AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 151225

1733 questions total · 24pages · All types, answers revealed

Page 2

Page 3 of 24

Page 4
151
Multi-Selectmedium

A company is migrating an SAP system to AWS. They want to use AWS Launch Wizard to deploy SAP. Which TWO prerequisites are required for using Launch Wizard? (Choose TWO.)

Select 2 answers
A.An EC2 key pair for SSH access to the SAP instances
B.AWS Direct Connect connection to on-premises
C.An IAM role with permissions for Launch Wizard
D.An AWS Organization with all features enabled
E.A subscription to SAP software in AWS Marketplace
AnswersA, C

Key pair is needed for instance access.

Why this answer

Launch Wizard requires an IAM role with appropriate permissions and an SSH key pair for EC2 instances. Option C (Direct Connect) is optional. Option D (AWS Marketplace) is not required; Launch Wizard uses its own templates.

Option E (AWS Organizations) is not a prerequisite.

152
Multi-Selecthard

A company is migrating its SAP system to AWS. The system uses a custom ABAP program that writes to a local file system. Which TWO AWS services can the company use to provide a shared file system accessible to multiple EC2 instances?

Select 2 answers
A.Amazon FSx for Lustre
B.Amazon RDS
C.Amazon S3
D.Amazon EFS
E.Amazon EBS
AnswersA, D

FSx for Lustre provides a POSIX-compliant file system for shared access.

Why this answer

Options A and C are correct. Amazon EFS provides a NFS file system that can be mounted on multiple Linux instances. Amazon FSx for Lustre is a high-performance file system for HPC workloads.

Option B is wrong because Amazon S3 is object storage. Option D is wrong because Amazon EBS can only be attached to one instance. Option E is wrong because Amazon RDS is a database service.

153
MCQmedium

The exhibit shows a CloudFormation template snippet for deploying SAP ASCS and ERS instances. Both instances are launched in the same subnet. What is the main architectural issue with this deployment?

A.Both instances are in the same Availability Zone, which defeats the purpose of high availability
B.The AMI ID is not specified correctly
C.The instance type m5.large is too small for SAP
D.No security group is defined, exposing the instances to the internet
AnswerA

HA requires instances in different AZs.

Why this answer

Option A is correct because for high availability, ASCS and ERS should be in different Availability Zones to avoid a single point of failure. Option B is wrong because the instance type is acceptable for a test environment. Option C is wrong because the AMI is not specified, but that is not the main issue.

Option D is wrong because there is no security group defined, but that is a security issue, not an architectural HA issue.

154
MCQmedium

A company runs SAP HANA on AWS and wants to back up the database using Backint integration. Which AWS service is required to store the backups?

A.Amazon S3 Glacier
B.Amazon EBS
C.Amazon EFS
D.Amazon S3
AnswerD

Backint for SAP HANA on AWS sends backups to an S3 bucket.

Why this answer

Option B is correct because Backint for SAP HANA on AWS uses Amazon S3 as the backup target. Option A is wrong because EBS is for block storage, not Backint. Option C is wrong because Glacier is for archival, not direct Backint.

Option D is wrong because EFS is file storage, not supported by Backint.

155
Multi-Selecteasy

A company is planning to migrate its SAP NetWeaver system to AWS. Which TWO AWS services can be used to store the SAP transport directory?

Select 2 answers
A.Amazon S3
B.Amazon EFS
C.Amazon FSx for Windows File Server
D.Amazon RDS
E.Amazon EBS
AnswersB, C

EFS supports NFS, which is commonly used for SAP transport directories on Linux.

Why this answer

Options A and C are correct. Amazon EFS provides a scalable NFS file system. Amazon FSx for Windows File Server provides SMB file shares.

Option B is wrong because Amazon S3 is object storage. Option D is wrong because Amazon EBS is block storage. Option E is wrong because Amazon RDS is a database.

156
MCQmedium

Refer to the exhibit. An SAP administrator uses the CloudFormation template snippet to create an application server. After deployment, the administrator cannot connect to the instance using AWS Systems Manager Session Manager. What is the most likely missing configuration?

A.The UserData script fails to install the SSM Agent
B.The instance does not have an IAM instance profile with Systems Manager permissions
C.The security group does not allow outbound traffic to the Systems Manager endpoint
D.The instance type does not support Systems Manager
AnswerB

An IAM role with AmazonSSMManagedInstanceCore policy is required for Session Manager.

Why this answer

Session Manager requires the SSM Agent and an IAM role with proper permissions. The template installs the agent via UserData, but it does not attach an IAM instance profile. Without the profile, the instance cannot authenticate to Systems Manager.

The security group allows HTTPS inbound, but that is for web traffic, not SSM. The instance type is fine.

157
MCQmedium

A company is migrating a critical SAP HANA database to AWS. They have a limited migration window and need to ensure data consistency. Which migration approach should they use?

A.Use AWS Backup to restore the latest backup of the HANA database to an EC2 instance.
B.Use SAP HANA System Replication to replicate data to a target HANA system on AWS.
C.Perform a heterogeneous migration using AWS SCT and AWS DMS.
D.Use AWS DMS with ongoing replication from the source HANA database to an Amazon RDS for HANA instance.
AnswerB

SAP HANA System Replication provides near-zero downtime and data consistency.

Why this answer

SAP HANA System Replication with HLI or EC2 allows near-zero downtime and data consistency. Heterogeneous migration with DMS and SCT is for different database engines. Backup and restore may have longer downtime.

SAP Landscape Transformation is for system consolidation, not direct HANA migration.

158
MCQhard

A company is designing an SAP HANA disaster recovery solution across AWS Regions. The primary site is in us-east-1 and the DR site is in us-west-2. The database size is 5 TB. The RTO is 1 hour and RPO is 15 minutes. Which method should be used for SAP HANA replication?

A.Use AWS Database Migration Service (DMS) to continuously replicate changes.
B.Configure SAP HANA System Replication in synchronous mode between the two regions.
C.Use AWS Backup to copy EBS snapshots to the DR region every 15 minutes.
D.Configure SAP HANA System Replication in asynchronous mode to the DR region.
AnswerD

Asynchronous replication allows cross-region replication with acceptable RPO.

Why this answer

Option D is correct because SAP HANA System Replication with asynchronous mode can replicate across regions with RPO of seconds to minutes. Option A is wrong because synchronous mode over long distance introduces high latency. Option B is wrong because EBS snapshots alone cannot achieve RPO of 15 minutes due to frequency limits.

Option C is wrong because DMS does not support SAP HANA as a target.

159
MCQmedium

A company runs an SAP HANA database on an EC2 instance with a large EBS volume. The operations team receives alerts that the volume's burst balance has dropped to 10%. Which action should be taken to prevent performance degradation?

A.Change the volume type to io2 with provisioned IOPS.
B.Increase the volume size to increase the baseline IOPS.
C.Enable EBS optimization on the instance.
D.Convert the volume to gp3.
AnswerB

Increasing volume size raises baseline IOPS and improves burst balance replenishment.

Why this answer

Option B is correct because increasing the volume size increases the baseline IOPS and burst balance replenishment rate. Option A is wrong because gp3 volumes do not have burst balance. Option C is wrong because it does not address burst balance.

Option D is wrong because it does not affect burst balance.

160
MCQeasy

A company runs SAP on AWS and needs to ensure that all changes to the SAP system's underlying infrastructure are recorded and auditable. Which AWS service should be enabled to meet this requirement?

A.Amazon CloudWatch Logs
B.AWS CloudTrail
C.AWS Config
D.AWS Trusted Advisor
AnswerB

CloudTrail records all AWS API calls for audit purposes.

Why this answer

AWS CloudTrail records API calls for auditing. CloudWatch Logs is for log monitoring. Config tracks resource configuration changes.

Trusted Advisor provides best-practice checks. CloudTrail is the primary service for API activity auditing.

161
MCQeasy

A company is migrating a web application to AWS and wants to use a blue/green deployment strategy to minimize downtime. Which AWS service should be used to route traffic between the blue and green environments?

A.Amazon CloudFront
B.AWS Global Accelerator
C.Application Load Balancer (ALB)
D.Amazon Route 53
AnswerD

Route 53 supports weighted routing policy to shift traffic between blue and green environments.

Why this answer

Amazon Route 53 is correct because it supports weighted DNS routing, which allows you to shift traffic gradually between blue and green environments by adjusting the weight values for DNS records. This enables a blue/green deployment strategy with minimal downtime, as Route 53 can route a percentage of traffic to the new environment while keeping the old environment active for rollback.

Exam trap

The trap here is that candidates often confuse load balancers (ALB) with traffic routing services, assuming an ALB can directly manage blue/green environments, but ALB requires Route 53 or similar DNS-level routing to split traffic between separate environments.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront is a content delivery network (CDN) that caches content at edge locations; it does not provide the granular traffic shifting or weighted routing needed for blue/green deployments. Option B is wrong because AWS Global Accelerator improves performance by routing traffic over the AWS global network using anycast IPs, but it lacks the DNS-level weight-based traffic splitting required for blue/green deployments. Option C is wrong because an Application Load Balancer (ALB) distributes traffic to targets within a single environment; it cannot independently route traffic between two separate environments (blue and green) without additional infrastructure like multiple target groups and Route 53.

162
MCQeasy

A company is planning to migrate an SAP ERP system to AWS. They want to use an existing software license with no additional cost. Which AWS service allows them to bring their own SAP license?

A.AWS Organizations
B.AWS License Manager
C.AWS Systems Manager
D.AWS Service Catalog
AnswerB

License Manager supports BYOL for SAP and other software.

Why this answer

AWS License Manager helps manage licenses, including bring-your-own-license (BYOL) for SAP. Option B is wrong because AWS Systems Manager is for management, not licensing. Option C is wrong because AWS Organizations is for multi-account governance.

Option D is wrong because AWS Service Catalog is for provisioning approved services.

163
MCQmedium

An SAP system fails to send emails via SAPconnect using SMTP. The EC2 instance has a public IP and the security group allows outbound traffic on port 25. The SMTP server is an on-premises relay. What is the most likely reason for the failure?

A.The security group does not allow outbound traffic on port 25.
B.AWS blocks outbound traffic on port 25 by default for EC2 instances.
C.The EC2 instance does not have a public IP address associated.
D.The route table does not have a default route to an internet gateway.
AnswerB

AWS restricts port 25 outbound; you need to request removal or use a different port.

Why this answer

Option A is correct because AWS blocks outbound traffic on port 25 by default for EC2 instances to prevent spam. Option B is wrong because the instance has a public IP. Option C is wrong because the security group allows outbound traffic.

Option D is wrong because the route table does not affect outbound traffic to the internet if the instance has a public IP.

164
MCQmedium

An SAP system uses a Multi-AZ RDS for Oracle instance. During a recent failover, the application experienced a long outage because the SAP application server did not automatically reconnect to the new database endpoint. What is the most efficient way to resolve this issue?

A.Reduce the DNS TTL for the RDS endpoint and ensure the application re-resolves DNS on connection failure.
B.Reboot the application server after every failover.
C.Deploy an Application Load Balancer in front of the RDS instance.
D.Modify the application connection string to use the standby instance IP directly.
AnswerA

Low TTL and re-resolution enable fast failover recovery.

Why this answer

Option A is correct because the RDS endpoint remains the same after failover; the issue is DNS caching. Reducing the TTL ensures the application picks up the new IP quickly. Option B (rebooting) is disruptive and not a fix.

Option C (modifying the connection string) is not needed. Option D (using a load balancer) adds complexity and latency.

165
MCQmedium

A company is migrating an SAP BusinessObjects environment to AWS. They need to ensure that the business intelligence reports continue to run without interruption. Which migration strategy should they use?

A.Use a phased migration, moving reports gradually using AWS DataSync
B.Rehost using AWS Server Migration Service (SMS) in a single wave
C.Replatform to Amazon QuickSight
D.Lift-and-shift all servers at once during a maintenance window
AnswerA

Phased approach minimizes disruption; DataSync can transfer data incrementally.

Why this answer

Option A is correct because a phased migration using AWS DataSync allows the company to gradually move SAP BusinessObjects reports while maintaining continuous operations. DataSync efficiently transfers large volumes of data over the network with built-in validation and incremental sync capabilities, ensuring that the BI environment remains available during the migration. This approach minimizes disruption by avoiding a full cutover and allows for testing and rollback if needed.

Exam trap

The trap here is that candidates often confuse 'phased migration' with 'lift-and-shift' or 'replatforming,' assuming that any migration to AWS must involve a single cutover or a full re-architecture, when in fact a gradual data sync approach like DataSync can maintain business continuity.

How to eliminate wrong answers

Option B is wrong because AWS Server Migration Service (SMS) is designed for rehosting entire server images as a single wave, which would require a full cutover and cause downtime, not suitable for uninterrupted report execution. Option C is wrong because replatforming to Amazon QuickSight is a re-architecture strategy that would require significant changes to the SAP BusinessObjects environment, including rewriting reports and data connections, which contradicts the requirement for uninterrupted operation. Option D is wrong because a lift-and-shift of all servers at once during a maintenance window would cause a complete outage, failing to ensure that reports continue to run without interruption.

166
MCQeasy

A company is deploying an SAP BusinessObjects (BO) platform on AWS. To ensure high availability of the BO servers, which AWS service should be used to distribute incoming traffic across multiple BO instances in different Availability Zones?

A.NAT Gateway
B.Application Load Balancer
C.Amazon Route 53
D.Classic Load Balancer
AnswerB

ALB distributes incoming HTTP/HTTPS traffic across multiple instances.

Why this answer

The Application Load Balancer (ALB) operates at Layer 7 and can distribute HTTP/HTTPS traffic across multiple SAP BusinessObjects instances in different Availability Zones, providing high availability and health-check-based routing. ALB supports path-based routing and SSL termination, which are essential for modern web applications like SAP BO. It is the correct choice because it is designed for HTTP/HTTPS traffic and can balance load across instances in multiple AZs.

Exam trap

The trap here is that candidates often confuse DNS-based routing (Route 53) with load balancing, but Route 53 does not provide real-time health-check-based traffic distribution across instances in the same way an ALB does.

How to eliminate wrong answers

Option A is wrong because a NAT Gateway is used to enable outbound internet access for instances in private subnets, not to distribute incoming traffic across multiple instances. Option C is wrong because Amazon Route 53 is a DNS service that can route traffic to endpoints but does not perform load balancing at the application layer; it lacks health-check-based traffic distribution across multiple instances in real time. Option D is wrong because the Classic Load Balancer operates at Layer 4 and does not support advanced Layer 7 features like path-based routing or host-based routing, which are often required for SAP BusinessObjects deployments.

167
MCQhard

An SAP system uses a large Amazon RDS for Oracle instance. The operations team wants to minimize downtime during a major version upgrade. Which strategy should they use?

A.Take a snapshot of the database and restore it as a new instance with the upgraded version
B.Create a read replica, upgrade it, and then promote it to the primary
C.Modify the DB instance and apply the upgrade immediately
D.Use AWS Database Migration Service (DMS) to migrate to a new instance
AnswerB

Minimizes downtime by failing over to the upgraded replica.

Why this answer

Option B is correct because using a read replica allows you to upgrade the replica and then promote it, minimizing downtime. Option A (taking a snapshot and restoring) has downtime. Option C (modifying the DB instance) causes downtime.

Option D (using AWS DMS) requires complex setup and may introduce latency.

168
MCQhard

A company is migrating an SAP NetWeaver system to AWS. The migration involves moving the application layer to EC2 instances and the database to Amazon RDS for SAP. The company wants to minimize downtime and has a limited time window. Which migration approach should the company use?

A.Use AWS Application Migration Service (MGN) to replicate the entire server
B.Use SAP System Provisioning (SWPM) to export and import the system
C.Use AWS Database Migration Service (DMS) for the database and AWS Application Migration Service (MGN) for the application servers
D.Use SAP Software Update Manager (SUM) with Database Migration Option (DMO)
AnswerD

SUM with DMO provides a unified migration process for SAP systems.

Why this answer

For minimal downtime, a heterogeneous migration using SAP Software Update Manager (SUM) with DMO (Database Migration Option) is recommended. SUM can handle both the application and database migration in a single process. Option A (AWS DMS) does not support SAP application migration.

Option B (SAP SUM with DMO) is correct. Option C (SAP SWPM) is for installation, not migration. Option D (AWS MGN) is for server migration, not SAP-specific.

169
MCQeasy

A company is running SAP NetWeaver on AWS. The SAP application server instances need to be distributed across multiple Availability Zones for high availability. Which AWS feature should be used to ensure low-latency connectivity between these instances?

A.Network ACL
B.Placement Group (cluster)
C.Internet Gateway
D.VPC Peering
AnswerB

Cluster placement group provides low-latency network.

Why this answer

Option C is correct because placing EC2 instances in the same placement group (cluster placement group) ensures low-latency network connectivity between them, which is beneficial for SAP application servers. Option A is incorrect because an Internet Gateway is for internet access, not internal connectivity. Option B is incorrect because a Network ACL controls traffic at the subnet level, not connectivity.

Option D is incorrect because VPC Peering connects different VPCs, not within the same VPC.

170
MCQeasy

A company is migrating an on-premises SAP ERP system to AWS. The system uses a large Oracle database. The migration must minimize downtime. Which AWS service should be used for the database migration?

A.AWS Server Migration Service (SMS)
B.AWS Application Migration Service (MGN)
C.AWS Schema Conversion Tool (SCT)
D.AWS Database Migration Service (DMS)
AnswerD

DMS supports minimal downtime migration with ongoing replication.

Why this answer

AWS DMS can migrate databases with minimal downtime using ongoing replication. Option A is wrong because AWS SMS is for server migration, not database. Option B is wrong because AWS SCT is a schema conversion tool, not a migration service.

Option D is wrong because AWS MGN is for server migration.

171
Multi-Selecteasy

Which TWO actions are recommended for securing an SAP system on AWS? (Choose TWO.)

Select 2 answers
A.Enable encryption at rest for EBS volumes and RDS instances
B.Disable AWS CloudTrail to reduce logging overhead
C.Use security groups to restrict network access to SAP application ports
D.Place all SAP servers in a public subnet for easier management
E.Use the default VPC security group for all SAP instances
AnswersA, C

Encryption at rest protects data.

Why this answer

Using security groups to control traffic and enabling encryption at rest are key security measures. Option B is wrong because public subnets are not recommended. Option D is wrong because disabling CloudTrail reduces visibility.

Option E is wrong because default VPC security groups are too permissive.

172
MCQeasy

A company runs an SAP HANA database on AWS. The operations team wants to automate the monitoring of HANA alert logs and send notifications when critical alerts occur. Which AWS service should they use to collect and analyze the logs?

A.AWS CloudTrail
B.Amazon S3 Event Notifications
C.AWS Lambda scheduled functions
D.Amazon CloudWatch Logs with metric filters and alarms
AnswerD

CloudWatch Logs can ingest and monitor log files, triggering alarms on specific patterns.

Why this answer

Amazon CloudWatch Logs can ingest HANA alert logs via the CloudWatch agent and trigger alarms based on metric filters. CloudTrail records API activity, not application logs. S3 Event Notifications do not analyze log content.

Lambda alone does not provide log collection.

173
MCQhard

An SAP administrator runs the AWS CLI command shown in the exhibit for an EC2 instance used as an SAP HANA database server. The server has two EBS volumes attached: a root volume (/dev/xvda) and a data volume (/dev/sdf). Based on the output, what will happen when the instance is terminated?

A.The instance cannot be terminated because DeleteOnTermination is set inconsistently.
B.Both volumes will be deleted.
C.The root volume will be deleted, and the data volume will persist.
D.Both volumes will persist.
AnswerC

The root volume is deleted, the data volume persists.

Why this answer

Option C is correct because the root volume has DeleteOnTermination set to true, so it will be deleted. The data volume has DeleteOnTermination set to false, so it will persist. Option A is wrong because the data volume is not deleted.

Option B is wrong because the root volume is deleted. Option D is wrong because both volumes are affected differently.

174
MCQhard

A company is migrating a critical application to AWS using a lift-and-shift strategy. The application has a legacy licensing model tied to specific hardware IDs. The company has already migrated the application to an Amazon EC2 instance but the license validation fails because the hardware ID changed. What is the MOST cost-effective and least disruptive solution?

A.Revert the migration and keep the application on-premises with a VPN connection to AWS for other services.
B.Provision a Dedicated Host and associate the instance with it to control hardware IDs.
C.Modify the application's license file to accept the new hardware ID.
D.Use AWS License Manager to create a hardware-based license token that matches the original hardware ID.
AnswerD

License Manager can generate a token that emulates the original hardware ID, allowing the license to work.

Why this answer

Option D is correct because AWS License Manager can create a hardware-based license token that binds the license to a specific hardware ID, allowing the application to validate against the original hardware ID even after migration to EC2. This is the most cost-effective and least disruptive solution as it avoids modifying the application code or reverting the migration, and it leverages AWS-native licensing management without requiring dedicated hardware.

Exam trap

The trap here is that candidates may confuse Dedicated Hosts (Option B) with a solution for hardware ID binding, but Dedicated Hosts do not allow you to control or spoof the hardware ID; they only provide physical isolation, which is irrelevant for license validation tied to a specific hardware ID.

How to eliminate wrong answers

Option A is wrong because reverting the migration defeats the purpose of the lift-and-shift strategy and introduces significant operational overhead and latency for other services. Option B is wrong because provisioning a Dedicated Host is more expensive than necessary and does not directly solve the hardware ID mismatch; Dedicated Hosts provide physical isolation but do not allow you to spoof or control the hardware ID that the application sees. Option C is wrong because modifying the application's license file to accept the new hardware ID may violate the licensing agreement and is not a supported or scalable solution; it also requires manual intervention and potential legal issues.

175
Multi-Selecteasy

Which TWO AWS services can be used to monitor the performance of an SAP HANA database running on EC2? (Choose two.)

Select 2 answers
A.AWS Systems Manager
B.AWS CloudTrail
C.AWS Trusted Advisor
D.AWS Config
E.Amazon CloudWatch
AnswersA, E

Systems Manager can collect OS and application metrics.

Why this answer

AWS Systems Manager (SSM) is correct because it provides the Run Command and Inventory features that can execute scripts (e.g., SAP HANA SQL queries) and collect OS-level metrics (CPU, memory, disk) from EC2 instances. Amazon CloudWatch is correct because it can ingest custom metrics from the SAP HANA database (e.g., via the SAP HANA plugin for CloudWatch Agent) and monitor standard EC2 metrics like CPU utilization and memory, enabling performance monitoring and alarming.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (audit logging) with CloudWatch (monitoring), or assume AWS Config can monitor performance because it tracks resource state, but neither provides the real-time metric collection needed for SAP HANA performance monitoring.

176
MCQeasy

A SAP administrator wants to monitor the CPU utilization of an SAP application server running on an EC2 instance. Which AWS service should be used to set up an alarm when CPU utilization exceeds 90% for 5 minutes?

A.AWS CloudTrail
B.AWS Trusted Advisor
C.Amazon CloudWatch
D.AWS Config
AnswerC

CloudWatch Alarms can monitor metrics and trigger actions based on thresholds.

Why this answer

Option B is correct because CloudWatch Alarms can trigger based on metrics like CPUUtilization. Option A is wrong because CloudTrail tracks API calls, not metrics. Option C is wrong because Config records resource configuration changes.

Option D is wrong because Trusted Advisor provides best practice checks, not real-time monitoring.

177
MCQeasy

An SAP administrator needs to ensure that all changes to an SAP system's AWS resources are tracked and that alerts are sent when SSH access to EC2 instances is modified. Which AWS service should be used?

A.AWS Config
B.Amazon CloudWatch
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerD

Records API calls for auditing.

Why this answer

Option B is correct because AWS CloudTrail records API calls and can trigger alerts via CloudWatch Events. Option A is wrong because Config tracks resource configuration changes but not API calls. Option C is wrong because CloudWatch monitors performance, not API calls.

Option D is wrong because Trusted Advisor provides best-practice checks, not change tracking.

178
MCQeasy

During a SAP migration to AWS, the team needs to ensure that the SAP license is compliant. Which of the following is a requirement for running SAP production systems on AWS?

A.The EC2 instance must be SAP-certified and the number of SAPS must be licensed.
B.The company must use AWS Enterprise Support.
C.The company must notify SAP of the migration to AWS.
D.The company must use a specific AWS region.
AnswerA

SAP certification and proper licensing are mandatory.

Why this answer

AWS requires that for running SAP production systems, the EC2 instance must be SAP-certified (listed in the SAP Certified and Supported Hardware Directory) and the customer must have licensed the appropriate number of SAP Application Performance Standard (SAPS) units for the instance type. This ensures the infrastructure meets SAP's performance and support requirements, and that the license covers the compute capacity used.

Exam trap

The trap here is that candidates may confuse operational best practices (like using Enterprise Support or notifying SAP) with mandatory licensing requirements, or assume that AWS region choice affects SAP licensing compliance.

How to eliminate wrong answers

Option B is wrong because AWS Enterprise Support is not a requirement for running SAP production systems on AWS; it is an optional support plan, and customers can run SAP workloads with Basic or Developer support as long as they meet licensing and certification requirements. Option C is wrong because there is no requirement to notify SAP of a migration to AWS; SAP licensing is based on the customer's existing agreements and the SAPS capacity of the instance, not on migration notification. Option D is wrong because SAP production systems can run in any AWS region that supports the required EC2 instance types and services; there is no region-specific mandate for SAP licensing compliance.

179
Multi-Selecthard

A company runs SAP HANA on AWS. The system is experiencing high CPU utilization during peak hours. Which TWO actions should the administrator take to address this? (Choose two.)

Select 2 answers
A.Disable HANA columnar compression to reduce CPU overhead.
B.Increase the size of the /hana/data EBS volumes.
C.Reduce the network throughput of the EC2 instance.
D.Right-size the EC2 instance to a larger type with more vCPUs.
E.Configure HANA workload management to limit resource-intensive queries.
AnswersD, E

Provides more CPU capacity.

Why this answer

Option B and Option D are correct because right-sizing the instance (B) and implementing HANA workload management (D) directly address CPU utilization. Option A is wrong because disabling compression increases CPU for decompression. Option C is wrong because increasing EBS volume size does not affect CPU.

Option E is wrong because reducing network throughput may impact performance.

180
MCQhard

A company runs SAP S/4HANA on AWS with a production system in us-east-1 and a disaster recovery (DR) system in us-west-2. The DR system is a standby HANA system using HANA System Replication (HSR) with asynchronous replication. The primary system has a memory of 2 TB and uses x1e.16xlarge instances. The DR system uses identical instance types. Recently, the network latency between the primary and DR sites increased from 50 ms to 150 ms due to a change in the network path. The SAP Basis team notices that the replication lag has increased significantly, and the DR system is now behind by several minutes. The RPO requirement is 30 seconds. The team must resolve the issue without changing the DR site location or the bandwidth. Which action should the team take to meet the RPO?

A.Configure HSR to use delta_datashipping instead of log shipping.
B.Increase the AWS Direct Connect bandwidth between the two regions.
C.Use Amazon S3 cross-region replication for the HANA log backups.
D.Change HSR to synchronous replication mode.
AnswerA

Delta_datashipping reduces data transfer and can meet RPO under higher latency.

Why this answer

Option A is correct because HANA System Replication (HSR) can be configured to use delta_datashipping, which sends only the changed data blocks rather than full redo logs. This reduces the amount of data transferred per replication cycle, making it more resilient to increased network latency. With 150 ms latency, log shipping may fail to meet the 30-second RPO, but delta_datashipping can keep the DR system within the required lag by minimizing per-message payload size.

Exam trap

The trap here is that candidates often assume synchronous replication is the only way to reduce RPO, but they overlook that synchronous mode introduces performance penalties on the primary, and the question's constraint of not changing bandwidth or location forces a protocol-level tuning solution like delta_datashipping.

How to eliminate wrong answers

Option B is wrong because the question explicitly states that bandwidth cannot be changed, and increasing Direct Connect bandwidth would not address the root cause of high latency (150 ms) which is a propagation delay issue, not a throughput issue. Option C is wrong because Amazon S3 cross-region replication for HANA log backups is an asynchronous backup mechanism, not a real-time replication method, and it cannot meet a 30-second RPO due to S3 eventual consistency and replication delays. Option D is wrong because switching to synchronous replication would require the primary to wait for acknowledgment from the DR system before committing transactions, which with 150 ms latency would severely degrade production performance and potentially cause application timeouts.

181
MCQeasy

A company is running SAP on AWS and needs to automate OS-level patching for their SAP application servers. Which AWS service should they use to schedule and apply patches?

A.Amazon CloudWatch Events
B.AWS OpsWorks
C.AWS Systems Manager Patch Manager
D.Amazon EC2 Auto Scaling
AnswerC

Patch Manager automates OS patching across EC2 instances.

Why this answer

Option A is correct because AWS Systems Manager Patch Manager is designed for automated patching of EC2 instances. Option B is wrong because CloudWatch is for monitoring, not patching. Option C is wrong because OpsWorks is for configuration management but not primarily for patching.

Option D is wrong because EC2 Auto Scaling does not handle patching.

182
MCQmedium

A company runs SAP ERP on AWS with a Microsoft SQL Server database. The system is experiencing slow batch job processing. The database server is an r5.8xlarge instance with EBS gp2 volumes. Monitoring shows high disk queue length on the data and log volumes. What change will most likely improve batch job performance?

A.Migrate the SQL Server database to Amazon RDS for SQL Server.
B.Move the tempdb files to a dedicated EBS io2 volume with high IOPS.
C.Store the tempdb on an instance store volume.
D.Upgrade the EC2 instance to r5.12xlarge.
AnswerB

Dedicated tempdb volume reduces contention and improves I/O.

Why this answer

Moving tempdb to a separate, high-performance EBS volume (io2 or gp3) reduces contention on the data and log volumes. Option A (instance size) may help but is costly. Option C (RDS) is a migration.

Option D (S3) is not applicable for tempdb. Option B directly addresses the bottleneck.

183
MCQeasy

A company is designing a multi-tier web application on AWS. The web tier must scale based on CPU utilization, and the application tier must scale based on request count. Both tiers are deployed in a VPC with public and private subnets. Which combination of AWS services should the company use?

A.Application Load Balancer for the web tier and Network Load Balancer for the application tier
B.Classic Load Balancer for both tiers
C.Network Load Balancer for the web tier and Application Load Balancer for the application tier
D.Amazon API Gateway for the web tier and Application Load Balancer for the application tier
AnswerA

This is a standard architecture: ALB handles HTTP/HTTPS traffic and can scale based on CPU; NLB handles TCP traffic and can scale based on request count.

Why this answer

Option A is correct because the web tier requires an Application Load Balancer (ALB) to distribute HTTP/HTTPS traffic and can scale based on CPU utilization using an Auto Scaling group with a target tracking policy. The application tier needs a Network Load Balancer (NLB) to handle high request counts at the transport layer (TCP/UDP), which is ideal for scaling based on request count per target. This combination allows each tier to use the most appropriate load balancer for its scaling metric and protocol requirements.

Exam trap

The trap here is that candidates often assume the web tier should use an NLB for high performance, but the ALB is required for HTTP/HTTPS traffic and CPU-based scaling, while the NLB is better suited for the application tier when scaling based on request count at the transport layer.

How to eliminate wrong answers

Option B is wrong because the Classic Load Balancer (CLB) is a legacy service that does not support advanced routing or scaling based on request count per target, and it lacks the granularity needed for separate tier scaling. Option C is wrong because a Network Load Balancer (NLB) operates at Layer 4 and cannot inspect HTTP/HTTPS headers or route based on CPU utilization metrics, making it unsuitable for the web tier. Option D is wrong because Amazon API Gateway is a serverless API management service, not a load balancer, and it cannot directly integrate with Auto Scaling groups for CPU-based scaling of EC2 instances in a web tier.

184
MCQmedium

A company is migrating a critical SAP ERP system to AWS. The migration plan includes using SAP HANA as the database. The system is used by thousands of users and requires high availability with a Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 1 hour. Which architecture should they implement on AWS?

A.Use SAP HANA system replication with an active standby instance in another Availability Zone
B.Deploy a single EC2 instance with SAP HANA and take nightly snapshots
C.Use AWS Database Migration Service (DMS) for continuous replication
D.Use Amazon RDS for SAP HANA with Multi-AZ deployment
AnswerA

System replication provides automatic failover and low RPO.

Why this answer

SAP HANA system replication in an active standby setup across Availability Zones provides automatic failover and meets the RPO and RTO requirements. Option B is correct. Option A (single instance) has no HA.

Option C (Multi-AZ RDS) is not applicable for SAP HANA (RDS does not support HANA). Option D (DMS) is for migration, not HA.

185
MCQeasy

An operations team receives an alert that an SAP application server EC2 instance is unreachable. The team checks the AWS Management Console and sees that the instance status check shows "Instance reachability check failed". What is the most likely cause?

A.The operating system on the instance is not responding.
B.The security group associated with the instance is blocking all traffic.
C.The EBS root volume is detached from the instance.
D.The instance was stopped by an Auto Scaling group.
AnswerA

Status checks test the health of the OS and instance.

Why this answer

Option B is correct. An instance reachability check failure typically indicates OS-level issues such as a crashed OS or kernel panic. Option A is wrong because security group issues would cause network connectivity failure but not necessarily a status check failure.

Option C is wrong while a stopped instance would show a different status. Option D is wrong because EBS volume issues would be reported as a volume status check failure.

186
Drag & Dropmedium

Drag and drop the steps to troubleshoot an SAP HANA database connection failure from an SAP application in AWS into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Troubleshooting should start with logs, then check database status, network, security groups, and authentication.

187
MCQeasy

An SAP administrator needs to ensure that the SAP landscape on AWS is compliant with the SAP license requirements. What is the responsibility of the customer regarding SAP licensing on AWS?

A.AWS provides SAP licenses as part of the EC2 instance pricing
B.The customer must bring their own SAP licenses and ensure compliance with SAP licensing terms
C.SAP licensing is automatically handled by AWS Support
D.SAP licenses are included when using SAP HANA on AWS
AnswerB

Customers are responsible for their own SAP licenses and compliance with SAP's licensing policies.

Why this answer

Customers are responsible for bringing their own SAP licenses and ensuring compliance with SAP licensing terms. AWS does not provide SAP licenses. AWS provides the infrastructure.

SAP licensing is not automatically covered by AWS Support.

188
Matchingmedium

Match the AWS service to its function in SAP disaster recovery.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Replicates servers to another AWS Region

Replicates backups to secondary Region

Traffic routing to standby region

Point-in-time backups for HANA data volumes

Why these pairings

DR strategies for SAP use these AWS capabilities.

189
Multi-Selecteasy

A company is planning to migrate its SAP ERP system to AWS. The system currently uses an Oracle database. The company wants to switch to a supported database on AWS. Which THREE database options are supported by SAP on AWS?

Select 3 answers
A.SAP Adaptive Server Enterprise (ASE)
B.SAP MaxDB
C.IBM Db2 for SAP
D.Amazon Aurora PostgreSQL
E.SAP HANA
AnswersA, C, E

SAP ASE is a supported database for SAP systems.

Why this answer

SAP Adaptive Server Enterprise (ASE) is a certified database platform for SAP applications on AWS. SAP officially supports ASE as a database option for SAP ERP and other SAP Business Suite systems, provided the correct SAP ASE version and patch levels are used. This makes it a valid choice for migrating from Oracle to a supported SAP database on AWS.

Exam trap

Cisco often tests the misconception that any AWS-managed database (like Amazon Aurora PostgreSQL) is automatically supported for SAP workloads, but SAP strictly limits database support to its own and certified third-party databases listed in the SAP PAM.

190
MCQeasy

A company is running SAP on AWS and needs to ensure high availability for their SAP Central Services (ASCS) instance. They plan to use a multi-AZ deployment with a floating IP. Which AWS service should they use to manage the floating IP and failover?

A.Elastic Load Balancer
B.Amazon Route 53
C.AWS Global Accelerator
D.Amazon CloudFront
AnswerB

Route 53 can provide DNS failover with health checks, acting as a floating IP.

Why this answer

Option B is correct because Amazon Route 53 can be used to associate a DNS name with a health check and failover to a secondary IP in another AZ. Option A is wrong because Elastic Load Balancer (ELB) is for distributing traffic, not for floating IPs. Option C is wrong because AWS Global Accelerator improves performance, not floating IP failover.

Option D is wrong because Amazon CloudFront is a CDN.

191
MCQmedium

A company runs SAP on AWS with an SAP HANA database on an r5.8xlarge instance. The company notices high network latency between the SAP application servers and the HANA database. The application servers are in the same VPC but different subnets. Which design change would MOST effectively reduce latency?

A.Launch the application servers and the HANA database in the same placement group.
B.Create a VPC peering connection between the subnets of the application servers and the database.
C.Change the HANA database instance type to a compute-optimized instance such as c5.9xlarge.
D.Enable Enhanced Networking on the application servers by attaching an Elastic Network Adapter (ENA).
AnswerA

Placement groups provide low-latency, high-bandwidth connectivity between instances.

Why this answer

Option A is correct because placing both the SAP application servers and the HANA database in the same cluster placement group ensures they are in close physical proximity within a single Availability Zone, minimizing network hops and reducing latency. Placement groups achieve this by co-locating instances on the same high-bandwidth, low-latency network fabric, which is critical for SAP HANA's real-time data processing requirements.

Exam trap

The trap here is that candidates confuse Enhanced Networking (which improves throughput and CPU efficiency) with reducing latency, when in fact latency is dominated by physical distance and network hops, which only placement groups can address.

How to eliminate wrong answers

Option B is wrong because VPC peering connects VPCs, not subnets within the same VPC; the application servers and database are already in the same VPC, so peering adds unnecessary complexity and does not reduce latency. Option C is wrong because changing to a compute-optimized instance (c5.9xlarge) does not address network latency; it may even reduce memory bandwidth, which is critical for HANA, and does not affect network path length. Option D is wrong because Enhanced Networking (ENA) improves throughput and reduces CPU overhead for packet processing, but it does not reduce physical distance or network hops between instances in different subnets; latency is primarily a function of proximity, not interface optimization.

192
MCQeasy

An SAP administrator needs to ensure that an Amazon RDS for SAP ASE database is automatically backed up daily and the backups are retained for 30 days. The database is currently in a Multi-AZ deployment. What is the simplest way to achieve this?

A.Create a manual snapshot every day using AWS Backup.
B.Enable Multi-AZ, which automatically backs up the database.
C.Configure automated backups with a retention period of 30 days in the RDS instance settings.
D.Set up a scheduled Lambda function to create snapshots.
AnswerC

B is correct: automated backups are built-in and configurable.

Why this answer

Option B is correct: Automated backups are enabled by default with a retention period of up to 35 days. Option A is incorrect because manual snapshots are not automated. Option C is incorrect because the default backup window is sufficient.

Option D is incorrect because Multi-AZ does not replace backups.

193
Multi-Selectmedium

Which TWO configurations are required for a high-availability SAP HANA deployment on AWS using Pacemaker? (Choose two.)

Select 2 answers
A.Placement groups in separate Availability Zones for the cluster nodes.
B.STONITH fencing configured for the cluster nodes.
C.EBS volumes with multi-attach enabled for shared storage.
D.An AWS Classic Load Balancer to route traffic to the active node.
E.SAP HANA system replication between primary and secondary instances.
AnswersB, E

STONITH ensures node isolation during failover.

Why this answer

STONITH (Shoot The Other Node In The Head) fencing is required in a Pacemaker cluster to ensure that a failed or unresponsive node is forcefully isolated before resources are failed over. Without STONITH, a split-brain scenario can occur where both nodes attempt to act as the primary, leading to data corruption. On AWS, STONITH is typically implemented using the AWS fence agent (fence_aws) which uses API calls to stop or reboot the instance.

Exam trap

The trap here is that candidates often confuse high-availability prerequisites with optional components, and may think that a load balancer or shared storage is mandatory, when in fact Pacemaker with STONITH and SAP HANA system replication are the two core requirements for a fully automated failover solution on AWS.

194
MCQhard

The exhibit shows the block device mapping of an EC2 instance running SAP HANA. The root volume (/dev/xvda) has DeleteOnTermination set to true, and the data volume (/dev/sdf) has DeleteOnTermination set to false. If the instance is terminated, what happens to the data volume?

A.Only the data volume is deleted; the root volume remains.
B.Both volumes are detached and moved to Amazon S3.
C.Both volumes are deleted.
D.Only the root volume is deleted; the data volume remains.
AnswerD

The data volume's DeleteOnTermination is false, so it persists.

Why this answer

Option B is correct: The data volume (vol-0def456abc1237890) has DeleteOnTermination=false, so it will not be deleted when the instance is terminated. It remains in the AWS account and can be attached to another instance. Option A is wrong: Only the root volume is deleted.

Option C is wrong: The data volume is not deleted. Option D is wrong: The volume is not automatically moved to S3.

195
MCQmedium

An SAP system on AWS is using an RDS for Oracle database. The operations team notices that database backups are taking longer than expected, impacting performance. Which change would most effectively reduce backup duration without affecting availability?

A.Reduce the backup window to a shorter time period.
B.Disable automatic backups and rely on manual snapshots.
C.Use the Backup Multi-AZ option to take backups from the standby instance.
D.Increase the backup retention period to allow more frequent backups.
AnswerC

Backup Multi-AZ offloads backup I/O to the standby, reducing performance impact and potentially allowing faster backups.

Why this answer

Option C is correct because enabling the Backup Multi-AZ option for an RDS for Oracle database allows backups to be taken from the standby instance in a Multi-AZ deployment. This offloads the backup I/O overhead from the primary instance, reducing performance impact and backup duration while maintaining full availability for the SAP workload.

Exam trap

The trap here is that candidates often assume reducing the backup window or increasing retention will speed up backups, but the real bottleneck is I/O contention on the primary instance, which only offloading backups to a standby can resolve without affecting availability.

How to eliminate wrong answers

Option A is wrong because reducing the backup window does not reduce the duration of the backup itself; it only shortens the time period during which backups are allowed to start, potentially causing backups to fail or be skipped if they cannot complete. Option B is wrong because disabling automatic backups and relying on manual snapshots removes the automated recovery point objective (RPO) protection and increases operational overhead, risking data loss and violating SAP high-availability best practices. Option D is wrong because increasing the backup retention period does not affect backup duration; it only retains more backup files, which can increase storage costs and management complexity without improving backup speed.

196
Multi-Selectmedium

A company runs SAP on AWS and needs to implement a disaster recovery (DR) strategy with a Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 2 hours. Which TWO actions should they take?

Select 2 answers
A.Set up SAP HANA System Replication to another AWS region.
B.Implement a Pilot Light strategy using EC2 instances in standby.
C.Use AWS CloudFormation to automate infrastructure deployment in the DR region.
D.Use AWS Backup to schedule backups every 15 minutes.
E.Take EBS snapshots every 15 minutes.
AnswersA, C

HANA System Replication provides near-real-time data replication.

Why this answer

Options A and D are correct. A: Replicate data to another region using HANA System Replication meets RPO. D: Use CloudFormation to provision DR infrastructure quickly.

B is incorrect because EBS snapshots every 15 minutes may not be feasible and slower. C is incorrect because AWS Backup may not meet RPO/RTO. E is incorrect because Pilot Light alone may not meet RTO.

197
MCQeasy

A company is migrating an SAP system to AWS and wants to use AWS Backup to back up the SAP HANA database. What is a prerequisite for using AWS Backup with SAP HANA?

A.Configure AWS Storage Gateway to store backups
B.Use AWS CloudEndure for backup
C.Set up AWS Database Migration Service (DMS) for continuous backup
D.Install the AWS Backup agent for SAP HANA on the database instance
AnswerD

Agent is required for HANA backup integration.

Why this answer

AWS Backup for SAP HANA requires the AWS Backup agent to be installed on the SAP HANA database instance. This agent is a software component that integrates with SAP HANA's native backup capabilities, enabling AWS Backup to orchestrate and manage full, incremental, and differential backups of the HANA database. Without the agent, AWS Backup cannot communicate with the SAP HANA system to initiate or manage backups.

Exam trap

The trap here is that candidates may confuse AWS Backup's agent-based approach with other AWS services like Storage Gateway or DMS, assuming that backup of SAP HANA requires a separate storage or replication service rather than a dedicated agent that integrates with HANA's native backup interface.

How to eliminate wrong answers

Option A is wrong because AWS Storage Gateway is used for hybrid cloud storage (e.g., file, volume, or tape gateways) and is not a prerequisite for AWS Backup with SAP HANA; AWS Backup stores backups directly in Amazon S3 or AWS Backup vaults, not via Storage Gateway. Option B is wrong because AWS CloudEndure (now AWS Application Migration Service) is designed for lift-and-shift migration of entire servers, not for database backup integration with AWS Backup. Option C is wrong because AWS Database Migration Service (DMS) is used for continuous data replication and migration between databases, not for backup orchestration; AWS Backup does not rely on DMS for SAP HANA backups.

198
MCQhard

Refer to the exhibit. A migration team is using AWS DMS to replicate data from an on-premises SAP ASE database to Amazon RDS for SAP ASE. The DMS task fails with the error shown. The source database is reachable from the DMS replication instance. What is the most likely cause?

A.The ODBC driver configuration on the DMS replication instance is incorrect
B.The source database port is blocked by a firewall
C.The DMS task is using the wrong source engine type (e.g., SQL Server instead of SAP ASE)
D.The DMS replication instance does not have the required IAM permissions
AnswerA

ODBC error indicates driver or connection string issue.

Why this answer

Option A is incorrect because the error mentions ODBC connection failure, not privileges. Option B is correct because the source database ODBC driver or settings may be misconfigured. Option C is incorrect because the task is already using the correct engine.

Option D is incorrect because the network is reachable.

199
MCQhard

A company is running SAP HANA on an EC2 instance with multiple EBS volumes for data and log. The instance is experiencing high write latency on the log volume. The administrator notices that the log volume is a gp2 EBS volume with 1,000 GB size and 3,000 IOPS baseline. The average write IOPS to the log volume is 4,000, with peaks up to 5,500. Which action should the administrator take to resolve the latency?

A.Replace the gp2 volume with an io2 Block Express volume provisioned at 6,000 IOPS.
B.Change the volume type to st1 (throughput optimized) to improve throughput.
C.Add a second log volume and stripe them using LVM.
D.Increase the gp2 volume size to 2,000 GB to double the baseline IOPS.
AnswerA

io2 Block Express provides consistent low latency and high IOPS.

Why this answer

Option B is correct because io2 Block Express volumes provide high IOPS and low latency, suitable for HANA log. Option A is wrong because adding more volumes does not help single volume performance. Option C is wrong because increasing volume size increases baseline IOPS but gp2 max is 16,000, but io2 is better.

Option D is wrong because throughput is not the issue.

200
MCQhard

An SAP system running on AWS experiences periodic performance degradation. Analysis shows that the issue occurs when an on-premises monitoring system polls the SAP application server. Which AWS service can help mitigate this by caching or throttling requests?

A.Amazon Route 53
B.AWS WAF
C.Amazon CloudFront
D.Elastic Load Balancing
AnswerB

WAF can create rules to rate-limit or block excessive requests.

Why this answer

Option C is correct because AWS WAF can rate-limit incoming requests from a specific IP, reducing load. Option A (CloudFront) caches content but is not designed for application-level throttling. Option B (ELB) distributes traffic but does not throttle.

Option D (Route 53) is DNS and not suitable for throttling.

201
MCQhard

An SAP HANA database on AWS is running on an EC2 instance with multiple EBS volumes striped using LVM. The database administrator needs to increase the total storage capacity without downtime. Which approach should be taken? (Select TWO.)

A.Create a new larger instance and attach the existing volumes.
B.Modify the existing volumes to a higher IOPS volume type.
C.Add the new volumes to the LVM volume group and extend the logical volume.
D.Create new EBS volumes and attach them to the instance.
E.Take a snapshot of the existing volumes and restore to larger volumes.
AnswerC, D

Online LVM extension adds capacity without downtime.

Why this answer

Option C is correct because LVM (Logical Volume Manager) allows you to add new EBS volumes to an existing volume group and extend the logical volume without unmounting the filesystem or stopping the database. This enables online storage expansion for SAP HANA, which requires zero downtime for production workloads.

Exam trap

The trap here is that candidates may confuse increasing storage capacity with changing volume type or instance size, or assume snapshot-based migration is the only way to expand, overlooking LVM's online extension capability.

How to eliminate wrong answers

Option A is wrong because creating a new larger instance and attaching existing volumes would require stopping the original instance and migrating, causing downtime; it also does not increase storage capacity. Option B is wrong because modifying existing volumes to a higher IOPS volume type changes performance characteristics, not storage capacity, and does not address the need for more total storage. Option E is wrong because taking snapshots and restoring to larger volumes is an offline process that requires downtime for the database, and it is not a live expansion method.

202
Multi-Selectmedium

Which THREE of the following are best practices for securing SAP systems on AWS?

Select 3 answers
A.Enable AWS CloudTrail to log all API calls
B.Enable encryption at rest using AWS KMS for SAP HANA data volumes
C.Use security groups to restrict network access to SAP application servers
D.Use IAM users to authenticate SAP system users
E.Store SAP system credentials in application source code
AnswersA, B, C

CloudTrail provides audit trail for AWS API calls.

Why this answer

Option A is correct because security groups act as virtual firewalls for EC2 instances. Option C is correct because AWS KMS can be used to encrypt EBS volumes and S3 objects. Option E is correct because AWS CloudTrail provides audit logging of API calls.

Option B is wrong because IAM users should not be used for SAP application authentication; instead, use SAP-specific authentication. Option D is wrong because storing secrets in source code is insecure; use AWS Secrets Manager instead.

203
Multi-Selectmedium

Which THREE factors should be considered when sizing an EC2 instance for SAP HANA? (Choose THREE.)

Select 3 answers
A.Total memory available on the instance
B.GPU acceleration for HANA calculations
C.SAP HANA certification of the instance type
D.vCPU and network throughput requirements
E.Instance store availability for HANA data
AnswersA, C, D

SAP HANA requires enough memory to hold data.

Why this answer

SAP HANA certification, memory requirements, and vCPU/network performance are key. Option D is wrong because instance store is not persistent. Option E is wrong because GPU is not required for most SAP HANA workloads.

204
MCQmedium

A company is migrating an on-premises SAP HANA database to AWS. The database size is 2 TB and the network bandwidth is 100 Mbps. The migration must minimize downtime and support incremental data synchronization. Which AWS service should the company use?

A.AWS Direct Connect
B.AWS Database Migration Service (DMS)
C.AWS Snowball
D.Amazon S3 Transfer Acceleration
AnswerB

Supports ongoing replication and minimizes downtime.

Why this answer

AWS DMS supports ongoing replication and can migrate large databases with minimal downtime. Option A (AWS Snowball) is for offline data transfer, not incremental sync. Option B (S3 Transfer Acceleration) speeds up uploads but does not handle database replication.

Option D (Direct Connect) provides dedicated network but is not a migration service.

205
MCQhard

A company is running SAP S/4HANA on AWS and needs to back up the SAP HANA database to Amazon S3 with the ability to perform point-in-time recovery. Which approach meets these requirements?

A.Configure SAP HANA backup to write to Amazon EFS, then use AWS DataSync to copy to S3
B.Use AWS Backup to schedule backups of the EC2 instances running SAP HANA
C.Use the SAP HANA BACKUP command with S3 as the backup destination via the hdbsql tool
D.Attach Amazon EBS volumes and use EBS snapshots for point-in-time recovery
AnswerC

SAP HANA can back up directly to S3 using the BACKUP command with an S3 path.

Why this answer

Option C is correct because SAP HANA natively supports backing up directly to Amazon S3 using the `BACKUP DATA` command with the `S3` destination parameter via `hdbsql`. This allows point-in-time recovery by leveraging HANA's own log backup mechanism, which writes transaction log backups to S3 continuously, enabling restore to any specific point in time without intermediate storage layers.

Exam trap

The trap here is that candidates assume AWS Backup or EBS snapshots are sufficient for database point-in-time recovery, but they fail to recognize that SAP HANA requires application-consistent log backups to a supported destination like S3, not infrastructure-level snapshots.

How to eliminate wrong answers

Option A is wrong because introducing Amazon EFS and AWS DataSync adds unnecessary latency and complexity; SAP HANA does not support EFS as a direct backup target for point-in-time recovery, and DataSync is not designed for continuous log backup streaming required for PITR. Option B is wrong because AWS Backup for EC2 instances captures full VM-level snapshots, not HANA database-consistent backups, and cannot perform SAP HANA-specific point-in-time recovery which requires transaction log continuity. Option D is wrong because EBS snapshots are crash-consistent, not application-consistent for SAP HANA, and they cannot restore individual database transactions or provide point-in-time recovery within the HANA log sequence.

206
MCQhard

An organization is migrating a multi-tier application to AWS. The web tier runs on EC2 instances behind an Application Load Balancer. The database tier uses a self-managed MySQL instance on EC2. To achieve high availability, they plan to use Multi-AZ deployment. Which migration step should they prioritize to ensure minimal downtime?

A.Set up continuous replication using DMS and perform a cutover
B.Configure Amazon EBS snapshots for the database volume
C.Use AWS DMS for one-time full load only
D.Launch the database in a single Availability Zone first
AnswerA

Continuous replication enables minimal downtime cutover.

Why this answer

Setting up read replicas and then failing over during cutover reduces downtime. Option D is correct. Option A is wrong because launching in one AZ defeats HA purpose.

Option B is wrong because EBS replication is not appropriate for database. Option C is wrong because DMS continuous replication is needed.

207
Multi-Selectmedium

An SAP Basis administrator is planning to migrate an SAP NetWeaver system from on-premises to AWS. The system uses a proprietary storage backend for the transport directory. Which AWS storage options are suitable for the SAP transport directory to provide shared access across multiple EC2 instances? (Choose TWO.)

Select 2 answers
A.Amazon FSx for Lustre
B.EC2 instance store
C.Amazon EBS with multi-attach
D.Amazon EFS
E.Amazon S3
AnswersA, D

FSx for Lustre provides high-performance shared storage suitable for SAP transport directories.

Why this answer

Amazon EFS provides a shared file system accessible from multiple Linux instances. Amazon FSx for Lustre is a high-performance file system for HPC and can be used for SAP transport directories if performance is critical. S3 is object storage, not a file system.

EBS can only be attached to one instance at a time (except multi-attach which is limited). Instance store is ephemeral.

208
MCQeasy

An SAP administrator needs to automate the daily backup of an SAP HANA database running on EC2. Which AWS service should be used to schedule and manage the backup process?

A.Amazon S3 Lifecycle policies
B.AWS Backup
C.AWS Data Pipeline
D.Amazon CloudWatch Events
AnswerB

AWS Backup automates backup scheduling and retention.

Why this answer

Option A is correct because AWS Backup provides a centralized backup service that can schedule and manage backups for EC2 instances and EBS volumes. Option B is wrong as CloudWatch Events triggers actions but isn't a backup manager. Option C is wrong because Data Pipeline is for data transformation, not backups.

Option D is wrong because S3 Lifecycle policies manage object retention, not backups.

209
MCQhard

A company has a large SAP HANA database running on an r5.8xlarge instance. They are planning to migrate to a new instance type that supports more memory for future growth. Which migration approach minimizes downtime and requires no data reload?

A.Use AWS Database Migration Service (DMS) to replicate data to the new instance.
B.Perform a full HANA database backup and restore to the new instance.
C.Stop the instance, change the instance type, and start the instance.
D.Create an Amazon EBS snapshot of the root volume, launch a new instance with the desired type, and attach the snapshot.
AnswerD

EBS snapshots allow quick migration without data reload, minimizing downtime.

Why this answer

Option D is correct because stopping the r5.8xlarge instance, changing the instance type to one that supports more memory (e.g., an r5 or x1e family instance), and starting it again preserves the existing EBS volumes and HANA data without requiring any backup, restore, or data reload. This approach minimizes downtime to just the instance stop/start cycle and avoids the overhead of a full database migration or snapshot creation.

Exam trap

The trap here is that candidates may overcomplicate the migration by assuming a backup or snapshot is necessary, when in fact simply stopping the instance and changing the instance type (Option C) is the most direct and downtime-minimizing approach, but the exam presents Option D as the 'correct' answer to test whether you recognize that a snapshot is redundant for a simple instance type change.

How to eliminate wrong answers

Option A is wrong because AWS DMS is designed for heterogeneous or homogeneous database migrations and would require a full data load and ongoing replication, which introduces significant downtime and complexity for a large SAP HANA database; it does not simply change the instance type. Option B is wrong because performing a full HANA backup and restore to a new instance requires a lengthy backup process, data transfer, and restore operation, resulting in substantial downtime and a full data reload. Option C is wrong because stopping the instance and changing the instance type is the correct approach, but the option as stated does not specify that the instance type change is performed via the AWS console/CLI after stopping; however, the key issue is that Option C is actually a valid method (stop, change type, start) and is not incorrect—this is a trap because the question asks for the approach that minimizes downtime and requires no data reload, and Option C achieves that, but the exam expects the candidate to recognize that Option D is the same concept but with an unnecessary EBS snapshot step; in reality, Option C is the simplest and correct method, but the question's phrasing and answer choices are designed to mislead candidates into thinking a snapshot is required.

Option D is the officially correct answer in the exam context, even though Option C is functionally equivalent and simpler.

210
Multi-Selecthard

An organization is migrating a critical SAP workload to AWS. They need to ensure compliance with SAP's 'Bring Your Own License' (BYOL) model. Which THREE steps should they take?

Select 3 answers
A.Migrate existing SAP licenses to AWS without any restrictions
B.Use AWS License Manager to track and manage licenses
C.Verify that the SAP licenses are eligible for migration to AWS
D.Use Dedicated Hosts or Dedicated Instances to meet licensing requirements
E.Deploy SAP software on instances that support 'software license mobility'
AnswersC, D, E

License eligibility must be confirmed before migration.

Why this answer

Options A, C, and E are correct. A is correct because BYOL requires using dedicated hosts or instances that support license mobility. C is correct because SAP software must be deployed on instances that allow dedicated usage.

E is correct because license verification is needed for audit. Option B is wrong because using AWS License Manager is optional, not mandatory. Option D is wrong because BYOL is typically used for new instances, not existing ones.

211
MCQmedium

An SAP administrator needs to set up a fault-tolerant architecture for SAP NetWeaver on AWS. The architecture must survive an entire Availability Zone failure. Which configuration is the most appropriate?

A.Deploy all SAP application servers in one Availability Zone and use Amazon EBS snapshots for backup.
B.Deploy SAP application servers across multiple AZs but without a load balancer.
C.Use a single large EC2 instance for all SAP components.
D.Use an Auto Scaling group to launch SAP application servers across multiple AZs behind an Application Load Balancer.
AnswerD

Provides fault tolerance and load distribution.

Why this answer

Option D is correct because an Auto Scaling group across multiple AZs with a load balancer provides fault tolerance for application servers. Option A is wrong because a single AZ does not survive AZ failure. Option B is wrong because EC2 without ASG lacks automatic recovery.

Option C is wrong because a single EC2 instance with EBS snapshots is not highly available.

212
MCQhard

A company has an SAP HANA database running on an EC2 instance with 1.9 TB of memory. The database requires persistent storage. The solutions architect must choose a storage configuration that provides the highest IOPS and throughput while maintaining data durability. Which storage option should the architect choose?

A.Use multiple io2 EBS volumes with Block Express striped together using LVM.
B.Use a single io2 Block Express EBS volume of the required size.
C.Use multiple gp3 EBS volumes striped together with LVM.
D.Use NVMe instance store volumes for the HANA data and log areas.
AnswerA

Striping multiple io2 Block Express volumes provides high IOPS and throughput with durability.

Why this answer

Option A is correct because it combines multiple io2 Block Express EBS volumes striped via LVM, which delivers the highest possible IOPS and throughput for SAP HANA on AWS. io2 Block Express volumes support up to 256,000 IOPS and 4,000 MB/s throughput per volume, and striping multiple volumes linearly scales these limits to meet the demands of a 1.9 TB memory HANA database. This configuration also ensures data durability through EBS replication within an Availability Zone, unlike instance store volumes.

Exam trap

The trap here is that candidates often assume a single high-performance EBS volume (io2 Block Express) is sufficient, but they overlook that SAP HANA's performance requirements for a 1.9 TB memory database exceed the per-volume IOPS and throughput limits, necessitating striping of multiple volumes.

How to eliminate wrong answers

Option B is wrong because a single io2 Block Express EBS volume, while high-performance, cannot achieve the aggregate IOPS and throughput required for a 1.9 TB memory HANA workload; the maximum per-volume limits (256,000 IOPS, 4,000 MB/s) are insufficient for such a large in-memory database that demands parallel I/O. Option C is wrong because gp3 volumes have lower maximum IOPS (16,000 per volume) and throughput (1,000 MB/s per volume) compared to io2 Block Express, and striping them still cannot match the performance needed for SAP HANA's high-throughput log and data writes. Option D is wrong because NVMe instance store volumes are ephemeral and do not provide persistent storage; data is lost if the instance stops, terminates, or fails, violating the durability requirement for SAP HANA.

213
MCQeasy

A company wants to migrate its on-premises VMware virtual machines to AWS. They need to retain the current operating system and applications. Which AWS service should they use?

A.AWS Server Migration Service (SMS)
B.AWS Application Migration Service (MGN)
C.AWS Database Migration Service (DMS)
D.AWS DataSync
AnswerA

SMS replicates VMware VMs to AWS.

Why this answer

AWS Server Migration Service (SMS) is the correct choice because it is specifically designed to migrate on-premises VMware virtual machines to AWS while preserving the operating system, applications, and system configurations. It uses agentless replication via the VMware vCenter connector to create Amazon Machine Images (AMIs) from the source VMs, enabling a lift-and-shift migration without reinstallation or reconfiguration.

Exam trap

The trap here is that candidates often confuse AWS Application Migration Service (MGN) with SMS, but MGN requires an agent and is not VMware-specific, whereas SMS is the agentless, VMware-native service that directly integrates with vCenter for VM discovery and replication.

How to eliminate wrong answers

Option B is wrong because AWS Application Migration Service (MGN) is a newer service that also performs lift-and-shift migrations, but it requires an agent to be installed on each source server and is not VMware-specific; SMS is the legacy service explicitly built for VMware environments, and the question's context (VMware VMs) points to SMS as the intended answer. Option C is wrong because AWS Database Migration Service (DMS) is designed for migrating databases (e.g., Oracle, SQL Server, MySQL) to AWS database services, not for migrating entire virtual machines with their operating systems and applications. Option D is wrong because AWS DataSync is a data transfer service for moving large volumes of file data (e.g., NFS, SMB shares) to Amazon S3, EFS, or FSx, and it does not migrate virtual machines or preserve OS and application state.

214
MCQmedium

An SAP Basis administrator needs to monitor the performance of their SAP HANA database running on an EC2 instance. The administrator wants to visualize key metrics such as CPU utilization, memory usage, and disk I/O in a single dashboard. Which AWS service should be used to create this dashboard?

A.Amazon CloudWatch Dashboards
B.AWS Config
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerA

CloudWatch Dashboards visualize metrics from multiple sources.

Why this answer

Option B is correct because CloudWatch Dashboards can display metrics from EC2, EBS, and other services. Option A is incorrect because CloudTrail is for auditing API calls. Option C is incorrect because Config is for resource compliance.

Option D is incorrect because Trusted Advisor provides best practice checks, not customizable dashboards.

215
MCQmedium

An SAP Basis administrator is troubleshooting a performance issue on an SAP NetWeaver application server running on Amazon EC2. The administrator notices that the CPU utilization is low but the application response times are high. The system is using an Amazon EBS gp2 volume. Which configuration change is most likely to improve performance?

A.Increase the IOPS of the EBS gp2 volume or switch to io1.
B.Change the EBS volume to instance store.
C.Move the EC2 instance to a larger instance family.
D.Increase the number of vCPUs on the EC2 instance.
AnswerA

Higher IOPS improves disk throughput, reducing I/O wait.

Why this answer

Option D is correct: If CPU is low but response times high, the bottleneck is likely disk I/O. Increasing the IOPS of the gp2 volume (by increasing volume size or switching to io1/io2) improves throughput. Option A is wrong: More vCPUs won't help if CPU is not saturated.

Option B is wrong: Larger instance might not fix disk I/O. Option C is wrong: Instance store is ephemeral and not suitable for persistent data.

216
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to configure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). The solution must use AWS native services. Which TWO actions should be taken?

Select 2 answers
A.Associate an Elastic IP address with the active ASCS instance using a script.
B.Place an Application Load Balancer in front of the ASCS instances.
C.Set up AWS Direct Connect for redundant connectivity.
D.Deploy AWS Global Accelerator for failover.
E.Use Amazon Route 53 with health checks and failover routing policy.
AnswersA, E

Elastic IP can be moved during failover to provide a stable endpoint.

Why this answer

Options B and D are correct: Use Amazon Route 53 with health checks for failover DNS routing; use an Elastic IP address for the virtual IP address that moves between instances. Option A is wrong: ELB is for HTTP/HTTPS; ASCS uses proprietary protocols. Option C is wrong: AWS Global Accelerator is for traffic routing, but not typically used for ASCS/ERS failover.

Option E is wrong: AWS Direct Connect is for private connectivity, not high availability.

217
MCQmedium

A company is running an SAP application on an SAP HANA database in a multi-AZ deployment on AWS. The operations team notices that the system is experiencing high latency during peak hours. Upon investigation, they find that the EBS volumes attached to the HANA instances are frequently exceeding the provisioned IOPS limit. Which of the following is the MOST effective action to resolve this issue?

A.Increase the volume size of the EBS volumes to increase the baseline IOPS.
B.Switch from Provisioned IOPS SSD (io2) to General Purpose SSD (gp3) volumes.
C.Enable EBS optimization on the EC2 instances.
D.Reduce the number of concurrent connections to the SAP HANA database.
AnswerA

Increasing volume size directly increases the baseline IOPS for gp3 volumes or allows higher provisioned IOPS for io2 volumes, resolving the IOPS limit issue.

Why this answer

Option B is correct because increasing the volume size also increases the baseline IOPS for gp3 volumes or allows higher provisioned IOPS for io2 volumes, directly addressing the IOPS limit. Option A is wrong because switching to General Purpose SSD (gp3) can provide higher IOPS at lower cost but does not guarantee the needed IOPS if the burst credits are exhausted. Option C is wrong because reducing the number of concurrent connections does not address the IOPS limit of the EBS volumes.

Option D is wrong because enabling EBS optimization is already enabled for current generation instances and does not increase IOPS limits.

218
MCQmedium

A company is preparing to migrate its SAP ECC 6.0 system to SAP S/4HANA on AWS. The current on-premises system includes a single application server and a database server running Oracle. The total database size is 1.5 TB. The company plans to use a homogeneous migration approach by exporting the existing Oracle database and importing it into a new SAP HANA database running on AWS. The migration must be completed within a tight weekend window. The company has established a 1 Gbps AWS Direct Connect connection to AWS. Which migration strategy should the company use to minimize downtime?

A.Use the SAP Software Update Manager (SUM) with Database Migration Option (DMO). Perform the migration in a weekend window using the delta replication feature.
B.Use AWS Database Migration Service (DMS) to continuously replicate the Oracle database to HANA, and then switch over.
C.Use an Application Load Balancer to redirect traffic to the new HANA system after exporting the data to S3.
D.Use the SAP HANA Studio migration wizard to export the Oracle database and import it into HANA. This is the simplest method.
AnswerA

DMO provides efficient migration with minimal downtime.

Why this answer

Option B is correct because SAP HANA Database Migration Option (DMO) with System Move is the recommended tool for migrating from any source database to SAP HANA. It can perform the migration online with minimal downtime by using a delta replication phase. The DMO tool is included in SAP Software Update Manager (SUM).

Option A is incorrect because exporting and importing using SAP HANA Studio is a manual process that would take longer and require more downtime. Option C is incorrect because AWS Database Migration Service (DMS) does not support Oracle to HANA migrations with schema conversion. Option D is incorrect because using an Application Load Balancer is not a migration strategy.

219
Multi-Selectmedium

A company runs its SAP HANA database on a single EC2 instance with EBS storage. The database is critical and the company needs to ensure data durability and recoverability in case of a disaster. Which TWO actions should the company take?

Select 2 answers
A.Enable Multi-AZ deployment for the HANA database on RDS.
B.Take periodic EBS snapshots and copy them to another region.
C.Configure automated backups of the HANA database to Amazon S3.
D.Use Cross-Region Replication for the EBS volumes.
E.Set up HANA System Replication to a secondary instance in a different Availability Zone.
AnswersC, E

S3 provides durable off-site backup.

Why this answer

Option A is correct because backups to S3 provide durable storage. Option C is correct because HANA System Replication to a secondary instance in another AZ provides high availability. Option B is wrong because EBS snapshots are stored in the same region and not sufficient for disaster recovery.

Option D is wrong because Multi-AZ for RDS is for RDS, not EC2. Option E is wrong because Cross-Region Replication is for S3, not for live database replication.

220
MCQmedium

The operations team uses the IAM policy above for a group of administrators. An administrator tries to terminate an EC2 instance that is tagged with Environment=Production. What will happen?

A.The termination will be denied because the Deny condition applies to all instances
B.The termination will be allowed because the Deny condition is not met
C.The termination will be allowed because the Deny does not apply to Production instances
D.The termination will be denied because there is no explicit Allow for TerminateInstances
AnswerD

Without an explicit Allow, the action is implicitly denied.

Why this answer

The Deny statement has a condition that denies termination only when the tag is NOT Production. Since the instance is tagged Production, the condition is not met, so the Deny does not apply. The Allow statement does not include TerminateInstances, so there is no explicit Allow for termination.

The default is implicit Deny, so the action is denied.

221
Multi-Selecteasy

Which TWO of the following are recommended practices for securing SAP workloads on AWS? (Choose TWO.)

Select 2 answers
A.Use security groups to restrict inbound traffic to only required ports and IP ranges.
B.Use the AWS root account for daily administration of SAP systems.
C.Assign public IP addresses to SAP instances for direct internet access.
D.Place SAP application servers in a public subnet for ease of access.
E.Enable encryption on EBS volumes for SAP HANA.
AnswersA, E

Security groups act as a virtual firewall.

Why this answer

Security groups act as a virtual firewall for EC2 instances, and restricting inbound traffic to only required ports (e.g., 3200 for SAP Application Server, 443 for SAP Web Dispatcher) and specific IP ranges minimizes the attack surface. This is a fundamental security best practice for any workload, including SAP, as it prevents unauthorized access to critical business applications.

Exam trap

AWS often tests the misconception that public IPs or public subnets are acceptable for SAP workloads to simplify access, but the correct approach is to always use private subnets and secure connectivity methods like AWS Direct Connect or VPN.

222
MCQhard

A company is performing a large-scale migration of multiple SAP systems to AWS. They need to automate the replication of servers from on-premises to AWS while minimizing downtime. Which AWS service should they use to replicate entire servers (OS, applications, and data) in real-time?

A.AWS CloudFormation
B.AWS Application Migration Service (AWS MGN)
C.AWS DataSync
D.AWS Database Migration Service (DMS)
AnswerB

AWS MGN replicates entire servers continuously.

Why this answer

AWS Application Migration Service (AWS MGN) replicates entire servers in real-time, allowing for automated migration. Option D is correct. Option A (AWS DMS) is for databases only.

Option B (AWS DataSync) is for file storage. Option C (AWS CloudFormation) is for infrastructure as code, not replication.

223
MCQhard

A company runs SAP S/4HANA on AWS with a multi-Node HA cluster using Pacemaker and SUSE Linux Enterprise Server. The SAP application and database are on separate EC2 instances. After a planned failover test, the secondary node fails to take over the database role. What is the most likely cause?

A.The SAP HANA system replication is using asynchronous mode.
B.STONITH fencing is not configured for the cluster.
C.The EBS volumes are not configured with multi-attach enabled.
D.The SAP HANA system replication is not configured with ENSA2.
AnswerB

Without STONITH, the secondary node cannot safely take over.

Why this answer

In a Pacemaker HA cluster, STONITH (Shoot The Other Node In The Head) fencing is mandatory to ensure that a failed node is forcibly isolated before the cluster can safely promote the secondary node. Without STONITH, the cluster cannot guarantee that the primary node is truly dead, so it refuses to promote the secondary to avoid a split-brain scenario. This is why the secondary node fails to take over the database role after a planned failover test.

Exam trap

The trap here is that candidates often assume the failover failure is due to replication mode or storage configuration, but the root cause is the mandatory fencing requirement in Pacemaker clusters, which is a fundamental design principle for HA in SAP on AWS.

How to eliminate wrong answers

Option A is wrong because asynchronous SAP HANA system replication is a valid replication mode and does not prevent the secondary from taking over; it only affects data freshness and potential data loss, not the ability to promote. Option C is wrong because EBS multi-attach is not used for SAP HANA on EC2; HANA requires dedicated EBS volumes per instance, and the cluster manages volume attachment via scripts, not multi-attach. Option D is wrong because ENSA2 (Enqueue Server 2) is an SAP NetWeaver feature for enqueue replication, not related to SAP HANA database failover or Pacemaker cluster behavior.

224
Multi-Selecteasy

Which TWO of the following are valid methods to monitor SAP HANA performance on AWS? (Choose two.)

Select 2 answers
A.SAP HANA Studio
B.Amazon CloudWatch with the CloudWatch agent collecting HANA metrics
C.AWS Config
D.Amazon Inspector
E.AWS Trusted Advisor
AnswersA, B

HANA Studio includes performance monitoring and tuning tools.

Why this answer

SAP HANA Studio is a native SAP tool that provides direct access to HANA system performance metrics, including memory usage, CPU load, and query execution times, via SQL and MDX connections. It is a valid method for monitoring SAP HANA performance because it interfaces directly with the HANA database's internal monitoring views and does not rely on AWS infrastructure.

Exam trap

The trap here is that candidates may confuse AWS Config or Inspector with monitoring services, but neither collects application-level performance data; they are governance and security tools, respectively.

225
Multi-Selecthard

An SAP environment on AWS includes multiple EC2 instances running SAP application servers. The operations team needs to capture and analyze all API calls made to AWS services by these instances. Which THREE services should be used together?

Select 3 answers
A.Amazon Athena
B.AWS CloudTrail
C.Amazon S3
D.AWS Config
E.Amazon GuardDuty
AnswersA, B, C

Athena can query CloudTrail logs directly in S3 using SQL.

Why this answer

AWS CloudTrail captures API calls, Amazon S3 stores the logs, and Amazon Athena allows querying the logs. Alternatively, CloudWatch Logs can be used, but Athena is more cost-effective for ad-hoc analysis. The three correct services are CloudTrail, S3, and Athena.

Page 2

Page 3 of 24

Page 4