AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 226300

1733 questions total · 24pages · All types, answers revealed

Page 3

Page 4 of 24

Page 5
226
MCQhard

A company is migrating a 50 TB Oracle database to Amazon RDS for Oracle using AWS DMS. The source database is running on-premises and the network link has a bandwidth of 100 Mbps. The migration must complete within 5 days. What is the MOST effective approach to meet the deadline?

A.Provision a Direct Connect connection to increase bandwidth
B.Use AWS Snowball to transfer the data offline, then use DMS for CDC
C.Use AWS DMS with full load and change data capture (CDC) online
D.Use AWS Schema Conversion Tool (SCT) to convert schema, then DMS for data
AnswerB

Snowball transfers data physically, meeting the 5-day window; DMS handles ongoing changes.

Why this answer

The 50 TB database over a 100 Mbps link would take approximately 48 days for a full load (50 TB * 8 / 100 Mbps / 86400 seconds/day), far exceeding the 5-day deadline. AWS Snowball allows offline transfer of the full database snapshot, bypassing network bandwidth constraints, after which AWS DMS can be used for ongoing change data capture (CDC) to replicate incremental changes. This hybrid approach meets the deadline while ensuring minimal data loss.

Exam trap

The trap here is that candidates assume Direct Connect or DMS online can handle large migrations over slow links, but they fail to calculate the raw transfer time; the question explicitly tests the ability to recognize when offline transfer (Snowball) is the only viable option for multi-terabyte datasets under tight deadlines.

How to eliminate wrong answers

Option A is wrong because provisioning a Direct Connect connection does not inherently increase bandwidth beyond the 100 Mbps link; it only provides a dedicated connection, and even at 10 Gbps, the full load would still take ~11 hours for 50 TB, but the question states the network link is 100 Mbps, implying the bottleneck is the on-premises network capacity, not the connection type. Option C is wrong because using AWS DMS with full load and CDC online over a 100 Mbps link would take ~48 days for the full load alone, far exceeding the 5-day deadline, and CDC cannot start until the full load completes. Option D is wrong because the AWS Schema Conversion Tool (SCT) is used for heterogeneous migrations (e.g., Oracle to PostgreSQL) and does not address the bandwidth limitation; the source and target are both Oracle, so schema conversion is unnecessary, and the data transfer bottleneck remains.

227
MCQhard

An SAP ERP system on AWS is experiencing intermittent connectivity issues between the SAP application servers and the database server. Both are in the same VPC, but in different subnets. The security group for the database allows traffic from the application security group. Network ACLs are default (allow all). Despite this, some application servers cannot connect during peak loads. What is the most likely cause?

A.The security group inbound rule for the database has reached its rule evaluation limit.
B.The connection tracking table for the database security group is full, dropping new connections.
C.The application servers are using a single NAT Gateway for outbound traffic, causing a bottleneck.
D.The database is accessed through a VPC Endpoint, which is rate-limiting connections.
AnswerB

Security groups maintain connection tracking; when the table fills, new connections are dropped until old ones expire.

Why this answer

Option D is correct because security groups have a limit on the number of connections they can track, and during peak loads, the connection tracking table can become full, causing new connections to be dropped. Option A is wrong because if there are multiple subnets, a single NAT gateway is not relevant for internal traffic. Option B is wrong because VPC endpoints are for AWS services, not for database connectivity.

Option C is wrong because security group rules are stateful and do not have a rule evaluation limit in this context.

228
MCQeasy

A company is running SAP on AWS and wants to send alerts when the CPU utilization of an EC2 instance exceeds 90% for 5 minutes. Which AWS service should be used to create this alarm?

A.AWS Lambda
B.AWS Config
C.Amazon Simple Notification Service (SNS)
D.Amazon CloudWatch Alarms
AnswerD

CloudWatch Alarms monitor metrics and send notifications when thresholds are breached.

Why this answer

Option A is correct because Amazon CloudWatch Alarms can trigger based on metrics. Option B (AWS Lambda) can be a target, not the alarm service. Option C (Amazon SNS) is a notification service.

Option D (AWS Config) is for configuration rules.

229
MCQmedium

A company is migrating an SAP BusinessObjects environment to AWS. They need to ensure high availability for the web tier and have a requirement to use a single DNS name for end users. Which AWS service should they use to distribute traffic across multiple web servers?

A.Amazon CloudFront
B.Network Load Balancer
C.Amazon Route 53 weighted routing policy
D.Application Load Balancer
AnswerD

Layer 7 load balancer suitable for HTTP/HTTPS.

Why this answer

Application Load Balancer operates at Layer 7 and can distribute HTTP/HTTPS traffic. Option A (NLB) is Layer 4, not ideal for web applications. Option B (CloudFront) is a CDN, not a load balancer.

Option D (Route 53 weighted routing) distributes traffic but does not provide health checks like a load balancer.

230
MCQeasy

An SAP administrator is configuring backups for an SAP HANA database running on Amazon EC2. The backup must be stored in Amazon S3 for long-term retention. Which AWS service should be used to automate the backup process?

A.AWS Backup
B.Amazon S3 Lifecycle policies
C.AWS Lambda
D.Amazon EBS Snapshots
AnswerA

AWS Backup can orchestrate HANA backups with pre/post scripts.

Why this answer

Option B is correct: AWS Backup integrates with SAP HANA (via pre/post scripts) and can automate backups to S3. Option A is wrong: Amazon S3 Lifecycle policies manage object lifecycle, not backup orchestration. Option C is wrong: AWS Lambda could be used but requires custom coding; AWS Backup is simpler.

Option D is wrong: Amazon EBS Snapshots are for block-level backups, not HANA-specific.

231
MCQhard

A company is running SAP on AWS and wants to implement encryption at rest for all data. The company uses AWS KMS with Customer Managed Keys (CMKs) for the EBS volumes. The SAP application servers need to access an S3 bucket that contains sensitive data. How should the company ensure that the S3 bucket is encrypted with the same CMK?

A.Use client-side encryption before uploading to S3
B.Configure the S3 bucket to use SSE-KMS with the same CMK
C.Add a bucket policy that denies if encryption is not present
D.Enable default encryption on the S3 bucket with SSE-S3
AnswerB

SSE-KMS allows specifying a particular CMK.

Why this answer

S3 supports server-side encryption with KMS keys (SSE-KMS). To use the same CMK, the S3 bucket must be configured with SSE-KMS and the key must be specified. Option A is correct.

Default encryption (B) may use a different KMS key. Bucket policy (C) can enforce encryption but not specify the key. Client-side encryption (D) uses client-managed keys.

232
MCQmedium

A company is running an SAP HANA database on an EC2 instance. The operations team notices that the SAP application is responding slowly during peak hours. CloudWatch metrics show high CPU utilization and increased swap usage. Which combination of actions should the team take to resolve the performance issue?

A.Enable Auto Scaling for the EC2 instance to automatically add more instances.
B.Resize the EC2 instance to a larger instance type with more vCPUs and memory.
C.Change the instance type to a compute-optimized instance to improve CPU performance.
D.Add more EBS volumes and increase the number of read replicas.
AnswerB

Vertical scaling addresses both high CPU and memory pressure, reducing swap usage.

Why this answer

Option C is correct because increasing memory reduces swap usage, and increasing CPU capacity addresses high CPU utilization. Option A is wrong because vertical scaling is often the simplest approach for a single HANA instance. Option B is wrong because adding more EBS volumes does not address CPU or memory.

Option D is wrong because changing instance type to memory-optimized is the correct approach, not compute-optimized.

233
MCQmedium

An SAP system on AWS experiences intermittent performance degradation during peak hours. CloudWatch metrics show high CPU utilization on the application server but normal on the database server. The application server is an m5.2xlarge instance. Which action should the operations team take FIRST to diagnose the issue?

A.Change the application server instance type to a compute-optimized instance like c5.4xlarge.
B.Increase the provisioned IOPS on the database server's EBS volumes.
C.Increase the network bandwidth of the application server.
D.Scale out the application tier by adding more application servers behind a load balancer.
AnswerA

Compute-optimized instances provide higher CPU performance.

Why this answer

Option B is correct because the issue is likely related to CPU contention on the application server, and upgrading to a compute-optimized instance provides more CPU resources. Option A is wrong because the problem is not network-related. Option C is wrong because the database is not the bottleneck.

Option D is wrong because increasing disk IOPS does not address CPU issues.

234
MCQmedium

An SAP Basis team is planning to migrate an SAP ERP system from on-premises to AWS. The system currently uses Oracle Database and runs on a physical server with 256 GB RAM. The team wants to minimize downtime and ensure the migration is supported by SAP. Which AWS service or feature should they use to perform the migration?

A.Use AWS VM Import/Export to migrate the physical server as an AMI.
B.Use AWS CloudEndure Migration to replicate the entire server to AWS.
C.Use AWS Database Migration Service (DMS) to replicate the Oracle database to Amazon RDS for Oracle.
D.Use SAP's Software Provisioning Manager (SWPM) to perform a homogeneous system copy to AWS.
AnswerD

SWPM is the SAP-recommended tool for system copy and migration.

Why this answer

Option C is correct because SAP supports HSR for system replication with HANA, and for Oracle, using SAP's own migration tools (e.g., SAP DMO) or homogenous migration is supported. Option A is wrong because VM Import/Export is not SAP-specific and may cause issues. Option B is wrong because AWS DMS is not certified for SAP migrations.

Option D is wrong because CloudEndure is not SAP-certified.

235
MCQeasy

An SAP administrator needs to back up the SAP HANA database daily. The backups must be stored securely and retained for 30 days. Which storage option is the most cost-effective?

A.Amazon S3 Standard
B.Amazon S3 Glacier
C.Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
D.Amazon EBS Snapshots
AnswerC

S3 Standard-IA is cost-effective for infrequent access with immediate retrieval.

Why this answer

Option C is correct. S3 Standard-IA is for infrequently accessed data with lower cost. Option A is incorrect because S3 Standard is more expensive.

Option B is incorrect because Glacier is for long-term archival, not 30-day retention. Option D is incorrect because EBS snapshots are for volumes, not database backups directly.

236
MCQeasy

A company has an SAP system running on AWS that uses an Application Load Balancer (ALB) to distribute traffic to multiple EC2 instances. The operations team notices that the ALB is returning 503 errors intermittently. Which of the following is the MOST likely cause?

A.The security group attached to the ALB is blocking inbound traffic from the targets.
B.The target instances are failing health checks.
C.The ALB does not have enough capacity to handle the traffic.
D.The SSL certificate on the ALB has expired.
AnswerB

When targets fail health checks, the ALB cannot route traffic to them, resulting in 503 errors.

Why this answer

Option B is correct because 503 errors typically indicate that the target instances are unhealthy or not responding. Option A is wrong because SSL certificate expiration causes 502 errors, not 503. Option C is wrong because security group rules blocking traffic would cause timeout or 502 errors.

Option D is wrong because insufficient capacity would cause 502 errors if targets are overloaded, but 503 specifically indicates unhealthy targets.

237
MCQmedium

An organization is migrating their SAP ERP system running on SAP ASE (Sybase) to Amazon RDS for SAP ASE. They have a 5 TB database and a 1 Gbps network. They need to keep the migration window under 6 hours. They plan to use AWS DMS with full load and CDC. During the full load, they notice that the DMS replication instance is using 100% CPU and the full load is progressing slowly. What should they do to meet the migration window?

A.Increase the instance size of the DMS replication instance
B.Switch to using AWS Snowball for the initial load
C.Increase the compute capacity of the source database
D.Disable CDC and perform only a full load
AnswerA

More CPU and memory will improve load performance.

Why this answer

Option A is correct because using a larger DMS replication instance provides more CPU and memory, speeding up the full load. Option B is wrong because they are already using CDC; changing to full load only would cause more downtime. Option C is wrong because increasing source database resources may not help due to network and DMS capacity.

Option D is wrong because Snowball is for offline transfer, not for ongoing replication.

238
Multi-Selectmedium

Which TWO metrics should be monitored to ensure the health of an SAP HANA database running on AWS? (Select two.)

Select 2 answers
A.Elastic Load Balancer Latency
B.S3 Bucket Size
C.Disk I/O (read/write throughput)
D.HANA System Replication Lag
E.CPU Credit Balance
AnswersC, D

HANA is I/O intensive, so I/O performance is key.

Why this answer

Disk I/O (read/write throughput) is critical for SAP HANA because HANA is an in-memory database that relies on persistent storage for savepoints, log writes, and data recovery. Insufficient disk throughput can cause performance degradation or system hangs, making it a key health metric.

Exam trap

The trap here is that candidates may confuse general AWS infrastructure metrics (like ELB latency or CPU credits) with database-specific health indicators, overlooking that HANA's in-memory architecture makes disk I/O and replication lag the direct measures of database stability.

239
MCQmedium

An SAP workload on AWS uses a Multi-AZ RDS for Oracle instance for its database. The application team reports that a recent batch job caused a spike in database connections and CPU utilization, leading to performance degradation. The database administrator wants to be notified when CPU utilization exceeds 80% for 5 minutes. Which combination of AWS services should be used to set up this monitoring and notification?

A.Amazon EventBridge with AWS Lambda
B.AWS Trusted Advisor with Amazon Simple Email Service (SES)
C.Amazon CloudWatch with an Amazon CloudWatch Alarm and Amazon SNS
D.Amazon Inspector with Amazon Simple Notification Service (SNS)
AnswerC

B is correct: CloudWatch monitors metrics and alarms can trigger SNS notifications.

Why this answer

Option B is correct: CloudWatch can monitor RDS CPU utilization, and with a metric alarm, it can trigger an SNS notification. Option A is incorrect because Inspector is for security assessments. Option C is incorrect because Trusted Advisor is for best practices, not real-time metrics.

Option D is incorrect because EventBridge would require custom events.

240
MCQmedium

A company runs a production web application on AWS using an Application Load Balancer (ALB) with a target group of EC2 instances in an Auto Scaling group. The application uses a custom Amazon Machine Image (AMI) that includes the web server and application code. The Auto Scaling group has a launch template that references the AMI. The company updates the application code weekly and creates a new AMI version. The operations team manually updates the launch template to reference the new AMI and then initiates an instance refresh. Recently, a misconfiguration caused the launch template to point to an old AMI after an instance refresh, resulting in a rollback of the application code. The company wants to automate the deployment process to ensure that new AMIs are deployed consistently and safely. Which solution meets these requirements?

A.Use EC2 Image Builder to create and test the new AMI, then use AWS CodePipeline to automatically update the launch template and perform a rolling instance refresh.
B.Use AWS CodePipeline to run a script that updates the launch template with the new AMI ID and triggers an instance refresh.
C.Use AWS CloudFormation with a custom resource that validates the AMI and updates the Auto Scaling group.
D.Use AWS CodeDeploy to deploy the application code directly to the existing instances, bypassing the AMI update.
AnswerA

EC2 Image Builder automates AMI creation and testing; CodePipeline orchestrates the deployment pipeline.

Why this answer

Option A is correct because EC2 Image Builder automates the creation, testing, and validation of AMIs, ensuring only compliant images are produced. AWS CodePipeline can then automatically update the launch template with the new AMI ID and trigger a rolling instance refresh, eliminating manual steps and preventing misconfigurations like pointing to an old AMI.

Exam trap

The trap here is that candidates often choose a simpler automation option (like Option B) that updates the launch template but lacks the integrated AMI creation and testing pipeline, failing to address the root cause of deploying an untested or incorrect AMI.

How to eliminate wrong answers

Option B is wrong because it only runs a script to update the launch template and trigger an instance refresh, but lacks the automated AMI creation and testing pipeline, so it does not prevent deployment of untested or incorrect AMIs. Option C is wrong because AWS CloudFormation custom resources can validate AMIs but do not natively automate the full AMI build, test, and deployment lifecycle; they also add complexity and potential for custom resource failures. Option D is wrong because it bypasses the AMI update entirely, which contradicts the requirement to deploy new AMIs consistently; CodeDeploy is designed for in-place or blue/green deployments of application code, not for managing AMI-based infrastructure updates.

241
MCQhard

An SAP architect is designing a new SAP S/4HANA system on AWS. The system must be PCI DSS compliant. The architect plans to use AWS KMS for encryption at rest and AWS CloudTrail for audit logging. The database will be SAP HANA on an r5.24xlarge instance with EBS gp3 volumes. What additional step is required to meet PCI DSS encryption requirements?

A.Store all SAP audit logs in Amazon S3 with server-side encryption.
B.Enable SAP HANA data volume encryption using the HANA database engine.
C.Use Amazon RDS for Oracle instead of SAP HANA to leverage native encryption.
D.Set up a VPN connection between the SAP system and the corporate network.
AnswerB

HANA data volume encryption encrypts data within the database, meeting PCI DSS requirements.

Why this answer

PCI DSS requires encryption of cardholder data at rest. While KMS encrypts EBS volumes, SAP HANA itself uses its own persistence layer. Enabling SAP HANA data volume encryption ensures that data is encrypted within the database.

Option B (RDS) is not applicable. Option C (S3) is not relevant. Option D (VPN) is for transmission, not at rest.

242
Multi-Selectmedium

Which TWO AWS services can be used to monitor SAP system performance and send alerts? (Choose two.)

Select 2 answers
A.AWS Config
B.Amazon CloudWatch
C.Amazon Inspector
D.AWS Lambda
E.AWS Trusted Advisor
AnswersB, D

CloudWatch monitors metrics and sends alarms.

Why this answer

Option A and Option D are correct. Amazon CloudWatch can collect metrics and send alarms. AWS Lambda can be used to process metrics and send custom alerts.

Option B is wrong because Amazon Inspector is for security assessment. Option C is wrong because AWS Config is for configuration compliance. Option E is wrong because AWS Trusted Advisor provides best practice checks, not real-time monitoring.

243
MCQeasy

An SAP administrator created the IAM policy shown in the exhibit to allow an EC2 instance to back up to an S3 bucket. However, the backup fails with an access denied error. What is the most likely issue?

A.The policy does not grant permissions on the bucket itself.
B.The actions specified are insufficient for backup operations.
C.The resource ARN is incorrectly formatted.
D.The bucket is in a different region than the EC2 instance.
AnswerA

Missing s3:ListBucket permission on the bucket resource.

Why this answer

The correct answer is B because the policy only grants access to objects within the bucket, but not to the bucket itself. To list buckets or perform operations on the bucket, additional permissions like s3:ListBucket are required. Option A is incorrect because the actions are sufficient for object operations.

Option C is incorrect because S3 is regionless. Option D is incorrect because the ARN is correct.

244
MCQhard

An SAP administrator configures Route 53 failover routing as shown. The health check associated with the primary record is failing. What will happen to client requests for sap.example.com?

A.Route 53 will return the ALIAS record for the primary load balancer
B.Route 53 will return the secondary CNAME record
C.Route 53 will return an error
D.Route 53 will return both records
AnswerB

Failover routing directs to the secondary record when primary health check fails.

Why this answer

Option B is correct. With failover routing, when the primary health check fails, Route 53 returns the secondary record. Option A is wrong because Route 53 does not failover to a different record type.

Option C is wrong because the secondary record exists. Option D is wrong because Route 53 uses the secondary record, not return an error.

245
Multi-Selectmedium

Which TWO considerations are critical when migrating an SAP HANA database to AWS using backup and restore? (Choose two.)

Select 2 answers
A.Compatibility of SAP HANA version between source and target
B.Network bandwidth available for data transfer
C.Amazon RDS for SAP HANA instance class
D.Encryption settings for Amazon EBS volumes
E.Network latency between on-premises and AWS
AnswersA, B

The target HANA version must support restoring backups from the source version.

Why this answer

Network bandwidth directly impacts transfer time, and the correct HANA version compatibility ensures the backup can be restored. Option A is irrelevant because latency is not a major factor for offline backup transfer. Option C is wrong because EBS encryption is optional.

Option E is wrong because SAP HANA does not run on RDS.

246
MCQhard

A company is migrating an SAP system from on-premises to AWS. The migration involves rehosting SAP HANA on EC2. Which of the following is the best practice for sizing the EC2 instance?

A.Use a memory-optimized EC2 instance with the required memory.
B.Use an EC2 instance that is listed in the SAP Certified and Supported SAP HANA Hardware Directory.
C.Use a general-purpose EC2 instance with sufficient vCPUs and memory.
D.Use a compute-optimized EC2 instance to ensure high CPU performance.
AnswerB

Only instances listed in the SAP HANA hardware directory are supported.

Why this answer

SAP HANA instances must be SAP-certified. The AWS instance types that are SAP-certified for HANA (e.g., r5.metal, u-6tb1) should be used. General-purpose instances are not certified.

Memory optimized instances are correct but must be specific certified types. Compute optimized are not suitable.

247
MCQhard

A company is migrating a critical SAP HANA database from on-premises to AWS. The database is 6 TB, and the migration must be completed within a 4-hour downtime window. The network bandwidth between on-premises and AWS is 1 Gbps. Which approach should the company take to meet the downtime requirement?

A.Use AWS SCT to convert the schema, then export to Amazon S3 and restore into HANA on EC2.
B.Use AWS DMS with change data capture (CDC) and start with a full load over the network.
C.Use AWS Snowball Edge to physically transfer the data, then use AWS DMS for ongoing replication.
D.Perform a direct online migration using AWS DMS over the existing network.
AnswerC

Snowball Edge can transfer large data offline, meeting the time constraint.

Why this answer

Option B is correct because AWS Snowball Edge can physically transfer the large volume of data faster than over the network given the bandwidth constraint. Option A is wrong because 1 Gbps cannot transfer 6 TB in 4 hours. Option C is wrong because AWS DMS with CDC is not suitable for initial load of such large databases.

Option D is wrong because restoring from S3 after upload still requires the initial upload over the network.

248
MCQeasy

A company is migrating its SAP HANA database to AWS. The system requires high network throughput and low latency between the application and database tiers. Which AWS service should be used to achieve this?

A.Amazon Route 53 latency-based routing
B.Amazon EC2 placement group
C.AWS Global Accelerator
D.Amazon EBS io2 Block Express volumes
AnswerB

Cluster placement groups provide low-latency, high-throughput networking.

Why this answer

Option B is correct because EC2 placement groups, specifically cluster placement groups, provide low-latency network performance required for SAP HANA. Options A and C are unrelated to network latency. Option D is for storage.

249
MCQhard

Refer to the exhibit. An SAP HANA system is running on an EC2 instance with the attached volumes shown. The HANA system requires high IOPS for its data volume. Which volume should be used for the HANA data directory?

A.Both volumes for striping
B.vol-0a1b2c3d4e5f67890 (gp3)
C.Neither volume; use instance store
D.vol-1a2b3c4d5e6f78901 (io1)
AnswerD

io1 provides higher IOPS, suitable for HANA data.

Why this answer

The io1 volume (vol-1a2b3c4d5e6f78901) has 10000 IOPS, higher than gp3's 3000. HANA data requires high IOPS. Option A (gp3) is lower.

Option C (both) not necessary. Option D (neither) incorrect.

250
MCQhard

A company is running SAP HANA on AWS and needs to perform an in-place upgrade from HANA 1.0 to 2.0. The database size is 2 TB and the team wants to minimize downtime. Which approach is most appropriate?

A.Stop the HANA database, take a full backup, launch a new EC2 instance with HANA 2.0, and restore the backup.
B.Set up HANA System Replication from the current HANA 1.0 instance to a new EC2 instance running HANA 2.0, then perform a takeover.
C.Use AWS Database Migration Service (DMS) to continuously replicate data to a new HANA 2.0 instance.
D.Create an EBS snapshot of the HANA data volume and attach it to a new EC2 instance with HANA 2.0.
AnswerB

This minimizes downtime as the target is pre-built and the takeover is fast.

Why this answer

Option D (Use HANA System Replication to replicate to a new instance running HANA 2.0, then perform a takeover) is correct because it minimizes downtime by having a pre-built target. Option A (Stop DB, perform backup, restore onto new instance) results in longer downtime. Option B (Use AWS DMS) is not designed for HANA version upgrades.

Option C (Create a snapshot and restore) also incurs downtime and does not handle the upgrade.

251
Multi-Selecthard

A company is migrating an SAP ERP system to AWS using the SAP Landscape Virtualization Management (LVM) tool. The migration must comply with SAP's 'bring your own license' (BYOL) model. Which THREE steps should the company take to ensure compliance?

Select 3 answers
A.Use AWS License Manager to track SAP licenses
B.Decommission the source system after successful migration
C.Use the SAP LVM system copy functionality to create the target system
D.Generate new SAP license keys for the AWS instances
E.Configure the target system with the same IP address as the source
AnswersB, C, D

BYOL requires that the source system is no longer used.

Why this answer

Options A, B, and D are correct. LVM can automate system copy and reconfiguration. SAP license keys are hardware-dependent; generating new keys for AWS and decommissioning the source are required.

Option C (using AWS License Manager) is not required for SAP BYOL. Option E (using the same IP address) is not necessary and may not be possible.

252
MCQmedium

Refer to the exhibit. An SAP administrator is creating an IAM policy for an automated backup script that creates EBS snapshots of SAP HANA volumes. The script also needs to tag the snapshots. However, when the script runs, it fails with an authorization error. What is the missing permission?

A.ec2:DescribeSnapshots
B.kms:Encrypt
C.ec2:ModifySnapshotAttribute
D.ec2:DeleteSnapshot
AnswerB

When creating a snapshot of an encrypted EBS volume, the snapshot is also encrypted, requiring kms:Encrypt permission.

Why this answer

Option B is correct because the policy includes ec2:CreateSnapshot but not ec2:CreateSnapshot (the specific permission for creating snapshots is ec2:CreateSnapshot, but the error suggests the action is not allowed on the volume resource; however, the policy already allows ec2:CreateSnapshot on all resources. The missing permission is likely ec2:DescribeVolumes to identify which volumes to snapshot, or ec2:ModifySnapshotAttribute. However, based on common scenarios, the script may need ec2:DescribeVolumes to list volumes.

But let's analyze: The policy allows ec2:CreateSnapshot on * but the action requires resource-level permissions. The error may be because the script is trying to create a snapshot from a volume that is encrypted with a KMS key, and the policy allows kms:Decrypt and kms:GenerateDataKey. A common missing permission is kms:Encrypt because when creating a snapshot of an encrypted volume, the snapshot is also encrypted and requires kms:Encrypt.

Option B is correct: kms:Encrypt is needed. Option A is wrong because ec2:DescribeSnapshots is not needed for creating. Option C is wrong because ec2:DeleteSnapshot is not needed.

Option D is wrong because ec2:ModifySnapshotAttribute is not needed.

253
Multi-Selecthard

A company runs SAP on AWS and wants to automate the patching of SAP application servers. The servers are in an Auto Scaling group. Which THREE steps should be included in the automation?

Select 3 answers
A.Update the Auto Scaling group's launch configuration or launch template to use the new AMI.
B.Create a new AMI with the patches applied.
C.Use AWS Systems Manager to apply patches to running instances.
D.Perform an instance refresh to gradually replace instances.
E.Terminate all existing instances at once.
AnswersA, B, D

This ensures new instances use the patched AMI.

Why this answer

Options A, C, and E are correct because creating a new AMI, updating the launch configuration, and gradually replacing instances is a standard rolling update. Option B is wrong because SSM can be used but introduces complexity and potential downtime. Option D is wrong because terminating instances before new ones are ready causes downtime.

254
MCQeasy

An SAP administrator needs to rotate the SSL/TLS certificate for the SAP Web Dispatcher running on an EC2 instance. The new certificate is stored in AWS Certificate Manager (ACM). How should the administrator deploy the certificate to the Web Dispatcher?

A.Export the certificate from ACM using the AWS CLI and install it on the EC2 instance.
B.Download the certificate from ACM and manually install it on the EC2 instance.
C.Configure ACM to automatically push the certificate to the EC2 instance.
D.Import the new certificate into ACM and associate it with an Application Load Balancer in front of the Web Dispatcher.
AnswerA

ACM supports exporting certificates for use on EC2 instances.

Why this answer

Option B is correct because ACM certificates cannot be directly downloaded; they must be exported or used via a load balancer or CloudFront. Option A (direct download) is not possible. Option C (ACM integration) is not supported natively.

Option D (import to ACM) is for bringing your own certificate.

255
MCQhard

A company runs its SAP ERP system on AWS with an Oracle database on an EC2 instance. The system is used by thousands of users globally. Recently, the database has been experiencing slow query performance, especially during end-of-month processing. The administrator notices that the database instance is an r5.8xlarge with 32 vCPUs and 256 GB of memory, running on a single EBS io1 volume with 20,000 IOPS for the data files. The administrator has already optimized the SQL queries and increased the SGA size. However, performance remains poor. The Amazon CloudWatch metrics show that the EBS volume's Average Queue Length is consistently above 10 and the read latency spikes to over 100 ms during peak times. The CPU utilization is around 70%. Which action should the administrator take to resolve the I/O bottleneck?

A.Change the volume type to gp3 and increase the baseline IOPS.
B.Create multiple EBS io1 volumes and stripe them using RAID 0 at the OS level.
C.Increase the IOPS of the existing io1 volume to 40,000.
D.Upgrade the EC2 instance to an r5.12xlarge with more network bandwidth.
AnswerB

RAID 0 increases I/O parallelism and reduces queue length.

Why this answer

Option D is correct because distributing the Oracle data files across multiple EBS volumes with RAID 0 increases I/O parallelism and reduces queue length. Option A is wrong because increasing IOPS on a single volume may not help if the volume is already at its throughput limit. Option B is wrong because switching to gp3 may not provide enough IOPS for the workload.

Option C is wrong because increasing instance size does not directly improve EBS performance; the bottleneck is at the storage layer.

256
Multi-Selectmedium

Which TWO of the following are best practices for securing an SAP HANA database on AWS? (Choose two.)

Select 2 answers
A.Deploy the HANA instance in a private subnet without direct internet access.
B.Disable SSL/TLS for client connections to improve performance.
C.Use a single Availability Zone to simplify network security group management.
D.Enable encryption at rest for the HANA data and log volumes using AWS KMS.
E.Assign a public IP address to the HANA instance for easy access from the internet.
AnswersA, D

Private subnet reduces attack surface.

Why this answer

Deploying the HANA instance in a private subnet without direct internet access ensures that the database is not exposed to the public internet, reducing the attack surface. This follows the AWS security best practice of using private subnets for sensitive workloads, with access only through bastion hosts or VPN/Direct Connect. It also aligns with SAP's own security recommendations for HANA deployments.

Exam trap

The trap here is that candidates may think disabling SSL/TLS improves performance (Option B) without recognizing that the performance gain is negligible compared to the catastrophic security risk, or they may incorrectly assume a public IP is acceptable for administrative access, overlooking the fundamental network isolation requirement for production databases.

257
MCQeasy

Refer to the exhibit. A CloudFormation template is used to migrate a web server to AWS. The template launches an EC2 instance but does not install the web server. What is the best way to automate the installation?

A.Create a CloudWatch Events rule to trigger a Lambda function after instance launch.
B.Add a UserData property to the EC2 instance resource.
C.Use AWS Systems Manager Run Command to install the web server.
D.Use AWS CodeDeploy to deploy the web server after the instance is created.
AnswerB

UserData runs scripts during instance initialization.

Why this answer

Option A is correct because UserData can run scripts at launch. Option B is incorrect because CloudWatch Events cannot install software. Option C is incorrect because CodeDeploy requires an agent already installed.

Option D is incorrect because SSM Run Command can be used but is not automatic at launch.

258
MCQeasy

A company is using AWS Systems Manager to automate patching of SAP application servers. The patching process should run during a maintenance window every Sunday at 2 AM. Which Systems Manager capability should be used to schedule the patching?

A.Automation
B.Patch Manager
C.State Manager
D.Maintenance Windows
AnswerD

Maintenance Windows allow scheduling of patching tasks.

Why this answer

Option D is correct because Maintenance Windows allow scheduling of patching operations. Option A is wrong because State Manager is for configuration management. Option B is wrong because Patch Manager is for patching but needs a schedule; Maintenance Window triggers it.

Option C is wrong because Automation is for runbooks.

259
MCQeasy

An SAP system uses a secondary IP address for the SAP application. After an instance reboot, the secondary IP address is no longer attached. What is the most likely cause?

A.The Elastic IP address was not associated with the instance
B.The secondary IP address is not automatically re-attached after instance stop/start
C.The security group removed the IP address
D.The Elastic Network Interface (ENI) was deleted
AnswerB

Secondary IPs are not persistent across stop/start; they must be re-attached or use an ENI.

Why this answer

Secondary IP addresses are not automatically re-attached after a stop/start unless configured in the ENI. Option A is wrong because Elastic IPs are not automatically detached. Option C is wrong because security groups don't affect IP addresses.

Option D is wrong because the ENI itself is not deleted unless terminated.

260
Multi-Selecthard

A company is migrating an SAP HANA database from on-premises to AWS. The database is 5 TB and the network link is 500 Mbps. The company has a tight window of 24 hours for the migration. Which TWO methods can be used to transfer the initial data load within the time constraint?

Select 2 answers
A.Use AWS DMS to perform a full load directly over the network.
B.Use AWS Site-to-Site VPN with jumbo frames enabled.
C.Use AWS Snowball Edge to transfer the database backup files to AWS.
D.Use AWS DataSync with compression enabled over a Direct Connect link.
E.Use Amazon S3 multipart upload to upload backup files directly from on-premises.
AnswersC, D

Physical transfer bypasses network limitations.

Why this answer

Option A (AWS Snowball Edge) and Option D (AWS DataSync over Direct Connect with compression) are correct. Snowball Edge can physically ship data, bypassing network. DataSync with compression can accelerate transfer over Direct Connect.

Option B (DMS) over 500 Mbps for 5 TB would take ~23 hours (theoretical) plus overhead, may exceed 24 hours. Option C (S3 multipart upload) same as DMS. Option E (AWS Site-to-Site VPN) is slower than Direct Connect.

261
MCQhard

A company runs SAP on AWS and wants to implement a disaster recovery solution with a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 15 minutes. The primary site is in us-east-1, and the DR site is in us-west-2. Which strategy meets these requirements for SAP HANA database?

A.Use AWS Database Migration Service (DMS) for ongoing replication
B.Take EBS snapshots every 15 minutes and copy them to us-west-2
C.Use Amazon S3 Cross-Region Replication for HANA data files
D.Configure SAP HANA System Replication across regions
AnswerD

HANA System Replication provides low RPO and meets RTO.

Why this answer

Option D is correct because HANA System Replication with log shipping can achieve RPO of minutes and RTO within hours. Option A is incorrect because EBS snapshots cannot achieve 15-minute RPO. Option B is incorrect because S3 cross-region replication is for files, not live HANA replication.

Option C is incorrect because DMS is for heterogeneous migrations, not real-time HANA replication.

262
Drag & Dropmedium

Drag and drop the steps to set up an SAP HANA system replication in AWS using the SAP HANA Cockpit into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SAP HANA system replication requires two instances, network connectivity, enabling replication on primary, registering secondary, and then starting replication.

263
MCQeasy

An SAP system administrator needs to store application logs for a minimum of 3 years for compliance. The logs are currently stored in Amazon S3 Standard and are accessed infrequently after 30 days. Which lifecycle policy should the administrator implement to minimize costs while meeting compliance?

A.Transition to S3 One Zone-IA after 30 days and delete after 3 years.
B.Transition to S3 Glacier after 30 days and delete after 3 years.
C.Delete logs after 30 days to save costs.
D.Transition to S3 Standard-IA after 30 days, then to S3 Glacier Deep Archive after 1 year, and delete after 3 years.
AnswerD

D is correct: balances access and long-term archival costs.

Why this answer

Option D is correct: transition to S3 Standard-IA after 30 days, then to S3 Glacier Deep Archive after 1 year, and expire after 3 years. Option A is incorrect because immediate transition to Glacier may incur retrieval costs. Option B is incorrect because S3 One Zone-IA is not durable enough for compliance.

Option C is incorrect because deleting after 30 days violates retention.

264
MCQmedium

An SAP environment on AWS consists of several EC2 instances running SAP NetWeaver and a separate HANA database instance. The system is using an Application Load Balancer (ALB) to distribute traffic to the web dispatchers. Recently, the ALB health checks are failing for one of the web dispatchers, causing it to be taken out of service. You investigate and find that the web dispatcher is running and can be reached directly via its private IP. The health check is configured to check the /sap/public/health endpoint. What is the most likely reason for the health check failure?

A.The security group for the web dispatcher does not allow traffic from the ALB.
B.The web dispatcher is configured to redirect HTTP requests to HTTPS, and the health check is using HTTP.
C.The web dispatcher instance is running out of memory, causing slow responses.
D.The web dispatcher has multiple IP addresses and the health check targets the wrong one.
AnswerB

A redirect response (3xx) is considered unhealthy by ALB; the health check should use HTTPS or the web dispatcher should not redirect.

Why this answer

Option A is correct because the health check endpoint must return a 200 OK response. If the web dispatcher returns a redirect (3xx) to a login page, the ALB considers it unhealthy. Option B (security group) would affect direct access as well.

Option C (instance size) is unrelated. Option D (multiple IPs) is not typical for a single instance.

265
MCQmedium

A company runs a critical SAP application on an SAP HANA database in a single Availability Zone on AWS. The database is 2 TB in size. The company needs to implement a disaster recovery (DR) strategy with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. The DR region must be in a different AWS Region. Which solution meets these requirements with the LEAST operational overhead?

A.Configure SAP HANA System Replication (HSR) in a multitier setup with a primary in the source region and a synchronous secondary in the DR region. Use HANA takeover for failover.
B.Use AWS Database Migration Service (DMS) to continuously replicate data from the HANA database to a HANA database in the DR region.
C.Deploy a second HANA node in a different Availability Zone in the same region and configure HANA System Replication. Use AWS Global Accelerator to route traffic to the standby.
D.Use AWS Backup to schedule daily snapshots of the HANA database and copy them to the DR region. In the event of a disaster, restore the latest snapshot to a new HANA instance.
AnswerA

HSR with synchronous replication provides low RPO and RTO, and is a standard SAP DR solution.

Why this answer

Option B is correct because HANA System Replication with a standby in another region provides automatic sync replication with RPO of seconds and RTO of minutes, meeting the requirements. Option A is wrong because manual snapshots have higher RPO and RTO. Option C is wrong because DMS does not support HANA as a source for continuous replication.

Option D is wrong because HSR with a single-node standby in another AZ does not provide cross-region DR.

266
MCQmedium

A company is deploying SAP S/4HANA on AWS and needs to ensure that the database and application servers are in the same placement group to minimize latency. However, the instance types required for the HANA database are not available in the same placement group due to insufficient capacity. What should the company do to maintain low latency?

A.Use a spread placement group instead of a cluster placement group.
B.Place all instances in the same Availability Zone without a placement group.
C.Use a different instance type for the database that is available in the placement group.
D.Place the database in a different AWS Region and use AWS Direct Connect.
AnswerA

Spread placement groups distribute instances across distinct hardware, reducing capacity issues while still minimizing latency.

Why this answer

A spread placement group is the correct choice because it spreads instances across distinct underlying hardware, reducing the risk of correlated failures while still keeping them in the same Availability Zone to minimize latency. Unlike a cluster placement group, which requires all instances to be on the same rack and can suffer from capacity constraints, a spread placement group does not enforce a single rack placement, so it can accommodate different instance types even when the cluster placement group lacks capacity. This ensures low latency for SAP S/4HANA communication between database and application servers without violating placement group constraints.

Exam trap

The trap here is that candidates assume only a cluster placement group can provide low latency, overlooking that a spread placement group in the same Availability Zone still offers significantly lower latency than no placement group, while avoiding the capacity limitations of a cluster placement group.

How to eliminate wrong answers

Option B is wrong because placing instances in the same Availability Zone without a placement group does not guarantee that they will be on the same physical hardware or even close together, which can introduce higher latency than a placement group provides. Option C is wrong because changing the database instance type may not meet the performance or memory requirements of SAP HANA, and it does not solve the underlying capacity issue in the cluster placement group. Option D is wrong because placing the database in a different AWS Region introduces significant cross-Region latency, which is unacceptable for SAP S/4HANA’s low-latency requirements, and AWS Direct Connect does not reduce latency between Regions.

267
MCQmedium

A company uses SAP NetWeaver with an Oracle database on EC2. The operations team wants to automate the patching of the operating system while ensuring minimal downtime. Which AWS Systems Manager capability should be used?

A.AWS Systems Manager Automation
B.AWS Systems Manager Run Command
C.AWS Systems Manager OpsCenter
D.AWS Systems Manager Patch Manager
AnswerD

Patch Manager automates the process of patching managed instances.

Why this answer

Option A is correct because Patch Manager automates OS patching. Option B is wrong because Run Command runs ad-hoc commands. Option C is wrong because Automation runs predefined workflows.

Option D is wrong because OpsCenter is for managing operational issues.

268
Multi-Selecthard

Which THREE factors should be considered when selecting an EC2 instance type for an SAP HANA production system during migration? (Choose 3.)

Select 3 answers
A.Memory (RAM) size relative to the HANA workload
B.GPU acceleration capabilities
C.EBS-optimized by default
D.Network throughput and latency
E.SAP certification of the instance type
AnswersA, D, E

HANA is memory-bound; sufficient RAM is critical.

Why this answer

Options A, B, and D are correct because SAP HANA is memory-intensive and requires certified instance types with sufficient RAM and network performance. Option C is wrong because GPU is not required for HANA. Option E is wrong because EBS-optimized is required for HANA, but it's a feature, not a factor specific to HANA.

269
MCQeasy

A company wants to migrate an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 10 Gbps network connection to AWS. The migration must have minimal downtime. Which AWS service should be used for the initial data load?

A.Amazon S3 Transfer Acceleration to upload the database dump, then restore to RDS.
B.AWS Database Migration Service (DMS) with ongoing replication.
C.AWS Storage Gateway to replicate the database files to Amazon S3, then restore to RDS.
D.AWS Snowball Edge to ship the data physically, then import to RDS.
AnswerB

DMS supports full load plus change data capture (CDC) for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) with ongoing replication is the correct choice because it supports a full load of the 2 TB Oracle database followed by continuous change data capture (CDC) to keep the target RDS instance synchronized with minimal downtime. The 10 Gbps network connection is sufficient for the initial load, and DMS handles schema conversion, data validation, and resumable transfers natively, making it ideal for a near-zero-downtime migration.

Exam trap

The trap here is that candidates often choose Snowball Edge for large datasets without considering the minimal downtime requirement, forgetting that physical shipping introduces hours or days of latency and cannot provide ongoing replication, while DMS with CDC is the only option that keeps the source online during migration.

How to eliminate wrong answers

Option A is wrong because S3 Transfer Acceleration only speeds up uploads to S3 over the public internet but does not provide ongoing replication or CDC; restoring a dump from S3 to RDS would require taking the source database offline for the entire dump and restore process, violating the minimal downtime requirement. Option C is wrong because AWS Storage Gateway is designed for hybrid storage (e.g., file shares, volume backups) and cannot replicate live Oracle database changes or perform CDC; it would only copy static database files, requiring a full outage for the initial copy and lacking incremental sync. Option D is wrong because AWS Snowball Edge is a physical data transfer device intended for large datasets over slow or unreliable networks; while it can move 2 TB, the shipping time (days) and the need to stop writes during data extraction make it unsuitable for minimal downtime, and it does not support ongoing replication.

270
MCQmedium

A company is migrating its SAP landscape to AWS and wants to ensure that all SAP systems can communicate with each other using private IP addresses only. The systems are deployed in multiple VPCs. Which AWS solution should be used to enable private connectivity between these VPCs?

A.VPC Peering.
B.VPC Endpoints.
C.AWS Site-to-Site VPN.
D.AWS Direct Connect.
AnswerA

VPC Peering enables private routing between VPCs.

Why this answer

Option B is correct because VPC Peering allows direct private IP connectivity between VPCs. Option A (VPN) is used for on-premises to VPC. Option C (Direct Connect) is for dedicated connection to on-premises.

Option D (VPC Endpoint) is for accessing AWS services privately.

271
MCQeasy

A company runs its SAP landscape on AWS and uses an Application Load Balancer (ALB) to distribute traffic to multiple web dispatchers. The operations team notices that some requests are failing with 503 errors. What is the most likely cause?

A.The security groups for the ALB are blocking incoming traffic.
B.The SSL certificate on the ALB has expired.
C.The CloudFront distribution in front of the ALB is misconfigured.
D.The target group health checks are failing, causing the ALB to mark instances as unhealthy.
AnswerD

503 errors occur when no healthy targets are available.

Why this answer

Option C is correct because 503 errors typically indicate that the target instances are unhealthy or the ALB cannot route traffic to them. Option A is wrong because security groups blocking traffic would cause 504 or timeout errors. Option B is wrong because SSL certificate issues cause 502 errors.

Option D is wrong because CloudFront is not in the path.

272
MCQmedium

A company is migrating its SAP ERP system to AWS and needs to minimize network latency between the SAP application servers and the database. Which architecture is recommended?

A.Place the application servers in one AZ and the database in a different AZ
B.Place both the application and database servers in the same Availability Zone
C.Place the application servers in one region and the database in another region
D.Keep the database on-premises and move only the application servers to AWS
AnswerB

Same-AZ placement minimizes latency.

Why this answer

Option C is correct because placing both the application and database servers in the same Availability Zone (AZ) minimizes network latency. Option A is wrong because different AZs add latency. Option B is wrong because different regions add significant latency.

Option D is wrong because using on-premises resources adds latency.

273
MCQhard

A company is migrating a large SAP Business Warehouse (BW) system to AWS. The system uses SAP HANA as the database. The migration plan involves using SAP HANA System Replication (HSR) for near-zero downtime. During the initial synchronization, the network bandwidth is limited to 1 Gbps. The source database is 5 TB. How long will the initial synchronization approximately take, assuming no other bottlenecks?

A.Approximately 2 hours
B.Approximately 6 hours
C.Approximately 12 hours
D.Approximately 24 hours
AnswerC

5 TB at 1 Gbps gives about 11.1 hours; 12 hours is a reasonable estimate including overhead.

Why this answer

5 TB = 5,000 GB = 40,000 Gb (since 1 GB = 8 Gb). At 1 Gbps, time = 40,000 seconds ≈ 11.1 hours. This simple calculation ignores overhead, but among the options, 12 hours is the closest.

The other options are unrealistic.

274
MCQmedium

A security engineer is troubleshooting an issue where a cross-account IAM role (arn:aws:iam::123456789012:role/CrossAccountRole) is unable to upload objects to an S3 bucket (my-bucket) owned by another account. The bucket policy is shown above. What is the MOST likely reason for the failure?

A.The IAM role does not specify the x-amz-acl header with value bucket-owner-full-control in its PutObject request.
B.The S3 bucket has versioning enabled, which requires additional permissions.
C.The resource ARN in the bucket policy is incorrect; it should be arn:aws:s3:::my-bucket/*.
D.The bucket policy does not grant the s3:PutObject permission to the IAM role.
AnswerA

The bucket policy condition requires this header; without it, the request is denied.

Why this answer

The bucket policy grants s3:PutObject to the IAM role, but when objects are uploaded cross-account, the object ACL defaults to the uploading account's full control. Without the `x-amz-acl: bucket-owner-full-control` header, the bucket owner (target account) does not own the object and may not be able to manage or delete it. The IAM role must explicitly set this header in the PutObject request to transfer object ownership to the bucket owner, otherwise the upload fails with an AccessDenied error.

Exam trap

The trap here is that candidates assume the bucket policy alone is sufficient for cross-account uploads, overlooking the requirement for the `bucket-owner-full-control` ACL header to transfer object ownership to the bucket owner.

How to eliminate wrong answers

Option B is wrong because enabling versioning does not require additional permissions for PutObject; versioning affects object version IDs but does not block uploads due to ownership issues. Option C is wrong because the resource ARN `arn:aws:s3:::my-bucket` is correct for granting permissions on the bucket itself; the wildcard `/*` is needed only for object-level operations, but the policy already uses `arn:aws:s3:::my-bucket/*` in the Resource element (the question states the bucket policy is shown above, and the correct ARN is used). Option D is wrong because the bucket policy does grant s3:PutObject to the IAM role; the failure is not due to missing permission but due to missing ACL header.

275
MCQmedium

The above IAM policy is attached to an IAM role used by an AWS DMS replication instance. The DMS task is migrating data from an on-premises Oracle database to Amazon S3. The DMS task fails with an access error. What is missing from the policy?

A.Permissions to describe EC2 instances are missing
B.Permissions to access Amazon RDS are missing
C.Permissions to pass the IAM role to the DMS replication instance are missing
D.Permissions to write to the S3 bucket are missing
AnswerC

DMS needs iam:PassRole to allow the replication instance to assume the role.

Why this answer

Option B is correct because DMS needs permissions to read from the source endpoint (Oracle database) but the policy only includes S3 and EC2 permissions. The source endpoint is on-premises, so DMS requires network connectivity, but the error is access error, indicating missing IAM permissions for DMS itself. Actually, DMS requires permissions to create network interfaces and describe endpoints.

The most common missing permission is 'dms:CreateEndpoint' and 'dms:DescribeEndpoints'. However, since the task is already created, the issue might be that DMS needs to pass the IAM role to the replication instance. The policy missing 'iam:PassRole' is a common cause.

Option A is wrong because S3 permissions are present. Option C is wrong because EC2 permissions are present. Option D is wrong because DMS does not need RDS permissions.

276
MCQeasy

An SAP system running on AWS is experiencing high CPU usage on the application server during peak hours. The system is already using the largest instance type available in the current generation. What is the most cost-effective solution to handle the peak load?

A.Upgrade to a larger instance type from a different instance family
B.Purchase Reserved Instances to reduce cost and allocate more resources
C.Add an additional SAP application server in the same Availability Zone
D.Use Auto Scaling to automatically add instances during peak hours
AnswerC

Horizontal scaling distributes load across multiple servers.

Why this answer

Option B is correct because adding an additional application server distributes the load horizontally. Option A is incorrect because vertical scaling is not possible if max instance already used. Option C is incorrect because buying reserved instances does not solve peak CPU issue.

Option D is incorrect because enabling Auto Scaling for app tier but without additional instances it doesn't help.

277
MCQeasy

A company is migrating an on-premises SAP HANA database to AWS. The database is 2 TB in size. The migration window is limited to 3 days. Which AWS service should be used to perform the initial data transfer?

A.AWS Snowball Edge
B.AWS Database Migration Service (DMS)
C.AWS DataSync
D.AWS Direct Connect
AnswerA

Snowball Edge can physically transport 2 TB of data quickly, bypassing network constraints.

Why this answer

AWS Snowball Edge is designed for large data transfers when network bandwidth is limited. The 2 TB database can be physically shipped and loaded onto AWS. AWS Direct Connect is for ongoing connectivity, not bulk transfer.

AWS DataSync is for smaller datasets over the network. AWS DMS is for ongoing replication and requires network bandwidth.

278
MCQeasy

An SAP administrator needs to migrate an on-premises SAP ERP system to AWS. The current system runs on a single Windows Server with SQL Server and uses 2 TB of storage. The migration must minimize downtime and use native AWS tools. Which service should be used to replicate the on-premises server to AWS?

A.AWS CloudFormation
B.AWS Snowball
C.AWS Database Migration Service (DMS)
D.AWS Server Migration Service (SMS)
AnswerD

SMS replicates entire server volumes to AWS, minimizing downtime.

Why this answer

Option B is correct: AWS Server Migration Service (SMS) is designed to replicate on-premises servers to AWS, supporting Windows and SQL Server. Option A is wrong: AWS CloudFormation is for infrastructure as code, not replication. Option C is wrong: AWS DMS is for database migration, but doesn't replicate the full server.

Option D is wrong: AWS Snowball is for offline data transfer, not continuous replication.

279
MCQmedium

A company is migrating an SAP ERP system running on an on-premises IBM AIX server to AWS. The server hosts both the SAP application and the DB2 database. The company has a tight deadline and wants to minimize the migration effort. The current system uses a storage area network (SAN) with 2 TB of data. The company wants to use AWS native services and avoid re-architecting. What is the BEST migration strategy?

A.Use AWS Application Migration Service (MGN) to replicate the entire server to AWS.
B.Manually install SAP and DB2 on EC2 and restore from backup.
C.Use AWS Snowball Edge to transfer the data offline and then launch EC2 instances.
D.Use AWS DMS to migrate the DB2 database to Amazon RDS for DB2.
AnswerA

MGN supports AIX and replicates the entire server.

Why this answer

AWS MGN supports migration of IBM AIX servers with block-level replication. Option B is wrong because AWS DMS does not support DB2 on AIX as a source. Option C is wrong because AWS Snowball would require downtime and is not real-time.

Option D is wrong because manual installation is more effort and not leveraging AWS services.

280
MCQmedium

A company is migrating its SAP environment to AWS and needs to ensure that the SAP license compliance is maintained. What should the company do to verify that the EC2 instances used for SAP are properly licensed?

A.Use AWS License Manager to enforce license limits
B.Use only bring-your-own-license (BYOL) instances
C.Use AWS Config rules to check instance types
D.Use EC2 instance types listed in the SAP Certified and Supported SAP HANA Hardware Directory
AnswerD

The SAP HANA Hardware Directory lists certified instances.

Why this answer

AWS provides a list of EC2 instance types that are certified for SAP. The company should use these certified types and ensure they have the appropriate SAP licenses. Option B is correct.

Option A (BYOL) is possible but not verification. Option C (AWS License Manager) tracks licenses but doesn't verify SAP compatibility. Option D (AWS Config) can track configuration but not licensing.

281
MCQeasy

A company is deploying SAP S/4HANA on AWS and needs to choose the storage for the HANA data volume. Which EBS volume type provides the highest consistent IOPS for this workload?

A.EBS io2 Block Express
B.EBS gp3
C.EBS io1
D.EBS st1
AnswerA

io2 Block Express offers up to 256,000 IOPS.

Why this answer

Option A is correct because io2 Block Express provides the highest IOPS of the listed types. Option B (io1) is older. Option C (st1) is throughput-optimized.

Option D (gp3) offers baseline performance but lower max IOPS.

282
MCQeasy

An SAP administrator needs to monitor the disk I/O performance of an Aurora PostgreSQL database used by SAP. Which Amazon CloudWatch metric should be used to track read and write operations per second?

A.FreeableMemory
B.CPUUtilization
C.ReadIOPS and WriteIOPS
D.DatabaseConnections
AnswerC

These metrics directly measure read and write operations per second.

Why this answer

Option C is correct because ReadIOPS and WriteIOPS metrics track the number of read and write operations per second. Option A (CPUUtilization) tracks CPU. Option B (DatabaseConnections) tracks connections.

Option D (FreeableMemory) tracks memory.

283
MCQhard

A company is migrating its SAP landscape to AWS and plans to use SAP S/4HANA. The migration includes a heterogeneous system conversion from an existing SAP ECC system. Which AWS service or tool supports the generation of the migration cockpit and migration object modeler content required for the conversion?

A.AWS Database Migration Service (DMS)
B.AWS Application Migration Service (MGN)
C.AWS Migration Hub
D.SAP S/4HANA Migration Cockpit (not an AWS service)
AnswerD

The Migration Cockpit is the SAP tool that generates migration content; AWS does not provide this.

Why this answer

SAP S/4HANA migration uses the SAP S/4HANA Migration Cockpit, which relies on migration object modeler content. This content is generated by the SAP S/4HANA Migration Cockpit itself, not by an AWS service. AWS does not provide a service that generates SAP migration content.

Option A (AWS Migration Hub) tracks migrations. Option B (AWS Application Migration Service) is for server migration. Option C (AWS Database Migration Service) migrates databases.

Option D (SAP S/4HANA Migration Cockpit) is the correct tool for generating the migration cockpit content.

284
Multi-Selecthard

A company runs SAP ERP on AWS with an Oracle database. The architect wants to implement a backup strategy that provides point-in-time recovery (PITR) with an RPO of 5 minutes and an RTO of 2 hours. Which TWO solutions should the architect consider? (Choose TWO.)

Select 2 answers
A.AWS Database Migration Service (DMS) with ongoing replication to an Oracle instance in another AZ
B.Oracle Recovery Manager (RMAN) with archivelog mode backing up to Amazon S3
C.Amazon S3 Lifecycle policies to move backups to Glacier
D.Amazon S3 Transfer Acceleration for backup uploads
E.EBS snapshots every 5 minutes
AnswersA, B

DMS ongoing replication can achieve low RPO and provides a standby for failover.

Why this answer

Option A is correct because AWS DMS with ongoing replication can continuously replicate changes from the Oracle source database to a target Oracle instance in another Availability Zone, enabling point-in-time recovery with an RPO as low as 5 minutes. This approach supports near-real-time replication and can be combined with automatic failover to meet the RTO of 2 hours, as the target instance is already synchronized and ready.

Exam trap

The trap here is that candidates often assume EBS snapshots can be taken at very high frequencies (like every 5 minutes) to achieve low RPO, but AWS enforces a 60-minute minimum cooldown between snapshots, making this option infeasible for the stated RPO.

285
MCQeasy

Which AWS service should be used to capture and analyze operating system-level metrics from an EC2 instance running SAP, such as memory utilization and disk I/O, and to set alarms based on thresholds?

A.AWS Config
B.AWS Trusted Advisor
C.Amazon CloudWatch with the CloudWatch Agent
D.Amazon Inspector
AnswerC

CloudWatch Agent collects OS metrics and supports alarms.

Why this answer

Option C is correct because Amazon CloudWatch with the CloudWatch Agent can collect OS-level metrics and trigger alarms. Option A is wrong because AWS Config is for resource compliance. Option B is wrong because AWS Trusted Advisor provides best practice checks, not metrics.

Option D is wrong because Amazon Inspector is for security assessments.

286
MCQhard

A company runs an SAP system on AWS and wants to implement a disaster recovery (DR) strategy that provides a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 15 minutes. The primary site is in us-east-1 and the DR site is in us-west-2. Which approach meets these requirements?

A.Use Amazon EBS cross-Region replication for all volumes
B.Use AWS Backup to copy snapshots to the DR region every 15 minutes
C.Configure SAP HANA system replication to the DR region and use automatic failover
D.Take daily backups of the SAP HANA database and store in S3, then restore in us-west-2
AnswerC

Provides low RTO and RPO.

Why this answer

Option B is correct because using SAP HANA system replication with automatic failover provides low RTO and RPO. Option A is wrong because daily backups to S3 have RPO of 24 hours. Option C is wrong because manual snapshots have higher RTO.

Option D is wrong because cross-Region replication of EBS snapshots does not provide automatic failover.

287
MCQhard

An SAP system administrator notices that nightly SAP HANA backups to Amazon S3 are failing intermittently with 'Access Denied' errors. The backups are initiated by an AWS Lambda function that uses an IAM role. The role has a policy that grants s3:PutObject on the backup bucket. Which additional IAM action is most likely required to resolve the issue?

A.s3:ListBucket
B.s3:PutObjectAcl
C.s3:DeleteObject
D.s3:GetObject
AnswerB

Required to set object ownership, especially when bucket policy enforces bucket owner full control.

Why this answer

Option C is correct because S3 bucket policies often require s3:PutObjectAcl for cross-account access or when the bucket owner is different from the uploader. Option A is wrong because s3:ListBucket is for listing objects, not uploading. Option B is wrong because s3:GetObject is for reading, not writing.

Option D is wrong because s3:DeleteObject is for removing objects, not uploading.

288
MCQeasy

A manufacturing company is migrating its SAP ECC system to AWS. The system includes an SAP HANA database (1 TB) and an SAP NetWeaver application server. They plan to use AWS Database Migration Service (DMS) for the database and AWS Application Migration Service (MGN) for the application server. The network connection is AWS Direct Connect with 1 Gbps bandwidth. During a test migration, the DMS task for the database fails with a connection error. The source database is on an on-premises server that is behind a firewall. The administrator has already opened the necessary ports in the firewall. The DMS replication instance is in a VPC with a public subnet. Which step should the administrator take to resolve the connection issue?

A.Modify the DMS source endpoint to use a different port.
B.Create a private subnet for the DMS replication instance and attach a NAT gateway to allow outbound traffic to the on-premises database.
C.Configure the source database to allow connections from the DMS replication instance IP.
D.Open additional ports in the on-premises firewall.
AnswerB

Private subnet with NAT gateway enables connectivity to on-premises.

Why this answer

DMS replication instance needs network connectivity to the source database. If the source is behind a firewall, the DMS instance may need to be in a private subnet with a NAT gateway or VPC peering. Option A is correct because creating a private subnet and enabling NAT gateway allows outbound connectivity.

Option B is wrong because DMS endpoint is for configuring source/target, not for network connectivity. Option C is wrong because the firewall is already open. Option D is wrong because modifying the source database configuration is not needed.

289
MCQeasy

A company is running SAP BusinessObjects on AWS. The application is deployed on EC2 instances with an Application Load Balancer. Users are reporting that the application is sometimes unreachable. What is the most likely cause?

A.The target group health checks are failing intermittently on the EC2 instances.
B.The security group for the instances is not allowing traffic from the load balancer.
C.The load balancer is not configured with sticky sessions.
D.The Route 53 TTL is too short for DNS resolution.
AnswerA

Unhealthy instances are removed from the load balancer, causing connection failures.

Why this answer

Intermittent unreachability of an application behind an Application Load Balancer (ALB) is most commonly caused by health checks failing on the target EC2 instances. When health checks fail intermittently, the ALB will periodically mark the instances as unhealthy and stop routing traffic to them, causing the application to become unreachable during those windows. This matches the symptom of 'sometimes unreachable' rather than a persistent failure.

Exam trap

The trap here is that candidates often confuse intermittent reachability with misconfigured security groups or DNS, but the key phrase 'sometimes unreachable' points directly to a dynamic health check failure rather than a static configuration error.

How to eliminate wrong answers

Option B is wrong because if the security group for the instances were not allowing traffic from the load balancer, the application would be persistently unreachable, not intermittent. Option C is wrong because sticky sessions (session affinity) affect which instance handles a user's session, not overall reachability of the application. Option D is wrong because a short Route 53 TTL affects how quickly DNS changes propagate, not the real-time reachability of an already-resolved endpoint; DNS resolution is cached by clients and intermediate resolvers, so a short TTL would not cause intermittent unreachability.

290
MCQhard

A company runs SAP Business Suite on AWS with Oracle Database. The system is experiencing high read latency on the database server. The current storage configuration uses EBS gp2 volumes. Which change would most effectively reduce read latency?

A.Migrate to io2 Block Express volumes with provisioned IOPS.
B.Increase the size of the EBS gp2 volumes to increase baseline IOPS.
C.Configure a RAID 0 stripe across multiple EBS volumes.
D.Use EBS st1 volumes for better throughput.
AnswerA

io2 Block Express provides consistent low latency and high IOPS.

Why this answer

Option A is correct because io2 Block Express volumes provide consistent, high-performance IOPS with sub-millisecond latency, which directly addresses the high read latency issue. Unlike gp2, which relies on burst credits and has variable performance, io2 Block Express delivers provisioned IOPS up to 256,000 per volume, making it ideal for latency-sensitive SAP workloads with Oracle Database.

Exam trap

The trap here is that candidates often assume increasing gp2 volume size (Option B) or striping volumes (Option C) will solve latency issues, but the PAS-C01 exam tests the understanding that for consistent low-latency random I/O, provisioned IOPS volumes like io2 Block Express are required, not just higher throughput or IOPS aggregation.

How to eliminate wrong answers

Option B is wrong because increasing gp2 volume size only raises the baseline IOPS (at a rate of 3 IOPS per GB), but does not guarantee low latency under sustained high read loads, as gp2 performance can still degrade when burst credits are exhausted. Option C is wrong because RAID 0 striping across multiple EBS volumes improves throughput and IOPS but does not inherently reduce read latency; it can even introduce additional overhead from the RAID controller and increase the risk of data loss if a single volume fails. Option D is wrong because EBS st1 volumes are throughput-optimized HDDs designed for large, sequential workloads, not for low-latency random reads, and they have higher latency than SSD-based volumes like gp2 or io2.

291
MCQeasy

A company is running SAP on AWS and needs to monitor the available memory on their SAP application servers. Which AWS service can be used to collect and visualize memory utilization metrics?

A.AWS Config
B.Amazon Inspector
C.Amazon CloudWatch with CloudWatch Agent
D.AWS CloudTrail
AnswerC

CloudWatch Agent collects memory metrics and sends them to CloudWatch.

Why this answer

Amazon CloudWatch with the CloudWatch Agent is the correct choice because the agent can be installed on EC2 instances to collect custom metrics, including memory utilization, which is not available by default from the hypervisor. The agent sends these metrics to CloudWatch, where you can visualize them using dashboards or set alarms. This directly addresses the need to monitor SAP application server memory on AWS.

Exam trap

The trap here is that candidates assume EC2 instance metrics in CloudWatch automatically include memory utilization, but they do not—only the CloudWatch Agent can collect and publish those OS-level metrics.

How to eliminate wrong answers

Option A is wrong because AWS Config is a service for evaluating and auditing resource configurations against desired policies, not for collecting or visualizing runtime performance metrics like memory utilization. Option B is wrong because Amazon Inspector is a vulnerability management service that scans for software vulnerabilities and unintended network exposure, not a monitoring tool for OS-level metrics such as memory usage. Option D is wrong because AWS CloudTrail records API activity and user actions for auditing and governance, not for collecting system-level performance metrics from EC2 instances.

292
Multi-Selectmedium

Which THREE AWS services are typically used in the migration of an SAP environment to AWS? (Choose 3.)

Select 3 answers
A.AWS Database Migration Service (DMS)
B.AWS CloudTrail
C.AWS Direct Connect
D.AWS Server Migration Service (SMS)
E.AWS Schema Conversion Tool (SCT)
AnswersA, D, E

DMS is used for database migration.

Why this answer

AWS Database Migration Service (DMS) is correct because it enables the migration of SAP HANA, SAP ASE, or other SAP-supported databases to AWS with minimal downtime. DMS supports homogeneous migrations (e.g., SAP HANA to SAP HANA on Amazon RDS or EC2) and heterogeneous migrations (e.g., SAP ASE to SAP HANA) when paired with the Schema Conversion Tool (SCT). It handles ongoing replication via Change Data Capture (CDC), which is critical for SAP systems that cannot tolerate extended outages.

Exam trap

The trap here is that candidates confuse supporting services (like Direct Connect for network or CloudTrail for auditing) with actual migration services, leading them to select options that are not part of the core migration toolset for SAP workloads.

293
MCQhard

A company runs SAP HANA on AWS with a multi-AZ deployment using HANA System Replication (HSR). The primary site is in us-east-1a and the secondary in us-east-1b. Each site has an ASCS and PAS. The HANA database uses a virtual IP address managed by a Route 53 health check with a failover routing policy. During a recent AZ failure in us-east-1a, the automatic failover to the secondary site took over 15 minutes. The recovery time objective (RTO) is 5 minutes. Analysis shows that the Route 53 health check failed but the failover did not trigger quickly because the DNS TTL was set to 300 seconds. What changes should be made to meet the RTO?

A.Increase the DNS TTL to 600 seconds to ensure stability.
B.Replace Route 53 with an Application Load Balancer for the virtual IP.
C.Reduce the DNS TTL to 60 seconds and use a weighted routing policy with health checks.
D.Remove the health check and use a simple routing policy with a low TTL.
AnswerC

Lower TTL speeds up DNS propagation; weighted routing allows immediate failover.

Why this answer

Option C is correct because reducing the DNS TTL to 60 seconds ensures that DNS resolvers cache the failover record for a shorter duration, allowing the Route 53 failover routing policy to propagate the new IP address more quickly after a health check failure. Combined with a weighted routing policy and health checks, this enables failover within the 5-minute RTO by minimizing DNS propagation delay, which was the bottleneck at 300 seconds.

Exam trap

The trap here is that candidates may think increasing TTL improves stability (Option A) or that an ALB can replace a virtual IP for HANA HSR (Option B), but the core issue is DNS propagation delay, and only reducing TTL with a failover routing policy directly addresses the RTO requirement.

How to eliminate wrong answers

Option A is wrong because increasing the DNS TTL to 600 seconds would worsen the failover time, extending the delay beyond 15 minutes and making it impossible to meet the 5-minute RTO. Option B is wrong because an Application Load Balancer (ALB) does not support virtual IP addresses for SAP HANA HSR; ALBs operate at Layer 7 and cannot handle the static IP requirements of HANA System Replication, which relies on a fixed virtual IP for client connections. Option D is wrong because removing the health check eliminates the automated failure detection mechanism, and using a simple routing policy without health checks would not trigger failover at all, leaving the system unable to recover from an AZ failure.

294
MCQmedium

A company is running SAP on AWS and needs to ensure that its SAP HANA database is backed up daily with minimal impact on performance. The database is 2 TB in size and runs on an r5.8xlarge instance. Which backup strategy meets these requirements?

A.Perform a full backup to Amazon EBS volumes attached to the instance
B.Use the SAP HANA Backint agent to back up directly to Amazon S3
C.Use AWS Backup to create snapshots of the entire EC2 instance
D.Use AWS Storage Gateway to back up to Amazon S3 Glacier
AnswerB

Backint integrates with SAP HANA for efficient, performant backups.

Why this answer

Option C is correct because using Backint agent with Amazon S3 is the recommended method for SAP HANA backups on AWS, providing efficient backups with minimal performance impact. Options A and B can cause performance issues. Option D is not SAP-specific.

295
MCQmedium

A company is migrating an SAP environment to AWS using a heterogeneous database migration from Oracle to SAP HANA. The migration tool must convert the database schema and data types. Which AWS service or feature should be used?

A.AWS Database Migration Service (DMS) with AWS Schema Conversion Tool (SCT)
B.AWS Server Migration Service
C.AWS Data Pipeline
D.SAP HANA Studio
AnswerA

DMS with SCT can convert schema and data from Oracle to HANA.

Why this answer

AWS DMS supports heterogeneous migrations with schema conversion using the AWS Schema Conversion Tool (SCT). Option A (SAP HANA Studio) is an SAP tool, not AWS. Option C (Server Migration Service) is for servers.

Option D (Data Pipeline) is for data processing.

296
MCQmedium

A company runs SAP on AWS and uses an Application Load Balancer (ALB) to distribute traffic to web dispatchers. The operations team notices that some requests are failing with 503 errors. What is the MOST likely cause?

A.The SSL certificate on the ALB has expired.
B.Security groups allow too much traffic.
C.The target instances are failing health checks.
D.The ALB is out of capacity.
AnswerC

Unhealthy targets cause ALB to return 503 errors.

Why this answer

Option C is correct because 503 errors from an ALB indicate that the target instances are unhealthy or not responding. Option A is wrong because 503 errors are not caused by SSL certificate issues. Option B is wrong because security groups would cause connection timeouts, not 503.

Option D is wrong because ALB capacity is automatically scaled.

297
MCQeasy

An operations team needs to automate the patching of EC2 instances running SAP applications. The instances are part of an Auto Scaling group. The team wants to apply patches without causing downtime to the SAP system. Which approach should they use?

A.Use AWS Systems Manager Patch Manager with a maintenance window that patches all instances simultaneously
B.Use AWS CodeDeploy to deploy patches as a new application version
C.Use AWS Systems Manager Patch Manager with a maintenance window and configure the Auto Scaling group to perform a rolling update
D.Use AWS OpsWorks to manage patching, configuring a rolling update
AnswerC

Patches can be applied during a maintenance window, and rolling updates ensure availability.

Why this answer

Option C is correct because AWS Systems Manager Patch Manager can be integrated with an Auto Scaling group to perform a rolling update, which updates instances in batches, ensuring that the SAP application remains available throughout the patching process. This approach minimizes downtime by replacing or updating instances incrementally rather than all at once, which is critical for SAP systems that require high availability.

Exam trap

The trap here is that candidates might assume patching all instances simultaneously is acceptable for SAP systems, overlooking the critical requirement for zero downtime, or they might confuse CodeDeploy's application deployment capabilities with OS patching needs.

How to eliminate wrong answers

Option A is wrong because patching all instances simultaneously would cause downtime for the SAP system, as the instances would be unavailable at the same time. Option B is wrong because AWS CodeDeploy is designed for deploying application code, not for OS-level patching of EC2 instances; it does not manage system patches or integrate with Patch Manager for this purpose. Option D is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet, but it is not the recommended or native service for automated patching of EC2 instances in an Auto Scaling group; Patch Manager with rolling updates is the standard approach.

298
MCQeasy

A company wants to ensure that their SAP HANA database backups are stored securely and can be retained for 7 years for compliance. Which AWS service should they use to archive the backups?

A.Amazon EBS Snapshots
B.Amazon S3 Glacier Deep Archive
C.Amazon S3 Intelligent-Tiering
D.Amazon S3 Standard
AnswerB

Glacier Deep Archive provides the lowest cost for 7-year retention, meeting compliance requirements.

Why this answer

Option B is correct because S3 Glacier Deep Archive is the lowest-cost storage for long-term archival with retrieval times of 12 hours. Option A is wrong because S3 Standard is for frequent access, not archival. Option C is wrong because EBS Snapshots are incremental and not designed for long-term archival with compliance.

Option D is wrong because S3 Intelligent-Tiering is for data with unknown access patterns, not purely archival.

299
Multi-Selecteasy

A company is migrating SAP workloads to AWS and needs to choose storage for SAP HANA. Which two storage options are supported for SAP HANA data volumes? (Select TWO.)

Select 2 answers
A.Amazon EBS io2 Block Express volumes.
B.Amazon S3.
C.Amazon EFS.
D.Instance Store (NVMe SSD) volumes.
E.Amazon EBS gp3 volumes.
AnswersA, E

Supports high IOPS and low latency required by HANA.

Why this answer

Amazon EBS io2 Block Express volumes are supported for SAP HANA data volumes because they provide high durability (99.999% durability) and sub-millisecond latency with up to 256,000 IOPS per volume, meeting SAP's performance requirements for production HANA workloads. Amazon EBS gp3 volumes are also supported for SAP HANA data volumes, offering a baseline of 3,000 IOPS and 125 MB/s throughput with the ability to scale independently, making them suitable for non-production or smaller production environments.

Exam trap

The trap here is that candidates often confuse supported storage for SAP HANA data volumes with log volumes, where Instance Store (NVMe SSD) is supported for log volumes but not for data volumes, leading to incorrect selection of Option D.

300
MCQmedium

A company runs SAP HANA on AWS and needs to ensure that the database can survive a single Availability Zone failure without manual intervention. The SAP HANA system is currently deployed on a single EC2 instance. Which solution meets this requirement?

A.Use an Auto Scaling group to launch a new SAP HANA instance if the current instance fails
B.Configure SAP HANA System Replication with a secondary instance in a different Availability Zone and enable automatic takeover
C.Deploy the SAP HANA instance in a placement group within a single Availability Zone
D.Take daily EBS snapshots and copy them to another AWS Region
AnswerB

System Replication with automatic takeover ensures failover without manual intervention.

Why this answer

SAP HANA System Replication with automatic takeover in a Multi-AZ setup provides automatic failover. Option A is wrong because a single instance in one AZ does not survive AZ failure. Option C is wrong because manual snapshots require intervention.

Option D is wrong because Auto Scaling is for stateless applications, not databases.

Page 3

Page 4 of 24

Page 5