AWS Certified SAP on AWS Specialty PAS-C01 (PAS-C01) — Questions 301375

1733 questions total · 24pages · All types, answers revealed

Page 4

Page 5 of 24

Page 6
301
MCQmedium

A company runs SAP on AWS and uses AWS Backup to back up the SAP HANA database. The backup job fails with an error indicating insufficient IAM permissions. What is the most likely missing permission?

A.ec2:DescribeInstances
B.kms:Decrypt
C.rds:CreateDBSnapshot
D.s3:PutObject
AnswerB

If the backup is encrypted, AWS Backup requires kms:Decrypt to access the key.

Why this answer

AWS Backup requires permissions to decrypt the KMS key used to encrypt the SAP HANA database or its backup target. If the IAM role assigned to AWS Backup lacks the `kms:Decrypt` action for the specific KMS key, the backup job fails with an insufficient IAM permissions error. This is because AWS Backup must read the encrypted data before transferring it to the backup vault.

Exam trap

The trap here is that candidates often assume the missing permission is `s3:PutObject` because backups are stored in S3, but the error occurs before the data is written, during the decryption step when the source is encrypted with a KMS key.

How to eliminate wrong answers

Option A is wrong because `ec2:DescribeInstances` is used to list or describe EC2 instances, not to perform backup operations on SAP HANA databases; it is not required for the backup job itself. Option C is wrong because `rds:CreateDBSnapshot` is specific to Amazon RDS instances, not SAP HANA on EC2, which uses AWS Backup with custom resources or the SAP HANA Backint agent. Option D is wrong because `s3:PutObject` is needed for writing backup data to an S3 bucket, but the error specifically indicates insufficient IAM permissions, and the most common missing permission in encrypted environments is `kms:Decrypt`, not the S3 write action.

302
MCQeasy

Refer to the exhibit. An administrator is creating an IAM policy for a user who will perform database migrations using AWS DMS. The migration fails with an error 'Insufficient permissions to create DMS endpoint'. Which missing action should be added to the policy?

A.dms:CreateEndpoint
B.dms:ModifyEndpoint
C.dms:TestConnection
D.dms:CreateReplicationInstance
AnswerA

Without CreateEndpoint, DMS cannot create endpoints.

Why this answer

The policy allows creating replication tasks but not endpoints. To create endpoints, the action 'dms:CreateEndpoint' is required. Option B is wrong because 'dms:CreateReplicationInstance' is for replication instances.

Option C is wrong because 'dms:TestConnection' is for testing connections. Option D is wrong because 'dms:ModifyEndpoint' is for modifying existing endpoints.

303
MCQhard

An SAP system on AWS uses a Multi-AZ deployment for the database layer with synchronous replication. The application servers are in the same region but different Availability Zones. During a recent failure of the primary database instance, the automatic failover to the standby instance took longer than expected, exceeding the RTO of 5 minutes. Upon investigation, the team finds that the standby instance was not fully synchronized at the time of failure. What could be the cause?

A.The EBS volumes on the standby instance have lower IOPS than the primary.
B.The Multi-AZ configuration uses a single network interface.
C.The security groups on the standby instance block replication traffic.
D.The network latency between the Availability Zones is high.
AnswerD

High latency can cause synchronous replication to slow down.

Why this answer

Option C is correct because if the network latency between Availability Zones is high, synchronous replication can cause the primary to wait for acknowledgment, slowing down transactions and causing the standby to lag. Option A is wrong because Multi-AZ does not have a single point of failure for network. Option B is wrong because EBS volume performance affects both instances.

Option D is wrong because security groups do not cause replication lag.

304
MCQeasy

An SAP administrator runs the AWS CLI command shown in the exhibit. What does the output indicate about the RDS instance my-sap-db?

A.The database is idle because CPU utilization is low.
B.The database experienced high memory usage.
C.The database CPU utilization spiked to 85.3% at 00:10 UTC.
D.The database had a high number of connections.
AnswerC

C is correct: the data shows a spike.

Why this answer

Option C is correct: The data points show CPU utilization averages over 5-minute intervals. The second point shows 85.3%, indicating a spike. Option A is incorrect because the command does not show memory metrics.

Option B is incorrect because the command does not show connections. Option D is incorrect because the data shows CPU utilization, not database activity.

305
Multi-Selectmedium

An architect is designing a highly available SAP NetWeaver architecture on AWS. The system uses an SAP Central Services (ASCS) instance. Which THREE components are required to achieve high availability for the SAP environment? (Choose THREE.)

Select 3 answers
A.Shared file storage (e.g., Amazon EFS or EBS Multi-Attach)
B.A cluster manager such as Pacemaker
C.A NAT Gateway for outbound traffic
D.An Internet Gateway for inbound traffic
E.A Network Load Balancer to distribute traffic to ASCS
AnswersA, B, E

Shared storage ensures data consistency after failover.

Why this answer

A cluster manager like Pacemaker handles failover. Shared storage (e.g., Amazon EFS or EBS) is needed for /sapmnt and /usr/sap. A Network Load Balancer distributes traffic and detects failures.

Option B is wrong because NAT Gateway is for outbound internet. Option D is wrong because an Internet Gateway is for inbound internet. Option E is wrong because an ALB is not suitable for ASCS health checks; NLB is preferred.

306
MCQhard

A company is migrating a critical SAP system to AWS using the SAP Landscape Virtualization Management (LVM) and AWS Launch Wizard. What is the primary benefit of using AWS Launch Wizard for SAP deployment?

A.It automates the deployment of SAP systems based on AWS best practices
B.It provides a fully automated migration from on-premises to AWS
C.It manages the backup and disaster recovery of the SAP system
D.It automatically optimizes the deployment for cost
AnswerA

Launch Wizard automates deployment using best practices.

Why this answer

Option B is correct because AWS Launch Wizard automates the deployment of SAP systems by providing guided best-practice recommendations. Option A is wrong because Launch Wizard does not provide cost optimization; it provides cost estimates. Option C is wrong because Launch Wizard does not handle migration; it handles deployment.

Option D is wrong because Launch Wizard does not manage backups; it can integrate with AWS Backup but does not manage recovery.

307
MCQhard

An SAP administrator notices that the SAP HANA database performance has degraded significantly during peak hours. The HANA instance is running on an r5.8xlarge EC2 instance with EBS gp2 volumes. Monitoring shows high I/O wait times on the data volume. Which change is MOST likely to improve performance?

A.Enable Multi-AZ deployment for SAP HANA.
B.Upgrade the EC2 instance to a larger size like r5.16xlarge.
C.Change the EBS volume type from gp2 to gp3 with 3000 IOPS.
D.Use Amazon EBS io2 Block Express volumes with high IOPS.
AnswerD

io2 volumes provide consistent low-latency performance suitable for HANA workloads.

Why this answer

Option D is correct because switching to io2 volumes with provisioned IOPS provides consistent low-latency I/O, solving high I/O wait. Option A (increasing instance size) may not address I/O bottleneck. Option B (gp3) is better than gp2 but still burstable.

Option C (enable Multi-AZ) does not improve I/O performance.

308
MCQeasy

An SAP system needs to store audit logs for 7 years to meet compliance requirements. The logs are accessed rarely. Which storage class is MOST cost-effective?

A.Amazon S3 Standard
B.Amazon S3 Glacier Deep Archive
C.Amazon S3 One Zone-Infrequent Access
D.Amazon S3 Intelligent-Tiering
AnswerB

Glacier Deep Archive is the lowest cost for long-term archival with retrieval times of hours.

Why this answer

Option D is correct because S3 Glacier Deep Archive is the lowest cost for long-term archival. Option A is incorrect because S3 Standard is for frequently accessed data. Option B is incorrect because S3 Intelligent-Tiering incurs monitoring costs.

Option C is incorrect because S3 One Zone-IA is for infrequent access but not archival.

309
MCQmedium

A company is designing a disaster recovery (DR) strategy for SAP S/4HANA on AWS. The primary region is us-east-1 and the DR region is us-west-2. The RPO is 15 minutes and RTO is 1 hour. Which approach should be used to replicate SAP HANA data?

A.Configure HANA System Replication across regions
B.Use AWS Database Migration Service (DMS) with ongoing replication
C.Use Amazon S3 Cross-Region Replication for backup files
D.Use AWS Backup cross-region copy of EBS snapshots
AnswerA

Synchronous replication can achieve low RPO.

Why this answer

HANA System Replication (HSR) is the only option that meets the 15-minute RPO and 1-hour RTO for SAP HANA data replication across regions. HSR uses log-based asynchronous replication to continuously ship redo logs to the DR region, enabling near-real-time data synchronization with minimal data loss. This is the native SAP-recommended method for cross-region DR of SAP HANA databases.

Exam trap

The trap here is that candidates often confuse AWS-native services (DMS, S3 CRR, AWS Backup) as viable for SAP HANA DR, but they fail to recognize that only HANA System Replication provides the sub-15-minute RPO and sub-1-hour RTO required for SAP-certified DR on AWS.

How to eliminate wrong answers

Option B is wrong because AWS DMS with ongoing replication does not support SAP HANA as a source for continuous change data capture (CDC) in a production-grade DR scenario; DMS is designed for heterogeneous migrations, not for low-latency, log-based replication of SAP HANA. Option C is wrong because S3 Cross-Region Replication of backup files can only achieve RPOs measured in hours (due to backup frequency and replication delays), not the required 15 minutes, and it does not provide a mechanism for rapid database recovery within 1 hour. Option D is wrong because AWS Backup cross-region copy of EBS snapshots typically has an RPO of at least 1 hour (snapshot intervals) and an RTO of several hours (restore time), failing both the 15-minute RPO and 1-hour RTO requirements.

310
Multi-Selectmedium

A company is designing an SAP HANA multi-node scale-out system on AWS. Which two of the following are required for the network configuration? (Select TWO.)

Select 2 answers
A.Assign public IP addresses to each node for inter-node communication.
B.Configure an Elastic Load Balancer to distribute traffic among nodes.
C.Enable EBS optimization on all EC2 instances.
D.Create a separate subnet for HANA internal communication.
E.Place all nodes in a cluster placement group.
AnswersD, E

Isolates HANA node-to-node traffic.

Why this answer

Option D is correct because SAP HANA multi-node scale-out systems require a dedicated subnet for internal inter-node communication to ensure low latency and high throughput. This separate network isolates HANA internal traffic (e.g., internal SQL and replication traffic) from other network traffic, which is critical for performance and stability.

Exam trap

The trap here is that candidates often confuse external-facing components (like Elastic Load Balancers or public IPs) with internal cluster communication requirements, or they mistakenly think EBS optimization is a network prerequisite for HANA scale-out, when in fact the focus should be on placement groups and dedicated subnets for low-latency inter-node traffic.

311
MCQmedium

Refer to the exhibit. An IAM policy is attached to an IAM user. Which EC2 instance can the user terminate?

A.Only instance i-1234567890abcdef0
B.Any instance with tag 'Environment:Production'
C.None, because the Deny statement overrides the Allow for that instance
D.Any instance in the account
AnswerC

Explicit Deny always wins over Allow.

Why this answer

Option D is correct because the explicit Deny for all instances (*) overrides the Allow for the specific instance i-1234567890abcdef0, as Deny always wins. Option A is incorrect because the Deny applies to all instances. Option B is incorrect because the Deny covers all instances.

Option C is incorrect because the Deny is explicit and overrides any Allow.

312
Multi-Selecthard

An SAP system on AWS is experiencing performance issues during peak hours. The system includes SAP application servers and a HANA database. The CloudWatch metrics show high CPU utilization on the application servers and high disk read latency on the database EBS volumes. Which THREE actions should be taken to improve performance?

Select 3 answers
A.Increase the provisioned IOPS on the EBS volumes attached to the HANA database.
B.Upgrade the HANA database to a larger instance type with more CPU and memory.
C.Add more SAP application servers to the Auto Scaling group.
D.Add a NAT Gateway to the VPC to improve network performance.
E.Deploy a read replica for the HANA database.
AnswersA, B, C

Higher IOPS reduces read latency.

Why this answer

Option A is correct because adding more application servers distributes load. Option C is correct because provisioning higher IOPS reduces disk latency. Option E is correct because scaling up the instance provides more CPU.

Option B is wrong because a NAT Gateway does not affect performance. Option D is wrong because a read replica does not help with write-heavy workloads or disk latency.

313
Multi-Selecthard

A company runs a production web application on EC2 instances behind an ALB. The operations team receives an alert that the application is returning HTTP 503 errors. Which THREE steps should be taken to diagnose the issue?

Select 3 answers
A.Review VPC Flow Logs to identify if traffic is reaching the ALB.
B.Check the ALB's HealthyHostCount metric in CloudWatch.
C.Check the CPU utilization of the EC2 instances in the Auto Scaling group.
D.Verify the health check settings on the target group.
AnswersB, C, D

Indicates if targets are passing health checks.

Why this answer

The ALB's HealthyHostCount metric in CloudWatch shows the number of healthy targets registered to the target group. A value of zero or a persistent drop indicates that all EC2 instances are failing health checks, which directly causes HTTP 503 errors because the ALB has no healthy targets to forward traffic to. This metric is the first place to check when diagnosing 503 errors, as it pinpoints whether the issue is with target health rather than network connectivity or load.

Exam trap

Cisco often tests the misconception that CPU utilization or instance-level metrics are the primary cause of 503 errors, when in reality the ALB's health check mechanism and target group configuration are the direct cause, and CPU issues are only one possible underlying reason for health check failures.

314
MCQhard

An SAP administrator creates this IAM policy for an EC2 instance role used by SAP HANA Backint to back up to S3. The backups are failing with access denied errors for S3 operations. What is the most likely cause?

A.The policy does not allow s3:ListBucket action.
B.The policy does not include kms:Encrypt action.
C.The policy uses a wildcard in the resource ARN for the bucket.
D.The policy does not include kms:ReEncrypt action.
AnswerB

Backint needs kms:Encrypt to write encrypted objects.

Why this answer

Option D is correct: The S3 bucket is encrypted with SSE-KMS, and the policy allows kms:Decrypt and kms:GenerateDataKey, but Backint may also need kms:Encrypt to write encrypted objects. The error suggests missing permission for encryption. Option A is wrong because GetObject and PutObject are allowed.

Option B is wrong because the actions are on the bucket. Option C is wrong because the policy explicitly allows KMS actions.

315
MCQhard

A company runs SAP S/4HANA on AWS. The system is critical and requires high availability. The database is SAP HANA running on two EC2 instances in a cluster. The company wants to ensure that the secondary instance can take over quickly in case of primary failure. Which AWS service should be used to implement a floating IP address that can be moved between the instances?

A.AWS Global Accelerator
B.Amazon Route 53
C.Elastic IP addresses
D.VPC Peering
AnswerB

Route 53 can provide DNS failover with health checks.

Why this answer

Option C is correct because Amazon Route 53 can be used with health checks and weighted routing to implement a floating IP or DNS failover. Option A is wrong because Elastic IPs can be reassigned but not automatically. Option B is wrong because VPC Peering is for connecting VPCs.

Option D is wrong because AWS Global Accelerator provides static IPs but is more for global traffic management.

316
Multi-Selecteasy

Which TWO of the following are recommended best practices for deploying SAP HANA on AWS? (Choose two.)

Select 2 answers
A.Deploy HANA in a single Availability Zone to reduce costs.
B.Disable hyper-threading on the HANA instance.
C.Store HANA data on instance store volumes for better performance.
D.Use EBS-optimized instances for HANA workloads.
E.Use EBS snapshots for backup of HANA data volumes.
AnswersD, E

EBS-optimized instances provide dedicated throughput to EBS.

Why this answer

Options A and C are correct. A is correct because using EBS-optimized instances ensures dedicated network bandwidth for EBS. C is correct because EBS snapshots provide point-in-time backups.

B is incorrect because instance store is ephemeral. D is incorrect because a single AZ does not provide high availability. E is incorrect because disabling multi-threading is not a best practice.

317
MCQmedium

A company is implementing SAP S/4HANA on AWS and wants to ensure that the system is backed up properly. They need to back up the HANA database and the application layer. Which approach is recommended for backing up the HANA database?

A.Use EBS snapshots for the HANA data volumes
B.Configure an S3 lifecycle policy to archive the HANA log files
C.Use AWS Backup with a backup plan that includes the HANA instance
D.Use the AWS Backint agent to back up HANA to Amazon S3
AnswerD

AWS Backint agent provides application-consistent backups of HANA to S3 via SAP Backint interface.

Why this answer

Option B is correct because Backint is the SAP-certified interface for backing up HANA to Amazon S3 via AWS Backint agent. Option A is wrong because EBS snapshots are crash-consistent but not application-consistent for HANA without additional steps. Option C is wrong because AWS Backup can orchestrate snapshots but not Backint.

Option D is wrong because S3 lifecycle policies are for storage management, not backups.

318
Multi-Selectmedium

Which THREE are valid strategies for backing up an SAP HANA database on AWS? (Choose three.)

Select 3 answers
A.Use Amazon EBS snapshots of the HANA data volumes.
B.Use AWS Backup to schedule and manage HANA backups.
C.Use SAP HANA Backint agent to back up to Amazon S3.
D.Set up an Amazon RDS for SAP HANA read replica.
E.Configure a lifecycle policy to move backups to Amazon S3 Glacier immediately.
AnswersA, B, C

EBS snapshots are crash-consistent and can be used for HANA backups with application consistency steps.

Why this answer

Amazon EBS snapshots provide crash-consistent, point-in-time backups of the HANA data volumes. When used with SAP HANA's snapshot mode (e.g., via hdbsql or Python scripts), they ensure transactional consistency by quiescing the database before the snapshot. This is a valid and commonly used backup strategy for SAP HANA on AWS.

Exam trap

The trap here is that candidates may confuse Amazon RDS with EC2-based deployments, incorrectly assuming RDS supports SAP HANA, or they may think immediate Glacier transitions are acceptable without considering SAP HANA's need for rapid restore access.

319
Multi-Selecteasy

An operations team needs to monitor the performance of an SAP HANA database running on an EC2 instance. Which THREE CloudWatch metrics should the team monitor to ensure the database is not resource-constrained? (Choose THREE.)

Select 3 answers
A.DatabaseConnections
B.DiskReadOps
C.Memory (using CloudWatch agent)
D.CPUUtilization
E.NetworkIn
AnswersB, C, D

High disk I/O can indicate database workload.

Why this answer

CPUUtilization, Memory (via custom metrics or CloudWatch agent), and DiskReadOps/DiskWriteOps are key performance indicators. NetworkIn/NetworkOut are important for network throughput but not directly for database resource constraints. DatabaseConnections is for RDS, not EC2-hosted HANA.

320
MCQmedium

An SAP administrator notices that the SAP application server is unable to establish an RFC connection to the SAP HANA database. The database is running on an EC2 instance in the same VPC. Security groups and NACLs allow all traffic. What is the most likely cause?

A.The VPC has overlapping CIDR blocks with the on-premises network.
B.The application server uses TCP instead of the required UDP protocol.
C.The application server is configured to connect to the wrong port number.
D.The HANA database instance was rebooted for maintenance.
AnswerC

HANA uses port 3<instance number>13. Misconfiguration is a common issue.

Why this answer

Option B is correct because the HANA database listens on port 3[instance number]13. If the application server is configured with the default HANA port (e.g., 30015), it would fail. Option A (instance reboot) would not cause permanent failure.

Option C (wrong protocol) is less likely. Option D (subnet CIDR overlap) would cause connectivity issues at a different layer.

321
MCQhard

An SAP system uses an Amazon RDS for SAP ASE database. The database is experiencing high connection timeouts. The SAP team notices that the RDS instance's maximum connections parameter is set to 500. What should be done to resolve the issue?

A.Upgrade the RDS instance to a larger size with more vCPUs.
B.Modify the RDS parameter group to increase max_connections.
C.Create a read replica to offload connections.
D.Increase the allocated storage for the RDS instance.
AnswerB

Directly addresses the connection limit.

Why this answer

The high connection timeouts are caused by the max_connections parameter being set to 500, which is the default for many RDS for SAP ASE instances. Increasing this value in the RDS parameter group allows more concurrent connections to the database, directly resolving the timeout issue without changing the instance size or storage. This is the simplest and most effective fix because the database engine itself is capable of handling more connections if the parameter is adjusted.

Exam trap

The trap here is that candidates often assume connection timeouts are caused by insufficient compute or storage resources, leading them to choose instance upgrades or storage increases, when the actual root cause is a misconfigured database parameter that directly controls the connection limit.

How to eliminate wrong answers

Option A is wrong because upgrading to a larger instance with more vCPUs does not automatically increase the max_connections limit; it only provides more compute resources, but the connection limit is a separate parameter that must be explicitly modified. Option C is wrong because creating a read replica does not offload connections from the primary database; read replicas handle read-only traffic, but connection timeouts are typically caused by the primary database reaching its connection limit, and read replicas do not reduce the number of connections to the primary instance. Option D is wrong because increasing allocated storage does not affect the max_connections parameter; storage size is unrelated to the number of concurrent database connections.

322
MCQhard

A company runs SAP S/4HANA on AWS with a production database on an r5.24xlarge instance and 15 application servers on r5.4xlarge instances. The system has been stable for months. Recently, the database instance started experiencing high CPU utilization during peak hours, causing performance degradation. The company has reserved capacity for the database instance. The SAP team has already optimized the SQL queries and reduced the CPU usage by 20%, but the CPU still spikes to 95% during peak hours. The team is considering upgrading the database instance to a larger type. However, the next larger instance type (r5.32xlarge) is not available in the current Availability Zone. The company needs a solution that minimizes downtime and cost. What should be done?

A.Stop the database instance, change to a larger instance type in a different Availability Zone, and use a placement group with the application servers.
B.Migrate the database to a different instance family, such as x1e.32xlarge.
C.Use an Auto Scaling group to automatically scale the database instance.
D.Add more application servers to distribute the load.
AnswerA

Provides more CPU and maintains low latency.

Why this answer

Option B is correct. By placing the database instance in a placement group with the application servers, you can ensure low-latency connectivity. Then you can stop the instance, change the instance type to r5.32xlarge if available in another AZ, but since it's not available in current AZ, the best approach is to use a larger instance type in the same family that is available.

However, the question states the next larger is r5.32xlarge but not available. So the correct action is to change to an available larger instance in another AZ. But the option B says 'Move to a larger instance in a different AZ with a placement group' which ensures low latency.

Option A is wrong because increasing application servers does not reduce database CPU. Option C is wrong because moving to a different instance family may require SAP re-certification. Option D is wrong because using Auto Scaling for database is not supported for SAP HANA.

323
Multi-Selectmedium

A company is migrating an SAP NetWeaver system to AWS. The system uses an on-premises shared file system (NFS). Which TWO AWS services can provide a scalable, highly available NFS share for SAP transport directories?

Select 2 answers
A.AWS Storage Gateway File Gateway
B.Amazon Elastic Block Store (EBS) with a shared volume
C.Amazon Elastic File System (EFS)
D.Amazon S3 with S3 File Gateway
E.Amazon FSx for NetApp ONTAP
AnswersC, E

EFS is a scalable NFS file system.

Why this answer

Amazon EFS provides a scalable, fully managed NFS file system that is highly available across multiple Availability Zones, making it suitable for SAP transport directories. It supports the NFSv4 protocol required by SAP and automatically scales storage capacity as files are added or removed, eliminating the need for manual provisioning.

Exam trap

The trap here is that candidates may confuse AWS Storage Gateway File Gateway or S3 File Gateway with native NFS services, not realizing that these gateway solutions introduce additional latency and are not recommended for SAP transport directories due to performance and consistency requirements.

324
MCQmedium

An SAP administrator notices that an Amazon RDS for SAP HANA instance is running low on storage. The administrator needs to increase the storage with minimal downtime. What is the most efficient approach?

A.Create a new RDS instance with larger storage and migrate data
B.Stop the instance, modify storage, and start the instance
C.Modify the RDS instance and increase the allocated storage
D.Take a snapshot, restore to a larger instance, and update DNS
AnswerC

RDS allows online storage scaling with no downtime for most use cases.

Why this answer

RDS supports storage modification without downtime if using Elastic Volumes (gp2/gp3/io1/io2). Increasing allocated storage does not require a new instance or snapshot restoration. Modifying the instance class is separate.

Stopping the instance is unnecessary.

325
MCQeasy

An SAP Basis administrator needs to automate the start and stop of SAP application servers on AWS to reduce costs during non-business hours. The instance must be stopped (not terminated) to preserve the data. Which AWS service can be used to schedule the start and stop?

A.AWS Auto Scaling
B.Amazon CloudWatch Alarms
C.AWS Instance Scheduler
D.AWS Systems Manager Maintenance Windows
AnswerC

Specifically designed to schedule start/stop of instances.

Why this answer

Option D is correct because AWS Instance Scheduler is a solution that uses CloudWatch Events and Lambda to start/stop instances on a schedule. Option A is wrong because Auto Scaling is for scaling based on demand, not scheduling. Option B is wrong because CloudWatch Alarms can trigger actions but not easily for complex schedules.

Option C is wrong because Systems Manager Maintenance Windows are for patching, not start/stop.

326
MCQmedium

A company is planning to migrate its SAP landscape to AWS. The environment includes SAP HANA databases for production and non-production. Which AWS service can be used to automate the provisioning of the SAP HANA infrastructure? (Select TWO.)

A.AWS CloudFormation
B.Amazon Macie
C.AWS OpsWorks
D.AWS Service Catalog
E.AWS CodePipeline
AnswerA, D

Infrastructure as code to provision resources.

Why this answer

AWS CloudFormation (Option A) is correct because it allows you to define SAP HANA infrastructure as code using templates, automating the provisioning of EC2 instances, storage, networking, and security groups required for SAP HANA. This aligns with SAP's deployment best practices on AWS, enabling repeatable and consistent infrastructure setup for both production and non-production environments.

Exam trap

The trap here is that candidates often confuse AWS OpsWorks or AWS CodePipeline as infrastructure provisioning tools, but they are designed for configuration management and CI/CD respectively, not for automating the deployment of SAP HANA infrastructure which requires specific storage and compute orchestration.

How to eliminate wrong answers

Option B (Amazon Macie) is wrong because it is a data security service that uses machine learning to discover and protect sensitive data in Amazon S3, and it has no capability to provision or manage SAP HANA infrastructure. Option C (AWS OpsWorks) is wrong because it is a configuration management service based on Chef and Puppet, designed for managing application stacks and server configurations, not for automating the provisioning of SAP HANA infrastructure which requires specific HANA-aware orchestration. Option E (AWS CodePipeline) is wrong because it is a continuous integration and continuous delivery (CI/CD) service for automating software build, test, and deploy pipelines, and it does not provision infrastructure resources like SAP HANA servers.

327
Multi-Selecthard

An SAP system on AWS is experiencing performance degradation. The operations team suspects a network bottleneck. Which THREE metrics should they analyze in CloudWatch to diagnose the issue? (Choose THREE.)

Select 3 answers
A.NetworkOut
B.NetworkPacketsIn
C.CPUUtilization
D.NetworkIn
E.DiskReadOps
AnswersA, B, D

Shows outgoing network traffic.

Why this answer

Option A (NetworkIn), Option C (NetworkOut), and Option D (NetworkPacketsIn) are standard EC2 network metrics. Option B (DiskReadOps) is storage-related. Option E (CPUUtilization) is compute-related.

328
MCQmedium

A company runs its SAP HANA database on an EC2 instance (r5.8xlarge) with 8 EBS gp2 volumes (1 TB each) in a RAID 0 stripe. The database is critical and requires high availability. The current architecture uses a single EC2 instance in one Availability Zone. The company wants to implement a disaster recovery solution with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 4 hours. The DR site must be in a different AWS Region. The SAP HANA database size is 4 TB. The company has a 1 Gbps Direct Connect connection between the primary and DR Regions. The database workload is write-intensive with an average write throughput of 200 MB/s. Which solution meets the RPO and RTO requirements?

A.Set up HANA System Replication (HSR) in asynchronous mode from the primary to a secondary EC2 instance in the DR Region. Use the same instance type and EBS configuration. In case of failure, perform a HSR takeover.
B.Take EBS snapshots of the RAID array every 15 minutes and replicate them to the DR Region using EBS snapshot copy. In the DR Region, restore the snapshots to new volumes and attach them to a new EC2 instance.
C.Back up the HANA database to Amazon S3 every 15 minutes using the HANA backup tool, and set up cross-Region replication for the S3 bucket. In the DR Region, restore the latest backup to a new EC2 instance.
D.Use AWS Database Migration Service (DMS) to continuously replicate changes to a target HANA database in the DR Region.
AnswerA

B is correct: HSR async meets RPO and RTO.

Why this answer

Option B is correct. HANA System Replication (HSR) in async mode can replicate data with sub-minute RPO. Using the same instance type and RAID configuration ensures performance.

The 1 Gbps connection can handle the replication traffic (200 MB/s = 1.6 Gbps, but compression reduces it). Option A is incorrect because EBS snapshots cannot be taken every 15 minutes and restoring 4 TB from snapshots takes more than 4 hours. Option C is incorrect because DMS is for database migration, not HANA replication.

Option D is incorrect because backing up to S3 and restoring takes longer than 4 hours.

329
MCQmedium

A company is running SAP ERP on AWS. They want to implement automated backups for the SAP HANA database using AWS Backup. Which AWS service should they use to orchestrate the HANA backup?

A.AWS Backup
B.AWS Lambda
C.Amazon Data Lifecycle Manager
D.AWS Systems Manager
AnswerA

AWS Backup supports SAP HANA via Backint.

Why this answer

AWS Backup natively supports SAP HANA databases by integrating with the SAP HANA Backint agent, which allows you to define backup policies, retention rules, and cross-region copy directly from the AWS Backup console. This eliminates the need for custom scripting or manual orchestration, making it the correct service for automating HANA backups on AWS.

Exam trap

The trap here is that candidates may confuse AWS Backup's general snapshot capabilities with services like DLM or Systems Manager, not realizing that AWS Backup has specific SAP HANA Backint integration that makes it the only correct choice for orchestrating HANA database backups.

How to eliminate wrong answers

Option B is wrong because AWS Lambda is a serverless compute service used for running code in response to events, not for orchestrating database backups; it would require custom code to invoke HANA backup commands and manage lifecycle, adding complexity without native backup integration. Option C is wrong because Amazon Data Lifecycle Manager (DLM) is designed for automating the creation, retention, and deletion of Amazon EBS snapshots and EBS-backed AMIs, not for orchestrating SAP HANA database backups which require Backint integration. Option D is wrong because AWS Systems Manager is a management service for operational tasks like patching and automation runbooks, but it does not provide native backup orchestration for SAP HANA; while it can trigger scripts, it lacks the built-in backup policy and retention management that AWS Backup offers for HANA.

330
MCQmedium

An SAP administrator notices that the /usr/sap directory on an EC2 instance is filling up. The instance is part of an SAP application server cluster. Which AWS service can be used to add additional storage without downtime?

A.Amazon EFS
B.Amazon S3
C.Amazon EBS
D.EC2 Instance Store
AnswerC

EBS allows online resizing of volumes without downtime.

Why this answer

Option A is correct because Amazon EBS volumes can be attached to EC2 instances and expanded without downtime using Elastic Volumes. Option B is wrong because S3 is object storage, not block storage for OS. Option C is wrong because EFS is a file system but not suitable for /usr/sap which requires low latency.

Option D is wrong because Instance Store is ephemeral and not persistent.

331
MCQmedium

An SAP administrator created the IAM policy shown in the exhibit. When trying to terminate an EC2 instance with ID i-abc123 in us-west-2, the action fails. What is the reason?

A.There is an implicit Deny for all actions not explicitly allowed.
B.The ec2:TerminateInstances action is restricted to instances in us-east-1 only.
C.The policy is missing a condition key to allow termination in us-west-2.
D.The ec2:StartInstances and ec2:StopInstances actions are not granted for the specific instance.
AnswerB

The resource ARN specifies us-east-1, so terminating instances in other regions is denied.

Why this answer

Option B is correct because the TerminateInstances action is restricted to a specific resource ARN that includes the region us-east-1 and account 123456789012. The instance i-abc123 in us-west-2 does not match that ARN, so the action is denied. Option A is incorrect because StartInstances and StopInstances are allowed on all resources.

Option C is incorrect because the condition key is not used. Option D is incorrect because the policy does not have a Deny effect.

332
MCQmedium

A company is running SAP on AWS and wants to use a custom AMI for SAP application servers. They need to ensure that the AMI is encrypted using AWS KMS. Which step is required to launch encrypted instances from this AMI?

A.Use an AWS Marketplace AMI that is already encrypted.
B.Use the AWS Management Console to modify the AMI to enable encryption.
C.Specify the KMS key ID in the run-instances command.
D.Copy the AMI and specify a KMS key for encryption.
AnswerD

Copying allows encryption of the AMI.

Why this answer

Option D is correct because to launch encrypted instances from an unencrypted custom AMI, you must first copy the AMI and specify a KMS key for encryption during the copy process. This creates an encrypted AMI that can then be used to launch encrypted instances. AWS does not allow you to directly encrypt an existing AMI in place; the copy operation is the required mechanism.

Exam trap

The trap here is that candidates confuse encrypting the instance's root volume at launch (option C) with encrypting the AMI itself, not realizing that only a copy operation with a KMS key creates a persistently encrypted AMI.

How to eliminate wrong answers

Option A is wrong because the question specifies using a custom AMI, not an AWS Marketplace AMI, and the requirement is to encrypt a custom AMI, not to use a pre-encrypted one. Option B is wrong because the AWS Management Console does not provide a direct 'modify AMI to enable encryption' action; AMI encryption is only achieved through the copy operation or during instance launch with encryption settings. Option C is wrong because specifying a KMS key ID in the run-instances command only encrypts the root volume of the instance being launched, not the AMI itself; the AMI remains unencrypted, and subsequent launches from that AMI would not be encrypted unless the AMI is first copied with encryption.

333
MCQhard

An SAP system on AWS sends large amounts of batch data via RFC calls between two EC2 instances in the same VPC. The application team reports high network latency. Which configuration change would most effectively reduce latency?

A.Assign Elastic IP addresses to both instances.
B.Enable Elastic Network Adapter (ENA) on both instances.
C.Place both EC2 instances in the same cluster placement group.
D.Use Elastic Fabric Adapter (EFA) for network communication.
AnswerC

Cluster placement groups provide low-latency, high-throughput networking between instances.

Why this answer

Option A is correct because placement groups provide low latency, high throughput networking. Option B is wrong because ENA is already recommended for enhanced networking. Option C is wrong because Elastic Fabric Adapter is for HPC, not general SAP.

Option D is wrong because public IPs do not reduce latency within VPC.

334
MCQhard

A media company is migrating its on-premises video processing infrastructure to AWS. The current infrastructure uses a custom application that splits video files into segments, transcodes them using FFmpeg, and assembles the final output. The application runs on a single server with 64 vCPUs and 256 GB RAM. The migration plan is to use AWS Batch with EC2 instances for the transcoding jobs. The video files are stored on an on-premises NAS and will be migrated to Amazon S3. The company needs to minimize latency for file access during migration and reduce the time to transfer initial data. The company has a 1 Gbps AWS Direct Connect connection. The total data volume is 500 TB. The migration window is 30 days. Which approach should the team use to transfer the initial data to S3 with the lowest latency and within the migration window?

A.Use AWS DataSync to transfer data over the Direct Connect connection in multiple concurrent tasks.
B.Use multiple AWS Snowball Edge devices to transfer the data in parallel, then copy from the devices to S3 using the Snowball client.
C.Use a single AWS Snowball Edge device and copy data incrementally.
D.Use S3 Transfer Acceleration to speed up transfers over the internet.
AnswerB

Snowball Edge devices provide physical transport, overcoming bandwidth limitations and ensuring the transfer completes within 30 days.

Why this answer

Option B is correct because AWS Snowball Edge devices provide a physical, high-bandwidth transfer method that bypasses network constraints entirely. With 500 TB of data and a 1 Gbps Direct Connect link, the theoretical maximum transfer over the network in 30 days is only ~324 TB (1 Gbps * 30 days * 86400 seconds/day / 8 bits per byte), which is insufficient. Multiple Snowball Edge devices in parallel can transfer the full 500 TB within the migration window without saturating the Direct Connect link, and the Snowball client efficiently copies data to S3 after the devices are returned.

Exam trap

The trap here is that candidates underestimate the bandwidth limitation of a 1 Gbps Direct Connect link over a 30-day window, assuming it can handle 500 TB, while failing to calculate the actual throughput (max ~324 TB) and ignoring that network overhead and contention further reduce effective transfer rates.

How to eliminate wrong answers

Option A is wrong because AWS DataSync over a 1 Gbps Direct Connect connection cannot transfer 500 TB within 30 days; the maximum achievable throughput is ~324 TB, and real-world overhead (protocol, retransmissions) reduces this further, making it impossible to meet the deadline. Option C is wrong because a single AWS Snowball Edge device has a usable storage capacity of up to 80 TB, which is insufficient for 500 TB, and incremental copying would require multiple shipments, exceeding the 30-day window. Option D is wrong because S3 Transfer Acceleration uses internet-based transfers over public endpoints, which would be slower and less reliable than Direct Connect, and it does not address the fundamental bandwidth limitation of 1 Gbps.

335
MCQhard

An SAP system on AWS is configured with a multi-AZ deployment for high availability. During a failover test, the secondary instance does not take over as expected. The administrator checks the AWS Management Console and sees that the Elastic IP address is still attached to the primary instance. What is the most likely cause?

A.The Elastic IP is not reassigned during the failover process
B.The secondary instance's root volume is not attached
C.The security group of the secondary instance blocks incoming traffic
D.The route tables are not updated to point to the secondary instance
AnswerA

The Elastic IP must be moved to the secondary instance to maintain connectivity.

Why this answer

In a typical HA setup, the Elastic IP should be reassigned to the secondary instance during failover. If it remains attached to the primary, the secondary cannot be reached. The root device is not relevant to IP assignment.

Route tables are not per-instance. Security groups allow traffic but do not prevent failover.

336
MCQmedium

An administrator uses AWS Launch Wizard to deploy an SAP S/4HANA system with high availability. After deployment, they notice that only one database instance is created. What is the most likely reason?

A.The deployment encountered an error and only created one instance.
B.The instance class r5.8xlarge is not certified for HANA.
C.The HighAvailability parameter was set to false.
D.The Launch Wizard does not support HA for HANA.
AnswerA

A likely reason is a failure during the HA setup.

Why this answer

High availability for SAP HANA typically requires at least two nodes (primary and secondary). If only one is created, the HA configuration may have failed or the parameter was ignored. The backup retention and instance classes are correct.

337
Multi-Selecteasy

Which TWO steps are required to set up automated backups for an SAP HANA database running on EC2?

Select 2 answers
A.Create an Amazon EBS snapshot of the HANA data volumes
B.Install and configure the SAP HANA Backint agent for Amazon S3
C.Set up a lifecycle policy to transition backups to Amazon S3 Glacier
D.Create an Amazon S3 bucket to store the backup files
E.Enable automatic backups in the HANA Studio
AnswersB, D

Backint agent integrates with AWS to send backups to S3.

Why this answer

The SAP HANA Backint agent for Amazon S3 is a certified integration that allows HANA to send backup data directly to S3 via the Backint API, which is the standard method for automated, HANA-aware backups to object storage. This replaces traditional file-based backups and enables seamless integration with AWS backup services without manual scripting.

Exam trap

The trap here is that candidates confuse EBS snapshots (which are block-level and not HANA-aware) with HANA-consistent backups, or assume that HANA Studio's built-in backup feature alone is sufficient for automated cloud backups without the Backint agent.

338
MCQhard

An SAP administrator is trying to set up an AWS CLI script that queries EC2 instance metadata. The script runs on an EC2 instance with an IAM role attached. The IAM role has the following policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*" } ] } What is the most likely cause of the error?

A.The instance does not have an IAM instance profile associated, or the profile name does not match the role name.
B.The IAM policy does not specify a resource ARN.
C.The IAM role does not have the ec2:DescribeInstances action allowed.
D.The AWS CLI is not configured with the correct region.
AnswerA

If the instance profile is not attached or is misconfigured, the role's permissions are not applied, causing the authorization error.

Why this answer

Option D is correct because the error message shows the principal is 'SAP', which suggests the instance profile name is 'SAP', but the policy is attached to the role, and the instance profile must have the same name as the role or be correctly associated. Option A is wrong because the policy allows all resources. Option B is wrong because the error is about authorization, not region mismatch.

Option C is wrong because the error shows the action is ec2:DescribeInstances.

339
MCQhard

A company runs SAP HANA on AWS and needs to perform a system copy from production to a test environment. The test environment is in a different AWS account. Which AWS service can be used to securely share the HANA backup files stored in Amazon S3 across accounts?

A.VPC Peering
B.S3 Transfer Acceleration
C.S3 bucket policy
D.AWS Direct Connect
AnswerC

Bucket policies can grant cross-account access to objects.

Why this answer

Option D is correct because S3 bucket policies can grant cross-account access to the backup files. Option A is wrong because S3 Transfer Acceleration improves speed, not access control. Option B is wrong because VPC Peering is for network connectivity, not S3 access.

Option C is wrong because AWS Direct Connect is for dedicated network connection.

340
Multi-Selecteasy

A company is setting up SAP HANA database backups to Amazon S3. Which TWO actions are required to ensure secure and efficient backup operations? (Choose TWO.)

Select 2 answers
A.Create an IAM role for the EC2 instance running SAP HANA with permissions to write to the S3 bucket.
B.Enable S3 Transfer Acceleration on the backup bucket.
C.Enable server-side encryption with AWS KMS for the S3 bucket.
D.Set up an S3 Lifecycle policy to move older backups to Amazon Glacier.
E.Configure a VPC Endpoint for S3 to keep traffic within the AWS network.
AnswersA, E

The instance needs permissions to write backups to S3.

Why this answer

Options B and D are correct. Option B is required because the SAP HANA database must have permissions to write to S3. Option D is correct because a VPC Endpoint ensures traffic stays within the AWS network, reducing latency and improving security.

Option A is wrong because S3 Transfer Acceleration is for faster uploads over long distances, not required. Option C is wrong because KMS is optional. Option E is wrong because lifecycle policies are for cost optimization, not security.

341
Multi-Selectmedium

A company is migrating SAP applications to AWS and needs to ensure that the migration complies with regulatory requirements for data encryption. Which TWO AWS services can be used to encrypt data at rest? (Choose TWO.)

Select 2 answers
A.AWS WAF
B.AWS Certificate Manager (ACM)
C.Amazon EBS encryption
D.AWS CloudHSM
E.AWS Key Management Service (KMS)
AnswersC, E

EBS encryption encrypts volumes at rest.

Why this answer

Amazon EBS encryption encrypts volumes at rest, and AWS KMS manages encryption keys. Option C is wrong because AWS Certificate Manager is for SSL/TLS certificates. Option D is wrong because AWS CloudHSM is for hardware security modules, but not directly for data at rest encryption of EBS.

Option E is wrong because AWS WAF is for web application firewall.

342
Multi-Selectmedium

A company runs SAP HANA on AWS and needs to back up the database to Amazon S3. Which TWO AWS services can be used to automate the backup process?

Select 2 answers
A.AWS Lambda
B.AWS Backup
C.AWS CloudFormation
D.AWS CloudTrail
E.Amazon S3 Transfer Acceleration
AnswersA, B

Lambda can run custom backup scripts on a schedule.

Why this answer

Options C and E are correct. AWS Backup can schedule backups with S3 as a destination, and AWS Lambda can run custom backup scripts. Option A is wrong because CloudFormation is for infrastructure provisioning.

Option B is wrong because CloudTrail is for auditing. Option D is wrong because S3 Transfer Acceleration is a feature, not a service.

343
MCQmedium

A company is migrating an SAP ERP system to AWS. They plan to use AWS Launch Wizard to deploy the SAP landscape. After running Launch Wizard, the deployment fails with an error indicating that the instance type is not available in the selected Availability Zone. What should the company do to resolve this issue?

A.Relaunch the deployment using a different Availability Zone in the same Region.
B.Create a new VPC with different subnets and rerun Launch Wizard.
C.Modify the AWS CloudFormation template generated by Launch Wizard to specify a different instance type.
D.Request a limit increase for the instance type from AWS Support.
AnswerA

Launch Wizard allows selecting multiple AZs; choose one where the instance type is available.

Why this answer

Launch Wizard allows specifying multiple Availability Zones. By selecting a different AZ where the instance type is available, the deployment can proceed. Modifying the template manually or using CloudFormation directly is not necessary as Launch Wizard provides this option.

344
Multi-Selecteasy

An SAP administrator is troubleshooting a performance issue on an SAP application server. The administrator wants to collect detailed metrics about the EC2 instance's memory usage. Which TWO AWS services can be used to collect memory metrics? (Choose TWO.)

Select 2 answers
A.AWS CloudTrail
B.AWS X-Ray
C.Amazon CloudWatch Agent
D.AWS Systems Manager (Run Command)
E.AWS Config
AnswersC, D

CloudWatch Agent collects memory metrics from EC2 instances.

Why this answer

Options A and B are correct: CloudWatch Agent can collect memory metrics, and Systems Manager can run scripts to collect and push custom metrics. Option C (CloudTrail) logs API calls, not memory. Option D (Config) is for configuration.

Option E (X-Ray) is for tracing.

345
Multi-Selectmedium

An SAP system on AWS uses an Application Load Balancer (ALB) to distribute traffic to multiple EC2 instances. The operations team wants to enable sticky sessions (session affinity) for the ALB. Which TWO steps are required? (Choose TWO.)

Select 2 answers
A.Set the stickiness duration in seconds
B.Configure a proxy protocol policy
C.Enable cross-zone load balancing
D.Create a custom cookie on the application server
E.Enable stickiness on the target group
AnswersA, E

Duration controls how long the session is sticky.

Why this answer

Options B and C are correct: Enable stickiness on the target group and configure the duration. Option A is not required; cookies are generated by the ALB. Option D is for Classic Load Balancer.

Option E is for cross-zone load balancing.

346
MCQmedium

A company runs a critical SAP HANA database on an Amazon EC2 instance. The operations team receives an alert that the instance's EBS-optimized throughput is consistently exceeding the baseline performance of the gp2 volume. Which action should the team take to resolve the performance issue without downtime?

A.Enable EBS optimization on the EC2 instance.
B.Increase the volume size to improve baseline IOPS.
C.Modify the volume type to gp3 and adjust the throughput setting.
D.Stop the EC2 instance and increase the volume size.
AnswerC

gp3 volumes support independent throughput adjustments without downtime.

Why this answer

Option B is correct because modifying the volume type to gp3 allows dynamic adjustment of IOPS and throughput without downtime, improving performance. Option A is wrong because stopping the instance causes downtime. Option C is wrong because increasing the volume size increases baseline IOPS but may not be sufficient and also requires downtime if the OS partition is resized.

Option D is wrong because enabling EBS optimization on a running instance requires a reboot.

347
MCQmedium

A retail company runs its SAP ERP system on AWS. The system includes an SAP HANA database on an r5.8xlarge instance with 4TB of storage using a single EBS io1 volume with 16000 provisioned IOPS. The application experiences periodic slowdowns during end-of-month financial closing, which typically lasts for 2 hours. The CloudWatch metrics show that during the slowdown, the EBS volume's Average Queue Length peaks at 20, and the instance's EBS Bandwidth is at 3500 Mbps (the maximum for r5.8xlarge is 4750 Mbps). The database team confirms that HANA is not CPU-bound during these periods. The SAP team wants a cost-effective solution to eliminate the performance bottleneck. Which solution should be recommended?

A.Use an Amazon FSx for Lustre file system as the HANA data volume for higher throughput.
B.Move to an r5n.24xlarge instance and use multiple io1 volumes in a RAID 0 stripe to increase throughput.
C.Increase the provisioned IOPS on the io1 volume to 32000 IOPS to reduce queue length.
D.Switch to a gp3 volume with 16000 IOPS and 1000 MB/s throughput to reduce cost.
AnswerB

Larger instance provides more EBS bandwidth; RAID 0 improves aggregate IOPS and throughput.

Why this answer

Option B is correct because the bottleneck is EBS bandwidth, not IOPS. The r5.8xlarge instance has a maximum EBS bandwidth of 4750 Mbps, and during the slowdown the volume is already using 3500 Mbps, leaving limited headroom. By moving to an r5n.24xlarge instance, which offers significantly higher EBS bandwidth (up to 19,000 Mbps), and using multiple io1 volumes in a RAID 0 stripe, you can distribute the I/O load and increase both throughput and IOPS, eliminating the queue length issue cost-effectively without over-provisioning a single volume.

Exam trap

The trap here is that candidates often focus on increasing IOPS (option C) when the real bottleneck is EBS bandwidth, which is an instance-level limit, not a volume-level limit.

How to eliminate wrong answers

Option A is wrong because Amazon FSx for Lustre is a high-performance file system designed for HPC and large-scale analytics, not for SAP HANA data volumes; SAP HANA requires block storage (EBS) for its data and log volumes, and using a file system would introduce unacceptable latency and complexity. Option C is wrong because increasing provisioned IOPS to 32000 on a single io1 volume would not resolve the bottleneck; the instance's EBS bandwidth limit of 4750 Mbps caps the maximum throughput, and the queue length is caused by bandwidth saturation, not insufficient IOPS. Option D is wrong because switching to a gp3 volume with 16000 IOPS and 1000 MB/s throughput would actually reduce performance; gp3 has a baseline throughput of only 125 MB/s (1000 Mbps) and would throttle the workload, worsening the slowdown, and it does not address the instance-level bandwidth limitation.

348
Multi-Selecthard

A company is migrating a large SAP ERP system to AWS. Which TWO AWS services are essential for high availability and disaster recovery? (Choose two.)

Select 2 answers
A.Amazon CloudWatch
B.AWS Database Migration Service
C.Amazon S3
D.AWS Elastic Disaster Recovery (DRS)
E.Amazon Route 53
AnswersD, E

DRS replicates servers to a secondary region.

Why this answer

Correct options: B and D. Route 53 provides DNS failover; AWS Elastic Disaster Recovery enables replication and recovery. Options A, C, and E are incorrect: S3 is storage; CloudWatch is monitoring; DMS is for databases, not full system recovery.

349
MCQhard

A company is running SAP HANA on AWS and wants to encrypt the EBS volumes at rest. They also need to manage the encryption keys themselves. Which solution should they use?

A.Use AWS KMS with a customer managed key (CMK)
B.Enable EBS encryption with the default AWS managed KMS key
C.Use AWS CloudHSM to store keys
D.Use AWS Systems Manager Parameter Store
AnswerA

CMK allows customer to manage keys.

Why this answer

Option A is correct because AWS KMS with a customer managed key (CMK) allows the company to have full control over the encryption keys used for EBS volume encryption, including key rotation, access policies, and disabling or deleting the key. This meets the requirement to manage the encryption keys themselves while still leveraging AWS KMS for key management and auditing.

Exam trap

The trap here is that candidates may confuse CloudHSM as a valid option for EBS encryption because it provides key storage, but AWS EBS encryption only supports KMS keys, not direct CloudHSM integration.

How to eliminate wrong answers

Option B is wrong because using the default AWS managed KMS key means AWS manages the key lifecycle and the customer cannot control or manage the key themselves, which violates the requirement to manage encryption keys. Option C is wrong because AWS CloudHSM provides hardware security modules for key storage but does not directly integrate with EBS encryption; EBS encryption requires a KMS key, and CloudHSM cannot be used as the key source for EBS volume encryption. Option D is wrong because AWS Systems Manager Parameter Store is a service for storing configuration data and secrets, not for managing encryption keys for EBS volumes, and it does not provide the cryptographic operations needed for EBS encryption.

350
Multi-Selecteasy

A company is migrating its SAP environment to AWS using AWS Launch Wizard for SAP. Which TWO pieces of information does Launch Wizard require to deploy an SAP system? (Choose TWO.)

Select 2 answers
A.SAP product version (e.g., SAP S/4HANA 2020)
B.Number of SAP users
C.On-premises IP addresses
D.AWS account ID
E.SAP system ID (SID)
AnswersA, E

Determines the software to install.

Why this answer

Option A is correct because Launch Wizard requires the SAP SID. Option C is correct because the SAP product version (e.g., S/4HANA) is needed. Option B is incorrect because AWS account ID is automatically used.

Option D is incorrect because the number of users is not required; it's for sizing. Option E is incorrect because the on-premises IP is not needed.

351
MCQmedium

A company needs to automate the start and stop of SAP applications in non-production environments to reduce costs. The SAP systems run on multiple EC2 instances. Which AWS service can be used to schedule start and stop actions?

A.AWS OpsWorks
B.AWS Lambda with custom code
C.AWS Instance Scheduler
D.Amazon CloudWatch Events
AnswerC

Instance Scheduler is a ready-made solution that uses Lambda and DynamoDB to start/stop instances.

Why this answer

Option B is correct because AWS Instance Scheduler is a solution specifically designed to start and stop EC2 instances on a schedule. Option A is wrong because Lambda can be used but requires custom code; Instance Scheduler is simpler. Option C is wrong because CloudWatch Events can trigger Lambda, but not directly stop instances.

Option D is wrong because OpsWorks is for configuration management, not scheduling.

352
MCQhard

A company runs SAP ERP 6.0 on an Oracle database on EC2. The system is experiencing high CPU usage on the database server during peak hours. Analysis shows that the CPU is consumed by log writes. Which configuration change can reduce CPU usage?

A.Disable archiving of redo logs.
B.Switch from EBS gp3 to io2 Block Express volumes.
C.Upgrade to a larger EC2 instance type with more vCPUs.
D.Increase the Oracle log buffer size to reduce the number of log write operations.
AnswerD

Larger log buffer reduces write frequency, lowering CPU usage.

Why this answer

High CPU usage from log writes indicates that the database is spending excessive CPU cycles on writing redo log entries to disk. Increasing the Oracle log buffer size reduces the frequency of log write operations by allowing more redo data to accumulate before a write is triggered, thereby lowering CPU overhead. This directly addresses the root cause without changing storage or compute capacity.

Exam trap

The trap here is that candidates often confuse storage performance improvements (like faster EBS volumes) with database-level tuning, assuming that faster I/O reduces CPU usage, when in fact the CPU is consumed by the overhead of too many small write operations, not by slow I/O.

How to eliminate wrong answers

Option A is wrong because disabling archiving of redo logs would prevent point-in-time recovery and is not a supported configuration for production SAP systems, nor does it reduce CPU usage from log writes (it only stops copying to archive logs). Option B is wrong because switching to io2 Block Express volumes improves IOPS and throughput but does not reduce the number of log write operations; CPU consumption from log writes is a database-level issue, not a storage latency issue. Option C is wrong because upgrading to a larger EC2 instance adds more vCPUs but does not address the underlying inefficiency of frequent log writes; it would mask the symptom rather than fix the cause.

353
MCQeasy

An SAP Basis administrator needs to restart the SAP application server on an EC2 instance after applying kernel patches. What is the recommended way to perform the restart to minimize downtime?

A.Log in to the instance and restart the SAP system using SAP MMC or sapcontrol.
B.Stop and start the EC2 instance from the AWS CLI.
C.Reboot the EC2 instance from the AWS Management Console.
D.Terminate the instance and launch a new one from the same AMI.
AnswerA

This restarts only the SAP services, not the entire OS, resulting in shorter downtime.

Why this answer

Using SAP MMC to restart the SAP system allows a controlled restart that avoids a full OS reboot, minimizing downtime.

354
MCQhard

An SAP environment on AWS is using a single Availability Zone. The company wants to achieve high availability for SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which architecture should they implement?

A.Deploy ASCS and ERS in the same Availability Zone with a second instance as passive.
B.Place ASCS and ERS on the same instance to reduce complexity.
C.Deploy ASCS and ERS in separate Availability Zones using AWS Launch Wizard for SAP.
D.Use Auto Scaling groups to automatically replace failed instances.
AnswerC

AWS Launch Wizard for SAP can deploy a multi-AZ HA architecture with automatic failover.

Why this answer

Option C is correct because achieving high availability for SAP Central Services (ASCS) and Enqueue Replication Server (ERS) on AWS requires deploying them in separate Availability Zones (AZs) to protect against an entire AZ failure. AWS Launch Wizard for SAP automates the deployment of a multi-AZ SAP system, including the necessary infrastructure components like Elastic Load Balancing and Amazon EFS, ensuring that the ASCS and ERS instances are in different AZs with a replicated enqueue table. This architecture aligns with SAP's recommendation for a high-availability setup using a Pacemaker cluster with STONITH fencing, which is supported by AWS.

Exam trap

The trap here is that candidates often assume that a passive instance in the same AZ provides sufficient redundancy, overlooking that AWS defines an Availability Zone as a single failure domain, so true high availability requires separation across AZs.

How to eliminate wrong answers

Option A is wrong because deploying ASCS and ERS in the same Availability Zone with a passive instance does not protect against an AZ outage; if that single AZ fails, both the active and passive instances become unavailable, violating the high-availability requirement. Option B is wrong because placing ASCS and ERS on the same instance eliminates redundancy and creates a single point of failure; SAP explicitly requires separate instances for ASCS and ERS in a high-availability configuration to allow independent failover. Option D is wrong because Auto Scaling groups are designed for stateless, horizontally scalable workloads and cannot handle the stateful failover requirements of SAP ASCS/ERS, which rely on cluster-aware fencing and enqueue replication, not instance replacement.

355
Multi-Selecteasy

Which TWO of the following are valid methods for migrating SAP systems to AWS? (Select TWO.)

Select 2 answers
A.System Copy (SAP)
B.SAP Database Migration Option (DMO) with SUM
C.AWS Server Migration Service (SMS)
D.AWS Database Migration Service (DMS)
E.VM Import/Export
AnswersA, B

System Copy is a standard method to replicate SAP systems.

Why this answer

Options A and D are correct. System Copy is a standard SAP migration method. SAP DMO with SUM is a tool for migrating to SAP HANA.

Option B is wrong because AWS DMS does not support SAP HANA as a target. Option C is wrong because VM Import/Export is for VMware, not directly for SAP migration. Option E is wrong because AWS Server Migration Service (SMS) is for server-level migration, not SAP-specific.

356
MCQmedium

An administrator created the IAM policy shown in the exhibit for the operations team. The team needs to create snapshots of EBS volumes that have the tag 'Name' with a value starting with 'SAP-HANA-'. However, the policy is not working as expected. What is the most likely reason?

A.The resource ARN is incorrect; it should specify the snapshot resource type.
B.The action 'ec2:CreateSnapshot' should be 'ec2:CreateSnapshots' (plural).
C.The condition key should be 'aws:ResourceTag' instead of 'ec2:ResourceTag'.
D.The 'ec2:CreateSnapshot' action does not support the 'ec2:ResourceTag' condition key.
AnswerD

Not all actions support resource tag conditions.

Why this answer

Option D is correct because the ec2:CreateSnapshot action does not support the ec2:ResourceTag condition key. Condition keys must be supported by the action. Option A is wrong because the resource ARN is correct for volumes.

Option B is wrong because the action is allowed. Option C is wrong because the condition is not about the snapshot resource.

357
MCQhard

A company is migrating a large SAP HANA database to AWS. They plan to use AWS DMS for ongoing replication. The source database is Oracle. During the full load phase, DMS reports an error: 'Failed to add supplemental logging for table'. What is the MOST likely cause?

A.The source database does not have supplemental logging enabled
B.The target database storage is insufficient
C.The network latency between source and target is too high
D.The source database does not have enough memory for DMS
AnswerA

DMS needs supplemental logging to capture changes.

Why this answer

DMS requires supplemental logging on the source Oracle database to capture changes. Option A (Memory) would cause performance issues, not this error. Option B (Network) would cause connectivity issues.

Option D (Target storage) would cause target-side errors.

358
MCQmedium

A company runs an SAP HANA database on an EC2 instance with a large EBS volume. The volume is approaching its maximum capacity. The operations team needs to increase the storage size without downtime. What is the most efficient way to achieve this?

A.Use the AWS Management Console, CLI, or API to modify the existing EBS volume to increase its size while the instance is running.
B.Create a new larger EBS volume and use rsync to copy data while the instance is running, then remount.
C.Stop the EC2 instance, detach the current EBS volume, create a new larger volume from a snapshot, attach it, and start the instance.
D.Add an additional EBS volume and use LVM to extend the logical volume.
AnswerA

EBS volumes can be modified online without downtime.

Why this answer

Option B is correct because EBS volumes can be modified (including size increase) while attached and in use, without downtime. Option A is wrong because creating a new volume and migrating requires downtime to copy data. Option C is wrong because it requires stopping the instance to detach and reattach.

Option D is wrong because it incurs unnecessary cost and complexity.

359
Multi-Selectmedium

A company is migrating an SAP system to AWS. Which TWO AWS services can be used to monitor the migration progress and performance?

Select 2 answers
A.AWS Config
B.AWS Trusted Advisor
C.AWS DMS
D.AWS Schema Conversion Tool (AWS SCT)
E.AWS CloudWatch
AnswersC, E

DMS provides CloudWatch metrics for migration tasks.

Why this answer

AWS CloudWatch can monitor metrics and logs; AWS DMS provides CloudWatch metrics for migration tasks. AWS SCT does not monitor progress; AWS Config is for configuration; AWS Trusted Advisor is for optimization.

360
Multi-Selecthard

A company is migrating a large-scale SAP environment to AWS. Which THREE AWS services can be used to optimize storage costs for SAP workloads? (Choose three.)

Select 3 answers
A.AWS Storage Gateway for on-premises caching
B.Amazon S3 Lifecycle policies to transition data
C.Amazon S3 Standard for all data
D.Amazon S3 Glacier for long-term backup
E.Amazon EBS Snapshots for incremental backups
AnswersB, D, E

Lifecycle policies move data to cheaper tiers.

Why this answer

Amazon S3 Lifecycle policies (Option B) allow you to automatically transition SAP backup and archival data from S3 Standard to lower-cost storage classes like S3 Standard-IA or S3 Glacier, reducing storage costs without manual intervention. This is critical for SAP workloads where large volumes of backup data accumulate over time and do not require immediate access.

Exam trap

The trap here is that candidates may confuse AWS Storage Gateway (a hybrid caching service) with a cost optimization tool for native AWS SAP workloads, or assume that S3 Standard is sufficient for all data without considering lifecycle transitions to lower-cost tiers like Glacier.

361
MCQeasy

An SAP Basis administrator needs to apply an OS-level security patch to a fleet of SAP EC2 instances running Red Hat Enterprise Linux. The instances are part of an Auto Scaling group. Which approach is the MOST efficient and minimizes downtime?

A.Create a custom AMI and manually terminate each instance to launch new ones.
B.Stop all instances, apply the patch using a script, and restart them.
C.Use AWS Systems Manager Patch Manager to apply the patch to all instances simultaneously.
D.Create a new AMI with the patch applied, update the launch template, and perform a rolling update via Auto Scaling.
AnswerD

This minimizes downtime by replacing instances one by one.

Why this answer

Option A is correct because using a new AMI with the patch and launching a new instance via Auto Scaling ensures that the new instance is patched before replacing the old one. Option B is wrong because applying patches via Systems Manager to running instances may cause downtime. Option C is wrong because stopping and patching each instance causes downtime.

Option D is wrong because creating an AMI from a patched instance and updating the launch configuration is similar to A but more manual.

362
MCQmedium

A company is running a web application on EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group with a dynamic scaling policy based on average CPU utilization. During a flash sale, the application experiences a sudden spike in traffic, but the Auto Scaling group does not scale out quickly enough, causing some requests to fail. Which solution would improve the scaling responsiveness?

A.Increase the cooldown period for the dynamic scaling policy.
B.Add a scheduled scaling action to increase capacity before the flash sale.
C.Decrease the cooldown period for the dynamic scaling policy.
D.Disable scale-in to prevent the Auto Scaling group from terminating instances during the sale.
AnswerB

Scheduled scaling proactively adds capacity ahead of known traffic spikes.

Why this answer

Option B is correct because a scheduled scaling action proactively increases capacity before the flash sale, eliminating the lag inherent in dynamic scaling policies. Dynamic scaling reacts to metrics like average CPU utilization, which can take minutes to trigger and propagate, causing request failures during sudden spikes. By pre-scaling, the Auto Scaling group has sufficient instances ready to handle the traffic surge immediately.

Exam trap

The trap here is that candidates often focus on tuning cooldown periods or disabling scale-in, thinking these improve responsiveness, when the real issue is the inherent latency of reactive scaling during unpredictable spikes.

How to eliminate wrong answers

Option A is wrong because increasing the cooldown period would delay further scaling actions after a scale-out, making the group even less responsive to sudden spikes. Option C is wrong because decreasing the cooldown period might allow faster subsequent scaling but does not address the initial delay in detecting and reacting to the traffic spike. Option D is wrong because disabling scale-in prevents termination of instances but does not add new instances; it only protects existing ones, which are already insufficient during the flash sale.

363
MCQeasy

An SAP system is running on an EC2 instance with a single Amazon EBS volume for data and log files. The database administrator wants to increase the IOPS performance without changing the instance type. Which action should be taken?

A.Modify the EBS volume to provisioned IOPS (io1/io2).
B.Enable EBS optimization on the EC2 instance.
C.Change the EC2 instance type to a larger size.
D.Migrate the data to an instance store volume.
AnswerA

You can modify an EBS volume to increase IOPS, including switching to io1/io2.

Why this answer

Option D is correct because you can increase the IOPS of an existing EBS volume by modifying it to a higher IOPS value. Option A is wrong because changing instance type may not be necessary. Option B is wrong because EBS optimization is enabled by default for certain instances.

Option C is wrong because you cannot change EBS volume type directly to instance store; instance store is ephemeral.

364
Multi-Selecthard

A company is designing a highly available SAP NetWeaver system on AWS. The architecture includes two EC2 instances running the ABAP application server in an Auto Scaling group. Which THREE components are required to maintain session persistence and distribute traffic? (Choose THREE.)

Select 3 answers
A.Health checks on the target group to detect unhealthy instances
B.A shared file system (e.g., Amazon EFS) for /sapmnt
C.An Application Load Balancer (ALB) or Network Load Balancer (NLB)
D.Sticky sessions (session affinity) enabled on the load balancer
E.A Multi-AZ deployment for the SAP application servers
AnswersA, C, D

Health checks are essential to route traffic only to healthy instances.

Why this answer

Options A, B, and E are correct. Option A is correct because a load balancer distributes traffic. Option B is correct because sticky sessions (session affinity) ensure users stick to the same server.

Option E is correct because health checks ensure only healthy instances receive traffic. Option C is wrong because a shared file system is not directly required for session persistence. Option D is wrong because Multi-AZ is for database, not application servers.

365
MCQeasy

An SAP on AWS deployment uses an Auto Scaling group for the SAP application tier. The application is stateless and can scale out and in based on CPU utilization. Which scaling policy should be used to add new instances during peak load and remove them when the load decreases?

A.Simple scaling policy based on CPU utilization.
B.Target tracking scaling policy with a target CPU utilization of 70%.
C.Step scaling policy with multiple steps for different CPU thresholds.
D.Scheduled scaling policy to add instances during business hours.
AnswerB

Target tracking automatically adjusts capacity to maintain the target.

Why this answer

Option B is correct because a target tracking scaling policy is the simplest and most automated way to maintain a target CPU utilization. Option A is wrong because simple scaling does not adjust dynamically. Option C is wrong because scheduled scaling is for predictable loads, not dynamic.

Option D is wrong because step scaling requires manual configuration of steps.

366
MCQmedium

A company is migrating a legacy on-premises application to AWS. The application uses a proprietary database that is not supported by AWS Database Migration Service (DMS). The company needs to minimize downtime and automate the migration as much as possible. Which approach should be used?

A.Use AWS Database Migration Service (DMS) with a custom endpoint.
B.Use AWS Application Migration Service (MGN) to replicate the entire server, including the database, to AWS.
C.Export the database as a flat file, upload to Amazon S3, and import into Amazon RDS.
D.Use AWS Snowball to transfer database backups, then restore in Amazon RDS.
AnswerB

MGN provides continuous replication, supports any database, and automates migration with minimal downtime.

Why this answer

AWS Application Migration Service (MGN) can replicate entire servers, including the operating system, applications, and the proprietary database, to AWS without requiring database-specific support. This minimizes downtime by using continuous block-level replication and automates the migration by converting the source server into a native AWS instance. Since AWS DMS does not support the proprietary database, MGN provides a viable path for migrating the entire workload as a whole.

Exam trap

The trap here is that candidates assume AWS DMS can handle any database via custom endpoints, but DMS requires the source database to be one of its supported engines for logical replication; custom endpoints only allow connecting to unsupported targets, not unsupported sources.

How to eliminate wrong answers

Option A is wrong because AWS DMS with a custom endpoint still requires the database to be supported by DMS for the replication engine to interpret the data; a custom endpoint cannot add support for an unsupported proprietary database engine. Option C is wrong because exporting a proprietary database as a flat file is often not feasible due to proprietary binary formats, and importing into Amazon RDS would require a compatible database engine, which the proprietary database is not. Option D is wrong because AWS Snowball is designed for large-scale offline data transfer, not for minimizing downtime; it involves shipping physical devices and does not automate the migration process, and restoring a proprietary backup into Amazon RDS is impossible if RDS does not support that database engine.

367
MCQeasy

A company is designing a highly available SAP NetWeaver system on AWS. They plan to use a two-node ASCS/ERS cluster with SUSE Linux Enterprise Server (SLES). Which AWS service is required to manage the virtual IP address for the cluster?

A.AWS VPC Peering
B.Amazon Route 53
C.Amazon EBS
D.Elastic Load Balancing
AnswerB

Route 53 can be configured with DNS failover to route traffic to the active node using the virtual IP.

Why this answer

Amazon Route 53 is required to manage the virtual IP address for the two-node ASCS/ERS cluster by using DNS failover. In a SLES-based SAP NetWeaver cluster on AWS, the cluster software (e.g., Pacemaker) updates a Route 53 DNS record with the private IP address of the active node, enabling clients to connect via a hostname that resolves to the current primary node. This DNS-based approach replaces traditional virtual IP (VIP) floating, which is not natively supported in AWS VPC due to the lack of gratuitous ARP or multicast.

Exam trap

The trap here is that candidates often confuse the need for a virtual IP address with traditional network-level VIPs (e.g., using Elastic IP or ENI attachment) and overlook that AWS does not support gratuitous ARP, so DNS-based failover via Route 53 is the required method for SAP ASCS/ERS clusters on SLES.

How to eliminate wrong answers

Option A is wrong because AWS VPC Peering is a network connectivity feature that connects VPCs, not a service for managing virtual IP addresses or DNS failover for an SAP cluster. Option C is wrong because Amazon EBS provides block-level storage volumes for EC2 instances, but it does not manage IP addresses or provide any DNS-based failover mechanism. Option D is wrong because Elastic Load Balancing distributes incoming traffic across multiple targets, but it cannot be used to manage a single virtual IP address for an ASCS/ERS cluster; the cluster requires a static VIP that follows the active node, which ELB does not support.

368
MCQmedium

A company has deployed SAP S/4HANA on AWS using a single EC2 instance for the HANA database and multiple EC2 instances for the application servers. The system is in production and the company wants to implement high availability for the HANA database to minimize downtime during patching and failures. The HANA database is critical and must have an RTO of less than 5 minutes and an RPO of zero. The current setup uses a single EBS volume for /hana/data and another for /hana/log. The company has two Availability Zones available. Which solution meets the requirements?

A.Configure SAP HANA System Replication with automatic failover to a secondary HANA instance in another AZ.
B.Attach the EBS volumes to two EC2 instances using EBS Multi-Attach.
C.Use AWS Backup to schedule snapshots every 5 minutes and restore in another AZ if needed.
D.Deploy the HANA database on a larger EC2 instance with higher availability SLA.
AnswerA

Synchronous replication provides zero RPO and fast failover.

Why this answer

Option B is correct because SAP HANA System Replication in active/passive mode with automatic failover provides near-zero RPO and fast RTO. Option A is wrong because manual failover takes longer than 5 minutes. Option C is wrong because EBS Multi-Attach does not support active/passive cross-AZ.

Option D is wrong because a larger instance does not provide HA.

369
MCQmedium

An SAP system on AWS is running on an r5.16xlarge instance. The system is experiencing network throughput bottlenecks. Which step should be taken to improve network performance?

A.Move the instance to a placement group
B.Attach an Elastic Fabric Adapter
C.Enable Enhanced Networking and install the ENA driver
D.Change the instance type to c5.18xlarge
AnswerC

ENA provides higher bandwidth and lower latency.

Why this answer

Option C is correct because enabling Enhanced Networking and installing the Elastic Network Adapter (ENA) driver is the standard method to achieve higher packet-per-second (PPS) performance, lower latency, and increased network bandwidth on supported instance types like r5.16xlarge. Without the ENA driver, the instance uses the older Xen network driver, which cannot utilize the full 25 Gbps network bandwidth available to r5 instances, leading to throughput bottlenecks.

Exam trap

The trap here is that candidates assume changing to a larger or different instance type (like c5.18xlarge) will automatically increase network bandwidth, when in fact the root cause is the missing ENA driver, and the r5.16xlarge already supports the same 25 Gbps bandwidth once Enhanced Networking is enabled.

How to eliminate wrong answers

Option A is wrong because placement groups (cluster, spread, partition) affect network latency and throughput between instances within the same group, but they do not increase the maximum network bandwidth of a single instance; they only reduce inter-instance latency and jitter. Option B is wrong because Elastic Fabric Adapter (EFA) is designed for tightly coupled HPC/ML workloads using OS-bypass (e.g., Libfabric) and is not supported or beneficial for SAP workloads, which rely on standard TCP/IP networking. Option D is wrong because changing to c5.18xlarge does not inherently improve network performance; both r5.16xlarge and c5.18xlarge offer up to 25 Gbps network bandwidth, but the bottleneck is due to missing ENA driver, not instance type; additionally, c5 instances lack the memory required for SAP workloads, making this change impractical.

370
MCQmedium

An SAP system is running on AWS and needs to be migrated from a current generation instance (r3) to a newer generation (r5). What is the recommended process to minimize downtime?

A.Modify the instance type while the instance is running.
B.Stop the instance, change the instance type, and start the instance.
C.Create an AMI of the r3 instance and launch an r5 instance from it.
D.Launch a new r5 instance and migrate the SAP system.
AnswerB

Minimal downtime by changing type after stop.

Why this answer

Option D is correct because you can stop the instance, change the instance type, and start it again. This process takes a few minutes. Option A is wrong because you cannot change instance type while running; you must stop it.

Option B is wrong because launching a new instance and migrating data requires more time and effort. Option C is wrong because changing instance type does not require AMI creation.

371
MCQmedium

A company runs SAP HANA on AWS using an m5.24xlarge instance. The storage is configured with multiple EBS io1 volumes striped with LVM. Recently, the database performance has degraded. CloudWatch shows that the EBS write latency averages 5 ms, and the queue depth is consistently below 1. What is the most likely cause of the performance degradation?

A.The LVM stripe width is misconfigured causing uneven I/O distribution
B.The EBS-optimized instance feature is not enabled
C.The EBS volume type should be changed to gp3
D.The EBS write latency is too high and requires a larger instance
AnswerA

Improper stripe width can lead to hot spots.

Why this answer

Option C is correct because if the stripe width is not optimal, the I/O may not be distributed evenly, leading to hot spots. Option A is wrong because io1 volumes can handle high IOPS. Option B is wrong because 5 ms latency is acceptable.

Option D is wrong because EBS-optimized instances by default provide dedicated bandwidth.

372
MCQmedium

An SAP administrator needs to ensure that Amazon EBS snapshots of SAP HANA data volumes are crash-consistent. The HANA database is on a single EC2 instance with multiple EBS volumes. What is the correct approach?

A.Configure the volumes as a RAID 0 array and take a snapshot of the array.
B.Take snapshots of each volume individually while the instance is running.
C.Stop the EC2 instance, take snapshots of all volumes, then start the instance.
D.Use AWS Backup with application-consistent snapshots using pre- and post-scripts.
AnswerD

AWS Backup can orchestrate snapshots across multiple volumes and run scripts to freeze the filesystem and database, ensuring consistency.

Why this answer

Option D is correct because the AWS Backup service can create application-consistent snapshots using pre- and post-scripts to quiesce the filesystem and database. Option A (Take snapshots individually) may result in inconsistent data if writes occur between snapshots. Option B (Stop the instance) causes downtime.

Option C (Use RAID 0) does not guarantee consistency across volumes.

373
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to ensure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which AWS services can be used to implement a failover cluster for ASCS and ERS? (Select THREE.)

Select 3 answers
A.AWS CloudTrail
B.Elastic Load Balancing
C.Amazon Route 53
D.AWS Config
E.Custom scripts to manage floating IP and start/stop services
AnswersB, C, E

Can be used to route traffic to the active ASCS instance.

Why this answer

Elastic Load Balancing (ELB) is correct because it can be used in conjunction with a Network Load Balancer (NLB) to provide a stable endpoint for SAP ASCS and ERS failover. The NLB supports static IP addresses and can be configured with health checks that monitor the SAP service, automatically routing traffic to the healthy node in the cluster. This eliminates the need for a traditional floating IP and integrates with AWS-native failover mechanisms.

Exam trap

The trap here is that candidates often assume a traditional floating IP is required for SAP ASCS/ERS failover, but AWS recommends using an NLB and/or Route 53 to provide a stable endpoint, making custom scripts for floating IP management optional rather than mandatory.

374
MCQhard

An SAP system on AWS has an SAP Central Services (ASCS) instance running on an EC2 instance. The solution must ensure high availability for the ASCS in case of an EC2 failure. The ASCS uses a shared file system for the /sapmnt and /usr/sap/trans directories. Which architecture meets the high availability requirement with the least administrative overhead?

A.Deploy a second ASCS instance in another AZ and use an EC2 instance running NFS server with an EBS volume
B.Use an Amazon EBS volume attached to the ASCS instance and replicate it to another Availability Zone using EBS Snapshots
C.Use Amazon S3 and mount it using s3fs-fuse for the shared file system
D.Use Amazon EFS for /sapmnt and /usr/sap/trans, and configure a Pacemaker cluster across two Availability Zones
AnswerD

EFS is a managed NFS file system that is highly available and integrates with Pacemaker for automatic failover.

Why this answer

Option A is correct because a Pacemaker cluster with Amazon EFS provides a fully managed NFS file system that is highly available and eliminates the need for a separate shared storage cluster. Option B is wrong because EBS fails over with the instance but is not shared. Option C is wrong because S3 is not a POSIX-compliant file system.

Option D is wrong because it adds complexity with an additional EC2 instance for NFS.

375
Multi-Selectmedium

Which THREE of the following are best practices for securing an SAP system on AWS? (Choose THREE.)

Select 3 answers
A.Enable CloudTrail to log API calls for auditing
B.Use AWS Key Management Service (KMS) to encrypt EBS volumes
C.Use the same security group for all SAP instances
D.Store SAP license keys in a public S3 bucket
E.Restrict network access using security groups and network ACLs
AnswersA, B, E

Auditing is a security best practice.

Why this answer

AWS CloudTrail records all API calls made to the AWS environment, including those that modify SAP infrastructure (e.g., EC2 instance launches, security group changes). Enabling CloudTrail provides an immutable audit log that is essential for compliance, security incident investigation, and operational troubleshooting in an SAP landscape. This aligns with the AWS shared responsibility model, where customers must log and monitor actions taken on their SAP workloads.

Exam trap

The trap here is that candidates may think sharing a security group simplifies management, but AWS explicitly requires separate security groups for different SAP tiers to enforce network segmentation and meet SAP certification requirements.

Page 4

Page 5 of 24

Page 6