volume's IOPS to 20,000.
AnswerD

Higher IOPS improves database performance.

Why this answer

Option C is correct because gp3 volumes allow independent scaling of IOPS and throughput. For SAP HANA, higher IOPS can improve performance. The current 16,000 IOPS may be insufficient for peak loads.

Option A is wrong because gp3 is already provisioned SSD; gp2 is older and may not provide consistent performance. Option B is wrong because instance type may not be the bottleneck. Option D is wrong because increasing volume size does not directly increase IOPS for gp3 beyond baseline.

1524
Multi-Selecthard

A company is migrating a large on-premises NoSQL database to Amazon DynamoDB. The database has tables with uneven access patterns, and some items are accessed infrequently but must be retained for compliance. The company wants to optimize costs without sacrificing performance. Which THREE strategies should the solutions architect recommend? (Choose THREE.)

Select 3 answers
A.Use DynamoDB Standard-Infrequent Access (Standard-IA) table class for tables with infrequently accessed data.
B.Use DynamoDB Time to Live (TTL) to automatically delete expired compliance data.
C.Use DynamoDB Accelerator (DAX) to cache frequently accessed items.
D.Disable auto scaling and set a fixed provisioned capacity to avoid cost spikes.
E.Increase the write capacity units to handle peak loads and reduce latency.
AnswersA, B, C

Standard-IA offers lower storage costs for infrequent access.

Why this answer

DynamoDB Standard-IA table class is designed for tables where data is accessed less than once a month, offering lower storage costs than the Standard table class while maintaining the same single-digit millisecond latency. For the described scenario, where some items are accessed infrequently but must be retained for compliance, Standard-IA reduces storage costs without impacting performance for the infrequent access patterns.

Exam trap

The trap here is that candidates often confuse DynamoDB TTL with a mechanism for cost optimization on compliance data, but TTL is for deletion, not retention; the question requires retaining data for compliance, so TTL would be used only if the compliance period has expired, making it a valid strategy for deleting data that is no longer needed.

1525
Multi-Selecthard

A company is designing a disaster recovery solution for SAP S/4HANA. They need to meet an RPO of 15 minutes and an RTO of 2 hours. Which THREE components should be included in the DR plan? (Choose 3.)

Select 3 answers
A.EBS snapshots taken every 15 minutes
B.SAP HANA System Replication in async mode
C.AWS CloudEndure Disaster Recovery
D.Amazon Route 53 DNS failover
E.Pre-built AMIs for SAP application servers
AnswersB, D, E

Async replication can achieve RPO of minutes.

Why this answer

SAP HANA System Replication in async mode is correct because it can achieve an RPO of 15 minutes by asynchronously replicating log buffers from the primary to the DR HANA instance, and combined with a pre-configured DR system, it supports an RTO of 2 hours. This native SAP replication mechanism is optimized for HANA databases and avoids the overhead of storage-level snapshots or third-party tools.

Exam trap

The trap here is that candidates often assume storage-level snapshots (EBS) are sufficient for SAP HANA DR, but they fail to account for the database consistency requirements and the long restore times that make them unsuitable for a 2-hour RTO.

1526
MCQhard

An SAP administrator is troubleshooting a performance issue on an SAP HANA instance running on an EC2 instance. The instance type is r5.8xlarge with 256 GB of RAM. The administrator notices that the instance's CPU credit balance is depleting rapidly. What is the most likely cause?

A.The instance is using EBS-optimized with insufficient bandwidth
B.The SAP application is using too much memory
C.The instance has a high network throughput causing CPU overhead
D.The instance is a burstable performance instance (e.g., T3) not an r5
AnswerD

Burstable instances earn CPU credits; r5 instances do not have CPU credits.

Why this answer

Option A is correct because r5 instances are not burstable performance instances; they have dedicated vCPUs and do not use CPU credits. The depletion indicates the instance is not an r5 but possibly a T3 instance. Option B and D are not related to CPU credits.

Option C is a misunderstanding.

1527
MCQmedium

A company is migrating an SAP system to AWS and wants to use AWS Systems Manager for patching. The SAP application server is running Windows. What is a prerequisite for Systems Manager to manage the instance?

A.Install the AWS Systems Manager Agent (SSM Agent) on the instance
B.Install the Amazon CloudWatch agent on the instance
C.Enable AWS Config on the instance
D.Assign a public IP address to the instance
AnswerA

SSM Agent is required for Systems Manager to manage the instance.

Why this answer

AWS Systems Manager requires the SSM Agent to be installed and running on managed instances to perform patching and other management operations. The SSM Agent processes Systems Manager requests, executes run commands, and reports instance state back to the Systems Manager service. Without the agent, the instance cannot communicate with the Systems Manager endpoint or receive patching instructions.

Exam trap

The trap here is that candidates often confuse the SSM Agent with the CloudWatch agent or assume a public IP is necessary for AWS management, but Systems Manager can manage instances in private subnets using VPC endpoints or a managed instance gateway.

How to eliminate wrong answers

Option B is wrong because the Amazon CloudWatch agent is used for collecting metrics and logs, not for Systems Manager patching operations; patching relies on the SSM Agent. Option C is wrong because AWS Config is a service for resource inventory and compliance auditing, not a prerequisite for Systems Manager instance management; it does not install any agent on the instance. Option D is wrong because a public IP address is not required; Systems Manager can manage instances in private subnets using VPC endpoints (AWS Systems Manager VPC endpoints) or through a managed instance gateway.

1528
Multi-Selecthard

A company runs SAP HANA on AWS and wants to encrypt the database at rest. Which THREE options are available to achieve this?

Select 3 answers
A.Use Amazon RDS encryption for the SAP HANA database.
B.Use AWS KMS with a custom key store to manage encryption keys.
C.Enable SAP HANA native encryption for the database.
D.Use Amazon S3 server-side encryption for database files.
E.Enable Amazon EBS encryption on all volumes attached to the HANA instance.
AnswersB, C, E

KMS can manage keys for EBS and HANA encryption.

Why this answer

AWS KMS with a custom key store (option B) is a valid encryption option for SAP HANA on AWS because it allows you to use a customer-managed key store backed by AWS CloudHSM, giving you control over the encryption keys used to protect data at rest. This integrates with Amazon EBS encryption and other AWS services to encrypt the underlying storage volumes, ensuring compliance with key management requirements.

Exam trap

The trap here is that candidates may confuse Amazon RDS encryption with EC2-based database encryption, not realizing that SAP HANA is self-managed on EC2 and does not use the RDS service, making option A technically inapplicable.

1529
MCQmedium

An SAP administrator is troubleshooting a performance issue on an SAP HANA database running on an r5.8xlarge EC2 instance. The application team reports that queries are slow during peak hours. CloudWatch metrics show high CPU utilization and high memory usage. Which instance type should the administrator choose to improve performance?

A.m5.24xlarge
B.t3.2xlarge
C.r5.24xlarge
D.r5b.8xlarge
AnswerC

r5.24xlarge provides more vCPUs and memory, addressing both CPU and memory constraints.

Why this answer

Option C is correct because the r5.24xlarge provides more CPU and memory than r5.8xlarge. Option A is wrong because t3 instances are burstable and not suitable for production HANA. Option B is wrong because m5 instances are general purpose and may not have enough memory.

Option D is wrong because r5b instances are similar but not necessarily higher performance.

1530
MCQmedium

An SAP system on AWS needs to be highly available across multiple Availability Zones (AZs). The SAP Central Services (ASCS) and the database are both critical. Which architecture should be used?

A.Use an Application Load Balancer to distribute traffic across AZs.
B.Deploy ASCS with a cluster across two AZs, and use HANA System Replication across two AZs.
C.Place all components in a single AZ to avoid cross-AZ latency.
D.Use Amazon RDS Multi-AZ for the database and a single ASCS instance.
AnswerB

This provides HA for both ASCS and database across AZs.

Why this answer

Option B is correct because SAP ASCS requires a cluster (e.g., Pacemaker with SBD fencing) across two AZs to provide failover for the central services, while HANA System Replication (HSR) synchronously replicates the database to a secondary AZ for automatic failover. This dual-cluster architecture ensures both critical components remain highly available, meeting SAP's certified HA patterns on AWS.

Exam trap

The trap here is that candidates often confuse AWS-managed services like RDS Multi-AZ with SAP-certified HA solutions, failing to recognize that SAP HANA requires native replication and that ASCS must be clustered, not simply load-balanced.

How to eliminate wrong answers

Option A is wrong because an Application Load Balancer operates at Layer 7 and cannot manage SAP ASCS or HANA database failover; it is designed for HTTP/HTTPS traffic distribution, not SAP-specific cluster heartbeats or replication. Option C is wrong because placing all components in a single AZ creates a single point of failure; AWS best practices require multi-AZ deployment to survive AZ outages, and cross-AZ latency is negligible (typically <1 ms) for SAP workloads. Option D is wrong because Amazon RDS Multi-AZ does not support SAP HANA or SAP-certified databases; SAP requires native HANA System Replication or a certified DBMS, and a single ASCS instance lacks the clustering needed for high availability.

1531
MCQeasy

A company is migrating an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB and has a 4-hour maintenance window. Which AWS service should be used to minimize downtime during the migration?

A.AWS Database Migration Service (DMS)
B.AWS Server Migration Service (SMS)
C.AWS Application Migration Service (MGN)
D.AWS DataSync
AnswerA

DMS supports continuous replication to minimize downtime.

Why this answer

AWS DMS supports ongoing replication to minimize downtime. Option A (AWS SMS) is for server migration, not database. Option B (AWS DataSync) is for file storage.

Option D (AWS MGN) is for server migration.

1532
MCQeasy

An SAP system is running on an EC2 instance with an instance profile that grants access to an S3 bucket. The application is unable to read a specific object from the bucket. What is the first step to troubleshoot the issue?

A.Check the security group associated with the instance
B.Check the network ACLs
C.Check the IAM policy attached to the instance profile
D.Check the S3 bucket policy
AnswerC

The instance profile's IAM role must have s3:GetObject permission for the object.

Why this answer

Checking the IAM policy attached to the instance profile ensures the correct permissions are granted. Option B is wrong because security groups control network traffic, not S3 access. Option C is wrong because S3 bucket policies are separate from IAM.

Option D is wrong because NACLs are for subnet traffic.

1533
MCQhard

A company is migrating an SAP ERP system to AWS and needs to ensure that the SAP application servers can scale automatically based on CPU utilization. Which AWS service should be used to achieve this?

A.AWS Elastic Load Balancing (ELB)
B.AWS Lambda
C.AWS CloudFormation
D.AWS Auto Scaling
AnswerD

Auto Scaling can launch/terminate instances based on CloudWatch alarms.

Why this answer

AWS Auto Scaling can scale EC2 instances based on CloudWatch alarms. Option A is wrong because AWS Elastic Load Balancing distributes traffic but does not scale. Option B is wrong because AWS Lambda is for serverless compute, not SAP.

Option D is wrong because AWS CloudFormation is for infrastructure as code, not automatic scaling.

1534
MCQhard

A company is migrating an SAP ERP system to AWS. They have multiple SAP systems (DEV, QAS, PRD) and want to automate the deployment of identical environments. Which AWS service should they use?

A.AWS OpsWorks
B.AWS Elastic Beanstalk
C.AWS CloudFormation
D.AWS CodeDeploy
AnswerC

CloudFormation can define and provision SAP infrastructure consistently.

Why this answer

AWS CloudFormation with SAP-specific templates (or AWS Launch Wizard) can automate infrastructure deployment. Option A is wrong because OpsWorks is for Chef/Puppet, not SAP-specific. Option C is wrong because CodeDeploy is for application code, not full environment.

Option D is wrong because Elastic Beanstalk is for web apps, not SAP.

1535
MCQmedium

An SAP Basis administrator is setting up an SAP HANA database in a Multi-AZ deployment on AWS. They need to ensure that the database remains available during an Availability Zone failure. Which AWS services should be used together to achieve this?

A.AWS CloudWatch alarms and AWS Lambda
B.Auto Scaling groups and Elastic Load Balancer
C.SAP HANA System Replication and Amazon Route 53
D.Amazon RDS Multi-AZ and Route 53
AnswerC

HANA System Replication provides data replication, and Route 53 provides DNS failover.

Why this answer

SAP HANA System Replication (HSR) provides synchronous or asynchronous replication of HANA databases across Availability Zones, ensuring data consistency and failover capability. Amazon Route 53 with health checks and DNS failover routing automatically redirects client traffic to the standby HANA instance in the secondary AZ when the primary fails, together achieving Multi-AZ high availability for SAP HANA.

Exam trap

The trap here is that candidates confuse Amazon RDS Multi-AZ (which is a managed service for traditional databases like MySQL or Oracle) with SAP HANA, but SAP HANA on AWS requires self-managed replication via HSR and DNS-based routing, not RDS.

How to eliminate wrong answers

Option A is wrong because CloudWatch alarms and Lambda can automate responses to metrics but do not provide database-level replication or DNS-based failover for HANA. Option B is wrong because Auto Scaling groups and Elastic Load Balancer are designed for stateless web/application tiers, not for stateful database replication or HANA-specific failover. Option D is wrong because Amazon RDS Multi-AZ is a managed database service that does not support SAP HANA; SAP HANA must be deployed on EC2 with its own replication mechanisms.

1536
MCQeasy

A company is planning to run SAP Business Suite on AWS. They need to ensure that the SAP systems are backed up according to best practices. Which backup strategy is recommended for SAP HANA databases on AWS?

A.Use AWS Backup to automatically back up the HANA database
B.Schedule HANA backups to Amazon S3 using the HANA backup tool
C.Perform daily full EBS snapshots and store them in Glacier
D.Use only EBS snapshots for all SAP HANA volumes
AnswerB

SAP HANA backups to S3 are recommended for durability and cost-effectiveness, using Backint or similar tools.

Why this answer

SAP HANA backups should be stored on Amazon S3 for durability and cost-effectiveness. EBS snapshots are not sufficient for HANA because they are crash-consistent but not application-consistent for HANA. Combining EBS snapshots with HANA backups ensures both crash consistency and recoverability.

Daily full backups are not required; incremental/differential backups are more efficient.

1537
MCQeasy

A company is running SAP HANA on AWS and needs to ensure that the database can be recovered to a specific point in time within the last 24 hours. Which backup strategy should be used?

A.Incremental backups using Backint
B.Daily full EBS snapshots
C.Daily SAP HANA full backups
D.Full backups plus log backups every 5 minutes
AnswerD

Log backups enable point-in-time recovery within the backup window.

Why this answer

Option D is correct because full plus log backups enable point-in-time recovery. Option A is wrong because single snapshot does not allow point-in-time. Option B is wrong because full backups only restore to backup time.

Option C is wrong because incremental alone does not provide point-in-time.

1538
MCQeasy

A company is migrating a file server to AWS and needs a scalable, highly available file storage solution that supports the SMB protocol. Which AWS service should be used?

A.Amazon Elastic File System (EFS)
B.AWS Storage Gateway
C.Amazon Simple Storage Service (S3)
D.Amazon FSx for Windows File Server
AnswerD

Supports SMB protocol.

Why this answer

Amazon FSx for Windows File Server supports SMB protocol and provides fully managed Windows file servers. Option A (Amazon EFS) supports NFS, not SMB. Option B (Amazon S3) is object storage.

Option D (AWS Storage Gateway) can present file shares but is not a fully managed file server.

1539
Multi-Selectmedium

An SAP administrator is designing a backup strategy for SAP HANA on AWS. Which THREE practices should be implemented to ensure reliable backups?

Select 3 answers
A.Store backups in Amazon S3 One Zone-IA
B.Disable encryption on backup targets to reduce latency
C.Take consistent EBS snapshots of HANA volumes after quiescing the database
D.Enable S3 Versioning on the backup bucket
E.Automate backups using AWS Backup with a backup plan
AnswersC, D, E

Consistent snapshots ensure data integrity.

Why this answer

Options A, B, and D are correct. Using AWS Backup for automation (A), EBS snapshots for consistency (B), and storing backups in S3 with versioning (D) are best practices. Option C is wrong because S3 One Zone-IA lacks durability.

Option E is wrong because encryption should be enabled, not disabled.

1540
MCQmedium

An SAP system running on EC2 is experiencing intermittent connectivity issues between application servers and the database server. The network team suspects that the security group rules are too restrictive. What is the best approach to identify which traffic is being blocked?

A.Check the SAP application logs for connection errors.
B.Enable AWS CloudTrail and look for security group modification events.
C.Use Amazon CloudWatch to monitor network packets.
D.Enable VPC Flow Logs on the subnet or ENI and review the logs for rejected traffic.
AnswerD

VPC Flow Logs capture information about IP traffic going to and from network interfaces.

Why this answer

Option A is correct because VPC Flow Logs capture traffic metadata and can show accepted and rejected traffic. Option B is wrong because CloudTrail logs API calls, not network traffic. Option C is wrong because CloudWatch metrics do not provide per-packet detail.

Option D is wrong because the question is about network traffic, not application logs.

1541
Multi-Selecteasy

Which TWO of the following are benefits of using SAP HANA System Replication (HSR) on AWS? (Choose 2.)

Select 2 answers
A.Supports replication across AWS Regions for disaster recovery
B.Provides near real-time data replication for high availability
C.Improves query performance by distributing workloads
D.Automatically scales storage based on database growth
E.Automatically load balances read queries between primary and secondary
AnswersA, B

HSR can be configured across regions.

Why this answer

Option A and B are correct. HSR provides high availability and can be used for disaster recovery with replication to another Region. Option C is incorrect because HSR does not provide load balancing; it is for failover.

Option D is incorrect because HSR does not automatically scale storage. Option E is incorrect because HSR does not improve query performance.

1542
Multi-Selecthard

Which THREE of the following are requirements for running SAP HANA in an AWS multi-zone HA cluster? (Choose three.)

Select 3 answers
A.At least two EC2 instances in different Availability Zones per node type.
B.Separate EBS volumes for /hana/data and /hana/log directories.
C.Use of an Elastic Load Balancer to distribute traffic to the HANA nodes.
D.All nodes must use instance store volumes for the HANA data.
E.The cluster nodes must be within the same AWS region.
AnswersA, B, E

Multi-AZ provides high availability.

Why this answer

Options A, B and D are correct. A: Same region is required for low latency. B: At least two nodes per AZ.

D: EBS volumes for /hana/data and /hana/log. C: Not required, but can be used. E: Not required; you can use EBS or instance store.

1543
MCQmedium

An SAP administrator is deploying an SAP ASCS instance using CloudFormation. The deployment fails because the instance cannot be reached from other SAP components. Based on the exhibit, what is the most likely cause?

A.The instance type m5.large is not certified for SAP ASCS.
B.The security group does not allow inbound traffic on the required SAP ports.
C.The instance lacks an IAM role to join the SAP domain.
D.The root volume is too small and uses gp2, which is not supported for SAP.
AnswerB

The template does not specify inbound rules; without proper security group rules, other components cannot connect.

Why this answer

The SAP ASCS instance must be reachable by other SAP components (e.g., PAS, AAS) on specific ports for services like the SAP Message Server (port 36xx/TCP) and SAP Enqueue Server (port 32xx/TCP). The exhibit shows the security group lacks inbound rules for these ports, so traffic from other components is blocked, causing the deployment to fail. Without proper inbound access, the ASCS instance cannot participate in the SAP system's communication, leading to the unreachability error.

Exam trap

The trap here is that candidates often focus on instance certification or storage requirements, overlooking the fundamental network connectivity issue caused by missing security group inbound rules for SAP-specific ports.

How to eliminate wrong answers

Option A is wrong because the m5.large instance type is certified for SAP ASCS on AWS, provided it meets the SAPS and memory requirements for the workload. Option C is wrong because SAP ASCS does not require an IAM role to join an SAP domain; IAM roles are used for AWS API access, not for SAP domain membership (which uses SAP-specific authentication). Option D is wrong because the root volume size and gp2 type are supported for SAP on AWS; gp2 is a valid EBS volume type for SAP, and the root volume size (e.g., 20 GiB) is typically sufficient for the OS and SAP binaries, though additional volumes are used for data.

1544
MCQeasy

A company is migrating a fleet of 200 on-premises Windows servers to AWS. The servers run a mix of custom applications and Microsoft SQL Server databases. The migration plan includes using AWS Server Migration Service (SMS) for the servers and AWS Database Migration Service (DMS) for the databases. During the initial replication, several servers fail with the error 'Unable to create AMI: Insufficient permissions'. The IAM role used by SMS has the following policy: {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:Describe*","ec2:CreateImage","ec2:RegisterImage","s3:PutObject","s3:GetObject","s3:ListBucket"],"Resource":"*"}]}. Which change should be made to resolve the error?

A.Remove the s3:PutObject action from the policy
B.Configure a VPC endpoint for EC2
C.Add ec2:CreateSnapshot action to the policy
D.Add ec2:ImportImage action to the policy
AnswerC

SMS requires CreateSnapshot to create snapshots before creating AMIs.

Why this answer

Option C is correct. The error 'Unable to create AMI' indicates that SMS lacks permission to create the AMI from the snapshot. SMS requires ec2:CreateSnapshot permission to create snapshots of the volumes before creating AMIs.

Option A is wrong because ec2:ImportImage is not needed; SMS uses CreateImage and RegisterImage. Option B is wrong because the error is not about network connectivity. Option D is wrong because SMS does not require s3:PutObject, it already has that permission.

1545
MCQeasy

A company is planning to run SAP applications on AWS. The security team requires that all data transmitted between the SAP application servers and the SAP HANA database be encrypted in transit. The SAP HANA database is on an EC2 instance in the same VPC. The application servers are also in the same VPC. Which configuration should the company implement to meet the encryption requirement with minimal impact on performance?

A.Use AWS PrivateLink to connect the application to the database
B.Enable SAP HANA TLS/SSL encryption for the database connections
C.Use VPC peering between the application and database subnets
D.Set up a VPN connection between the application and database servers
AnswerB

TLS/SSL encryption secures data in transit between SAP application and database servers.

Why this answer

Option B is correct because enabling SAP HANA TLS/SSL encryption encrypts data in transit between application and database servers without network overhead. Option A is wrong because VPC peering is for cross-VPC communication. Option C is wrong because VPN adds overhead.

Option D is wrong because AWS PrivateLink is for access to services, not for encryption within a VPC.

1546
Multi-Selectmedium

Which THREE AWS services can be used to monitor the performance of an SAP HANA database running on EC2? (Choose 3)

Select 3 answers
A.AWS Config
B.Amazon CloudWatch Logs
C.SAP HANA built-in monitoring (e.g., SAP HANA Studio, SQL queries)
D.Amazon CloudWatch
E.AWS CloudTrail
AnswersB, C, D

CloudWatch Logs can ingest and monitor SAP HANA trace logs.

Why this answer

Options A, C, and E are correct. CloudWatch provides metrics like CPU and memory; SAP HANA built-in monitoring provides detailed database metrics; CloudWatch Logs can collect and analyze log files. Option B is wrong because CloudTrail tracks API calls, not performance.

Option D is wrong because Config tracks resource configurations.

1547
Multi-Selecthard

Which THREE factors must be considered when choosing an EC2 instance type for SAP HANA production workloads?

Select 3 answers
A.Burstable CPU performance (T3 instances)
B.GPU compute capability
C.EBS-optimized support for consistent I/O
D.SAP certification of the instance type
E.Memory (RAM) size required by SAP HANA
AnswersC, D, E

Necessary for HANA performance.

Why this answer

Option C is correct because SAP HANA is an in-memory database that requires consistent, low-latency I/O for data persistence and log writes. EBS-optimized instances dedicate network bandwidth to EBS traffic, eliminating contention with other network traffic and ensuring predictable I/O performance, which is critical for production SAP HANA workloads.

Exam trap

The trap here is that candidates may assume burstable instances (T3) are suitable for any workload due to their cost-effectiveness, but SAP HANA requires sustained performance and SAP certification, which T3 instances lack.

1548
MCQhard

A company runs SAP S/4HANA on AWS and notices high latency in database transactions. The database is hosted on an r5.24xlarge instance with 768 GB of EBS gp3 storage. The SAP application servers are in the same VPC but different subnets. What should be changed to reduce latency?

A.Use a smaller instance type to reduce network hops.
B.Place the database instance in a cluster placement group with the application servers.
C.Enable EBS optimization on the database instance and ensure the instance type supports dedicated EBS bandwidth.
D.Change the EBS volume type to io2 Block Express with maximum IOPS.
AnswerC

EBS optimization provides dedicated network for EBS, reducing latency.

Why this answer

Option C is correct because EBS optimization ensures dedicated network bandwidth for EBS traffic, preventing contention with other network traffic. The r5.24xlarge instance supports dedicated EBS bandwidth, and enabling this feature reduces latency for database transactions by providing consistent, high-throughput access to the EBS gp3 volume.

Exam trap

The trap here is that candidates often assume high latency in database transactions is always a network or placement issue, leading them to choose cluster placement groups or instance size changes, when the actual root cause is EBS bandwidth contention that is resolved by enabling EBS optimization.

How to eliminate wrong answers

Option A is wrong because using a smaller instance type would reduce available compute and network resources, likely increasing latency rather than reducing it, and network hops are determined by subnet routing, not instance size. Option B is wrong because a cluster placement group provides low-latency network connectivity between instances, but the application servers and database are already in the same VPC; the latency issue is related to EBS storage performance, not inter-instance network latency. Option D is wrong because while io2 Block Express offers higher IOPS and lower latency, the gp3 volume already provides up to 16,000 IOPS and 1,000 MB/s throughput, and the primary bottleneck is likely EBS bandwidth contention, not volume type; changing to io2 Block Express would increase cost without addressing the root cause if EBS optimization is not enabled.

1549
MCQmedium

A company has an SAP HANA database running on an EC2 instance with EBS volumes. The operations team needs to ensure that database backups are stored in Amazon S3 and are automatically deleted after 90 days. What is the most efficient way to achieve this?

A.Use S3 Object Lock with a retention period of 90 days.
B.Enable S3 Versioning and delete old versions manually.
C.Write a script that runs daily to list backups older than 90 days and delete them.
D.Configure an S3 Lifecycle policy to expire objects after 90 days.
AnswerD

Lifecycle policies automate deletion without custom code.

Why this answer

Option B is correct because S3 Lifecycle policies can automatically transition objects to cheaper storage classes or expire them after a specified number of days. Option A is wrong because manual deletion is not automated. Option C is wrong because S3 Object Lock is for preventing deletion, not automating it.

Option D is wrong because versioning alone does not delete objects.

1550
MCQeasy

A company is deploying SAP S/4HANA on AWS and needs to back up the HANA database to Amazon S3. The database is 1 TB and changes frequently. The backup must be completed within 4 hours. What is the most efficient backup method?

A.Take EBS snapshots of the HANA data volumes and copy them to S3.
B.Export the HANA database to a file and manually upload to S3 using AWS CLI.
C.Use AWS Backup to schedule HANA database backups to S3.
D.Configure SAP HANA Backint agent to stream backups directly to Amazon S3.
AnswerD

Backint provides efficient, integrated streaming backups to S3.

Why this answer

Using SAP HANA Backup to Amazon S3 via the Backint agent is the most efficient and recommended method for HANA backups to S3. Option A (EBS snapshots) requires additional steps and may not be integrated. Option B (AWS Backup) supports HANA but is less integrated than Backint.

Option D (manual copy) is not efficient. Option C is correct.

1551
Multi-Selecthard

A company is deploying a mission-critical SAP S/4HANA system on AWS. They need to ensure the highest level of availability and minimize data loss. Which TWO strategies should they implement? (Choose two.)

Select 2 answers
A.Use EC2 Spot Instances for the primary application server
B.Configure automated EBS snapshots every 5 minutes
C.Use Amazon RDS Multi-AZ for the HANA database
D.Set up HANA System Replication in synchronous mode across two Availability Zones
E.Deploy the ASCS and PAS instances in a cluster with Pacemaker across AZs
AnswersD, E

Synchronous replication ensures no data loss and automatic failover.

Why this answer

Option D is correct because HANA System Replication in synchronous mode ensures that every committed transaction is written to the primary and replicated to a secondary HANA instance before the commit is acknowledged. This provides near-zero data loss (RPO=0) and, combined with automatic failover, supports high availability across Availability Zones.

Exam trap

The trap here is that candidates often confuse Amazon RDS Multi-AZ with SAP HANA database replication, but SAP HANA is not supported on RDS and must be managed directly on EC2 with HANA System Replication.

1552
Multi-Selecthard

Which THREE of the following are best practices for securing SAP systems on AWS?

Select 3 answers
A.Encrypt EBS volumes using AWS KMS.
B.Use security groups to restrict traffic between SAP application and database tiers.
C.Use IAM roles for EC2 instances to access AWS services.
D.Place all SAP instances in public subnets for easier access.
E.Store AWS credentials in the SAP application code for API access.
AnswersA, B, C

Encryption protects data at rest.

Why this answer

Options A, B, and D are correct. A: Using AWS KMS to encrypt EBS volumes ensures data at rest is encrypted. B: Security groups are stateful firewalls that control traffic between instances.

D: IAM roles provide temporary credentials for EC2 instances to access AWS services securely. Option C is incorrect because public subnets expose instances to the internet, which is not a security best practice. Option E is incorrect because root user credentials should not be used for daily operations; IAM users are preferred.

1553
MCQmedium

A company runs a critical SAP HANA database on an m5.24xlarge EC2 instance. The database has high transaction volume and requires low latency storage. The current setup uses EBS gp2 volumes with 10,000 IOPS. During peak hours, the database performance degrades due to IOPS burst balance depletion. Which storage solution should the company use to maintain consistent performance?

A.Migrate to EBS gp3 volumes with provisioned IOPS of 10,000.
B.Use EC2 Instance Store (NVMe SSD) for the database data and logs.
C.Provision EBS io2 Block Express volumes with 10,000 provisioned IOPS.
D.Move the database to Amazon EFS with provisioned throughput.
AnswerC

io2 Block Express provides consistent IOPS and is designed for high-performance workloads.

Why this answer

Option C is correct because EBS io2 Block Express volumes provide consistent IOPS performance without bursting and support higher IOPS than gp2. Option A is wrong because gp3 provides baseline 3000 IOPS and burst, but may not guarantee the required 10,000 IOPS. Option B is wrong because Instance Store provides ephemeral storage, which is not persistent and may cause data loss on instance stop.

Option D is wrong because EFS is a file system, not suitable for high-performance database block storage.

1554
MCQhard

A company runs SAP S/4HANA on AWS in a single region with a multi-AZ setup. The SAP HANA database uses HANA System Replication (HSR) for high availability. The primary HANA instance is in us-east-1a and the secondary is in us-east-1b. The application servers are split across both AZs. Recently, during a maintenance window, the primary HANA instance failed unexpectedly. The secondary automatically took over. However, after the failover, the application servers in us-east-1a are experiencing higher latency when connecting to the database, while application servers in us-east-1b have normal latency. The network team confirms that the inter-AZ latency is within normal limits. Which of the following is the MOST likely cause of the increased latency?

A.The secondary HANA instance is using a different instance type with a single Elastic Network Interface (ENI), which limits throughput.
B.The placement group that includes the application servers and the database is now split across AZs, reducing performance.
C.The application servers in us-east-1a are now connecting to the HANA database in us-east-1b, which adds inter-AZ latency.
D.The EBS volumes attached to the old primary instance are still being replicated to the secondary, causing network congestion.
AnswerC

Previously, all connections were within the same AZ; after failover, half the servers must connect across AZs.

Why this answer

Option C is correct because after the failover, the secondary HANA instance in us-east-1b became the active database. Application servers in us-east-1a must now connect across AZs to reach the database in us-east-1b, incurring inter-AZ latency. Although the network team confirms normal inter-AZ latency, the additional network hop and physical distance between AZs still introduce higher latency compared to same-AZ connections, which explains the observed increase.

Exam trap

The trap here is that candidates may assume inter-AZ latency is negligible or that the network team's confirmation of 'normal limits' means latency is not the issue, but in SAP HANA workloads, even 1-2 ms of additional latency can cause noticeable performance degradation for cross-AZ database connections.

How to eliminate wrong answers

Option A is wrong because the instance type and number of ENIs affect network throughput, not latency; a single ENI does not inherently cause higher latency, and HSR failover does not change the instance type of the secondary. Option B is wrong because placement groups are not used for SAP HANA multi-AZ setups; they are designed for low-latency within a single AZ, and splitting a placement group across AZs would not be configured in this architecture. Option D is wrong because EBS volume replication is not part of HSR; HSR uses log-based replication over the network, and EBS volumes are not replicated between instances; the old primary's volumes are irrelevant after failover.

1555
Multi-Selectmedium

An SAP administrator is configuring high availability for SAP HANA on AWS. Which TWO components are essential for a Pacemaker-based cluster?

Select 2 answers
A.A quorum device (e.g., STONITH)
B.An Application Load Balancer
C.Amazon Route 53 health checks
D.A virtual IP address
E.Amazon CloudWatch alarms
AnswersA, D

STONITH ensures node fencing to prevent split-brain.

Why this answer

A and B are correct. A quorum device (like STONITH) is required to avoid split-brain, and a virtual IP (VIP) is needed for client failover. C and D are not required for Pacemaker.

E (CloudWatch) is optional for monitoring.

1556
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to set up high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). The company uses a shared file system for the transport directory. Which components are essential for the HA setup? (Choose TWO.)

Select 2 answers
A.Amazon S3 as the transport directory.
B.An internal Application Load Balancer (ALB) to distribute traffic to the ASCS instance.
C.Both ASCS and ERS instances must run on the same EC2 instance.
D.Amazon RDS Multi-AZ for the SAP database.
E.The ASCS and ERS instances must be located in different Availability Zones.
AnswersB, E

ALB provides a virtual IP for ASCS.

Why this answer

Options A and D are correct. A: A load balancer is needed for virtual IP. D: AS CS and ERS must be in different AZs for HA.

Option B is wrong because ASCS and ERS should be on separate instances. Option C is wrong because Multi-AZ is for RDS, not for ASCS/ERS. Option E is wrong because S3 is not used for transport in this scenario.

1557
MCQhard

An organization is migrating an SAP system from on-premises to AWS. The SAP system uses a shared file system (NFS) for transport directories. The company wants a fully managed NFS solution on AWS. Which service should they use?

A.Amazon Elastic Block Store (EBS)
B.Amazon FSx for Windows File Server
C.Amazon Elastic File System (EFS)
D.Amazon S3
AnswerC

Managed NFS file system.

Why this answer

Amazon EFS is a fully managed NFS file system that supports the NFSv4.1 and NFSv4.0 protocols, making it the ideal choice for SAP transport directories that require a shared POSIX-compliant file system. It provides high availability, automatic scaling, and eliminates the need to manage underlying storage infrastructure, directly matching the requirement for a fully managed NFS solution on AWS.

Exam trap

The trap here is that candidates often confuse Amazon EBS with a shared file system because it can be formatted with a file system, but they overlook that EBS volumes cannot be attached to multiple EC2 instances simultaneously without additional clustering software, making it unsuitable for NFS-based SAP transport directories.

How to eliminate wrong answers

Option A is wrong because Amazon EBS provides block-level storage volumes that can be attached to a single EC2 instance at a time; it does not natively support NFS or multi-instance shared access without additional configuration (e.g., using a cluster file system). Option B is wrong because Amazon FSx for Windows File Server uses the SMB protocol, not NFS, and is designed for Windows-based workloads, not for SAP transport directories that require NFS. Option D is wrong because Amazon S3 is an object storage service accessed via HTTP/HTTPS APIs, not a file system with NFS protocol support, and does not provide the POSIX file system semantics required by SAP.

1558
MCQhard

A company is deploying SAP S/4HANA on AWS and needs to ensure that the system can survive a single Availability Zone failure. Which architecture meets this requirement?

A.Store the database files on Amazon S3 and mount them to the EC2 instance
B.Deploy an active-passive setup with the primary in one AZ and a standby in another AZ, using replication
C.Use Amazon RDS Multi-AZ for the SAP HANA database
D.Deploy a single EC2 instance in one Availability Zone with EBS snapshots
AnswerB

Active-passive with cross-AZ standby ensures availability if one AZ fails.

Why this answer

Option B is correct because an active-passive SAP HANA setup with the primary in one Availability Zone (AZ) and a standby in another AZ, using HANA System Replication (HSR) in synchronous mode, ensures zero data loss and automatic failover if a single AZ fails. This architecture meets the SAP S/4HANA requirement for high availability (HA) across AZs, as HSR replicates data at the database level, and the standby can take over within minutes.

Exam trap

The trap here is that candidates often confuse Amazon RDS Multi-AZ with SAP HANA HA, but RDS Multi-AZ is a managed service for non-SAP databases and does not support SAP HANA, which requires self-managed HSR on EC2 for cross-AZ failover.

How to eliminate wrong answers

Option A is wrong because Amazon S3 is an object storage service that cannot be mounted as a file system to an EC2 instance for SAP HANA database files; SAP HANA requires block storage (e.g., Amazon EBS) with low latency and consistent I/O, and S3 lacks the necessary POSIX file system semantics and performance characteristics. Option C is wrong because Amazon RDS Multi-AZ does not support SAP HANA as a database engine; RDS supports MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB, but SAP HANA must be deployed on EC2 instances with HSR for HA. Option D is wrong because a single EC2 instance with EBS snapshots provides backup and point-in-time recovery, but it cannot survive an AZ failure since there is no standby instance in another AZ; recovery from snapshots takes minutes to hours and involves data loss, not automatic failover.

1559
MCQeasy

A company wants to monitor the disk space utilization of their SAP application servers. Which AWS service can provide a centralized view of disk space metrics without installing additional agents?

A.AWS Systems Manager Inventory
B.Amazon CloudWatch
C.AWS CloudTrail
D.Amazon Inspector
AnswerA

Systems Manager Inventory collects OS-level information, including disk space, using the SSM Agent which is often pre-installed.

Why this answer

Option D is correct because CloudWatch can collect disk metrics via the CloudWatch agent, but the question says 'without installing additional agents'. However, CloudWatch does require an agent for disk metrics. But the question might mean without third-party agents.

Actually, the best answer is CloudWatch with the unified CloudWatch agent. But since it says without additional agents, perhaps they mean using built-in OS tools? Option B is wrong. Option C is wrong.

Option A is wrong. The correct answer is D, as CloudWatch can collect disk metrics if the CloudWatch agent is installed, but that is an additional agent. Hmm.

Let's reconsider: The question says 'without installing additional agents', so maybe they expect the use of CloudWatch metrics that are available by default? EC2 does not send disk metrics by default. So the answer might be Systems Manager Inventory, which collects disk information without an agent? Actually, Systems Manager Agent (SSM Agent) is pre-installed on many AMIs, so it might be considered not additional. Option B: Systems Manager Inventory can collect disk information.

Option D: CloudWatch requires an agent. So B is correct. Let's go with B.

1560
MCQhard

Your company runs SAP ERP on AWS with a multi-AZ deployment. The SAP HANA database is replicated across two Availability Zones using HANA System Replication. The application servers are behind an Application Load Balancer. During a recent Availability Zone failure, the primary HANA instance failed, and the standby took over. However, the application servers continued to try to connect to the primary instance for several minutes, causing downtime. The DNS record for the database endpoint was manually updated after the failover. What is the most effective solution to automate the failover and minimize downtime?

A.Configure a Network Load Balancer in front of the HANA instances
B.Create a custom script on each application server to detect failover and update the connection string
C.Implement Amazon Route 53 DNS failover with health checks on the primary and secondary HANA instances
D.Use an Amazon RDS for SAP HANA instead of self-managed
AnswerC

Route 53 health checks detect primary failure and automatically route to the secondary.

Why this answer

Using Amazon Route 53 with a primary and secondary routing policy and health checks can automatically update DNS to the healthy instance. Option C is correct.

1561
Multi-Selecthard

A company is migrating an SAP S/4HANA system to AWS. The system requires high availability for the database and application layers. Which THREE components should the company configure to achieve high availability for SAP S/4HANA on AWS?

Select 3 answers
A.Pacemaker cluster for SAP Central Services
B.Multi-AZ deployment for SAP HANA database
C.Single Availability Zone deployment
D.Amazon EFS for SAP transport directory
E.AWS Transit Gateway
AnswersA, B, D

Pacemaker manages failover.

Why this answer

The correct components for SAP S/4HANA HA include Pacemaker for cluster management, Amazon EFS for shared file systems, and multi-AZ deployment for database. Option A (Single AZ) does not provide HA. Option D (AWS Transit Gateway) is for networking.

1562
MCQhard

A company runs SAP S/4HANA in a multi-AZ deployment with a standby database in a different Availability Zone. The primary database fails. What is the expected behavior of the SAP HANA system replication?

A.A new standby database is automatically provisioned in the same AZ.
B.The standby database automatically takes over as the new primary.
C.The primary database is automatically restarted in the same AZ.
D.The administrator must manually promote the standby database.
AnswerB

SAP HANA system replication with sync mode enables automatic failover.

Why this answer

Option A is correct because with HANA system replication in sync mode, automatic failover to the standby occurs. Option B is wrong because manual intervention is not needed with sync replication. Option C is wrong because the standby is already in another AZ.

Option D is wrong because replication is ongoing.

1563
MCQeasy

A company wants to use an SAP-certified AMI for a non-production SAP system to reduce deployment time. Which AWS service provides access to SAP-certified AMIs?

A.EC2 Image Builder
B.AWS Systems Manager
C.AWS Marketplace
D.AWS Service Catalog
AnswerC

Marketplace provides SAP-certified AMIs for quick deployment.

Why this answer

AWS Marketplace is the correct service because it provides access to SAP-certified AMIs that have been pre-configured and validated by SAP for running SAP workloads on AWS. These AMIs are published by AWS and SAP partners, ensuring compliance with SAP's certification requirements and reducing deployment time for non-production systems.

Exam trap

The trap here is that candidates may confuse AWS Marketplace with EC2 Image Builder or AWS Service Catalog, assuming that any AMI management or catalog service can provide certified images, but only AWS Marketplace hosts the official SAP-certified AMIs.

How to eliminate wrong answers

Option A is wrong because EC2 Image Builder is used to create and maintain custom AMIs, but it does not provide access to pre-existing SAP-certified AMIs. Option B is wrong because AWS Systems Manager is a management service for operational tasks like patching and automation, not a repository for certified AMIs. Option D is wrong because AWS Service Catalog allows organizations to create and manage a catalog of approved IT services, but it does not host SAP-certified AMIs directly; it can only reference AMIs from sources like AWS Marketplace.

1564
MCQhard

An architect is designing a disaster recovery (DR) solution for an SAP ERP system on AWS. The primary site is in us-east-1 and the DR site is in us-west-2. The SAP application uses an Oracle database. The RTO is 4 hours and RPO is 1 hour. Which solution meets these requirements with the least operational overhead?

A.Set up Oracle Active Data Guard between the primary and DR regions
B.Take daily EBS snapshots of the database volumes and copy them to us-west-2, then restore using the snapshots
C.Use AWS Backup to copy EC2 AMIs and RDS snapshots to us-west-2 every hour
D.Configure AWS Database Migration Service (DMS) with ongoing replication from the primary Oracle database to a standby in us-west-2
AnswerD

DMS provides continuous replication, meeting RPO of 1 hour, and can be automated for failover.

Why this answer

AWS Database Migration Service (DMS) with ongoing replication provides continuous change data capture (CDC) from the primary Oracle database to a standby in us-west-2, meeting the 1-hour RPO and 4-hour RTO with minimal operational overhead. DMS handles schema conversion, replication, and failover without requiring manual intervention or complex Oracle licensing, making it the most efficient choice for cross-region DR.

Exam trap

AWS often tests the misconception that native Oracle replication tools like Data Guard are always the best choice for DR, but the question emphasizes 'least operational overhead,' and DMS avoids the licensing and management burden of Active Data Guard while still meeting the RPO/RTO.

How to eliminate wrong answers

Option A is wrong because Oracle Active Data Guard requires Oracle Database Enterprise Edition with the Active Data Guard option, which adds significant licensing costs and operational complexity for managing Data Guard brokers, log transport, and failover scripts on EC2. Option B is wrong because daily EBS snapshots cannot achieve a 1-hour RPO, as snapshots are taken only once per day and the restore process from snapshots takes hours, exceeding the 4-hour RTO. Option C is wrong because AWS Backup copying EC2 AMIs and RDS snapshots every hour still results in a maximum RPO of 1 hour only if snapshots are taken exactly on the hour, but restoring from AMIs or RDS snapshots typically takes longer than 4 hours due to volume initialization and database recovery, and this approach does not support ongoing replication for near-zero data loss.

1565
Multi-Selecthard

An SAP administrator is setting up a disaster recovery (DR) site for SAP S/4HANA in a different AWS Region. To minimize data loss, which THREE strategies should be implemented? (Choose THREE.)

Select 3 answers
A.Set up automated EBS snapshots of HANA volumes and copy them to the DR region.
B.Implement cross-Region replication for Amazon EFS file systems used for SAP transport.
C.Configure SAP HANA system replication using asynchronous mode across regions.
D.Use EBS Multi-Attach volumes to share disks between regions.
E.Use Amazon CloudFront to cache HANA data in the DR region.
AnswersA, B, C

Snapshots provide recoverable point-in-time copies in the DR region.

Why this answer

Automated EBS snapshots of HANA volumes can be copied to the DR region using AWS Backup or custom scripts, providing point-in-time recovery with minimal data loss. This strategy ensures that persistent data is asynchronously replicated across regions, which is a standard approach for SAP disaster recovery.

Exam trap

The trap here is that candidates may confuse EBS Multi-Attach (a single-AZ feature) with cross-region replication, or assume CloudFront can serve as a database cache, when in fact it is only for HTTP/HTTPS content delivery and cannot handle SAP HANA data.

1566
MCQmedium

A company is migrating its SAP ERP system from on-premises to AWS. The migration involves a heterogeneous database migration from Oracle to SAP HANA. Which AWS service should be used to perform the database migration with minimal downtime?

A.AWS Schema Conversion Tool (AWS SCT)
B.AWS Server Migration Service (SMS)
C.AWS Database Migration Service (AWS DMS) with a heterogeneous migration using the SAP HANA target endpoint
D.AWS Database Migration Service (AWS DMS) with a homogeneous migration
AnswerC

DMS supports heterogeneous migrations using the SAP HANA endpoint, allowing schema and data conversion with minimal downtime.

Why this answer

Option D is correct because AWS DMS supports heterogeneous migrations from Oracle to SAP HANA using the SAP HANA target endpoint. Option A (SCT) is used for schema conversion, not data migration. Option B (Server Migration Service) is for server migrations, not databases.

Option C (Database Migration Service) is the correct service but Option D specifies it correctly.

1567
MCQmedium

A company runs SAP on AWS with a shared storage solution for transport files. They need a highly available, scalable, and POSIX-compliant file system. Which AWS storage service should they use?

A.Amazon Elastic File System (EFS)
B.Amazon S3
C.Amazon FSx for NetApp ONTAP
D.Amazon Elastic Block Store (EBS) with Multi-Attach enabled
AnswerC

FSx for NetApp ONTAP provides POSIX-compliant, highly available, and scalable file storage ideal for SAP transport files.

Why this answer

Amazon FSx for NetApp ONTAP provides a fully managed, POSIX-compliant shared file system that supports the NFS, SMB, and iSCSI protocols required by SAP transport directories. It offers high availability across multiple Availability Zones, automatic failover, and scalable throughput, making it the correct choice for SAP transport files on AWS.

Exam trap

The trap here is that candidates often assume Amazon EFS is the default POSIX-compliant file system for all Linux workloads, but they overlook that SAP transport files specifically require the advanced NetApp ONTAP features (like iSCSI support and enterprise storage replication) that FSx for ONTAP provides, which EFS cannot offer.

How to eliminate wrong answers

Option A is wrong because Amazon EFS is POSIX-compliant but does not support the iSCSI protocol or the advanced NetApp ONTAP features (e.g., SnapMirror, FlexClone) that SAP transport management often requires; it also lacks the ability to serve as a direct target for SAP's transport directory in many enterprise SAP architectures. Option B is wrong because Amazon S3 is not POSIX-compliant and uses a flat key-value store with eventual consistency for some operations, which cannot meet the strict file-locking and hierarchical namespace requirements of SAP transport files. Option D is wrong because Amazon EBS with Multi-Attach enabled supports only a limited number of Nitro-based EC2 instances (up to 16) and does not provide a fully managed, scalable, POSIX-compliant file system; it also lacks the native NFS/iSCSI protocol support needed for SAP transport directories.

1568
MCQmedium

A company uses Amazon CloudWatch Logs to store SAP application logs. The Security team requires that logs be encrypted at rest using a customer-managed KMS key (CMK). How can this be achieved?

A.Associate the KMS key with the CloudWatch Logs log group.
B.Enable default encryption on the S3 bucket where logs are exported.
C.Use an encrypted EBS volume for the EC2 instances generating the logs.
D.Enable encryption on the CloudWatch Logs log stream.
AnswerA

CloudWatch Logs allows encryption at rest using a KMS CMK associated with the log group.

Why this answer

Option B is correct because CloudWatch Logs supports encryption with KMS CMK by associating the key with the log group. Option A is wrong because S3 default encryption does not apply to CloudWatch Logs. Option C is wrong because CloudWatch Logs does not support EBS encryption.

Option D is wrong because enabling encryption on the log group not the stream is the correct action.

1569
MCQeasy

An SAP administrator needs to ensure that all API calls made to create, modify, or delete AWS resources are logged for auditing. Which AWS service should be enabled?

A.Amazon CloudWatch
B.AWS CloudTrail
C.AWS Config
D.Amazon GuardDuty
AnswerB

CloudTrail records all API activity for auditing.

Why this answer

Option B is correct: AWS CloudTrail logs API calls. Option A (CloudWatch) is for monitoring metrics. Option C (Config) is for resource configuration.

Option D (GuardDuty) is for security threats.

1570
MCQhard

A company is running an SAP S/4HANA system on AWS. During a planned maintenance window, the operations team needs to apply an SAP kernel patch that requires stopping all SAP instances. Which AWS service can be used to orchestrate the stop/start sequence of multiple EC2 instances and ensure proper dependencies are maintained?

A.AWS Systems Manager Automation
B.AWS Step Functions
C.AWS CloudFormation
D.Amazon EC2 Run Command
AnswerA

Systems Manager Automation can orchestrate stop/start with dependencies and error handling.

Why this answer

Option D is correct because AWS Systems Manager Automation can run scripts and workflows (e.g., stop instances in order) with error handling. Option A is wrong because AWS CloudFormation is for infrastructure provisioning, not ad-hoc operations. Option B is wrong because Amazon EC2 RunCommand is for individual commands, not complex orchestration.

Option C is wrong because AWS Step Functions can orchestrate but is more suited for serverless workflows; it can call Lambda but not directly manage EC2 stop/start without custom code.

1571
MCQhard

A company is migrating an SAP system that uses a custom ABAP application with a large number of background jobs. They want to ensure that job scheduling is not disrupted during migration. Which AWS service can help manage job scheduling in the cloud?

A.Amazon CloudWatch Events
B.AWS Lambda
C.Re-establish job scheduling within the SAP system after migration
D.AWS Batch
AnswerC

SAP's own job scheduler should be used; AWS services are not appropriate replacements.

Why this answer

AWS managed services do not directly replace SAP's job scheduling. The best practice is to re-establish job scheduling within the SAP system itself. AWS Batch is for batch computing, not SAP jobs.

Lambda is for serverless functions. CloudWatch Events can trigger but not manage complex job chains.

1572
Multi-Selectmedium

A company is running SAP on AWS and needs to monitor the health of their SAP application servers. Which TWO AWS services can be used together to achieve this?

Select 2 answers
A.AWS X-Ray
B.Amazon CloudWatch
C.Amazon Route 53
D.AWS CloudTrail
E.Amazon Inspector
AnswersB, C

CloudWatch can collect health check metrics and set alarms.

Why this answer

Options B (Amazon Route 53) and D (Amazon CloudWatch) are correct. Route 53 health checks can monitor application endpoints, and CloudWatch can aggregate metrics and trigger alarms. Option A (AWS CloudTrail) is for API logging.

Option C (AWS X-Ray) is for tracing. Option E (Amazon Inspector) is for security.

1573
MCQhard

An SAP system on AWS uses a shared file system via Amazon EFS for transport directory (/usr/sap/trans). The system experiences slow batch jobs. Monitoring shows high read latency on EFS. Which action would most likely reduce latency?

A.Use a larger EC2 instance for the application server
B.Migrate the transport directory to Amazon S3
C.Use EFS Max I/O performance mode or Provisioned Throughput
D.Move the transport directory to instance store volumes
AnswerC

Max I/O increases IOPS; Provisioned Throughput increases throughput.

Why this answer

EFS Max I/O performance mode is designed to scale to higher levels of aggregate throughput and IOPS with lower latencies for workloads like SAP transport directories that experience high concurrency and throughput demands. Provisioned Throughput allows you to specify a higher throughput level independent of the amount of data stored, directly addressing the high read latency issue. This is the most effective action because it optimizes the file system's performance characteristics for the SAP batch job workload.

Exam trap

The trap here is that candidates often confuse EFS performance modes with storage tiers (e.g., Standard vs. Infrequent Access) or assume that increasing compute power (Option A) will fix storage latency, when in fact the bottleneck is the file system's throughput ceiling, not the application server's CPU or memory.

How to eliminate wrong answers

Option A is wrong because increasing the EC2 instance size does not reduce EFS read latency; EFS performance is independent of the compute instance's size and is governed by the file system's throughput and IOPS limits. Option B is wrong because Amazon S3 is an object store, not a POSIX-compliant shared file system, and cannot serve as a drop-in replacement for the SAP transport directory (/usr/sap/trans) which requires NFSv4 semantics, file locking, and low-latency random access. Option D is wrong because instance store volumes are ephemeral and tied to the lifecycle of the EC2 instance; they cannot provide the persistent, shared access required for the transport directory across multiple SAP application servers.

1574
Multi-Selectmedium

An SAP customer is planning to use AWS for their SAP HANA environment. They need to ensure that the chosen EC2 instance types are certified by SAP for HANA. Which THREE sources can they use to verify SAP HANA certification for AWS instance types? (Select THREE.)

Select 3 answers
A.AWS documentation on SAP HANA certified instances
B.SAP Cloud Appliance Library (CAL)
C.AWS Support Center
D.AWS Pricing Calculator
E.SAP HANA Hardware Directory (SAP website)
AnswersA, B, E

AWS publishes a list of SAP HANA certified instance types.

Why this answer

Options A, B, and D are correct. The SAP HANA Hardware Directory lists certified instances. The SAP Cloud Appliance Library provides pre-configured HANA images.

AWS documentation also lists certified instances. Option C (AWS Pricing Calculator) does not provide certification info. Option E (AWS Support) can assist but is not a direct source for certification lists.

1575
MCQhard

A company is migrating its SAP NetWeaver system from on-premises to AWS. The system uses a central instance (ASCS) and multiple dialog instances. The migration must be completed with minimal downtime. Which approach should the company use?

A.Use SAP Software Provisioning Manager (SWPM) to perform a system copy into pre-provisioned EC2 instances with the same sizing.
B.Use AWS CloudEndure Migration to continuously replicate the SAP system.
C.Uninstall SAP from on-premises and perform a fresh installation on AWS, then restore the database backup.
D.Use AWS Application Migration Service (AWS MGN) to replicate the entire on-premises system to AWS.
AnswerA

SWPM system copy is an SAP-certified method for migrating with minimal downtime.

Why this answer

Option C is correct because using SAP Software Provisioning Manager (SWPM) to perform a system copy into pre-provisioned AWS instances allows minimal downtime. Option A is wrong because AWS MGN replicates at the block level and may not handle SAP application consistency. Option B is wrong because AWS CloudEndure is deprecated and replaced by MGN.

Option D is wrong because uninstallation and reinstallation is time-consuming.

Page 20

Page 21 of 24

Page 22