CCNA Operations and Maintenance Questions

75 of 491 questions · Page 4/7 · Operations and Maintenance · Answers revealed

226
MCQmedium

An SAP system administrator wants to monitor the CPU and memory usage of SAP HANA database instances. Which AWS service should be used to collect and visualize these metrics?

A.AWS CloudTrail
B.Amazon CloudWatch Agent
C.AWS Systems Manager Run Command
D.Amazon CloudWatch metrics
AnswerB

Collects memory and disk metrics from EC2 instances.

Why this answer

Option D is correct because CloudWatch Agent can collect memory metrics. Option A is wrong as CloudWatch metrics by default do not include memory. Option B is wrong as Systems Manager Run Command is for executing scripts.

Option C is wrong because CloudTrail is for API auditing.

227
Multi-Selecteasy

A company runs SAP on AWS and uses CloudWatch for monitoring. They want to set up an alarm that notifies the operations team when the CPU utilization of their SAP application server exceeds 90% for 5 consecutive minutes. Which THREE components are required to achieve this? (Select THREE.)

Select 3 answers
A.AWS CloudTrail to log the alarm actions.
B.A CloudWatch alarm configured with the metric and threshold.
C.An Amazon SNS topic to send the notification.
D.An AWS Lambda function to process the alarm.
E.A CloudWatch metric for CPU utilization.
AnswersB, C, E

The alarm triggers when the threshold is breached.

Why this answer

Options A, B, and D are correct. Option A: A CloudWatch metric is needed. Option B: A CloudWatch alarm is needed.

Option D: An SNS topic is needed to send notifications. Option C is wrong because a Lambda function is not required. Option E is wrong because CloudTrail is not needed.

228
MCQmedium

A company runs SAP on AWS and wants to reduce costs by stopping non-production instances during off-hours. Which AWS service can automatically start and stop EC2 instances on a schedule?

A.AWS Systems Manager Maintenance Windows
B.AWS Instance Scheduler
C.Amazon CloudWatch Alarms
D.EC2 Auto Scaling
AnswerB

Instance Scheduler automates start/stop on a schedule.

Why this answer

Option D is correct because AWS Instance Scheduler is a solution that automatically starts and stops instances based on a schedule. Option A is wrong because EC2 Auto Scaling is for scaling, not scheduling. Option B is wrong because Systems Manager Maintenance Windows are for patching, not instance scheduling.

Option C is wrong because CloudWatch Alarms can trigger actions but not complex schedules.

229
MCQmedium

A company runs SAP on AWS and uses AWS Direct Connect for on-premises connectivity. The operations team notices that the SAP system is experiencing high latency when accessing an on-premises database. The network team confirms that the Direct Connect link is not saturated. What is the most likely cause of the high latency?

A.The traffic is traversing a transit VPC with additional NAT instances
B.The Direct Connect link is using a public VIF instead of a private VIF
C.The Direct Connect bandwidth is insufficient
D.The on-premises network is using a VPN over the Direct Connect link
AnswerA

Additional hops in a transit VPC increase latency.

Why this answer

If the Direct Connect link is not saturated, the issue could be routing inefficiency. A transit VPC with EC2 instances acting as NAT or proxy can introduce additional hops and latency. VPN over Direct Connect is not relevant.

MPLS is the underlying technology for Direct Connect. Increasing bandwidth does not reduce latency caused by routing.

230
MCQmedium

An SAP Basis administrator notices that the SAP system's response time is increasing during peak hours. The system uses an SAP NetWeaver application server on EC2 and an SAP HANA database on a separate EC2 instance. CloudWatch metrics show that the application server's CPU utilization is at 80% and the database server's CPU is at 30%. The application server is an m5.2xlarge, and the database is an r5.2xlarge. The administrator checks the SAP work process overview and sees that all dialog work processes are busy. What should the administrator do to resolve the performance issue?

A.Increase the database server's CPU capacity by changing to a larger instance type.
B.Increase the instance size of the application server to a compute-optimized type.
C.Add another application server to the system and distribute the load.
D.Increase the number of dialog work processes in the SAP application server profile.
AnswerD

Adding more work processes allows handling more concurrent requests.

Why this answer

Option B is correct because the symptom is all work processes busy, indicating a need for more work processes. Option A is wrong because increasing CPU may not help if the bottleneck is work process count. Option C is wrong because the database is not the bottleneck.

Option D is wrong because scaling out is more complex.

231
MCQmedium

A company has a CloudFormation stack that creates an EC2 instance with a custom AMI. The stack fails with the error 'Resource creation cancelled' during creation. The engineer checks the stack events and sees that the EC2 instance creation succeeded, but the subsequent creation of an EBS volume failed. What is the MOST likely reason for the failure?

A.The EC2 instance creation failed and then was cancelled
B.The EC2 instance had a DeletionPolicy of Retain, which prevented rollback
C.The EBS volume creation failed, causing the stack to roll back and cancel the instance
D.The EC2 instance depended on the EBS volume, and the dependency caused a timeout
AnswerC

If a subsequent resource fails, CloudFormation cancels previously created resources during rollback.

Why this answer

Option C is correct because when an EBS volume creation fails in a CloudFormation stack, the stack initiates a rollback of all previously created resources, including the EC2 instance. The 'Resource creation cancelled' error appears for the EC2 instance because its creation was successful but then undone during the rollback, not because it failed initially.

Exam trap

The trap here is that candidates misinterpret 'Resource creation cancelled' as a creation failure of the EC2 instance itself, rather than understanding it is a rollback cancellation of a previously successful resource.

How to eliminate wrong answers

Option A is wrong because the stack events explicitly show the EC2 instance creation succeeded, so the failure is not due to the instance itself. Option B is wrong because a DeletionPolicy of Retain only affects resource deletion during stack deletion, not rollback; during rollback, CloudFormation still terminates the instance regardless of the DeletionPolicy. Option D is wrong because the EC2 instance does not depend on the EBS volume in this scenario; the EBS volume is created after the instance, and a dependency would cause the instance to wait for the volume, not cancel the instance.

232
MCQeasy

A company wants to automate the backup of their SAP HANA database running on an EC2 instance. The backup should be stored in Amazon S3 and retained for 30 days. Which AWS service can be used to schedule and manage these backups?

A.AWS Lambda
B.Amazon S3 Lifecycle policies
C.AWS Storage Gateway
D.AWS Backup
AnswerD

AWS Backup automates backups and can store in S3.

Why this answer

Option A is correct because AWS Backup can be used to automate backups of EC2 instances and store in S3. Option B is wrong because AWS Storage Gateway is for hybrid storage. Option C is wrong because Amazon S3 Lifecycle policies manage object retention, not scheduling backups.

Option D is wrong because AWS Lambda can be used but requires custom code; AWS Backup is simpler.

233
Multi-Selecthard

A company is migrating a legacy application to AWS. The application requires a static IP address that does not change during instance stop/start. The application also needs to be highly available across two Availability Zones. Which THREE actions should the company take to meet these requirements?

Select 3 answers
A.Use a Network Load Balancer with an Elastic IP address
B.Allocate an Elastic IP address and associate it with the primary instance
C.Place the instances in a placement group to ensure high availability
D.Configure an Auto Scaling group across two Availability Zones
E.Use an Application Load Balancer to distribute traffic to the instances
AnswersA, B, D

NLB supports static IP via EIP and is highly available across AZs.

Why this answer

A Network Load Balancer (NLB) supports static IP addresses by allowing you to associate an Elastic IP address with each of its Availability Zone subnets. This provides a fixed entry point that does not change when backend instances are stopped or started, meeting the requirement for a static IP. Combined with an Auto Scaling group spanning two Availability Zones, the NLB ensures high availability by distributing traffic across healthy instances in both zones.

Exam trap

The trap here is that candidates often confuse the static IP capability of a Network Load Balancer with the DNS-based routing of an Application Load Balancer, or mistakenly think that a single Elastic IP on an instance provides high availability across zones.

234
MCQeasy

A company has an SAP HANA database running on an EC2 instance with a single 500 GB gp2 volume. The database is experiencing I/O bottlenecks. The operations team wants to increase IOPS without changing the volume size. Which action should they take?

A.Enable EBS optimization on the EC2 instance.
B.Change the volume type to st1 (throughput optimized).
C.Modify the volume to increase its size to 1,000 GB.
D.Attach an additional gp2 volume and use it for temporary data.
AnswerC

gp2 IOPS increase with volume size at a rate of 3 IOPS per GB.

Why this answer

Option A is correct because gp2 IOPS scale linearly with size; increasing volume size increases baseline IOPS. Option B is wrong because changing to st1 is not suitable for database workloads. Option C is wrong because enabling EBS optimization on the instance does not increase volume IOPS.

Option D is wrong because attaching additional volumes requires RAID configuration and may not be straightforward.

235
Multi-Selectmedium

Which TWO actions are recommended to ensure high availability for SAP NetWeaver on AWS? (Choose 2).

Select 2 answers
A.Use an Application Load Balancer with health checks to distribute traffic.
B.Use a single Availability Zone to reduce latency.
C.Take frequent EBS snapshots to ensure data durability.
D.Deploy SAP application instances in different Availability Zones.
E.Use t2 instance types to reduce cost.
AnswersA, D

ALB with health checks can route traffic away from unhealthy instances.

Why this answer

Placing instances in different Availability Zones (B) and using a load balancer with health checks (C) are best practices for high availability. Option A is wrong because single zone is not HA. Option D is wrong because t2 series are burstable and not recommended for production SAP.

Option E is wrong because EBS volumes are already durable; snapshots don't provide HA.

236
MCQmedium

A company runs SAP on AWS and wants to reduce costs for non-production environments that are used only during business hours (8 AM to 6 PM). Which action should the administrator take to minimize costs without losing data?

A.Convert the instances to Reserved Instances
B.Terminate the instances after business hours
C.Downsize the instance types to the smallest available
D.Stop the instances during non-business hours and use Amazon EBS snapshots for backup
AnswerD

Stopping instances reduces cost; snapshots preserve data.

Why this answer

Option D is correct because stopping instances when not in use reduces costs, and using Amazon EBS snapshots for backup preserves data. Option A is wrong because reducing instance size may impact performance. Option B is wrong because converting to Reserved Instances is for steady-state usage.

Option C is wrong because terminating instances loses data.

237
MCQmedium

A company runs a production application on EC2 instances behind an Application Load Balancer. The instances are in an Auto Scaling group across three Availability Zones. The operations team notices that during a recent deployment, a small percentage of instances failed health checks and were replaced, causing a brief increase in error rates. What is the MOST effective way to reduce deployment-related errors?

A.Use a lifecycle hook to delay instance registration until a script completes.
B.Increase the health check interval on the ALB to reduce rapid replacements.
C.Configure the Auto Scaling group with a warm-up time in the instance refresh settings.
D.Increase the desired capacity of the Auto Scaling group to absorb failures.
AnswerC

Warm-up time ensures new instances pass health checks before receiving traffic.

Why this answer

Option C is correct because configuring a warm-up time in the Auto Scaling group's instance refresh settings ensures that newly launched instances are fully initialized and pass health checks before they start receiving traffic. This prevents brief error spikes during deployments by allowing instances to stabilize before being marked as healthy and added to the ALB target group.

Exam trap

The trap here is that candidates often confuse lifecycle hooks (which handle initialization before registration) with warm-up times (which control the gradual introduction of traffic after registration), leading them to pick Option A instead of the correct C.

How to eliminate wrong answers

Option A is wrong because lifecycle hooks delay instance registration until a script completes, but they do not control the rate at which instances are replaced during a deployment or provide a gradual ramp-up of traffic; they only ensure initialization before registration. Option B is wrong because increasing the health check interval on the ALB would slow down the detection of genuinely unhealthy instances, potentially increasing error rates rather than reducing them, and does not address the root cause of premature traffic routing during deployment. Option D is wrong because increasing the desired capacity of the Auto Scaling group does not prevent deployment-related errors; it only adds more instances, which could mask the problem but not fix the underlying issue of instances being marked healthy before they are ready.

238
MCQeasy

A DevOps engineer is troubleshooting an AWS CodePipeline that fails at the Deploy stage. The pipeline deploys a static website to an S3 bucket configured for website hosting. The error message indicates 'Access Denied' when the pipeline tries to upload files. Which IAM policy should be attached to the CodePipeline service role to resolve this?

A.CloudFrontFullAccess
B.AdministratorAccess
C.AmazonS3ReadOnlyAccess
D.A custom policy allowing s3:PutObject and s3:ListBucket on the target bucket.
AnswerD

These are the minimum permissions needed to upload files to S3.

Why this answer

The CodePipeline service role needs permissions to write objects to the S3 bucket and list its contents to verify the upload. A custom policy with s3:PutObject and s3:ListBucket on the target bucket grants exactly these required actions, resolving the 'Access Denied' error during the Deploy stage.

Exam trap

The trap here is that candidates often choose a broad managed policy like AdministratorAccess or CloudFrontFullAccess, overlooking that the minimal custom policy with specific S3 actions is the correct and secure solution for the 'Access Denied' error.

How to eliminate wrong answers

Option A is wrong because CloudFrontFullAccess grants permissions to manage CloudFront distributions, not to write to S3 buckets, and does not address the S3 upload failure. Option B is wrong because AdministratorAccess is overly permissive and violates the principle of least privilege; it would work but is not the best practice or the minimal required policy. Option C is wrong because AmazonS3ReadOnlyAccess only allows read operations (e.g., GetObject, ListBucket) and explicitly denies write actions like s3:PutObject, so it cannot resolve the upload failure.

239
MCQeasy

An administrator needs to monitor the CPU utilization of an SAP HANA database running on an EC2 instance. The monitoring data must be stored for 15 months. Which AWS service should be used to meet this requirement?

A.Amazon S3
B.AWS CloudTrail
C.Amazon CloudWatch Logs
D.Amazon CloudWatch Metrics
AnswerD

CloudWatch metrics can be retained for up to 15 months.

Why this answer

Option B is correct because CloudWatch Logs is for log data, not metrics; CloudWatch Metrics can store data for up to 15 months for custom metrics. Option A is wrong because CloudWatch Logs stores logs, not metrics. Option C is wrong because S3 can store data but is not designed for metrics retention.

Option D is wrong because CloudTrail records API calls, not performance metrics.

240
MCQmedium

An SAP administrator is troubleshooting a high CPU utilization issue on an SAP application server running on an Amazon EC2 instance. The administrator suspects a specific ABAP program is consuming excessive resources. Which AWS service can be used to capture detailed performance metrics and identify the process?

A.AWS CloudTrail
B.Amazon CloudWatch Agent
C.AWS Config
D.Amazon VPC Flow Logs
AnswerB

CloudWatch Agent collects OS-level metrics like per-process CPU.

Why this answer

Option D is correct because CloudWatch Agent can collect detailed OS-level metrics. Option A is wrong because VPC Flow Logs capture network traffic, not CPU. Option B is wrong because Config is for compliance.

Option C is wrong because CloudTrail is for API calls.

241
Multi-Selectmedium

Which TWO tasks require the use of AWS Systems Manager Session Manager? (Choose TWO.)

Select 2 answers
A.Transfer files between on-premises and AWS
B.Execute a one-time command on an EC2 instance interactively
C.Establish a secure shell session to an EC2 instance without using SSH keys
D.Store database connection strings securely
E.Apply operating system patches to a fleet of EC2 instances
AnswersB, C

Session Manager allows interactive command execution.

Why this answer

Options A and D are correct. Session Manager provides secure shell access without SSH keys (A) and can be used to execute commands interactively (D). Options B and C are wrong because Session Manager does not manage patches or store parameters.

Option E is wrong because Session Manager is not for file transfers.

242
Multi-Selectmedium

An operations team is troubleshooting an issue where an SAP application is unable to connect to an RDS for SQL Server database. The database is in a private subnet, and the application is in a public subnet. Which TWO actions should the team take to resolve the connectivity issue? (Choose TWO.)

Select 2 answers
A.Attach an internet gateway to the VPC
B.Create a VPC peering connection between the application and database subnets
C.Add a route to the route table of the database's subnet that directs traffic to the application's subnet
D.Modify the security group for the database to allow inbound traffic from the application's security group
E.Add a route to the route table of the application's subnet that directs traffic to the database subnet
AnswersD, E

The security group must allow inbound traffic on the database port from the application.

Why this answer

The database is in a private subnet, so the application needs a route to it. The route table must have a route to the private subnet, and the security group for the database must allow inbound traffic from the application's security group or CIDR. An internet gateway is not needed for database access.

A NAT gateway is for outbound traffic. VPC peering is for cross-VPC connectivity.

243
MCQmedium

An AWS administrator needs to monitor the CPU utilization of an EC2 instance running SAP NetWeaver. The instance type is r5.2xlarge. Which CloudWatch metric should the administrator use to track the CPU usage of the instance?

A.MemoryUtilization
B.CPUUtilization
C.NetworkIn
D.DiskReadOps
AnswerB

Default metric for CPU usage.

Why this answer

Option A is correct because CPUUtilization is the standard metric for EC2 CPU usage. Option B is wrong because NetworkIn is network traffic. Option C is wrong because DiskReadOps is disk I/O.

Option D is wrong because Memory utilization is not a default metric; it requires a custom agent.

244
MCQmedium

A company runs its SAP environment on AWS and needs to ensure that all changes to the SAP landscape are tracked for auditing. The environment includes EC2 instances, RDS databases, and Lambda functions. Which combination of AWS services provides the most comprehensive audit trail?

A.AWS Systems Manager Inventory and AWS Config
B.AWS CloudTrail and AWS Config
C.Amazon VPC Flow Logs and AWS CloudTrail
D.Amazon CloudWatch Logs and Amazon CloudWatch Metrics
AnswerB

CloudTrail logs API calls; Config records resource configuration changes.

Why this answer

Option B is correct because CloudTrail logs API calls for all services, and AWS Config records resource configuration changes, together providing a complete audit trail. Option A is wrong because CloudWatch Logs and Metrics are for monitoring, not auditing changes. Option C is wrong because Systems Manager Inventory collects software inventory, not configuration changes.

Option D is wrong because VPC Flow Logs capture network traffic, not configuration changes.

245
MCQhard

An SAP system on AWS is experiencing intermittent connectivity issues between the application servers and the HANA database. The network team has confirmed that the VPC and subnets are configured correctly. What should the operations team check NEXT?

A.DNS resolution for the database endpoint.
B.VPC route tables for the application subnet.
C.Security group rules on the database server.
D.Network ACLs on the database subnet.
AnswerC

Security group rules can cause intermittent issues if not properly configured for HANA ports.

Why this answer

Option B is correct because security group rules for HANA database default deny inbound traffic; if not properly configured, they can block application traffic. Option A is wrong because NACLs are stateless and less likely to cause intermittent issues. Option C is wrong because route tables typically do not change.

Option D is wrong because DNS resolution is not the likely cause of intermittent connectivity.

246
MCQeasy

A company is migrating its SAP landscape to AWS and wants to automate the deployment of SAP applications using infrastructure as code. Which AWS service should the company use to define and provision the AWS infrastructure?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS CodeDeploy
D.AWS OpsWorks
AnswerB

CloudFormation enables infrastructure as code.

Why this answer

Option B is correct because AWS CloudFormation allows infrastructure as code. Option A is wrong because OpsWorks is for Chef/Puppet, not primary IaC. Option C is wrong because Elastic Beanstalk is for web apps, not SAP.

Option D is wrong because CodeDeploy is for application deployment, not infrastructure.

247
MCQmedium

An operations team manages an SAP ERP system on AWS that uses a single EC2 instance for the SAP central services (SCS) and multiple instances for application servers. The system is running in a VPC with both public and private subnets. The team notices that the SCS instance is unreachable from the application servers after a maintenance window where network ACLs were updated. The application servers are in private subnets, and the SCS instance is in a public subnet. The team has verified that the security groups allow the required traffic. Which step should the team take to resolve the connectivity issue?

A.Review the network ACL rules for both the public and private subnets.
B.Verify that the route tables have a route to the internet gateway.
C.Assign an Elastic IP to the SCS instance.
D.Check the security group rules on the application servers.
AnswerA

Network ACLs can block traffic if misconfigured.

Why this answer

Option C is correct because network ACLs are stateless and require both inbound and outbound rules. During maintenance, the NACL might have been modified to block required traffic. Option A is wrong because security groups are already verified.

Option B is wrong because route tables affect routing, not connectivity if they are within the same VPC. Option D is wrong because the issue is not about Elastic IPs.

248
Multi-Selectmedium

Which TWO AWS services can be used to automate the startup and shutdown of SAP application servers based on a schedule to reduce costs? (Select TWO.)

Select 2 answers
A.Amazon CloudWatch Events
B.AWS CodePipeline
C.AWS Instance Scheduler
D.Amazon EC2 Auto Scaling
E.AWS Systems Manager Maintenance Windows
AnswersC, E

Instance Scheduler is a solution to start/stop instances on a schedule.

Why this answer

Option A is correct because Systems Manager Maintenance Windows can schedule actions. Option D is correct because Instance Scheduler is a solution for automated start/stop. Option B is incorrect because CloudWatch Events triggers actions but not directly scheduling on instances without a Lambda.

Option C is incorrect because Auto Scaling adjusts capacity but not start/stop of specific instances. Option E is incorrect because CodePipeline is for CI/CD.

249
MCQmedium

A company has deployed SAP on AWS with a shared file system using Amazon EFS for the /sapmnt directory. The EFS file system is mounted on all SAP application servers. Recently, users reported that the SAP system is slow when accessing reports that are stored as PDF files in the /sapmnt directory. The operations team checks the CloudWatch metrics and finds that the EFS file system's PercentIOLimit metric is consistently at 100% during peak hours. The file system is using the General Purpose performance mode. The team also notices that the BurstCreditBalance is decreasing over time. What action should be taken to resolve this performance issue?

A.Enable EFS lifecycle management to move infrequently accessed files to Infrequent Access storage class.
B.Increase the size of the EFS file system to improve performance.
C.Increase the burst credit balance by enabling throughput mode.
D.Switch the EFS performance mode to Max I/O to get higher throughput.
AnswerD

Max I/O provides higher IOPS and throughput.

Why this answer

Option C is correct because switching to Max I/O performance mode provides higher IOPS and throughput for workloads with high I/O demands. Option A is wrong because the issue is I/O limit, not storage capacity. Option B is wrong because increasing burst credits is not possible; the file system needs higher baseline.

Option D is wrong because lifecycle management is for cost optimization, not performance.

250
MCQmedium

A company is migrating its SAP environment to AWS. The operations team needs to ensure that all changes to the SAP infrastructure are tracked and that unauthorized changes are detected. Which AWS service should they use?

A.AWS CloudTrail
B.AWS Config
C.Amazon GuardDuty
D.AWS Trusted Advisor
AnswerB

AWS Config provides configuration history and compliance checking.

Why this answer

Option A is correct. AWS Config records configuration changes and detects drift. Option B is incorrect because CloudTrail records API calls, not configuration state.

Option C is incorrect because Trusted Advisor provides best practice checks. Option D is incorrect because GuardDuty is for threat detection.

251
MCQmedium

Refer to the exhibit. An operations team uses this CloudFormation template to launch SAP application servers. After deployment, the application server fails to join the SAP system. The team verified that the security group allows outbound traffic to the SAP system. What is the MOST likely cause?

A.The instance type is not specified correctly.
B.The security group ID is not properly referenced.
C.The user data script is not base64 encoded correctly.
D.The `LatestAmiId` parameter is not defined in the template.
AnswerD

!Ref LatestAmiId requires a parameter or mapping that is not defined.

Why this answer

Option D is correct. The template uses `!Ref LatestAmiId` which does not exist as a parameter; it should be a parameter or a mapping. Option A is wrong because the instance type is parameterized.

Option B is wrong because the security group is referenced correctly. Option C is wrong because the user data script is base64 encoded correctly.

252
MCQmedium

A company is running SAP HANA on a memory-optimized EC2 instance with an EBS volume for /hana/data and /hana/log. The database administrator notices that the /hana/log volume is experiencing high write latency. The current volume is a gp2 volume with 1000 GB size. Which change would most effectively reduce write latency?

A.Change the volume type to st1 (throughput optimized) for better write throughput.
B.Increase the volume size to 2000 GB to get more IOPS.
C.Enable Multi-Attach on the volume to distribute writes.
D.Ensure the EC2 instance is EBS-optimized and use a higher instance type with dedicated EBS bandwidth.
AnswerD

EBS-optimized instances provide dedicated throughput to EBS, reducing latency.

Why this answer

Option D is correct because using EBS-optimized instances with dedicated EBS bandwidth reduces contention and latency. Option A is wrong because increasing volume size increases IOPS but not necessarily reduces latency. Option B is wrong because changing to st1 is not ideal for log writes.

Option C is wrong because enabling Multi-Attach does not reduce latency.

253
MCQmedium

An SAP system uses a Network Load Balancer (NLB) to distribute traffic to SAP application servers. The application servers are in private subnets. The operations team notices that the health checks are failing for one of the application servers. The health check is configured to use TCP on port 3200. The application server's security group allows inbound traffic on port 3200 from the NLB's subnet CIDR. The network ACL allows inbound and outbound traffic on ephemeral ports. What is the most likely cause of the health check failure?

A.The security group does not allow inbound traffic from the NLB's private IP addresses.
B.The network ACL is blocking the health check traffic.
C.The SAP application is not listening on port 3200.
D.The NLB is configured to use the instance's public IP address.
AnswerA

Health checks come from NLB's IPs, not client IPs.

Why this answer

Option C is correct because the NLB health checks originate from its own IP addresses, not from the client IPs. The security group must allow traffic from the NLB's private IP addresses. Option A is wrong because the application may be listening correctly.

Option B is wrong because NACLs are properly configured. Option D is wrong because the NLB communicates with targets using their private IPs.

254
MCQeasy

An SAP system on AWS is configured with a Multi-AZ deployment for high availability. During a failover test, the operations team notices that the secondary instance does not take over correctly. What is the most likely cause?

A.The SAP application layer is not configured to retry connections.
B.The CloudWatch alarm thresholds for failover are set too high.
C.The route tables or security groups do not allow traffic to the secondary instance.
D.The secondary instance's IP address is not automatically updated in DNS.
AnswerC

Network configuration errors can prevent failover from completing.

Why this answer

Option B is correct because incorrect DNS resolution or routing can prevent the secondary instance from being reachable after failover. Option A is wrong because Multi-AZ automatically handles IP changes if configured properly. Option C is wrong because application layer misconfiguration may not affect the failover itself.

Option D is wrong because CloudWatch alarms do not control failover.

255
MCQeasy

A company has an SAP HANA database running on an RDS for SAP HANA instance. The operations team wants to automate the backup process and retain backups for 90 days. Which AWS service should they use?

A.RDS automated backups
B.Amazon S3 lifecycle policies
C.AWS Backup
D.AWS Storage Gateway
AnswerC

AWS Backup can schedule and retain backups for 90 days.

Why this answer

Option A is correct because AWS Backup can manage backups of RDS instances with customizable retention. Option B is wrong because S3 is for object storage, not native RDS backups. Option C is wrong because Storage Gateway is for hybrid storage.

Option D is wrong because RDS automated backups have a max retention of 35 days; manual snapshots are needed beyond that, but AWS Backup can manage them.

256
MCQeasy

A company is running SAP S/4HANA on AWS with an RDS for SAP HANA database. The operations team needs to perform a minor version upgrade of the database. They want to minimize downtime and ensure that the upgrade can be rolled back if needed. What should they do?

A.Take a manual snapshot before the upgrade, then perform the upgrade.
B.Enable Multi-AZ, then perform the upgrade.
C.Use the clone feature of SAP HANA to create a copy.
D.Create a read replica, promote it after the upgrade.
AnswerA

Snapshot allows restore to pre-upgrade state if needed.

Why this answer

Option D is correct because creating a snapshot before the upgrade allows rollback, and RDS supports minor version upgrades with minimal downtime (usually a few minutes). Option A is wrong because creating a read replica does not help with upgrade rollback. Option B is wrong because Multi-AZ does not directly help with upgrade rollback.

Option C is wrong because cloning is for Aurora, not RDS for HANA.

257
MCQmedium

An SAP system running on AWS uses a Multi-AZ RDS for SAP ASE database. The operations team notices that the database failover took longer than expected during a recent outage. What should the team investigate to reduce failover time?

A.Increase the allocated storage for the database to improve I/O performance.
B.Ensure that the standby instance is in the same Availability Zone as the primary.
C.Check for long-running transactions that delay the failover.
D.Verify that the database is using asynchronous replication.
AnswerC

Long-running transactions can significantly increase failover time.

Why this answer

Option D is correct because Multi-AZ failover time is influenced by the time to complete in-flight transactions. Option A is wrong because synchronous replication is used, not asynchronous. Option B is wrong because Multi-AZ already has a standby in another AZ.

Option C is wrong because increasing instance size may not reduce failover time.

258
MCQhard

A company runs a critical SAP ERP system on AWS. The system consists of a single EC2 instance running SAP NetWeaver with an Oracle database on the same instance. The instance type is r5.4xlarge with 500 GB gp2 EBS volume for the database. The operations team receives a CloudWatch alarm that the EBS volume's 'BurstBalance' metric has dropped to 0%. Consequently, the database performance degrades significantly. The team needs to resolve the issue and prevent recurrence. The SAP system cannot tolerate more than 10 minutes of downtime. The budget is limited. Which action should the team take?

A.Migrate the database to an io2 Block Express volume with provisioned IOPS.
B.Add additional EBS volumes and configure RAID 0 striping to increase IOPS.
C.Change the EBS volume type from gp2 to gp3 and increase the IOPS and throughput settings as needed.
D.Increase the volume size to 1000 GB to increase baseline IOPS and burst credits.
AnswerC

gp3 provides consistent baseline performance without burst credits and is cost-effective.

Why this answer

Switching to gp3 provides baseline performance without burst credits and is cost-effective. Option C is correct. Option A is wrong because increasing to io2 volumes is more expensive and may require downtime if not using elasticity.

Option B is wrong because changing to st1 is for throughput-optimized workloads, not suitable for database. Option D is wrong because adding more volumes and striping is complex and may require downtime.

259
Multi-Selectmedium

Which TWO actions should an SAP administrator take to ensure high availability for an SAP HANA database on AWS? (Choose two.)

Select 2 answers
A.Enable SAP HANA system replication
B.Deploy the database on a single large instance
C.Schedule regular manual snapshots
D.Use a Multi-AZ deployment for the database
E.Use a single EBS volume with high IOPS
AnswersA, D

Provides data redundancy across nodes.

Why this answer

Options A and B are correct. Enabling system replication provides data redundancy, and using a Multi-AZ deployment ensures automatic failover. Option C is wrong because a single EBS volume does not provide HA.

Option D is wrong because manual snapshots are not automatic HA. Option E is wrong because a single instance lacks redundancy.

260
MCQeasy

A company runs a critical SAP application on AWS. The operations team needs to monitor the system for performance issues and receive alerts when CPU utilization exceeds 80% for 5 consecutive minutes. Which AWS service should be used to set up this monitoring and alerting?

A.AWS Config
B.AWS CloudTrail
C.Amazon CloudWatch
D.AWS Health
AnswerC

CloudWatch monitors metrics and can trigger alarms based on thresholds.

Why this answer

Amazon CloudWatch can monitor CPU utilization and trigger alarms when a threshold is breached. CloudTrail is for API auditing, Config is for compliance, and AWS Health provides service health notifications.

261
MCQhard

An SAP system on AWS is experiencing intermittent network connectivity issues between the application servers and the database server. Both are in the same VPC but different subnets. The security groups allow all traffic between them. What should the administrator check next?

A.Network ACL rules for the subnets
B.VPC Flow Logs to analyze dropped packets
C.Route tables to ensure proper routing
D.Security group rules for outbound traffic
AnswerA

NACLs are stateless and must allow ephemeral port return traffic.

Why this answer

Network ACLs are stateless and must allow both inbound and outbound traffic. If NACLs block return traffic, connectivity fails intermittently. VPC Flow Logs can help diagnose but are not the first check.

Route tables are typically correct within a VPC. The issue is likely at the NACL level.

262
MCQmedium

A company is running SAP HANA on AWS. The system administrator notices that the SAP HANA database is frequently running out of memory, causing performance degradation. Which AWS service should the administrator use to set up memory usage alarms and automate scaling of the SAP HANA instance?

A.Amazon EC2 Auto Scaling
B.AWS Lambda
C.AWS Systems Manager
D.Amazon CloudWatch and AWS Auto Scaling
AnswerD

CloudWatch monitors memory (via agent) and Auto Scaling can adjust instance type or add instances.

Why this answer

Option B is correct because Amazon CloudWatch can monitor memory metrics (via custom metrics) and trigger alarms; combined with AWS Auto Scaling, it can automatically adjust the instance size or add resources. Option A is wrong because AWS Lambda is a compute service, not a monitoring/scaling service. Option C is wrong because AWS Systems Manager is for management, not native monitoring and auto-scaling.

Option D is wrong because Amazon EC2 Auto Scaling works at the instance group level, not for vertical scaling of a single HANA instance.

263
Multi-Selectmedium

Which TWO actions should an operations team take to ensure high availability for SAP HANA in a single AWS Region?

Select 2 answers
A.Create read replicas of the HANA database.
B.Deploy SAP HANA in a Multi-AZ configuration using HANA System Replication.
C.Use HANA System Replication with automatic failover.
D.Configure automated backups to Amazon S3.
E.Use a single large EC2 instance in one Availability Zone.
AnswersB, C

Multi-AZ with HSR provides failover across Availability Zones.

Why this answer

Options A and D are correct. A: Multi-AZ deployment provides failover across Availability Zones. D: HANA System Replication with automatic failover ensures data consistency and failover.

Option B is wrong because a single instance in one AZ does not provide HA. Option C is wrong because backups do not provide automatic failover. Option E is wrong because read replicas are for read scaling, not HA.

264
MCQhard

A company runs SAP on AWS using a multi-AZ deployment. The database is an SAP HANA system replicated across two Availability Zones. During a recent failure, the standby HANA instance did not take over automatically. The operations team finds that the HANA replication status was 'ERROR' before the failure. What is the most likely reason for the failed takeover?

A.The standby HANA instance had a different instance number than the primary.
B.The fencing mechanism was not configured correctly in the cluster.
C.The HANA system replication was not in sync; data was not fully replicated to the standby.
D.The network latency between the two Availability Zones was too high.
AnswerC

An error status means replication is broken; the standby cannot take over safely.

Why this answer

Option C is correct because if the HANA system replication status is in error, automatic takeover cannot occur. The replication link must be healthy for the standby to have the latest data. Option A is wrong because network connectivity issues would be reflected in replication status.

Option B is wrong because a misconfigured fencing mechanism would not cause replication error. Option D is wrong because different instance numbers would prevent replication setup entirely.

265
MCQeasy

A company is migrating an SAP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS) instance. Which AWS service is best suited for this?

A.Amazon RDS Multi-AZ deployment
B.EC2 Auto Scaling group
C.Amazon Route 53 weighted routing policy
D.Amazon S3 cross-region replication
AnswerA

Provides automatic failover for the ASCS database with a standby replica.

Why this answer

Option A is correct because a Multi-AZ deployment of Amazon RDS provides automatic failover for the ASCS database. Option B (EC2 Auto Scaling) is for horizontal scaling, not for stateful services. Option C (Amazon Route 53 routing policy) can redirect traffic but doesn't ensure instance availability.

Option D (Amazon S3) is for storage, not high-availability failover.

266
MCQhard

An SAP administrator is troubleshooting an issue where SAP application servers are unable to connect to the SAP HANA database. The database is running on an EC2 instance in a private subnet. The application servers are in a different VPC connected via VPC peering. The security group for the database instance allows TCP port 3$15$13 from the application server security group. Which additional configuration is MOST likely required?

A.Modify the security group to allow traffic from the application server subnet CIDR.
B.Update the route tables to add a route to the database subnet.
C.Add a rule to the network ACL to allow inbound traffic on port 3$15$13.
D.Enable DNS resolution for the VPC peering connection.
AnswerD

VPC peering requires DNS resolution to be enabled for hostname resolution across VPCs.

Why this answer

Option C is correct because VPC peering does not automatically resolve DNS hostnames between VPCs. The application servers must resolve the database hostname to the private IP of the database instance. Option A is wrong because VPC peering does not support transitive routing, but that's not relevant here.

Option B is wrong because NACLs are stateless and must allow return traffic, but the issue is DNS resolution. Option D is wrong because the security group rule already allows the port.

267
MCQeasy

A company is running SAP on AWS and needs to ensure that all changes to the SAP infrastructure are logged for audit purposes. Which AWS service should be enabled to record API calls?

A.AWS CloudTrail
B.Amazon GuardDuty
C.Amazon CloudWatch
D.AWS Config
AnswerA

CloudTrail records all API activity for auditing.

Why this answer

Option B (AWS CloudTrail) is correct because it records all API activity in the AWS account. Option A (Amazon CloudWatch) monitors performance. Option C (AWS Config) evaluates resource configurations.

Option D (Amazon GuardDuty) detects threats.

268
MCQeasy

A SAP administrator needs to grant an IAM user permission to start and stop EC2 instances that are part of an SAP environment. The administrator wants to follow the principle of least privilege. Which IAM policy action should be included?

A.ec2:TerminateInstances
B.ec2:RunInstances
C.ec2:StartInstances and ec2:StopInstances
D.ec2:RebootInstances
AnswerC

These actions specifically allow starting and stopping instances.

Why this answer

Option C is correct because ec2:StartInstances and ec2:StopInstances are the specific actions needed. Option A is wrong because ec2:RebootInstances is not required. Option B is wrong because ec2:RunInstances launches new instances.

Option D is wrong because ec2:TerminateInstances is more destructive than needed.

269
MCQmedium

A company runs SAP on AWS and uses a Multi-AZ architecture. The SAP application servers are in an Auto Scaling group across two Availability Zones, and the database is an RDS for SAP HANA Multi-AZ DB instance. During a recent failover test, the database failover completed within 2 minutes, but the application servers took 10 minutes to reconnect to the database. Which action would minimize the application reconnection time?

A.Reduce the health check grace period on the Auto Scaling group.
B.Configure the SAP application to use the RDS Multi-AZ automatic failover endpoint.
C.Increase the minimum number of application servers in the Auto Scaling group.
D.Use an RDS Proxy to manage database connections from the application servers.
AnswerD

RDS Proxy pools connections and handles failover transparently, reducing application reconnection time.

Why this answer

Option D is correct because using an RDS proxy minimizes connection disruptions by pooling and reusing database connections during failovers, reducing application reconnection time. Option A is wrong because shortening the health check grace period doesn't affect reconnection. Option B is wrong because increasing the number of application servers doesn't address reconnection logic.

Option C is wrong because an RDS Multi-AZ failover already happens automatically within minutes.

270
MCQeasy

A company runs SAP ERP on AWS using a Multi-AZ RDS for SAP HANA database. The operations team needs to automate the rotation of the database master password. Which AWS service should be used to securely store and rotate the password?

A.AWS Systems Manager Parameter Store
B.AWS Secrets Manager
C.AWS CloudHSM
D.AWS Identity and Access Management (IAM)
AnswerB

Secrets Manager can rotate RDS credentials automatically.

Why this answer

Option D is correct because AWS Secrets Manager can automatically rotate RDS database credentials. Option A (Systems Manager Parameter Store) can store secrets but does not support automatic rotation. Option B (IAM) does not manage database passwords.

Option C (CloudHSM) is for hardware security modules, not password rotation.

271
MCQmedium

A company runs a critical SAP HANA database on an m5.24xlarge EC2 instance. The operations team notices that the database performance degrades during peak hours. Which AWS service should be used to identify whether the instance is experiencing CPU throttling due to CPU credit exhaustion?

A.Use CloudTrail to review the EC2 instance launch configuration.
B.Use AWS Trusted Advisor to check for instance performance issues.
C.Use CloudWatch to monitor the CPUUtilization metric.
D.Use CloudWatch to monitor the CPUCreditBalance metric.
AnswerC

This is the correct metric to identify high CPU usage.

Why this answer

Option B is correct because T2/T3 instances use CPU credits, but m5 instances are dedicated performance instances and do not use CPU credits. However, the question tests if the candidate knows that m5 instances do not have CPU credit concepts; thus the correct answer is to check CloudWatch metrics for CPU Utilization, which directly measures CPU usage. Option A is wrong because m5 instances do not have CPU credit metrics.

Option C is wrong because CloudTrail logs API calls, not performance metrics. Option D is wrong because Trusted Advisor gives best-practice recommendations, not real-time CPU metrics.

272
MCQeasy

An SAP system is experiencing high disk I/O latency. The operations team checks the Amazon CloudWatch metrics and finds that the Average Queue Length for the EBS volumes is consistently above the recommended threshold. Which action should be taken to address this issue?

A.Change the volume type to Throughput Optimized HDD (st1).
B.Increase the provisioned IOPS for the EBS volumes.
C.Enable EBS encryption to improve I/O performance.
D.Increase the volume size to improve I/O performance.
AnswerB

Higher IOPS can handle more requests, reducing queue length.

Why this answer

Option A is correct because increasing IOPS reduces queue length. Option B is wrong because increasing volume size may not increase IOPS if gp2 volumes are used (size affects burst credits). Option C is wrong because converting to st1 is for throughput, not IOPS.

Option D is wrong because enabling encryption does not affect performance.

273
MCQmedium

An SAP system is running on an EC2 instance with an attached EBS volume for /usr/sap. The operations team notices that the volume is almost full. Which action should be taken to increase the available space without downtime?

A.Modify the EBS volume to increase its size while the instance is running, then extend the filesystem.
B.Reduce the size of the volume by modifying the volume configuration.
C.Create a new larger EBS volume, attach it to the instance, and copy the data.
D.Create a snapshot of the volume and use it to create a larger volume, then attach and mount.
AnswerA

EBS volumes can be increased online, and the filesystem can be extended without downtime.

Why this answer

You can increase the size of an EBS volume while the instance is running, then extend the filesystem. Option A is correct. Option B is wrong because snapshots are for backup, not immediate space increase.

Option C is wrong because reducing the volume size is not supported. Option D is wrong because creating a new volume and copying data requires downtime.

274
MCQeasy

A company is running SAP ERP on AWS using an SAP-certified AMI. The system uses a single EC2 instance for both the application and database. The operations team needs to implement a disaster recovery (DR) solution with a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 1 hour. The DR site must be in a different AWS Region. Currently, the system uses EBS snapshots for backup. What should the team do to meet the RTO and RPO requirements?

A.Set up a read replica in the DR region and promote it during failover.
B.Configure Amazon S3 Cross-Region Replication for the EBS snapshots.
C.Use AWS CloudEndure Disaster Recovery to replicate the entire server to the DR region.
D.Schedule hourly EBS snapshots and copy them to the DR region using AWS Backup.
AnswerD

This meets RPO of 1 hour and RTO of 2 hours by restoring from snapshots.

Why this answer

Option D is correct because using AWS Backup with cross-region snapshot copy allows automated backups to another region with RPO of 1 hour. For RTO, you can restore from those snapshots. Option A is wrong because S3 replication is for objects, not EBS snapshots.

Option B is wrong because Cross-Region Replication is for S3. Option C is wrong because CloudEndure requires continuous replication, which is not needed and may be overkill.

275
Multi-Selecthard

Which THREE metrics should be monitored in Amazon CloudWatch to proactively identify performance issues in an SAP NetWeaver application server? (Choose three.)

Select 3 answers
A.S3 request metrics
B.CPUUtilization
C.Memory utilization (via CloudWatch Agent)
D.VPC Flow Logs
E.DiskQueueDepth
AnswersB, C, E

High CPU indicates performance issues.

Why this answer

Options A, B, and D are correct. Option C is wrong because VPC Flow Logs are not CloudWatch metrics. Option E is wrong because S3 metrics are unrelated.

276
MCQeasy

Your SAP on AWS environment uses a central S3 bucket to store SAP transport files. The operations team reports that transport import fails intermittently. Which AWS service can be used to monitor and alert on S3 API call failures?

A.AWS CloudTrail
B.AWS Config
C.Amazon CloudWatch Metrics
D.AWS Trusted Advisor
AnswerA

Logs S3 API calls.

Why this answer

Option A is correct because CloudTrail logs S3 API calls. Option B is wrong because CloudWatch Metrics for S3 are limited. Option C is wrong because Config tracks configuration changes.

Option D is wrong because Trusted Advisor provides best practice checks.

277
MCQmedium

An SAP administrator notices that the SAP HANA database on an EC2 instance is running out of memory frequently. The instance type is r5.4xlarge with 128 GiB of memory. Which action should the administrator take to resolve this issue?

A.Reduce the SAP HANA buffer cache size
B.Increase swap space on the instance
C.Enable SAP HANA compression
D.Scale up to a larger instance type with more memory
AnswerD

Larger instance provides more memory.

Why this answer

Option C is correct because increasing the instance memory by selecting a larger instance type addresses the memory shortage. Option A is wrong because increasing swap space may cause performance degradation. Option B is wrong because enabling compression is a software setting, not a direct fix.

Option D is wrong because reducing the buffer cache can impact performance.

278
Multi-Selecthard

An SAP system administrator is troubleshooting an issue where SAP users cannot log in to the SAP system. The administrator checks the SAP application server logs and finds that the connection to the SAP HANA database is failing with 'connection refused'. Which THREE AWS resources should be investigated to resolve the issue?

Select 3 answers
A.VPC peering connection
B.Network ACLs for the database subnet
C.Internet Gateway
D.Security group rules for the database instance
E.Route tables for the application server subnet
AnswersB, D, E

Network ACLs are stateless firewalls; misconfigured rules can block traffic.

Why this answer

Options B, C, and D are correct. The security group rules for the database instance must allow traffic from the application server; the network ACLs must allow inbound/outbound traffic; and the route table must have a route to the database subnet. Option A is wrong because the Internet Gateway is not needed for internal communication between subnets.

Option E is wrong because the VPC peering connection is not necessarily involved unless they are in different VPCs.

279
MCQhard

A company runs a critical workload on Amazon RDS for PostgreSQL with Multi-AZ. The operations team notices that during a recent failover test, the DNS record updated in about 60 seconds. However, the application experienced a 2-minute downtime because some connections were not re-established quickly. What should the team do to reduce downtime during failover?

A.Enable automated backups with a short retention period.
B.Increase the TTL of the RDS DNS record to 300 seconds.
C.Configure the application's connection string to use the RDS read-replica endpoint with a retry mechanism.
D.Place a Network Load Balancer in front of the RDS instance.
AnswerC

Using the read replica endpoint can redirect traffic faster; retries help re-establish connections.

Why this answer

Option C is correct because configuring the application's connection string to use the RDS read-replica endpoint with a retry mechanism allows the application to quickly fail over to the read replica during a Multi-AZ failover. The read-replica endpoint remains constant and does not rely on DNS propagation, reducing downtime from DNS TTL delays. Combined with a retry mechanism, this ensures connections are re-established immediately after the failover completes, rather than waiting for the DNS record to update.

Exam trap

The trap here is that candidates often think increasing DNS TTL speeds up failover, but in reality, a higher TTL increases client-side caching delay, making downtime worse, while the correct approach is to use a static endpoint (like the read-replica endpoint) with retry logic to bypass DNS propagation issues entirely.

How to eliminate wrong answers

Option A is wrong because enabling automated backups with a short retention period does not affect DNS resolution or connection re-establishment during failover; backups are for point-in-time recovery, not for reducing failover downtime. Option B is wrong because increasing the TTL of the RDS DNS record to 300 seconds would actually increase the time clients cache the old DNS record, making the failover downtime longer (up to 300 seconds) instead of reducing it. Option D is wrong because placing a Network Load Balancer (NLB) in front of an RDS instance is not supported; RDS does not allow an NLB to front it directly, and even if it did, the NLB would still rely on DNS or health checks that introduce similar delays.

280
MCQmedium

Refer to the exhibit. An SAP HANA instance is running on an EC2 instance. The volume `/dev/sdf` is used for HANA data. The operations team needs to increase the disk size for HANA data without downtime. Which action should they take?

A.Launch a new instance with a larger volume and migrate HANA data.
B.Stop the instance, modify the volume size, and start the instance.
C.Add a new EBS volume to the instance and move HANA data to the new volume.
D.Modify the EBS volume size while the instance is running.
AnswerD

EBS volumes can be modified without detaching or stopping the instance.

Why this answer

Option B is correct. Modifying the EBS volume size while the instance is running is supported for most volume types. Option A is wrong because stopping the instance is unnecessary.

Option C is wrong because launching a new instance would require migration. Option D is wrong because adding a new volume and moving data requires downtime.

281
MCQhard

An SAP administrator needs to patch the operating system of SAP application servers that are part of an Auto Scaling group. What is the best practice to ensure that instances are updated without downtime?

A.Update the AMI used by the Auto Scaling group launch configuration and manually terminate all running instances.
B.Create a new launch configuration with an updated AMI and perform a rolling update using the Auto Scaling group.
C.Update the AMI and stop the Auto Scaling group, then start it again.
D.Install patches on each running instance using AWS Systems Manager Patch Manager.
AnswerB

Rolling update replaces instances one by one, maintaining service availability.

Why this answer

Option B is correct because a rolling update replaces instances gradually, maintaining capacity. Option A is wrong because it does not address replacement. Option C is wrong because it causes downtime.

Option D is wrong because it does not apply to running instances.

282
MCQhard

An SAP system administrator is troubleshooting a performance issue on an SAP ERP Central Component (ECC) system running on AWS. The system uses an Oracle database on an EC2 instance with EBS volumes. Users report that some transactions are slow, especially during month-end closing. The administrator checks CloudWatch metrics and notices that the EBS volume read latency is high (average 20 ms) and the queue depth is consistently 0. The volume type is gp2 with 3000 IOPS. The administrator suspects the volume is not meeting the IOPS demand. What should the administrator do to resolve this issue?

A.Switch the volume type from gp2 to gp3
B.Increase the EBS volume size to increase the baseline IOPS
C.Increase the volume throughput to 250 MB/s
D.Enable EBS optimization on the EC2 instance
AnswerB

For gp2, IOPS scale with size; larger volume gives more IOPS.

Why this answer

Option D is correct because increasing the volume size increases baseline IOPS for gp2. Option A is wrong as switching to gp3 may help but not directly address queue depth. Option B is wrong as throughput is not the issue.

Option C is wrong as increasing IOPS without volume size increase is not possible for gp2.

283
MCQmedium

A company runs SAP on AWS. During a maintenance window, the SAP application team needs to apply a kernel update that requires a reboot of the SAP application servers. The environment uses an Auto Scaling group for the application tier. What is the BEST approach to minimize downtime?

A.Stop all instances in the Auto Scaling group, apply the update, and start them again.
B.Detach all instances from the Auto Scaling group, apply the update, and reattach them.
C.Double the desired capacity of the Auto Scaling group, wait for new instances, then terminate old instances.
D.Terminate instances one at a time, allowing the Auto Scaling group to launch new instances with the updated configuration.
AnswerD

Terminating instances one at a time allows the Auto Scaling group to launch new instances with updated configuration, maintaining capacity and minimizing downtime.

Why this answer

Option C is correct because terminating instances one at a time allows the Auto Scaling group to launch new instances with updated configuration, maintaining capacity and minimizing downtime. Option A is wrong because stopping instances suspends billing but does not trigger automatic replacement. Option B is wrong because detaching instances requires manual reattachment.

Option D is wrong because doubling desired capacity temporarily increases costs and may not be necessary.

284
MCQhard

A company runs SAP S/4HANA on AWS with a three-tier architecture. The operations team receives alerts that the application server's CPU utilization is consistently above 90%. The team wants to add an additional application server to distribute the load. Which AWS service should be used to register the new instance with the SAP system's load balancer?

A.Amazon CloudFront
B.Network Load Balancer (NLB)
C.Amazon Route 53
D.Application Load Balancer (ALB)
AnswerD

Registers EC2 instances as targets.

Why this answer

Option A is correct because ALB can register EC2 instances as targets. Option B is wrong because NLB is for TCP/UDP. Option C is wrong because CloudFront is for CDN.

Option D is wrong because Route 53 is for DNS.

285
MCQhard

An SAP system running on AWS is experiencing high memory utilization on the application server. The team suspects a memory leak in the SAP ABAP application. Which tool or process should be used to identify the root cause?

A.Run SAP transaction STAD to analyze memory consumption per user and program.
B.Use the Linux 'top' command to identify the process consuming the most memory.
C.Use SAP HANA Studio to check memory consumption of the database.
D.Enable detailed CloudWatch memory metrics on the EC2 instance.
AnswerA

STAD provides detailed memory usage breakdown for ABAP programs.

Why this answer

Option A is correct because SAP STAD (Transaction STAD) provides detailed analysis of memory consumption by user and program. Option B is wrong because CloudWatch can show overall memory usage but not per-process details. Option C is wrong because OS-level tools like 'top' show memory per process but not ABAP-specific memory allocation.

Option D is wrong because SAP HANA Studio is for database, not application server memory.

286
Multi-Selectmedium

Which TWO AWS services can be used to monitor the performance of SAP HANA on AWS and set alarms? (Select TWO.)

Select 2 answers
A.AWS CloudTrail
B.AWS Config
C.AWS Trusted Advisor
D.Amazon CloudWatch
E.AWS Systems Manager
AnswersD, E

For monitoring and alarms.

Why this answer

Option A and C are correct. CloudWatch is for monitoring and alarms. Systems Manager can run scripts to collect metrics.

Option B is wrong because Config is for configuration. Option D is wrong because CloudTrail is for API logging. Option E is wrong because Trusted Advisor is for best practices.

287
MCQmedium

An SAP system is experiencing high CPU utilization on the application server. The administrator wants to automatically scale the EC2 instance based on CPU usage. Which AWS service should be used?

A.Elastic Load Balancing
B.AWS Auto Scaling
C.AWS Lambda
D.Amazon CloudWatch
AnswerB

Auto Scaling can add or remove EC2 instances based on CPU utilization.

Why this answer

Auto Scaling with scaling policies based on CloudWatch alarms can automatically adjust the number of instances. Option B is correct. Option A is wrong because Elastic Load Balancing distributes traffic, not scaling.

Option C is wrong because CloudWatch monitors but does not scale. Option D is wrong because Lambda can be used but is not the primary service for EC2 scaling.

288
MCQeasy

A company uses an SAP HANA database on AWS. The database administrator wants to back up the database using Backint integration with AWS. Which AWS service is the recommended target for Backint backups?

A.Amazon EFS
B.Amazon EBS
C.Amazon S3 Glacier
D.Amazon S3
AnswerD

S3 is the recommended target for Backint.

Why this answer

Option A is correct because Amazon S3 is the standard target for SAP HANA Backint backups on AWS. Option B is incorrect because EBS is not directly used by Backint. Option C is incorrect because Glacier is not directly integrated with Backint.

Option D is incorrect because EFS is not used for Backint.

289
MCQmedium

A company runs an SAP HANA database on an EC2 instance in a single Availability Zone. The database experiences performance degradation during peak hours. Which action should be taken to improve performance without changing the instance type?

A.Increase the provisioned IOPS on the EBS volumes
B.Enable detailed CloudWatch monitoring
C.Change the EBS volumes to gp3
D.Enable Enhanced Networking on the EC2 instance
AnswerD

Enhanced Networking reduces latency and improves network throughput.

Why this answer

Option B is correct because enabling Enhanced Networking reduces latency and improves throughput for HANA. Option A is wrong as increasing EBS IOPS may not address network bottlenecks. Option C is wrong because CloudWatch detailed monitoring does not improve performance.

Option D is wrong because switching to gp3 may not provide enough performance for HANA.

290
MCQeasy

A DevOps engineer needs to automatically restart a specific service on an EC2 instance whenever the service crashes. The instance is running Amazon Linux 2. Which approach is the MOST operationally efficient?

A.Set up a CloudWatch alarm that triggers an SSM Run Command to restart the service
B.Write a cron job that checks the service status every minute and restarts it if needed
C.Configure the service as a systemd unit with Restart=on-failure
D.Use an AWS Lambda function that polls the service status and calls the EC2 reboot API
AnswerC

systemd is the native init system and handles restarts efficiently.

Why this answer

Option C is correct because systemd, the default init system on Amazon Linux 2, provides a built-in `Restart=` directive that can be set to `on-failure`. This instructs systemd to automatically restart the service unit when it exits with a non-zero exit code or is terminated by a signal, without requiring any external monitoring or additional infrastructure. This is the most operationally efficient approach as it leverages the native service manager functionality with zero external dependencies.

Exam trap

The trap here is that candidates often over-engineer the solution by choosing external AWS services (CloudWatch, Lambda) or traditional cron-based polling, overlooking the fact that the operating system's native service manager (systemd) already provides a simple, built-in mechanism for automatic service restart.

How to eliminate wrong answers

Option A is wrong because it introduces unnecessary complexity and latency: a CloudWatch alarm requires metric data, evaluation periods, and an SSM Run Command invocation, which is not immediate and adds operational overhead compared to a local restart mechanism. Option B is wrong because a cron job running every minute creates a polling loop that wastes CPU cycles and introduces a delay of up to 60 seconds before detecting a crash, whereas systemd reacts instantly to process termination. Option D is wrong because using a Lambda function to poll service status and call the EC2 reboot API is extremely inefficient, introduces cold start latency, requires IAM roles and network configuration, and rebooting the entire instance is a heavy-handed action when only a single service needs restarting.

291
MCQmedium

A company runs SAP S/4HANA on AWS. The environment includes an SAP HANA database on an EC2 instance with multiple EBS volumes for data, log, and backup. The backup strategy uses AWS Backup to create daily snapshots of all EBS volumes. During a disaster recovery test, the team discovers that the snapshots are not crash-consistent and the database cannot be restored to a consistent state. The backup window is set to 2 AM daily. What should the team do to ensure crash-consistent backups?

A.Configure AWS Backup to create multi-volume crash-consistent snapshots for the instance.
B.Use SAP HANA backup to S3 instead of EBS snapshots for database backups.
C.Take individual EBS snapshots of each volume sequentially within the backup window.
D.Stop the EC2 instance before the backup window and start it after the snapshots complete.
AnswerA

Multi-volume snapshots ensure all volumes are snapshotted at the same point in time, providing crash consistency.

Why this answer

Option B is correct. To achieve crash consistency across multiple EBS volumes attached to a single instance, the volumes should be snapshotted together using the same snapshot request. AWS Backup can be configured to create multi-volume snapshots.

Option A is wrong because stopping the instance causes downtime. Option C is wrong because individual snapshots are not crash-consistent across volumes. Option D is wrong because HANA backup to S3 does not address the EBS snapshot consistency issue.

292
Multi-Selectmedium

A company is designing a disaster recovery strategy for a critical application that runs on EC2 instances with data stored on EBS volumes. The application requires RPO of 15 minutes and RTO of 1 hour. Which TWO approaches meet these requirements?

Select 2 answers
A.Use EBS Snapshots taken every 15 minutes and copy them to the DR region
B.Use AWS Backup with a backup plan that takes cross-region backups every 15 minutes
C.Use Amazon Machine Images (AMIs) backed by EBS snapshots, taken hourly
D.Use EBS Multi-Attach volumes to allow the DR instance to access the same volumes
E.Use EBS Reboot (not Stop/Start) to move the instance to the DR region with replicated volumes
AnswersA, E

EBS Snapshots can achieve 15-minute RPO.

Why this answer

Option A is correct because EBS Snapshots can be taken as frequently as every 15 minutes, and copying them to a DR region ensures that the most recent snapshot is available for recovery. When a disaster occurs, you can create a new EBS volume from the latest snapshot in the DR region, attach it to an EC2 instance, and achieve an RPO of 15 minutes and an RTO of under 1 hour (assuming the instance is pre-provisioned or launched quickly). This approach directly satisfies the stated recovery objectives without relying on instance-level operations.

Exam trap

Cisco often tests the misconception that AWS Backup can support sub-hourly backup intervals, but the minimum is 1 hour, so candidates may incorrectly select Option B thinking it meets the 15-minute RPO.

293
Multi-Selectmedium

A company uses AWS CloudTrail to log API calls. The security team wants to detect unauthorized attempts to modify security group rules and send real-time alerts. Which TWO AWS services should be used together to achieve this?

Select 2 answers
A.Amazon Simple Notification Service (SNS)
B.Amazon CloudWatch Events (or EventBridge)
C.AWS Lambda
D.AWS Config
E.Amazon GuardDuty
AnswersA, B

Can send alerts via email, SMS, etc.

Why this answer

Amazon CloudWatch Events (or EventBridge) can capture CloudTrail API calls related to security group modifications (e.g., AuthorizeSecurityGroupIngress, RevokeSecurityGroupEgress) and route them to an SNS topic. SNS then sends real-time alerts (e.g., email, SMS) to the security team. This combination provides event-driven, near-instantaneous notification without polling or custom code.

Exam trap

The trap here is that candidates often over-engineer by adding Lambda or GuardDuty, not realizing that CloudWatch Events (EventBridge) can directly trigger SNS for real-time alerting without additional compute or security services.

294
MCQhard

An SAP HANA database on EC2 is experiencing high I/O latency. The database uses a single EBS volume for /hana/log. The volume is a gp2 volume with 1000 GB size. The administrator notices that the volume's burst balance is depleted. Which action should be taken to improve latency?

A.Change the volume type to Throughput Optimized HDD (st1)
B.Add additional gp2 volumes and stripe them in a RAID 0
C.Increase the volume size to 2000 GB to double the baseline IOPS
D.Change the volume type to Provisioned IOPS SSD (io1) with sufficient IOPS
AnswerD

io1 provides consistent IOPS without burst credits.

Why this answer

Option D is correct because switching to io1 provides consistent IOPS without burst balance. Option A (increasing size) would increase baseline IOPS but not eliminate burst dependency. Option B (adding more volumes) may help but is more complex.

Option C (using st1) is for throughput, not low latency.

295
MCQeasy

A company needs to ensure that only authorized users can access the SAP S/4HANA system running on AWS. Which AWS service can be used to manage user identities and permissions?

A.AWS Directory Service
B.AWS Organizations
C.AWS Identity and Access Management (IAM)
D.Amazon Cognito
AnswerC

IAM manages user identities and permissions.

Why this answer

Option B is correct because AWS IAM manages user identities and permissions for AWS resources. Option A is wrong because Amazon Cognito is for customer-facing apps. Option C is wrong because AWS Directory Service can integrate with IAM but IAM is the core service.

Option D is wrong because AWS Organizations manages multiple accounts.

296
MCQmedium

An administrator needs to apply a critical OS security patch to multiple SAP application servers in an Auto Scaling group without disrupting ongoing operations. Which strategy should be used?

A.Stop all instances, apply the patch using AWS Systems Manager, then restart all instances.
B.Use AWS CloudFormation with a rolling update policy to gradually replace instances in the Auto Scaling group.
C.Use AWS Systems Manager Patch Manager to patch instances at the next maintenance window.
D.Create a new Amazon Machine Image (AMI) with the patch, update the Auto Scaling group's launch configuration, and terminate all instances.
AnswerB

Rolling update minimizes downtime by replacing instances one by one.

Why this answer

Option D (Use a rolling update via AWS CloudFormation with UpdatePolicy) is correct because it allows gradual replacement of instances. Option A (Stop all instances, apply patch, restart) causes downtime. Option B (Use AWS Systems Manager Patch Manager) is good but may not handle Auto Scaling gracefully.

Option C (Create new AMI, update Auto Scaling group) is a blue/green approach but may be slower.

297
Multi-Selectmedium

Which TWO AWS services can be used to automate the patching of SAP EC2 instances? (Choose 2)

Select 2 answers
A.AWS Systems Manager Patch Manager
B.AWS Backup
C.Amazon Inspector
D.AWS Config
E.EC2 Image Builder
AnswersA, E

Automates OS patching for EC2 instances.

Why this answer

Options A and C are correct. AWS Systems Manager Patch Manager automates patching, and EC2 Image Builder creates and updates AMIs with patches. Option B (AWS Config) is for configuration compliance, not patching.

Option D (Amazon Inspector) is for vulnerability scanning. Option E (AWS Backup) is for backups.

298
MCQeasy

Refer to the exhibit. An operations team sees this log entry in CloudWatch Logs for an SAP system. What is the MOST likely cause?

A.The HANA database has crashed.
B.The SAP system user password has expired.
C.The network connection between the ABAP application server and HANA is down.
D.The ABAP program Z_MONITOR has a bug.
AnswerC

RFC communication failure typically indicates a network issue.

Why this answer

Option B is correct. The error indicates an RFC communication failure, which is typically due to a network issue. Option A is wrong because there is no indication of HANA crash.

Option C is wrong because the error is about communication, not authentication. Option D is wrong because the error is not about the ABAP program itself.

299
Multi-Selecthard

A company runs a web application on Amazon ECS with Fargate launch type. The application's memory utilization spikes periodically, causing tasks to be killed. The operations team wants to automatically scale the service based on memory usage. Which THREE steps are necessary to implement this?

Select 3 answers
A.Attach an EC2 Auto Scaling group to the ECS service to handle capacity.
B.Create an Application Auto Scaling target tracking scaling policy based on memory utilization.
C.Configure step scaling policies to add multiple tasks at once.
D.Create a CloudWatch alarm that triggers the scaling policy when memory exceeds a threshold.
E.Enable the ECS service to publish custom CloudWatch metrics for memory utilization.
AnswersB, D, E

Target tracking automatically adjusts desired count.

Why this answer

Option B is correct because Application Auto Scaling with a target tracking scaling policy allows the ECS service to automatically adjust its desired count based on a CloudWatch metric, such as memory utilization. This ensures the service scales out when memory usage spikes and scales in when it drops, preventing tasks from being killed due to OOM (out-of-memory) errors.

Exam trap

The trap here is that candidates often confuse the need for EC2 Auto Scaling groups with Fargate, or assume step scaling is required for memory-based scaling, when in fact target tracking is the recommended and simpler approach for metric-based auto scaling.

300
MCQhard

A company runs SAP on AWS and uses an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances running SAP Web Dispatcher. The operations team notices that some instances are failing health checks intermittently. The ALB health check is configured with a 5-second interval, 2 healthy threshold, and 5 unhealthy threshold. The instances are all in the same Auto Scaling group. What is the most likely cause of the intermittent health check failures?

A.The Auto Scaling group health check grace period is too short
B.The ALB health check interval is too long
C.The health check path returns a 200 status only when the application is fully loaded
D.The health check path returns a non-200 status periodically due to a short-lived issue
AnswerD

Intermittent short-lived issues cause temporary failures; the ALB marks the instance unhealthy after multiple consecutive failures.

Why this answer

If the health check path returns a non-200 status due to a brief glitch (e.g., temporary resource exhaustion), the ALB will consider the instance unhealthy after 5 consecutive failures (25 seconds). The instances are not being replaced quickly because the Auto Scaling group health check type is likely not set to ELB, or the cooldown period delays replacement.

← PreviousPage 4 of 7 · 491 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Operations and Maintenance questions.