CCNA Operations and Maintenance Questions

75 of 491 questions · Page 5/7 · Operations and Maintenance · Answers revealed

301
MCQhard

A company runs SAP ERP on AWS using a single Availability Zone. The system includes an SAP HANA database on an EC2 instance with 2 TB of memory. The operations team plans to perform a major version upgrade of the SAP HANA database, which requires approximately 4 hours of downtime. The company's SLA allows a maximum of 2 hours of downtime. The team decides to use a blue/green deployment strategy by creating a new HANA instance in a different Availability Zone and replicating data using HANA System Replication (HSR). After setting up replication, they perform a failover to the new instance. However, the failover takes 3 hours due to the large amount of data that needs to be synchronized. What should the team do to meet the 2-hour downtime requirement?

A.Scale up the source HANA instance to a larger instance type to speed up replication.
B.Increase the network bandwidth between the two Availability Zones to 10 Gbps.
C.Use HANA System Replication with initial snapshot by taking a backup of the source, restoring on the target, and then setting up replication.
D.Use Amazon RDS for SAP HANA instead of self-managed EC2.
AnswerC

Initial snapshot reduces sync time by using a backup restore instead of full data transfer over the network.

Why this answer

Option C is correct. Using initial snapshot with HSR reduces the initial sync time significantly because it avoids copying all data over the network. Instead, the snapshot is restored on the target and then replication catches up.

Option A is wrong because increasing bandwidth may help but not enough for 2 TB of memory; the initial sync will still take hours. Option B is wrong because multi-AZ for RDS is for RDS databases, not for self-managed HANA on EC2. Option D is wrong because scaling up the source does not help; the issue is data transfer time.

302
MCQmedium

A company uses AWS Systems Manager to automate patching of SAP EC2 instances. The patching fails for some instances with the error 'SSM Agent not running'. What should the administrator do to resolve this?

A.Reboot the instances.
B.Install the Amazon CloudWatch Agent on the instances.
C.Configure a VPC endpoint for Systems Manager.
D.Verify that the SSM Agent is installed and running on the instances.
AnswerD

SSM Agent must be running for patching.

Why this answer

Option B is correct because SSM Agent must be running. Option A is wrong because CloudWatch Agent is unrelated. Option C is wrong because VPC endpoint is not needed if instances have internet access.

Option D is wrong because restarting the instance may not fix the agent if it's not installed.

303
Drag & Dropmedium

Drag and drop the steps to configure an SAP Fiori front-end server on AWS behind an Application Load Balancer (ALB) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Fiori ALB setup requires EC2 instances, target group, ALB listener, certificate, and DNS update.

304
MCQeasy

A company needs to back up its SAP HANA database running on Amazon RDS. The database is 500 GB. What is the recommended approach for backups?

A.Enable automated backups and configure the backup retention period
B.Create manual EBS snapshots of the RDS instance
C.Export the database using mysqldump and store the dump in S3
D.Use SAP HANA Studio to back up to an S3 bucket directly
AnswerA

RDS automated backups provide point-in-time recovery.

Why this answer

Option B is correct because RDS automatically performs automated backups and enables point-in-time recovery. Option A (EBS snapshots) is not recommended for RDS. Option C (SAP HANA Studio backup) is not integrated with AWS.

Option D (manual S3 copy) is inefficient.

305
Multi-Selecthard

Which THREE metrics should an operations team monitor to detect performance issues in an SAP HANA database running on EC2?

Select 3 answers
A.CPU utilization
B.Disk I/O (read/write latency)
C.Network packets in/out
D.Memory usage
E.Swap usage
AnswersA, B, D

High CPU can indicate performance issues.

Why this answer

Options A, C, and D are correct. A: CPU utilization indicates compute pressure. C: Memory usage is critical for HANA as it is an in-memory database.

D: Disk I/O indicates storage performance. Option B is wrong because network packets in/out is less relevant for HANA performance. Option E is wrong because swap usage should be minimal in HANA; high swap indicates memory pressure.

306
MCQmedium

A company runs SAP on AWS and uses a Network Load Balancer (NLB) to distribute traffic to multiple EC2 instances. The Operations team needs to ensure that the NLB only sends traffic to instances that are healthy. Which health check configuration is appropriate for TCP traffic?

A.ICMP ping
B.TCP health check on the application port
C.HTTP health check on port 80
D.HTTPS health check on port 443
AnswerB

NLB supports TCP health checks which verify that the port is open and accepting connections.

Why this answer

Option D is correct because for TCP traffic, a TCP health check is the most efficient and appropriate. Option A is wrong because HTTP health checks are for HTTP/HTTPS traffic. Option B is wrong because HTTPS is for encrypted web traffic.

Option C is wrong because while ICMP can test reachability, NLB does not support ICMP health checks.

307
MCQhard

A financial services company runs a multi-tier application on AWS. The application consists of an Application Load Balancer (ALB), a fleet of EC2 instances for the web tier, and an Amazon RDS for MySQL database for the backend. The operations team uses AWS CloudFormation to manage infrastructure. During a recent deployment, a change to the database security group caused an outage because the web tier lost connectivity to the database. The team wants to prevent similar incidents in the future. They need a solution that allows them to review and approve changes to critical resources before deployment, while still enabling rapid deployment for non-critical changes. The team uses AWS CodePipeline for CI/CD. Which approach should the team implement?

A.Use AWS Config rules to automatically remediate non-compliant changes before they are applied.
B.Use CloudFormation Change Sets in the pipeline and add a manual approval step for any change that modifies the database security group.
C.Use AWS Service Catalog to create a portfolio of approved stacks and require all deployments to use the portfolio.
D.Use AWS CloudTrail to monitor changes to the security group and trigger a rollback if unauthorized changes are detected.
AnswerB

Change Sets show the impact, and manual approval gates allow review before deployment.

Why this answer

Option B is correct because CloudFormation Change Sets allow you to preview how proposed changes will affect your resources before execution. By integrating a manual approval step in the CodePipeline that triggers specifically when the change set modifies the database security group, the team can review and approve critical changes while allowing non-critical changes to proceed automatically. This directly addresses the requirement to prevent outages from unapproved security group modifications.

Exam trap

The trap here is that candidates often confuse reactive auditing tools (Config, CloudTrail) with proactive approval mechanisms, or they overestimate Service Catalog's ability to handle per-resource approval workflows within a single stack.

How to eliminate wrong answers

Option A is wrong because AWS Config rules are reactive — they evaluate resources after they have been deployed and can trigger auto-remediation, but they cannot prevent a change from being applied in the first place, so the outage would already occur. Option C is wrong because AWS Service Catalog enforces approved templates at deployment time but does not provide a per-change review and approval workflow for specific resource modifications within a stack; it would block all non-approved stacks, not allow rapid deployment for non-critical changes. Option D is wrong because AWS CloudTrail logs API calls after they happen, so it cannot prevent the outage; triggering a rollback after detection still means the outage has already occurred, which does not meet the requirement to prevent similar incidents.

308
MCQmedium

A company runs SAP HANA on AWS and wants to implement a backup strategy using AWS Backint agent for SAP HANA. Which storage service is best suited for storing the backup files when using Backint?

A.Amazon S3 Glacier
B.Amazon EFS
C.Amazon S3
D.Amazon EBS
AnswerC

Backint is designed to use S3 as the backup target.

Why this answer

Option A is correct because AWS Backint for SAP HANA is designed to stream backups directly to Amazon S3. Option B is wrong because EBS volumes are for block storage, not the target for Backint. Option C is wrong because S3 Glacier is for archival, not for frequent backups.

Option D is wrong because EFS is file storage, not the intended target.

309
MCQmedium

A company runs a production SAP HANA database on AWS using an EC2 instance with EBS volumes. The database is experiencing high latency during peak hours. The operations team needs to identify the root cause. Which steps should the team take to diagnose the issue?

A.Migrate the EBS volumes to Provisioned IOPS SSD (io1) immediately.
B.Monitor the EBS volume queue length and latency using Amazon CloudWatch metrics.
C.Move the SAP HANA database to Amazon RDS for SAP.
D.Increase the instance size to improve performance.
AnswerB

CloudWatch metrics for EBS can identify performance bottlenecks.

Why this answer

Option C is correct because CloudWatch metrics for EBS volume queue depth and latency can pinpoint the bottleneck. Option A is wrong because increasing instance size without diagnosis may not resolve the issue and could increase cost. Option B is wrong because switching to Provisioned IOPS without understanding the workload may be premature.

Option D is wrong because migrating to RDS for SAP HANA is not a standard solution and may not address the specific latency issue.

310
MCQhard

An SAP administrator needs to ensure that a critical SAP system on AWS is highly available with automatic failover across Availability Zones. The system uses an SAP HANA database with replication. Which configuration meets these requirements with minimal operational overhead?

A.Use a DNS failover record with manual update
B.Use a Network Load Balancer with static IP addresses
C.Use an Application Load Balancer with health checks and Route 53 failover routing
D.Deploy a single EC2 instance in one Availability Zone
AnswerC

Provides automatic failover across AZs.

Why this answer

Option C is correct because using Amazon Route 53 with health checks and an Application Load Balancer provides automatic failover with minimal overhead. Option A is wrong because a single EC2 instance in one AZ does not provide high availability. Option B is wrong because manual DNS update is not automatic.

Option D is wrong because ELB alone cannot handle failover without health checks.

311
MCQeasy

A company wants to automate the backup of SAP HANA database on AWS. Which AWS service is best suited for creating consistent snapshots of HANA data volumes?

A.AWS Backup
B.AWS Lambda
C.Amazon CloudWatch
D.Amazon S3
AnswerA

AWS Backup supports application-consistent backups for SAP HANA.

Why this answer

Option D is correct because AWS Backup integrates with SAP HANA via pre and post scripts to ensure consistent snapshots. Option A is wrong because CloudWatch is for monitoring. Option B is wrong because S3 is not for snapshots.

Option C is wrong because Lambda can be used but requires custom scripting, not the best native solution.

312
MCQhard

A company uses AWS CloudFormation to manage infrastructure. During an update, a stack fails to roll back and is left in UPDATE_ROLLBACK_FAILED state. The stack contains a DynamoDB table and a Lambda function. The operations team needs to fix the stack with minimal disruption. What should they do?

A.Manually delete the DynamoDB table and then retry the stack update.
B.Delete the stack and recreate it from the template.
C.Use the ContinueUpdateRollback API to resume the rollback.
D.Update the stack again with a different change set to bypass the failed resource.
AnswerC

This allows CloudFormation to retry rolling back the failed resource.

Why this answer

When a CloudFormation stack is in UPDATE_ROLLBACK_FAILED state, the recommended recovery action is to use the ContinueUpdateRollback API (or the AWS Management Console equivalent). This API instructs CloudFormation to skip the resources that failed to roll back and continue rolling back the remaining resources, bringing the stack to a consistent UPDATE_ROLLBACK_COMPLETE state. This approach minimizes disruption because it does not require deleting the stack or manually intervening with the DynamoDB table or Lambda function.

Exam trap

The trap here is that candidates often assume the only way to recover from a failed rollback is to delete the stack or manually fix the resource, but AWS provides the ContinueUpdateRollback API specifically to handle this state with minimal disruption.

How to eliminate wrong answers

Option A is wrong because manually deleting the DynamoDB table will cause the stack to become orphaned and may lead to data loss; CloudFormation expects to manage the resource lifecycle, and deleting it outside of CloudFormation does not resolve the rollback failure. Option B is wrong because deleting the stack and recreating it from the template would destroy all resources, including the DynamoDB table and Lambda function, causing significant disruption and potential data loss; it is an unnecessarily destructive approach. Option D is wrong because updating the stack with a different change set while in UPDATE_ROLLBACK_FAILED state is not supported; CloudFormation requires the stack to be in a stable state (e.g., UPDATE_ROLLBACK_COMPLETE) before initiating a new update, and attempting to bypass the failed resource will result in an error.

313
MCQeasy

An operations team needs to back up the SAP HANA database running on an EC2 instance. The database is 1 TB in size and the team wants to minimize backup time and cost. Which backup strategy should they use?

A.Use SAP HANA Studio to back up the database to Amazon S3
B.Use Amazon S3 lifecycle policies to move old backups to Glacier
C.Use AWS Systems Manager to run a script that copies data to S3
D.Use AWS Backup to create EBS snapshots of the attached EBS volumes
AnswerD

EBS snapshots are incremental and fast, suitable for large databases.

Why this answer

EBS snapshots provide point-in-time backups that are incremental after the first full snapshot, reducing backup time and cost. HANA Studio backup to S3 requires more manual steps and is slower. AWS Backup can be used but EBS snapshots are more direct.

S3 lifecycle policies are for object management, not database backups.

314
MCQmedium

An SAP system running on AWS uses a Multi-AZ deployment with an Application Load Balancer (ALB) distributing traffic across two application servers in different Availability Zones. The ALB health checks are configured to check the /sap/public/health endpoint on each instance. Recently, the operations team noticed that one of the instances is being marked as unhealthy intermittently, causing a slight increase in response times. The instance's CPU utilization is under 40%, memory is sufficient, and the health endpoint returns a 200 OK status when tested manually. What is the most likely cause?

A.The health check endpoint is configured with the wrong path.
B.The security group for the instances does not allow inbound traffic from the ALB.
C.The health check requests are blocked by a network ACL.
D.The health check interval is too frequent or the timeout is too short.
AnswerD

Intermittent failures often due to timeout; increasing timeout may help.

Why this answer

Option C is correct because the health check request may be timing out due to a short timeout setting. The health endpoint works manually but may take longer under load, causing intermittent failures. Option A is wrong because the health check URL is correct.

Option B is wrong because health checks are sent from the ALB, not the internet. Option D is wrong because security group allows inbound from ALB.

315
Multi-Selecthard

Which TWO AWS services can be used to automate the restart of an SAP application server when it becomes unresponsive? (Choose 2.)

Select 2 answers
A.Amazon ECS service auto-recovery
B.Amazon CloudWatch alarm with an EC2 action to recover the instance
C.AWS Systems Manager Automation document
D.EC2 Auto Scaling group with a health check
E.Amazon EventBridge with a Lambda function
AnswersB, C

Alarm can trigger instance recovery.

Why this answer

Option A (CloudWatch Alarm & EC2 Action) and Option C (Systems Manager Automation) can restart an instance. Option B (Auto Scaling) works for replacement. Option D (Lambda) can be used but requires custom code.

Option E (ECS) is for containers.

316
MCQeasy

A company is using AWS Systems Manager to automate patching of SAP EC2 instances. The patching fails for some instances with the error 'Unable to retrieve SSM Agent registration'. What is the MOST likely cause?

A.The patching window is too short and the instance times out.
B.The IAM role attached to the instance does not have permissions to list patches.
C.The instance does not have outbound internet access or a VPC endpoint for Systems Manager.
D.The SSM Agent is not installed because the instance is running in a container.
AnswerC

SSM requires connectivity to Systems Manager endpoints.

Why this answer

Option B is correct because the SSM Agent needs to connect to the Systems Manager endpoints. If the instance does not have internet access or a VPC endpoint, the agent cannot communicate. Option A is wrong because the SSM Agent runs on the instance, not in a container.

Option C is wrong because the error is about registration, not permissions. Option D is wrong because patching does not require a reboot by default.

317
MCQhard

Refer to the exhibit. An operations team uses an EC2 instance with this IAM policy to manage EBS snapshots for SAP HANA backups. The backup script calls the DeleteSnapshot API for snapshot snap-0abcdef1234567890. What will happen?

A.The snapshot will be deleted because the Deny applies only to other snapshots.
B.The snapshot will be deleted because the Allow statement grants permission.
C.The policy is invalid and will cause an error.
D.The DeleteSnapshot API call will be denied.
AnswerD

Explicit Deny overrides Allow.

Why this answer

Option C is correct. The explicit Deny overrides the Allow, so the DeleteSnapshot will be denied for that specific snapshot. Option A is wrong because the Deny is explicit.

Option B is wrong because the Deny applies to the specific snapshot. Option D is wrong because the policy is not malformed.

318
MCQhard

An SAP administrator is troubleshooting an issue where an AWS Lambda function is unable to start an EC2 instance. The Lambda execution role has the IAM policy shown in the exhibit. What is the likely cause of the failure?

A.The Lambda function is not configured with the correct VPC subnet or security group to reach the EC2 instance.
B.The policy does not allow ec2:DescribeInstances.
C.The policy does not allow ec2:StartInstances.
D.The policy does not allow s3:GetObject on the specific backup object.
AnswerA

Lambda may need VPC access to start instances in a VPC, but the policy is fine.

Why this answer

Option C is correct because the policy allows ec2:StartInstances on all resources, but if the instance is in a different account or region, or if there is a resource policy issue, it may fail. However, the most common issue is that the Lambda function does not have the correct region specified. Option A is wrong because the policy allows s3:GetObject.

Option B is wrong because the policy allows ec2:StartInstances. Option D is wrong because the policy allows ec2:DescribeInstances.

319
MCQeasy

A company is running SAP on AWS and wants to automate the patching of SAP application servers. The servers are behind an Auto Scaling group. Which AWS service is BEST suited to apply OS patches without downtime?

A.AWS Config
B.AWS Systems Manager Patch Manager
C.AWS CloudFormation
D.AWS OpsWorks
AnswerB

Patch Manager automates OS patching; combined with Auto Scaling rolling updates, it minimizes downtime.

Why this answer

Option D is correct because AWS Systems Manager Patch Manager can automate patching, and by using a rolling update with Auto Scaling, you can avoid downtime. Option A is wrong because AWS Config is for compliance, not patching. Option B is wrong because CloudFormation is for infrastructure as code, not patching.

Option C is wrong because OpsWorks is for Chef/Puppet, but Systems Manager is more integrated.

320
Multi-Selecteasy

An SAP administrator wants to automate the patching of SAP application servers. Which TWO AWS services can be used together to achieve this?

Select 2 answers
A.AWS Systems Manager Patch Manager
B.AWS Lambda
C.AWS Systems Manager Maintenance Windows
D.AWS OpsWorks
E.Amazon CloudWatch Alarms
AnswersA, C

Patch Manager automates OS patching.

Why this answer

Options A and D are correct. A: AWS Systems Manager Patch Manager automates patching. D: AWS Systems Manager Maintenance Windows schedules the patching.

B is incorrect because CloudWatch Alarms is for monitoring. C is incorrect because Lambda can orchestrate but not directly patch. E is incorrect because OpsWorks is for Chef/Puppet, not direct patching.

321
MCQhard

An SAP administrator is troubleshooting why a user cannot stop a production EC2 instance. The IAM policy attached to the user is shown in the exhibit. Which action is likely causing the failure?

A.The instance does not have the tag Environment=production.
B.There is an explicit deny statement in another policy.
C.The policy does not allow the StopInstances action.
D.The policy does not include ec2:DescribeInstances action.
AnswerA

The condition requires the tag to be exactly 'production'.

Why this answer

Option B is correct because the policy explicitly allows StartInstances and StopInstances only when the tag Environment equals production. If the instance is tagged differently (e.g., 'prod' instead of 'production'), the condition will fail. Option A is wrong because the policy allows ec2:Describe* for all resources.

Option C is wrong because there is no explicit deny. Option D is wrong because the policy does allow StopInstances with the condition.

322
Multi-Selecthard

A company runs SAP on AWS and uses an Application Load Balancer (ALB) to distribute traffic to a fleet of EC2 instances running SAP Web Dispatcher. The operations team needs to implement a health check that verifies the Web Dispatcher is ready to accept traffic. Which THREE configuration options should the team set for the health check? (Choose THREE.)

Select 3 answers
A.Set the unhealthy threshold to 5 consecutive failures
B.Set the health check path to /sap/wdisp/health
C.Set the health check port to 443 (HTTPS)
D.Set the health check interval to 10 seconds
E.Set the healthy threshold to 2 consecutive successes
AnswersA, B, D

This prevents premature marking of instances as unhealthy.

Why this answer

The health check should target a custom path that validates the application status, use a reasonable interval, and set a threshold for consecutive failures to mark the instance unhealthy. The healthy threshold determines how many consecutive successes are needed to mark the instance healthy. The path should be a specific endpoint like /sap/wdisp/health.

The interval and unhealthy threshold are important to detect failures quickly while avoiding flapping.

323
MCQeasy

An SAP administrator needs to apply an OS security patch to all SAP application servers running on EC2 instances in an Auto Scaling group. The patch requires a reboot. What is the most efficient way to apply the patch with minimal downtime?

A.SSH into each instance and apply the patch manually
B.Create a new AMI with the patch and update the Auto Scaling group
C.Use AWS CloudFormation to update the instances
D.Use AWS Systems Manager Patch Manager with a maintenance window
AnswerD

Patch Manager automates patching and reboots with minimal disruption.

Why this answer

Option D is correct because AWS Systems Manager Patch Manager can orchestrate patching across instances, and using a maintenance window with a reboot strategy minimizes downtime. Option A is wrong because manual patching is not efficient. Option B is wrong because CloudFormation is for infrastructure provisioning, not patching.

Option C is wrong because replacing instances with new AMIs requires more effort.

324
MCQmedium

An SAP administrator needs to implement a disaster recovery (DR) strategy for SAP HANA with an RTO of 2 hours and RPO of 15 minutes. The primary site is in us-east-1, and the DR site is in us-west-2. The system uses SAP HANA System Replication (HSR) for data replication. Which AWS service should be used to automate failover and minimize downtime?

A.AWS Elastic Disaster Recovery (AWS DRS).
B.AWS Backup with cross-region backup copies.
C.AWS CloudEndure Disaster Recovery.
D.Amazon RDS for SAP HANA.
AnswerA

AWS DRS provides continuous replication and automated failover capabilities, meeting the RTO/RPO requirements.

Why this answer

Option A is correct because AWS Elastic Disaster Recovery (DRS) can replicate EC2 instances and automate failover, meeting the RTO and RPO requirements. Option B is wrong because AWS Backup is for backup, not real-time replication. Option C is wrong because CloudEndure is now AWS DRS.

Option D is wrong because RDS is not used for SAP HANA; it is a managed database service.

325
MCQeasy

An SAP system is deployed on EC2 instances across multiple Availability Zones. Which AWS service should be used to automatically distribute incoming traffic across the SAP application servers?

A.Application Load Balancer
B.Amazon Route 53
C.Network Load Balancer
D.Amazon CloudFront
AnswerA

ALB distributes HTTP/HTTPS traffic for web-based SAP.

Why this answer

Option C is correct because an Application Load Balancer distributes HTTP/HTTPS traffic. Option A is wrong as Route 53 is for DNS. Option B is wrong because Network Load Balancer is for TCP/UDP.

Option D is wrong as CloudFront is a CDN.

326
MCQmedium

An SAP system on AWS uses a Multi-AZ RDS for SQL Server as the database. During a failover test, the application experienced a 2-minute outage. The application team wants to reduce this downtime. What should the operations team recommend?

A.Increase the DB instance size to improve failover performance.
B.Configure Multi-AZ with SQL Server Mirroring instead of Always On Availability Groups.
C.Enable automatic failover handling in the application's JDBC connection string.
D.Use Amazon RDS Proxy to manage connections.
AnswerC

Automatic failover in the connection string allows the application to reconnect quickly.

Why this answer

Option C is correct because enabling Multi-AZ with automatic failover in the JDBC connection string allows the application to automatically reconnect to the new primary without manual intervention. Option A is wrong because increasing instance size does not affect failover time. Option B is wrong because a different Multi-AZ configuration does not reduce failover time.

Option D is wrong because RDS Proxy is not supported for SQL Server.

327
MCQhard

A company runs its SAP S/4HANA system on AWS using a cluster of EC2 instances for the application tier and a single large EC2 instance for the HANA database. The database instance uses EBS volumes striped with LVM for data and log. Recently, the operations team noticed that the database performance has degraded significantly during peak hours. CloudWatch metrics show that the average ReadIOPS for the data volume is consistently at 80% of the provisioned IOPS limit, and the average queue length is above 10. The CPU utilization of the database instance is around 60%, and memory usage is 70%. The team has already verified that there are no network bottlenecks and that the SAP application is not misconfigured. Which of the following is the MOST effective action to improve database performance?

A.Migrate the database data to an instance store volume for higher IOPS.
B.Increase the provisioned IOPS on the existing EBS data volume to provide more headroom.
C.Add additional EBS volumes to the LVM stripe and redistribute the data.
D.Upgrade the database instance to a larger EC2 instance type with higher network bandwidth.
AnswerB

This directly addresses the I/O bottleneck by increasing the IOPS limit, reducing queue length.

Why this answer

The symptoms indicate that the EBS volume is reaching its IOPS limit, causing queuing. Increasing the provisioned IOPS for the data volume will directly address the I/O bottleneck. Option B suggests increasing the instance size, but CPU and memory are not fully utilized, so that may not help.

Option C suggests adding more volumes and re-striping, which could increase IOPS but is more complex and may not be needed if the volume supports elastic IOPS. Option D suggests switching to instance store, which provides high IOPS but is ephemeral and not recommended for database persistence. Therefore, increasing IOPS on the existing volume is the simplest and most effective.

328
MCQhard

An SAP system on AWS uses a shared file system via Amazon EFS mounted on multiple EC2 instances. Users report that file operations are slow. Which metric in Amazon CloudWatch should be analyzed to determine if the EFS file system's throughput is being throttled?

A.PercentIOLimit
B.BurstCreditBalance
C.DataReadIOBytes
D.MeteredIOBytes
AnswerB

If BurstCreditBalance is low or zero, the file system is throttled.

Why this answer

Option D is correct because the BurstCreditBalance metric indicates the remaining burst credits; if it reaches zero, throughput is throttled. Option A (DataReadIOBytes) measures data read. Option B (PercentIOLimit) is not a standard metric.

Option C (MeteredIOBytes) measures metered I/O.

329
Multi-Selecthard

Which THREE factors should be considered when designing an SAP HANA backup strategy on AWS? (Select THREE.)

Select 3 answers
A.Encryption of backup data at rest and in transit
B.Security Group rules for backup traffic
C.EC2 instance type for backup server
D.Cross-region replication for disaster recovery
E.Backup frequency and retention period
AnswersA, D, E

Ensures security.

Why this answer

Option A, B, and E are correct. Backup frequency affects RPO. Cross-region replication provides DR.

Encryption ensures security. Option C is wrong because instance type is for compute. Option D is wrong because Security Groups are for network.

330
MCQhard

A company runs a critical SAP S/4HANA system on AWS. The system uses an SAP HANA database on an EC2 instance with EBS storage. The operations team receives an alert that the database is running out of disk space on the /hana/data volume. The current configuration uses a single 2 TB gp2 EBS volume for /hana/data, which is 85% full. The team needs to resolve the immediate space issue and also plan for future growth. The database is in production and cannot tolerate downtime. The team has enabled Multi-Attach on the volume. Which course of action should the team take?

A.Migrate the data to Amazon EFS and mount it to the EC2 instance.
B.Use the Elastic Volumes feature to modify the size of the existing volume to 4 TB while the instance is running.
C.Attach an additional EBS volume, create a logical volume spanning both volumes, and extend the filesystem without downtime.
D.Take an EBS snapshot of the volume, create a larger volume from the snapshot, and attach it to the instance.
AnswerC

LVM allows online expansion; no downtime required.

Why this answer

Option B is correct because you can add a second EBS volume and extend the logical volume online without downtime. Option A is wrong because resizing gp2 online can cause performance impact and downtime. Option C is wrong because EFS has higher latency and is not suitable for HANA data.

Option D is wrong because snapshots require I/O freeze.

331
MCQeasy

An SAP administrator needs to monitor the CPU utilization of an EC2 instance running SAP HANA. Which AWS service should be used to set an alarm when CPU utilization exceeds 90% for 5 minutes?

A.AWS CloudTrail
B.AWS Trusted Advisor
C.AWS Config
D.Amazon CloudWatch
AnswerD

CloudWatch monitors metrics and can trigger alarms.

Why this answer

Option C is correct because CloudWatch alarms can be set on EC2 metrics like CPUUtilization. Option A is wrong because CloudTrail is for API logging. Option B is wrong because Config is for resource compliance.

Option D is wrong because Trusted Advisor provides recommendations, not monitoring.

332
MCQmedium

An SAP system is running on EC2 instances in an Auto Scaling group. The operations team needs to ensure that when a new instance is launched, it is automatically registered with the SAP Application Server's load balancer. Which approach should be used?

A.Use a lifecycle hook with a Lambda function that runs a script to register the instance with the SAP load balancer.
B.Modify the AMI to include a startup script that registers the instance with the SAP load balancer.
C.Configure the Auto Scaling group to use an Elastic Load Balancer target group, and set health checks.
D.Use an AWS Lambda function triggered by a CloudWatch Events rule for EC2 instance state changes to register the instance.
AnswerA

Lifecycle hooks are designed for this purpose, allowing custom actions during instance launch/termination.

Why this answer

Lifecycle hooks allow the Auto Scaling group to pause instance launch and run custom actions (via Lambda) to register the instance with the load balancer before it becomes healthy.

333
MCQmedium

A company has an SAP landscape with multiple instances behind an Application Load Balancer (ALB). The operations team needs to ensure that the ALB targets are deregistered before an instance is terminated during a patching activity. Which AWS service can automate this?

A.Amazon EC2 Auto Scaling lifecycle hooks
B.AWS Systems Manager State Manager
C.AWS Elastic Beanstalk
D.AWS Lambda
AnswerA

Lifecycle hooks can pause instance termination to run custom actions like deregistering from ALB.

Why this answer

Option D is correct because AWS Auto Scaling lifecycle hooks can manage instance state transitions and deregister from ALB before termination. Option A is wrong because Lambda can be used but is not the service that inherently manages it. Option B is wrong because Systems Manager State Manager is for configuration.

Option C is wrong because Elastic Beanstalk is for web apps, not SAP.

334
Multi-Selecteasy

Which TWO of the following are best practices for operating SAP HANA on AWS?

Select 2 answers
A.Deploy SAP HANA in a Multi-AZ configuration for high availability.
B.Use EBS snapshots for backup and recovery.
C.Use General Purpose SSD (gp2) volumes for HANA data files.
D.Stop the HANA instance during backup to ensure consistency.
E.Disable swap space to improve performance.
AnswersA, B

Multi-AZ provides automatic failover in case of an AZ failure.

Why this answer

Option A is correct because using EBS snapshots is a common backup strategy. Option D is correct because Multi-AZ deployment provides high availability. Option B is incorrect because disabling swap is not recommended.

Option C is incorrect because stopping instances for backup causes downtime. Option E is incorrect because using Provisioned IOPS is recommended for performance, not General Purpose SSD.

335
MCQmedium

A company has an SAP HANA database running on an EC2 instance with multiple EBS volumes striped using LVM. The database is experiencing high latency during peak hours. Monitoring shows that the EBS volumes have a high Average Queue Length (avgqueue) and are frequently hitting the IOPS limit. The volumes are gp2 with 3000 IOPS each. The operations team wants to improve performance without increasing storage size. What should they do?

A.Change the volume type to io2 Block Express with higher IOPS.
B.Migrate the database to an instance store-backed instance.
C.Change the volume type to gp3 and increase the IOPS and throughput.
D.Add more gp2 volumes to the LVM stripe set.
AnswerC

gp3 allows independent scaling of IOPS and throughput.

Why this answer

Option D is correct because changing the volume type to gp3 offers higher baseline IOPS (3000) and allows separate increase of IOPS and throughput without changing size. Option A is wrong because adding more gp2 volumes increases cost but may not address the bottleneck if the LVM is not balanced. Option B is wrong because instance store is ephemeral and not suitable for database.

Option C is wrong because io2 Block Express is for very high performance but may be overkill; gp3 is a better immediate step.

336
MCQhard

A company runs SAP on AWS and uses a Multi-AZ RDS for Oracle as the database. They observe that the database failover took longer than expected during a recent test. What is the most likely cause of the increased failover time?

A.The database had a large number of uncommitted transactions that needed to be rolled back.
B.The DNS TTL was set too high, causing delays in routing to the new primary.
C.The primary instance had a high volume of ongoing transactions that needed to be completed or rolled back before failover could proceed.
D.The standby instance was not in sync because read replicas were used for reads.
AnswerC

RDS waits for pending transactions to complete, which can increase failover time.

Why this answer

Option D is correct because Multi-AZ failover time depends on the time to complete in-flight transactions and synchronize the standby. Option A is wrong because read replicas are not used in Multi-AZ. Option B is wrong because the CNAME record update is typically fast.

Option C is wrong because synchronous replication does not cause a long failover; the issue is usually transaction completion.

337
MCQmedium

A company is running an SAP HANA database on a single EC2 instance. The operations team notices that the instance is running low on memory, which is causing performance degradation. The team needs to increase memory without downtime. Which solution should they use?

A.Increase the swap space on the existing instance.
B.Launch a new EC2 instance with more memory and migrate the database.
C.Add additional EBS volumes to increase swap space.
D.Modify the EC2 instance type to a larger type with more memory.
AnswerD

Modifying instance type requires a stop/start, which causes downtime. However, the question says without downtime. None of the options allow zero-downtime memory increase on a single instance; but among given, this is the only direct way to add memory, albeit with downtime. The best practice is to use a multi-node setup. Given constraints, answer D is the least bad.

Why this answer

Option D is correct because modifying an EC2 instance type requires stopping the instance, causing downtime. Option A is incorrect because adding more EBS volumes does not increase memory. Option B is incorrect because increasing swap space can degrade performance.

Option C is incorrect because creating a new instance and migrating causes downtime.

338
Multi-Selecteasy

Which TWO Amazon EBS volume types are recommended for SAP HANA database workloads? (Choose two.)

Select 2 answers
A.sc1 (Cold HDD)
B.st1 (Throughput Optimized HDD)
C.io1 (Provisioned IOPS SSD)
D.io2 Block Express
E.gp3 (General Purpose SSD)
AnswersD, E

High performance for SAP HANA.

Why this answer

Options A and D are correct. io2 Block Express provides high performance for SAP HANA, and gp3 provides balanced performance. Option B is wrong because st1 is throughput-optimized, not suitable for databases. Option C is wrong because sc1 is cold storage.

Option E is wrong because io1 is older, io2 is recommended.

339
MCQhard

An SAP system is deployed on AWS using a shared account structure. The security team requires that all changes to SAP security groups be logged and alerted. Which combination of AWS services should be used?

A.AWS Config with an SNS topic
B.AWS CloudTrail with Amazon CloudWatch Events
C.Amazon Inspector with Amazon SNS
D.Amazon GuardDuty with Amazon SNS
AnswerB

CloudTrail logs API calls and CloudWatch Events can trigger alerts in real-time.

Why this answer

Option D is correct because CloudTrail logs API calls (including security group changes) and CloudWatch Events can trigger alerts. Option A (Config + SNS) can detect changes but not real-time. Option B (GuardDuty) is for threat detection.

Option C (Inspector) is for vulnerability assessment.

340
MCQhard

An SAP system on AWS is experiencing slow performance. The operations team suspects a memory bottleneck on the SAP HANA database. Which CloudWatch metric should be monitored to confirm memory pressure?

A.CPUUtilization
B.SwapUsage (custom metric from HANA)
C.DiskReadOps
D.NetworkIn
AnswerB

High swap usage indicates insufficient physical memory.

Why this answer

Option C is correct because SAP HANA uses swap space when memory is full; high swap usage indicates memory pressure. Option A (CPU) is not memory. Option B (Disk) is storage.

Option D (Network) is network.

341
MCQhard

An SAP system on AWS is experiencing performance issues during peak hours. The operations team notices that the EBS volumes are consistently showing high queue depth. What should they do to improve performance?

A.Change the EC2 instance type to a larger one.
B.Provision more IOPS on the EBS volumes.
C.Change the EBS volume type to Throughput Optimized HDD (st1).
D.Increase the size of the EBS volumes.
AnswerB

Provisioned IOPS can directly reduce queue depth.

Why this answer

Option B is correct. Increasing IOPS provisioning can reduce queue depth. Option A is incorrect because larger volume size alone may not improve IOPS.

Option C is incorrect because switching to Throughput Optimized HDD is for throughput, not IOPS. Option D is incorrect because instance size change alone may not fix EBS queue depth.

342
MCQhard

A company runs its SAP HANA database on an EC2 instance with multiple EBS volumes striped using LVM. The operations team notices increased latency and wants to ensure consistent I/O performance. What is the MOST effective way to monitor the average queue length of the EBS volumes?

A.Monitor the `VolumeQueueLength` CloudWatch metric for each EBS volume.
B.Enable detailed monitoring on the EC2 instance to get per-minute metrics.
C.Create a custom CloudWatch metric using the `QueueDepth` performance counter from the OS.
D.Use the `iostat` command on the EC2 instance to monitor device queue length.
AnswerA

This metric directly reports the number of pending I/O requests, which is the queue length.

Why this answer

CloudWatch provides the `VolumeQueueLength` metric for EBS volumes, which is the best indicator of I/O queue depth.

343
MCQeasy

An SAP administrator needs to review API calls made by a user who accidentally deleted an S3 bucket used for SAP backups. Which AWS service provides a record of these API calls?

A.Amazon S3 server access logs
B.Amazon CloudWatch Logs
C.AWS Config
D.AWS CloudTrail
AnswerD

CloudTrail provides a record of API calls for governance and auditing.

Why this answer

AWS CloudTrail is the correct service because it records all API calls made to the AWS environment, including S3 bucket deletion events. When a user accidentally deletes an S3 bucket, CloudTrail captures the event details such as the user identity, source IP, and timestamp, enabling the SAP administrator to audit the action. This is essential for security analysis and operational troubleshooting in the context of SAP backups.

Exam trap

The trap here is that candidates often confuse Amazon S3 server access logs (which log object-level requests) with AWS CloudTrail (which logs management-plane API calls), leading them to select Option A when the question specifically asks about API calls that deleted the bucket itself.

How to eliminate wrong answers

Option A is wrong because Amazon S3 server access logs provide detailed records of requests made to an S3 bucket (e.g., GET, PUT, DELETE objects), but they do not capture management-plane API calls like bucket deletion itself; they log object-level operations, not bucket-level administrative actions. Option B is wrong because Amazon CloudWatch Logs is used for monitoring, storing, and accessing log files from AWS resources (e.g., EC2, Lambda), but it does not natively record API calls; it can ingest logs from other services like CloudTrail, but it is not the source of API call records. Option C is wrong because AWS Config is a service for evaluating resource configurations against desired policies and tracking configuration changes over time, but it does not record API calls; it focuses on resource state and compliance, not the audit trail of who performed an action.

344
MCQhard

A company runs a critical web application on a fleet of EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The application stores session state in an ElastiCache Redis cluster (Cluster Mode disabled). The operations team receives alerts that the application is experiencing intermittent timeouts and high error rates. Upon investigation, they find that the Redis cluster's CPU utilization is consistently above 90%, and there are frequent 'MAXMEMORY' evictions. The application team confirms that they recently increased the number of concurrent users and added more session data per user. The current Redis cluster is a single cache.r5.large node with 13.37 GB of memory. Which of the following should the operations team do FIRST to address the performance issues?

A.Upgrade the instance type to cache.r5.2xlarge to double the memory and compute capacity.
B.Create a read replica in a different Availability Zone and redirect read traffic to it.
C.Change the eviction policy to 'allkeys-lru' to maximize memory utilization.
D.Enable Cluster Mode and add multiple shards to distribute the data across nodes.
AnswerD

Enabling Cluster Mode and adding shards allows horizontal scaling, distributing CPU and memory load.

Why this answer

The correct first step is to enable Cluster Mode and add multiple shards because the performance issue stems from CPU saturation and memory pressure on a single Redis node. Cluster Mode distributes data across multiple shards, reducing per-node CPU load and memory usage, which directly addresses the high CPU utilization and 'MAXMEMORY' evictions caused by increased concurrent users and session data.

Exam trap

The trap here is that candidates often choose vertical scaling (Option A) or eviction policy changes (Option C) as quick fixes, failing to recognize that the scenario's high CPU and memory evictions indicate a need for horizontal scaling via sharding, which is the only option that directly reduces per-node load and memory pressure.

How to eliminate wrong answers

Option A is wrong because upgrading to cache.r5.2xlarge only doubles memory and compute capacity, which is a vertical scaling approach that does not address the root cause of CPU saturation and may still lead to bottlenecks as load increases; it also ignores the horizontal scaling benefit of sharding. Option B is wrong because creating a read replica in a different AZ and redirecting read traffic does not reduce CPU utilization on the primary node for write-heavy session data, and ElastiCache Redis (Cluster Mode disabled) does not support read replicas in the same way as RDS; replicas are for read scaling, not for solving memory eviction or CPU issues on the primary. Option C is wrong because changing the eviction policy to 'allkeys-lru' only changes which keys are evicted when memory is full, but does not reduce the underlying memory pressure or CPU utilization; it may even worsen performance by evicting important session data, leading to application errors.

345
MCQmedium

A company is running a production SAP HANA database on an r5.4xlarge EC2 instance with EBS-backed storage. The operations team notices that the database checkpoint writes are frequently slow, causing application performance degradation. The team has already increased the EBS IOPS and throughput. What should the team do next to improve checkpoint write performance?

A.Modify the Linux I/O scheduler to 'noop' and ensure the EBS-optimized instance attribute is enabled.
B.Change the EBS volume type from io1 to gp2 for higher throughput.
C.Disable SAP HANA checkpoint compression to reduce CPU overhead.
D.Increase the EBS volume size to gain additional baseline IOPS.
AnswerA

Using noop scheduler reduces latency and improves sequential I/O performance for SAP HANA checkpoints.

Why this answer

Option C is correct because SAP HANA checkpoint writes are sequential and benefit from larger block sizes. The default Linux I/O scheduler can cause fragmentation; switching to noop or using NVMe instance storage with optimized settings is a best practice. Option A is wrong because increasing EBS IOPS further may not help if the issue is I/O scheduling.

Option B is wrong because moving to gp2 provides lower performance than io1/io2 with provisioned IOPS. Option D is wrong because disabling checkpoint compression increases write volume and may worsen performance.

346
MCQmedium

A company runs SAP ERP on AWS with a DR strategy using cross-region replication for SAP HANA. During a DR drill, the team discovers that the HANA database is not starting on the DR instance. Which configuration is most likely missing?

A.IAM roles for the DR instance to access S3.
B.EBS encryption on the DR volumes.
C.HANA system replication configuration with the correct 'PRIMARY' and 'SECONDARY' roles.
D.CloudWatch agent for logging.
AnswerC

HSR configuration is required for DR.

Why this answer

Option D is correct because the HANA system replication requires the correct HSR configuration. Option A is wrong because IAM roles are not required for HANA startup. Option B is wrong because CloudWatch agent is optional.

Option C is wrong because EBS encryption is not required.

347
MCQhard

A company is migrating its SAP ERP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). They plan to use two EC2 instances in different Availability Zones with a shared file system. Which AWS service should they use to manage the failover of the virtual IP address?

A.Use an Elastic IP address and reassign it during failover using a script.
B.Configure Amazon Route 53 with failover routing and health checks for the virtual IP.
C.Deploy an Application Load Balancer to route traffic to the active instance.
D.Set up a Classic Load Balancer with cross-zone load balancing enabled.
AnswerB

Route 53 failover routing can direct traffic to the healthy instance, but for virtual IP, a Network Load Balancer is typically used. However, Route 53 with a CNAME or alias can work if the application supports DNS failover.

Why this answer

Option C is correct because AWS offers a managed solution for SAP HANA and SAP NetWeaver using Route 53 health checks and failover routing, but for virtual IP, the recommended approach is to use Amazon Route 53 with failover routing or an Elastic IP reassignment. However, for ASCS/ERS, the standard is to use a Network Load Balancer (NLB) with a static IP. Option A is wrong because EC2 does not allow moving Elastic IPs across AZs automatically.

Option B is wrong because Application Load Balancer does not support static IP. Option D is wrong because Classic Load Balancer is deprecated and not recommended.

348
Multi-Selectmedium

A company is running SAP HANA on AWS and uses multiple EBS volumes for data and log storage. The company wants to encrypt all data at rest. Which three steps are required to ensure encryption of all EBS volumes? (Choose THREE.)

Select 3 answers
A.Use a custom AWS Key Management Service (KMS) key for encryption.
B.Enable encryption on the EBS snapshots after creation.
C.Launch EC2 instances with the EBS-optimized attribute set.
D.Enable EBS encryption by default in the AWS account for the region.
E.For existing unencrypted volumes, create an encrypted snapshot and restore from it.
AnswersA, D, E

A custom key provides control and auditing.

Why this answer

Option A is correct because enabling EBS encryption by default ensures new volumes are encrypted. Option B is correct because existing volumes must be encrypted by creating a snapshot copy with encryption. Option D is correct because using a custom KMS key allows control over encryption.

Option C is wrong because encryption of snapshots is inherited from the volume. Option E is wrong because AWS does not require a specific instance type for encryption.

349
MCQmedium

A company is running SAP on AWS and needs to patch the operating system of multiple SAP application servers. The servers are in an Auto Scaling group behind an Application Load Balancer. What strategy minimizes downtime?

A.Create a new Auto Scaling group with patched instances and shift traffic using Route 53.
B.Use AWS Systems Manager Patch Manager to patch all instances at once.
C.Perform a rolling update by updating the Auto Scaling group's launch configuration with a new AMI.
D.Stop all instances, apply patches, then start them.
AnswerC

A rolling update replaces instances gradually, maintaining availability.

Why this answer

Option C is correct because a rolling update with a launch template allows replacing instances one at a time, maintaining capacity. Option A is wrong because stopping all instances causes downtime. Option B is wrong because patching via SSM may cause simultaneous reboots.

Option D is wrong because creating a new ASG and shifting traffic is more complex.

350
MCQhard

An SAP HANA database on EC2 is experiencing high swap usage. The system administrator suspects that the memory configuration is insufficient. Which CloudWatch metric should be monitored to confirm this?

A.NetworkOut
B.DiskWriteOps
C.SwapUsage
D.MemoryUtilization
AnswerC

SwapUsage is a standard metric reported by the EC2 instance.

Why this answer

Option C is correct because SwapUsage is a standard EC2 metric available from the instance. Option A is wrong because MemoryUtilization is a custom metric, not default. Option B is wrong because DiskWriteOps is for disk I/O.

Option D is wrong because NetworkOut is for network.

351
MCQhard

A company runs its SAP system on AWS and uses an Application Load Balancer (ALB) to distribute traffic to SAP Web Dispatchers. The operations team reports that some users experience intermittent connectivity issues. The ALB health checks are configured to check the /sap/public/bc/icf/logon endpoint. Which configuration change would best improve the reliability of health checks?

A.Increase the unhealthy threshold count to reduce false positives.
B.Enable HTTP/2 support on the ALB.
C.Replace the ALB with a Network Load Balancer.
D.Change the health check endpoint to a static HTML page that does not require authentication.
AnswerD

A static endpoint avoids session overhead and is more reliable.

Why this answer

Option A is correct because health checks should validate a lightweight endpoint that is always available, not a session-intensive one. Option B is wrong because increasing the unhealthy threshold will delay detection of failures. Option C is wrong because the internal ALB itself might not be the issue; the health check endpoint is.

Option D is wrong because HTTP/2 is about protocol, not health check reliability.

352
MCQhard

An SAP HANA database on AWS is experiencing high latency. The operations team suspects a network bottleneck. The SAP application and HANA are on different subnets within the same VPC. Which AWS feature can help reduce latency?

A.NAT Gateway
B.Elastic Network Adapter (ENA)
C.VPC Peering
D.Internet Gateway
AnswerB

ENA provides enhanced networking performance.

Why this answer

Option B is correct. ENA provides higher bandwidth and lower latency. Option A is incorrect because VPC Peering does not improve latency within same VPC.

Option C is incorrect because NAT Gateway adds latency. Option D is incorrect because Internet Gateway is for internet access.

353
MCQmedium

An SAP HANA database is running on an EC2 instance with an attached gp2 volume of 500 GiB. The exhibit shows the volume attributes. The database performance is degrading during peak hours. What is the most likely cause?

A.The volume is sized too small; it needs to be at least 1 TB to provide sufficient IOPS.
B.The volume is not EBS-optimized.
C.The volume's burst balance has been depleted due to sustained high I/O.
D.The volume type is gp2 and should be changed to gp3 for better performance.
AnswerC

gp2 volumes have burst credits; when exhausted, IOPS drop to baseline.

Why this answer

Option B is correct because gp2 volumes have a baseline IOPS of 3 IOPS/GiB, so 500 GiB provides 1500 baseline IOPS. If the workload exceeds this, the volume uses burst credits. Once credits are exhausted, performance degrades.

Option A is wrong because the volume is gp2, not gp3. Option C is wrong because 1500 IOPS is the baseline, not the maximum. Option D is wrong because burst balance is not shown in this output.

354
Multi-Selectmedium

Which TWO actions can be taken to improve the resilience of an SAP HANA database running on AWS? (Choose two.)

Select 2 answers
A.Deploy the application in a single Availability Zone.
B.Use EBS snapshots for automated backup.
C.Configure SAP HANA system replication across Availability Zones.
D.Increase the CPU capacity of the database server.
E.Enable cross-region replication of the database.
AnswersB, C

Enables recovery from failures.

Why this answer

Option B is correct because EBS snapshots provide a reliable, automated backup mechanism for SAP HANA data volumes, enabling point-in-time recovery and disaster recovery without requiring additional SAP HANA-specific replication. These snapshots are stored in Amazon S3 and can be used to restore the database to a consistent state, improving resilience against data corruption or accidental deletion.

Exam trap

The trap here is that candidates may confuse performance scaling (option D) with resilience, or mistakenly think cross-region replication (option E) is a simple built-in feature for SAP HANA on AWS, when in fact it requires complex setup and is not a standard resilience improvement for the database itself.

355
MCQmedium

A company runs an SAP HANA database on an EC2 instance. During a maintenance window, an administrator needs to stop the instance but ensure that the data in the attached EBS volumes is preserved and the instance can be started later without data loss. Which action should the administrator take?

A.Hibernate the instance from the AWS Management Console.
B.Terminate the instance from the AWS Management Console.
C.Stop the instance from the AWS Management Console.
D.Reboot the instance from the AWS Management Console.
AnswerC

Stopping an EBS-backed instance preserves all data on EBS volumes; the instance can be started later.

Why this answer

Option B is correct because stopping an EBS-backed EC2 instance preserves the data on the EBS volumes; the instance can be started later without data loss. Option A (termination) would delete the instance and potentially the volumes. Option C (reboot) does not stop the instance.

Option D (hibernate) is for instances with specific configurations and may not preserve all SAP HANA states.

356
MCQhard

A company is using SAP HANA in a multi-node scale-out configuration on AWS. The operations team needs to automate the patching of the operating system on all nodes with minimal downtime. Which approach is most suitable?

A.Stop all HANA nodes, patch the OS on each node, then start them all together.
B.Create new EC2 instances from a patched AMI and terminate the old ones.
C.Use AWS Systems Manager Patch Manager to apply patches to all nodes simultaneously.
D.Use a rolling patching strategy: patch one node at a time after isolating it from the HANA cluster.
AnswerD

Rolling updates minimize downtime by maintaining cluster availability.

Why this answer

Using a rolling patching strategy with Auto Scaling group or custom scripts that patch one node at a time while ensuring the node is temporarily removed from the HANA cluster minimizes downtime. Option A is correct. Option B is wrong because stopping all nodes causes downtime.

Option C is wrong because just using AWS Systems Manager Patch Manager patches all at once without coordination. Option D is wrong because replacing instances from an AMI is more complex and may require data reload.

357
Multi-Selecthard

An SAP HANA database is running on an EC2 instance with multiple EBS volumes for data, log, and shared storage. The administrator needs to ensure that the volumes are backed up consistently to avoid data corruption. Which THREE measures should be taken? (Select THREE.)

Select 3 answers
A.Use the application-consistent snapshot feature of AWS Backup with pre/post scripts.
B.Take snapshots of all volumes simultaneously using the EBS multi-volume snapshot feature.
C.Ensure that the snapshots are taken in the correct order: data volumes first, then log volumes.
D.Freeze the filesystem using xfs_freeze before taking snapshots.
E.Stop the EC2 instance before taking snapshots.
AnswersB, C, D

Multi-volume snapshots provide crash consistency across volumes.

Why this answer

Options B, C, and D are correct. Option B: Freezing the filesystem with xfs_freeze ensures consistent state. Option C: Taking snapshots in a specific order (data first, then log) is a best practice.

Option D: Using the EBS Snapshots API with CrashConsistency = true is not a real parameter; however, enabling crash-consistent snapshots is achieved by freezing I/O. Actually, the correct approach is to use the EBS multi-volume snapshot feature to create application-consistent snapshots. Option A is wrong because stopping the instance causes downtime.

Option E is wrong because the application-consistent snapshot feature in AWS Backup is the right tool, but the question asks for measures, and using AWS Backup is a service, not a measure. The best answer is to use EBS multi-volume snapshots with pre/post scripts. Since the options are limited, we choose B, C, D as the intended correct ones.

358
MCQhard

Refer to the exhibit. An SAP HANA database backup fails with the error shown. The backup target is an EFS file system mounted at /backup. The EC2 instance has the appropriate IAM role to access EFS. What is the MOST likely cause of this error?

A.The IAM role attached to the EC2 instance does not have permissions to write to EFS.
B.The SAP HANA database user does not have write permissions on the backup directory.
C.The EFS file system has insufficient IOPS for the backup operation.
D.The EFS file system is out of storage capacity.
AnswerB

The error clearly states 'Permission denied', indicating a file permission issue.

Why this answer

Option B is correct because the error 'Permission denied' indicates that the SAP HANA user (e.g., <sid>adm) does not have write permissions to the backup directory on the EFS file system. Option A is wrong because the error is not about disk space. Option C is wrong because EFS does not have IOPS limits like EBS.

Option D is wrong because the IAM role is for accessing EFS, but file permissions are separate.

359
MCQmedium

A company runs an SAP HANA database on an EC2 instance with EBS volumes. The operations team needs to ensure that snapshots of the database volumes are consistent. Which step should be taken before initiating the EBS snapshot?

A.Use hdbsql to execute BACKUP DATA FULL USING FILE ('/backup/snapshot_prep')
B.Run the Linux 'sync' command on the instance
C.Stop the HANA database service
D.Create the EBS snapshot directly without any preparation
AnswerA

This command prepares HANA for a snapshot-consistent backup.

Why this answer

Option A is correct because running hdbsql with BACKUP DATA and USING FILE creates a snapshot-consistent backup. Option B is wrong because 'sync' only flushes OS buffers but does not guarantee HANA consistency. Option C is wrong because stopping HANA is excessive.

Option D is wrong because EBS snapshots alone do not ensure application consistency.

360
MCQmedium

A company runs SAP HANA on AWS using EC2 instances with HANA data replication between two Availability Zones. The operations team needs to test a disaster recovery failover. What is the correct procedure to promote the secondary HANA system to primary?

A.Stop the primary HANA system on the primary EC2 instance
B.Use the HANA takeover command on the secondary system
C.Modify the DNS record to point to the secondary instance
D.Shut down the primary EC2 instance and wait for automatic failover
AnswerB

The takeover command promotes the secondary to primary.

Why this answer

For HANA system replication, the secondary must be taken over using HANA Studio or hdbsql. Stopping the primary or shutting down EC2 instances does not trigger a clean takeover; modifying DNS without promoting the database would cause data inconsistency.

361
Matchingmedium

Match the AWS storage service to its characteristic relevant to SAP.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Up to 256K IOPS per volume

Object storage for backups and archives

Offline data migration for large SAP datasets

POSIX-compliant file storage for SAP

Why these pairings

Different storage types serve different SAP needs.

362
MCQmedium

A company uses AWS Organizations with multiple accounts. The security team wants to ensure that all newly created S3 buckets in any account are automatically tagged with a 'CostCenter' tag. Which solution requires the least operational overhead?

A.Create an SCP that denies s3:CreateBucket unless the request includes the CostCenter tag.
B.Use AWS Config rules to detect untagged buckets and trigger a Lambda function to add tags.
C.Configure each account's S3 bucket creation process to include tagging.
D.Use AWS CloudTrail to monitor bucket creation and send alerts to the security team.
AnswerA

Prevents creation of untagged buckets, enforcing compliance proactively.

Why this answer

Option A is correct because a Service Control Policy (SCP) that denies s3:CreateBucket unless the request includes the CostCenter tag enforces tagging at the organization level, preventing any bucket creation without the required tag. This approach requires no ongoing maintenance, no additional services, and no per-account configuration, making it the least operational overhead solution.

Exam trap

The trap here is that candidates often choose AWS Config or Lambda solutions because they are familiar with remediation workflows, but they overlook that SCPs provide preventive enforcement with zero operational overhead, which is the key requirement in the question.

How to eliminate wrong answers

Option B is wrong because it is reactive: AWS Config rules detect untagged buckets after creation, and the Lambda function must add tags retroactively, which incurs ongoing compute costs and potential delays. Option C is wrong because it relies on manual or custom automation per account, which is error-prone and does not scale across many accounts in an organization. Option D is wrong because CloudTrail only logs bucket creation events; it does not enforce tagging or automatically remediate untagged buckets, leaving the security team to manually intervene.

363
MCQeasy

A company has a production AWS account that contains an Amazon RDS for MySQL DB instance. The database is critical and must have automated backups enabled with a retention period of 30 days. The company also requires point-in-time recovery to any second within the retention period. The operations team has configured automated backups with a retention period of 30 days, but they notice that the automated backups are not being taken consistently. The DB instance is in a Multi-AZ deployment and has a storage size of 500 GB. The team checks the backup window and finds that it is set to 02:00-03:00 UTC. The backup window is non-overlapping with the maintenance window. The DB instance is actively used during the backup window with heavy write traffic. Which of the following is the MOST likely reason for the inconsistent automated backups?

A.The storage size of 500 GB exceeds the maximum backup size limit.
B.The heavy write traffic during the backup window causes I/O suspension and backup failures.
C.The Multi-AZ deployment does not support automated backups.
D.The backup window overlaps with the maintenance window.
AnswerB

High write activity can interfere with the backup process, leading to failures.

Why this answer

The heavy write traffic during the backup window causes I/O suspension, which can lead to backup failures. When an RDS for MySQL DB instance experiences high write activity during a backup, the backup process may be delayed or fail due to I/O suspension, especially if the instance is under heavy load. This is because automated backups require a consistent snapshot, and excessive write I/O can prevent the snapshot from completing within the backup window.

Exam trap

The trap here is that candidates may overlook the impact of heavy write traffic on backup consistency, assuming that Multi-AZ or non-overlapping windows guarantee reliable backups, or mistakenly think that storage size limits or Multi-AZ incompatibility are the root cause.

How to eliminate wrong answers

Option A is wrong because RDS for MySQL does not have a maximum backup size limit; the backup storage is automatically provisioned and can scale up to the DB instance's allocated storage. Option C is wrong because Multi-AZ deployments fully support automated backups, and in fact, automated backups are taken from the standby instance to reduce performance impact. Option D is wrong because the scenario explicitly states that the backup window is non-overlapping with the maintenance window, so this is not a contributing factor.

364
MCQhard

An SAP administrator needs to perform an OS-level patching of the underlying EC2 instances hosting an SAP HANA database in a production environment. The HANA database is configured with system replication across two Availability Zones. What is the best practice to minimize downtime?

A.Stop the EC2 instance, apply patches, and start.
B.Take a snapshot of the volume, patch the OS, and restore if needed.
C.Fail over to the secondary HANA instance, apply patches to the primary, then fail back.
D.Stop the HANA database, apply patches, and restart.
AnswerC

Minimizes downtime.

Why this answer

Option C is correct because failing over to the secondary and patching the primary reduces downtime. Option A is wrong because stopping HANA causes downtime. Option B is wrong because stopping EC2 instance causes downtime.

Option D is wrong because stopping HANA causes downtime.

365
MCQhard

Refer to the exhibit. An SAP administrator receives reports that an application server is slow. The administrator checks the CloudWatch alarm for high CPU but it shows 'OK' state. The get-metric-statistics output shows CPU utilization around 90-95%. What is the most likely reason the alarm is not triggering?

A.The alarm is configured to evaluate based on a longer period than the data shown
B.The alarm is disabled or the action is not configured
C.The alarm threshold is set to 95% and the average is exactly 95%
D.The alarm threshold is set to 90% and the evaluation period is 1 hour
AnswerA

The alarm may require sustained high CPU over 15+ minutes; the data only shows 10 minutes.

Why this answer

The alarm is in OK state despite high CPU, likely because the alarm threshold is set higher than 95% or the evaluation period is longer than the data points shown. The data shows high CPU for only 10 minutes; if the alarm requires sustained high CPU over a longer period, it may not have breached yet.

366
MCQhard

An SAP administrator attaches this IAM policy to a user. The user is unable to start an EC2 instance with ID i-0abcdef1234567890. What is the most likely cause?

A.The IAM policy does not include the ec2:RebootInstances action.
B.The IAM policy is applied to a user who is working in a different AWS region than the one specified in the resource ARN.
C.The IAM policy does not include the ec2:DescribeInstances action.
D.The IAM policy does not include the ec2:StartInstances action.
AnswerB

The resource ARN is region-specific; the user's region may differ.

Why this answer

Option D is correct because the resource ARN specifies us-east-1, but the user might be operating in a different region. Option A is wrong because the policy includes ec2:StartInstances. Option B is wrong because ec2:DescribeInstances is included.

Option C is wrong because ec2:RebootInstances is not required for starting.

367
Multi-Selecteasy

Which THREE metrics should be monitored to ensure the health of an SAP NetWeaver application server? (Choose three.)

Select 3 answers
A.Memory utilization
B.Database connection count
C.CPU utilization
D.Work process utilization
E.Network packet loss
AnswersA, C, D

Memory pressure can cause swapping and performance degradation.

Why this answer

Options A, B, and D are correct. Work process utilization, CPU utilization, and memory utilization are key indicators of application server health. Option C is wrong because database connection count is a database metric.

Option E is wrong because network packet loss is more about infrastructure.

368
Multi-Selecteasy

Which TWO AWS services can be used to monitor SAP HANA database performance metrics? (Choose TWO.)

Select 2 answers
A.SAP HANA Studio / SAP HANA Cockpit
B.AWS CloudTrail
C.AWS Config
D.Amazon CloudWatch
E.AWS X-Ray
AnswersA, D

These are native SAP tools for monitoring HANA performance.

Why this answer

Options B and D are correct. CloudWatch can collect custom metrics, and SAP HANA has its own monitoring tools. Option A is for API auditing.

Option C is for configuration. Option E is for web app monitoring.

369
MCQmedium

An SAP on AWS environment uses a shared file system with Amazon EFS. The operations team reports slow performance during peak hours. Which configuration change would most likely improve throughput?

A.Enable encryption at rest
B.Increase provisioned throughput
C.Enable Bursting Throughput
D.Change the performance mode to Max I/O
AnswerC

Bursting allows higher throughput during peak periods, improving performance.

Why this answer

Option B is correct because enabling Bursting Throughput on EFS allows higher throughput for short bursts. Option A (changing to General Purpose performance mode) is already default; Max I/O mode is for throughput but not bursting. Option C (increasing provisioned throughput) increases cost but may help, but bursting is more cost-effective.

Option D (enabling encryption) does not affect performance.

370
MCQmedium

An SAP system running on AWS experiences high latency when accessing data in Amazon S3. The operations team suspects network bandwidth limitations. Which AWS service can be used to monitor the network throughput between the EC2 instances and S3?

A.Amazon CloudWatch S3 metrics
B.AWS Trusted Advisor
C.AWS Config
D.VPC Flow Logs
AnswerD

Flow Logs capture traffic information for analysis.

Why this answer

Option C is correct because VPC Flow Logs capture IP traffic information and can help analyze throughput. Option A is incorrect because CloudWatch metrics for S3 are request-level, not network. Option B is incorrect because Trusted Advisor provides best practice checks, not real-time monitoring.

Option D is incorrect because Config records resource changes, not network performance.

371
MCQmedium

A company is running an SAP HANA database on an EC2 instance with a single EBS volume for /hana/data. The performance team reports high write latency during peak hours. Which change would most effectively reduce write latency without compromising data durability?

A.Switch the EBS volume type to Provisioned IOPS SSD (io1) with high IOPS
B.Increase the size of the EBS volume to gain more baseline IOPS
C.Move the /hana/data directory to a General Purpose SSD (gp2) volume
D.Configure multiple EBS volumes in a striped RAID 0 array for the /hana/data directory
AnswerD

Striping across multiple EBS volumes distributes I/O and reduces latency.

Why this answer

Option B is correct because using multiple EBS volumes with striping increases I/O throughput and reduces latency by distributing writes. Option A (increasing volume size) may not improve latency. Option C (provisioned IOPS) could help but is more expensive and less effective than striping for this scenario.

Option D (moving to GP2) is a downgrade in performance.

372
Multi-Selecthard

A company runs SAP S/4HANA on AWS. They want to ensure high availability for the central services (ASCS) and enqueue replication. Which TWO components should be deployed to meet this requirement?

Select 2 answers
A.Secondary ASCS instance in a different Availability Zone
B.Primary ASCS instance in one Availability Zone
C.Third ASCS instance in a third Availability Zone
D.Enqueue Replication Server (ERS) in a different Availability Zone
E.SAP HANA database replication
AnswersB, D

Primary ASCS runs the enqueue service.

Why this answer

For HA, deploy the ASCS instance in a primary node and an enqueue replication server (ERS) in a secondary node, typically in different AZs.

373
MCQhard

An SAP administrator created the IAM policy shown for a backup script. The script fails when trying to upload a backup to S3. What is the likely cause?

A.The resource for S3 should include the bucket itself (arn:aws:s3:::sap-backup-bucket).
B.The ec2:Describe* action is not required and causes a conflict.
C.The s3:* action is too broad and is denied by an S3 bucket policy.
D.The KMS key ARN is malformed; it contains extra characters.
AnswerD

The key ARN has a typo with 'a123b4cd56ef' instead of proper format.

Why this answer

The S3 action is allowed on objects only (arn:aws:s3:::sap-backup-bucket/*) but not on the bucket itself. For PutObject, the resource must be the object ARN, which is correct. However, the policy also requires kms:Decrypt for the KMS key, but the key ARN is wrong (it has extra characters).

Option B is correct. Option A is wrong because the action is allowed. Option C is wrong because ec2:Describe* is not needed.

Option D is wrong because the bucket policy is not shown.

374
MCQmedium

A company runs a critical SAP application on an SAP HANA database on AWS. The database is backed up daily to Amazon S3. The company needs to ensure that the database can be restored to a point in time within the last 24 hours with minimal data loss. Which AWS service should be used to achieve this requirement?

A.Enable S3 Object Versioning on the backup bucket.
B.Configure Amazon Data Lifecycle Manager (DLM) for EBS snapshots.
C.Use AWS Backup with the SAP HANA backup plan.
D.Use Amazon RDS automated backups.
AnswerC

AWS Backup supports SAP HANA and enables point-in-time recovery.

Why this answer

Option B is correct because AWS Backup supports SAP HANA backups and enables point-in-time recovery. Option A is wrong because S3 versioning only protects against accidental deletion, not database recovery. Option C is wrong because DLM is for Amazon EBS snapshots, not SAP HANA.

Option D is wrong because RDS is not used for SAP HANA.

375
MCQhard

An SAP administrator notices that the /hana/data filesystem on an SAP HANA database is approaching 95% utilization. The HANA instance uses EBS gp3 volumes. What is the MOST efficient way to increase storage without downtime?

A.Add a new EBS volume and extend the logical volume.
B.Migrate the database to a new instance with larger volumes.
C.Modify the existing EBS volume to increase its size.
D.Create a snapshot, create a larger volume, and restore.
AnswerC

EBS gp3 volumes support online resizing.

Why this answer

Option C is correct because EBS gp3 volumes support online resizing without downtime. You can increase the volume size while the instance is running, and then extend the filesystem and logical volume (if using LVM) to utilize the additional space. This avoids any disruption to the SAP HANA database.

Exam trap

The trap here is that candidates may think adding a new volume (Option A) is simpler or that snapshot-based migration (Option D) is required, but AWS EBS gp3 volumes support online resizing, making Option C the most efficient and downtime-free approach.

How to eliminate wrong answers

Option A is wrong because adding a new EBS volume and extending the logical volume requires attaching the new volume, which may involve rescanning the SCSI bus and could introduce complexity, but more importantly, it is less efficient than simply resizing the existing volume since it adds management overhead and potential path issues. Option B is wrong because migrating the database to a new instance with larger volumes would require downtime for data transfer and reconfiguration, making it inefficient compared to a simple volume resize. Option D is wrong because creating a snapshot and restoring to a larger volume involves stopping the database or at least ensuring data consistency, which introduces downtime, and is unnecessary when gp3 volumes can be resized online.

← PreviousPage 5 of 7 · 491 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Operations and Maintenance questions.