CCNA Technology Questions

75 of 412 questions · Page 1/6 · Technology · Answers revealed

1
MCQmedium

A company is migrating a legacy monolithic application to a microservices architecture on AWS. The application currently uses an Oracle database with complex stored procedures. The company wants to minimize changes to the application code during migration. Which database migration strategy should the company use?

A.Migrate the database to Amazon Aurora with PostgreSQL compatibility using the AWS Database Migration Service (DMS)
B.Store the data in Amazon S3 and use Athena for querying
C.Refactor the application to use Amazon DynamoDB as the database
D.Replatform the application by migrating the Oracle database to Amazon RDS for Oracle
AnswerD

Migrating to RDS for Oracle preserves the existing SQL dialect and stored procedures, minimizing code changes while leveraging managed database services.

Why this answer

Option D is correct because the company wants to minimize changes to the application code during migration. By replatforming the Oracle database to Amazon RDS for Oracle, the application can continue to use the same Oracle database engine, stored procedures, and SQL dialect with minimal or no code changes. This approach avoids the need to rewrite complex stored procedures or adapt to a different database engine, which would be required with other migration strategies.

Exam trap

The trap here is that candidates may assume any AWS-managed database service (like Aurora or DynamoDB) is automatically better, overlooking the critical requirement to minimize code changes by keeping the same database engine.

How to eliminate wrong answers

Option A is wrong because migrating to Amazon Aurora with PostgreSQL compatibility would require rewriting complex Oracle-specific stored procedures (e.g., PL/SQL) to PostgreSQL-compatible code (PL/pgSQL), which contradicts the requirement to minimize application code changes. Option B is wrong because storing data in Amazon S3 and using Athena for querying is not suitable for transactional workloads with complex stored procedures; Athena is designed for serverless ad-hoc querying of data lakes, not for OLTP operations with stored procedures. Option C is wrong because refactoring the application to use Amazon DynamoDB would require significant application code changes, including replacing SQL queries and stored procedures with NoSQL API calls, which violates the goal of minimizing changes.

2
Multi-Selectmedium

A company is designing a microservices architecture on Amazon ECS with Fargate. The services need to communicate securely and be accessible only within the VPC. Which TWO steps should the solutions architect take to meet these requirements? (Choose TWO.)

Select 2 answers
A.Attach an Internet Gateway to the VPC and configure route tables for the private subnets.
B.Place the Fargate tasks in public subnets to allow them to communicate with each other through the internet gateway.
C.Use AWS Cloud Map for service discovery and register a public DNS name for each service.
D.Use an internal Application Load Balancer to distribute traffic between services.
E.Create a VPC endpoint for Amazon ECS to allow the service to call the ECS API without internet access.
AnswersD, E

Internal ALB routes traffic within the VPC.

Why this answer

Option D is correct because an internal Application Load Balancer (ALB) operates within a VPC and does not expose a public endpoint, ensuring that traffic between microservices remains private. It distributes incoming requests to Fargate tasks based on defined rules, enabling secure, internal communication without internet access.

Exam trap

The trap here is that candidates often confuse public subnets with the ability to communicate privately, or assume that an internet gateway is required for any inter-service communication, when in fact internal load balancers and VPC endpoints provide fully private connectivity.

3
MCQhard

A company has an SAP HANA database running on an EC2 instance with EBS volumes. The database requires 10,000 IOPS consistently. The current volume type is gp3 with 3000 IOPS. Which change should be made to meet the IOPS requirement?

A.Change the volume type to io2 Block Express and provision 10,000 IOPS.
B.Increase the volume size of the gp3 volume to automatically increase IOPS.
C.Increase the IOPS on the existing gp3 volume to 10,000.
D.Add an instance store volume and move the data to it.
AnswerA

io2 Block Express volumes support high IOPS and are suitable for SAP HANA.

Why this answer

Option A is correct because io2 Block Express volumes can provision up to 256,000 IOPS. Option B is wrong because gp3 max IOPS is 16,000 but you can increase IOPS. However, io2 is better for high IOPS.

Option C is wrong because instance store is ephemeral. Option D is wrong because increasing volume size on gp3 doesn't necessarily increase IOPS beyond baseline.

4
MCQhard

A company runs a containerized application on Amazon ECS with Fargate launch type. The application needs to access an Amazon RDS database that is in a private subnet. The ECS tasks are also in private subnets. The security group for the RDS instance allows inbound traffic on port 3306 from the security group attached to the ECS tasks. However, the application cannot connect to the database. Which solution should the company implement to resolve this issue?

A.Configure the ECS task definition to assign a public IP address to the tasks and ensure the tasks have a route to the internet via a NAT gateway
B.Attach the same security group to the ECS tasks and the RDS instance, and ensure the security group has an inbound rule allowing traffic from itself on port 3306
C.Place both the ECS tasks and the RDS instance in the same public subnet to ensure network connectivity
D.Modify the RDS security group inbound rule to allow traffic from the CIDR block of the ECS tasks’ private subnets instead of the security group ID
AnswerB

Using the same security group for both resources and allowing inbound from the group itself (self-reference) enables traffic between them, regardless of outbound rules. This is a common pattern for internal communication.

Why this answer

Option B is correct because when using security group IDs in inbound rules, the traffic is evaluated based on the source security group's network interfaces, not the IP addresses. However, for this to work, the security group must be attached to the ECS tasks' elastic network interfaces (ENIs). By attaching the same security group to both the ECS tasks and the RDS instance, and adding a self-referencing inbound rule for port 3306, the RDS instance will accept traffic from any resource that has that security group attached, including the ECS tasks.

This resolves the connectivity issue because the security group rule correctly identifies the source by the security group ID, not by IP.

Exam trap

The trap here is that candidates often assume security group rules using security group IDs require the source and destination to be in the same security group, but they actually require the source security group to be attached to the source resource's ENI, and the rule must be a self-referencing rule (allowing traffic from itself) to work correctly when both resources share the same security group.

How to eliminate wrong answers

Option A is wrong because assigning a public IP address to ECS tasks in private subnets is not possible with Fargate; tasks in private subnets cannot have public IPs, and even if they could, a NAT gateway is for outbound internet access, not for inbound database connectivity. Option C is wrong because placing both resources in a public subnet exposes them unnecessarily to the internet and does not solve the underlying security group rule issue; the application should remain in private subnets for security. Option D is wrong because using CIDR blocks instead of security group IDs would require the ECS tasks to have static IPs, which they do not in Fargate; the tasks' IPs can change, making CIDR-based rules unreliable and less secure.

5
MCQeasy

A company runs SAP ERP on AWS using a single EC2 instance for the database and application. The system has been in production for two years. The SAP administrator receives a notification that the EC2 instance's underlying hardware is scheduled for retirement in two weeks. The administrator needs to minimize downtime and ensure the SAP system is available during the maintenance. Which action should the administrator take?

A.Reboot the instance to move it to healthy hardware.
B.Request an extension of the retirement date from AWS Support.
C.Create an AMI of the instance and launch a new instance from the AMI.
D.Stop the instance and then start it again to migrate to new hardware.
AnswerD

Stop/start moves instance to new hardware quickly.

Why this answer

Option C is correct: Stopping and starting the instance migrates it to new hardware with minimal downtime (the stop/start cycle takes a few minutes). Option A is wrong because rebooting does not change the underlying hardware; it stays on the same degraded hardware. Option B is wrong because creating an AMI and launching a new instance would take longer and may cause IP/hostname changes.

Option D is wrong because scheduled events do not support delay beyond the given date; requesting a delay is not a standard procedure.

6
MCQmedium

A company migrates its SAP HANA database to an EC2 instance with 1 TB of memory. The system is used for both OLTP and OLAP workloads. The performance team notices that memory utilization is high but the CPU is underutilized. Which configuration change would best improve overall system throughput?

A.Use a smaller instance type with higher CPU to memory ratio
B.Enable HANA Large Pages to reduce TLB misses and improve memory access
C.Increase the swap space on the instance store volumes
D.Disable HANA compression to reduce CPU overhead
AnswerB

Large pages improve memory access efficiency.

Why this answer

Option C is correct because enabling HANA Large Pages improves memory management and CPU efficiency for large workloads. Option A is incorrect because increasing swap would degrade performance. Option B is incorrect because disabling HANA compression increases memory usage.

Option D is incorrect because using smaller instances would not help.

7
MCQhard

A company is deploying SAP S/4HANA on AWS and needs to ensure that the system can handle a sudden increase in user load during month-end closing. Which architectural change would best address this requirement?

A.Configure auto-scaling for the SAP application tier based on CPU utilization.
B.Deploy the application across multiple Availability Zones.
C.Increase the provisioned IOPS on the database EBS volumes.
D.Use a larger EC2 instance type for the application server.
AnswerA

Auto-scaling adds compute capacity automatically during high load.

Why this answer

Option A is correct because application auto-scaling allows adding instances to handle increased load. Option B is wrong because vertical scaling has limits and requires downtime. Option C is wrong because increasing provisioned IOPS helps with storage, not compute.

Option D is wrong because Multi-AZ provides high availability, not scalability.

8
MCQmedium

An SAP system running on AWS is experiencing high CPU utilization on the database server. The database is SAP HANA running on an r5.8xlarge instance. Which metric in Amazon CloudWatch would best indicate whether the CPU is being consumed by the HANA process or by other OS processes?

A.CPUUtilization metric from the EC2 instance
B.HANA CPU metric from SAP HANA CloudWatch integration
C.CPUCreditUsage metric
D.Custom metrics collected by the CloudWatch agent for the hdbindexserver process
AnswerD

The CloudWatch agent can collect per-process CPU metrics, allowing identification of HANA CPU usage.

Why this answer

Option D is correct because CloudWatch Agent can collect per-process CPU metrics. Option A is wrong because CPUUtilization is aggregate. Option B is wrong because CPUCreditUsage is for burstable instances.

Option C is wrong because the HANA metric is not a standard CloudWatch metric.

9
MCQmedium

An SAP system administrator is setting up monitoring for SAP NetWeaver on AWS. They want to send custom SAP application metrics to CloudWatch for alerting. What is the most efficient way to achieve this?

A.Use SAP Solution Manager to export metrics to CloudWatch via API
B.Use AWS Lambda to periodically query SAP and push metrics to CloudWatch
C.Install the Amazon CloudWatch Agent on the EC2 instance and configure it to collect SAP metrics
D.Configure AWS Systems Manager to collect SAP metrics
AnswerC

The CloudWatch Agent can collect custom metrics from the OS and applications, including SAP, and publish them to CloudWatch efficiently.

Why this answer

The CloudWatch Agent can collect custom metrics from the OS and applications, including SAP, and publish them to CloudWatch. AWS Lambda can be used but requires custom code and more overhead. SAP Solution Manager does not natively integrate with CloudWatch.

AWS Systems Manager is for management, not custom metric publishing.

10
MCQhard

A company is migrating a legacy application to AWS. The application uses a custom TCP protocol and requires session persistence. The application runs on a fleet of EC2 instances behind a Network Load Balancer (NLB). The current configuration uses a TCP listener with 'source IP' stickiness. However, some clients are being routed to different instances mid-session, causing application errors. What is the most likely cause and solution?

A.The NLB does not support source IP stickiness; use a Classic Load Balancer instead.
B.Clients are behind a NAT gateway, so the source IP changes between requests, breaking stickiness. Use a 'stitched' cookie or switch to an Application Load Balancer.
C.The NLB has cross-zone load balancing enabled, which distributes traffic across instances in different Availability Zones.
D.The idle timeout of the NLB is too low, causing the NLB to close connections prematurely.
AnswerB

NAT changes the source IP, which defeats source IP stickiness.

Why this answer

Option B is correct because clients behind a NAT gateway will have their source IP address translated to the NAT gateway's public IP, which remains consistent for all requests from that gateway. However, if multiple clients share the same NAT gateway, the source IP is the same, but the NLB's source IP stickiness is based on the client's source IP as seen by the NLB. If the NAT gateway uses multiple public IPs or if clients are behind different NAT gateways, the source IP can change between requests, breaking stickiness.

The solution is to use a 'stitched' cookie or switch to an Application Load Balancer, which supports cookie-based session persistence independent of source IP.

Exam trap

The trap here is that candidates assume source IP stickiness works identically for all clients, failing to consider that NAT gateways or proxy servers can cause the source IP to change between requests, which is a common scenario in hybrid or multi-VPC architectures.

How to eliminate wrong answers

Option A is wrong because Network Load Balancers do support source IP stickiness (also known as client IP stickiness) for TCP listeners; Classic Load Balancers are legacy and not recommended for new deployments. Option C is wrong because cross-zone load balancing distributes traffic across instances in different Availability Zones but does not cause mid-session routing changes; it actually helps maintain stickiness by keeping traffic within the same target group. Option D is wrong because the idle timeout of an NLB is configurable (default 350 seconds) and affects connection persistence, but it would cause connections to drop entirely, not route to different instances mid-session.

11
MCQeasy

An SAP administrator needs to ensure that all API calls made to AWS services by the SAP system are logged for auditing purposes. Which AWS service should be enabled?

A.AWS Config
B.AWS CloudTrail
C.Amazon CloudWatch
D.VPC Flow Logs
AnswerB

CloudTrail provides a record of API activity in your account.

Why this answer

Option B is correct because AWS CloudTrail logs all API calls to AWS services. Option A is wrong because Amazon CloudWatch is for metrics and logs. Option C is wrong because AWS Config records resource configurations.

Option D is wrong because VPC Flow Logs capture IP traffic information.

12
MCQmedium

An SAP application running on an EC2 instance is experiencing high latency during peak hours. The instance is in a private subnet with a NAT Gateway for outbound internet. Which action would most effectively reduce latency for SAP users?

A.Increase the EC2 instance size to a larger type with more CPU and memory.
B.Move the instance to a public subnet and assign a public IP address.
C.Replace the NAT Gateway with an Internet Gateway.
D.Enable EBS optimization on the instance.
AnswerA

Larger instance type directly improves compute performance, reducing application latency.

Why this answer

Option A is correct because increasing instance size provides more CPU and memory, directly reducing processing latency. Option B is wrong because NAT Gateway is for outbound traffic, not inbound latency. Option C is wrong because EBS optimization helps disk I/O, not network latency.

Option D is wrong because changing subnet does not affect performance.

13
MCQmedium

Your company is running SAP Business Suite on Oracle on AWS. The database is hosted on an EC2 instance with EBS volumes configured as RAID 0 for performance. You are planning to migrate to SAP HANA on AWS. The new HANA database will be hosted on a single EC2 instance with EBS io2 volumes. You need to ensure minimal downtime during the migration. Which approach should you take?

A.Use SAP HANA System Replication (HSR) with DMO to replicate data while the source is running, then perform a final cutover.
B.Use AWS Database Migration Service (DMS) to continuously replicate from Oracle to HANA.
C.Use SAP Landscape Management (LaMa) to automate the migration with minimal downtime.
D.Perform a classic migration using SAP Software Update Manager (SUM) with database migration option (DMO) in a single step, stopping the source system.
AnswerA

HSR with DMO allows minimal downtime by replicating changes during the migration.

Why this answer

Option C is correct because using SAP HANA System Replication with a DMO migration allows near-zero downtime by replicating data while the source system is running. Option A (cold migration) causes extended downtime. Option B (AWS DMS) is not suitable for migrating from Oracle to HANA as it does not support HANA as a target.

Option D (SAP LaMa) can assist but does not directly provide near-zero downtime migration.

14
MCQmedium

An SAP application running on AWS is experiencing high latency for database write operations. The system uses SAP ASE on Amazon EC2 with gp2 EBS volumes. Which change is most likely to improve write performance?

A.Move database write logs to Amazon S3 for better throughput.
B.Migrate to io1/io2 EBS volumes with provisioned IOPS.
C.Migrate to gp3 EBS volumes with higher baseline performance.
D.Use instance store volumes for database data files.
AnswerB

Provisioned IOPS volumes are designed for consistent, low-latency database workloads.

Why this answer

Option B is correct because io1/io2 volumes provide consistent IOPS performance suitable for database workloads. Option A is wrong because gp3 may still not guarantee low latency writes. Option C is wrong because instance store is ephemeral and data is lost on stop/termination.

Option D is wrong because S3 is object storage, not block storage for database.

15
Multi-Selecthard

A company is planning to migrate its SAP HANA database to AWS. The database is 5 TB in size and requires high IOPS for online transaction processing (OLTP) workloads. Which THREE AWS storage options are suitable for SAP HANA data volumes? (Choose THREE.)

Select 3 answers
A.EC2 instance store (NVMe SSD)
B.Amazon EBS io2 Block Express volumes
C.Amazon S3
D.Amazon EBS gp3 volumes
E.Amazon EFS
AnswersA, B, D

Instance store provides very high IOPS, but data is ephemeral; suitable for /hana/data with replication.

Why this answer

Options A, B, and D are correct: io2 Block Express provides high IOPS, instance store provides very low latency, and gp3 can be used for less critical data. Option C is wrong because Amazon EFS is not supported for HANA data. Option E is wrong because S3 is not block storage.

16
Drag & Dropmedium

Drag and drop the steps to set up an SAProuter connection between an on-premises network and AWS for SAP support access into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SAProuter setup involves deploying instance, configuring SAProuter, opening port, establishing connectivity, and routing.

17
MCQmedium

An SAP administrator runs the AWS CLI command shown in the exhibit to describe an EBS volume attached to an EC2 instance running SAP HANA. The instance is in the us-east-1a Availability Zone. The administrator needs to create a volume in us-east-1b and copy the data from the existing volume. What is the most efficient way to achieve this?

A.Use rsync to copy data from the instance to a new volume in us-east-1b over the network
B.Detach the volume from the instance and attach it to an instance in us-east-1b
C.Create a snapshot of the volume and then create a new volume in us-east-1b from the snapshot
D.Create an AMI from the instance and launch a new instance in us-east-1b
AnswerC

Snapshots are AZ-independent and can be used to create volumes in different AZs.

Why this answer

Creating a snapshot of the existing volume is the most efficient way to copy data across Availability Zones. Then, create a new volume in us-east-1b from that snapshot. Detaching the volume and attaching it to an instance in us-east-1b is not possible because the volume is tied to its AZ.

Creating an AMI is unnecessary overhead. Using rsync over the network would require an instance in the same AZ and network bandwidth.

18
MCQeasy

A company runs SAP Business Suite on AWS and wants to implement a disaster recovery (DR) solution with a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour. The primary site is in us-east-1, and DR site will be in us-west-2. The database is running on SAP ASE. The company wants to minimize changes to the existing SAP environment and avoid complex replication setups. What is the most suitable DR approach?

A.Deploy a Multi-AZ database in the primary region.
B.Set up SAP ASE native replication to a standby database in the DR region.
C.Use AWS Backup to schedule snapshots of the EBS volumes and copy them to the DR region.
D.Use AWS Database Migration Service to continuously replicate data to the DR region.
AnswerC

Simple and meets RPO/RTO with proper scheduling.

Why this answer

Option A is correct. Using AWS Backup to take frequent snapshots of the database and application volumes and copying them to the DR region can meet the RPO of 1 hour if snapshots are taken every hour. Restoring from snapshots can be automated to meet the RTO.

Option B is wrong because Database Migration Service is for ongoing replication, not backup/restore. Option C is wrong because SAP ASE native replication requires significant changes and licensing. Option D is wrong because Multi-AZ is for high availability within a region, not DR across regions.

19
MCQeasy

An SAP system uses a custom RFC destination to an external SOAP web service. After a recent network change, the RFC call fails with a timeout error. The SAP administrator has verified that the web service is reachable from the SAP application server using ping. What is the MOST likely cause of the timeout?

A.The DNS resolution is incorrect for the web service hostname.
B.The SAP router configuration is blocking the connection.
C.The SSL certificate of the web service has expired.
D.A firewall between the application server and the web service is blocking the required port.
AnswerD

Firewall rules may block the specific port while allowing ICMP.

Why this answer

Option C is correct because the firewall might block the specific port used by the SOAP service (e.g., 443 or 8080) even if ICMP (ping) is allowed. Option A (DNS) is unlikely if ping works. Option B (SAP router) is not involved.

Option D (SSL certificate) would cause a different error (e.g., certificate validation failure).

20
MCQhard

An SAP system administrator is troubleshooting an issue where an application cannot connect to an SAP HANA database running on an EC2 instance. The security group for the HANA instance allows inbound traffic on port 39013 (SQL) from the application server's security group. The network ACLs for the subnet allow all traffic. What could be the cause of the connectivity issue?

A.The security group for the HANA instance does not allow inbound traffic on port 39013 from the application server's IP address.
B.The network ACL for the application server's subnet does not allow outbound traffic on port 39013.
C.The network ACL for the HANA instance's subnet is missing an outbound rule to allow return traffic on ephemeral ports.
D.The security group for the application server does not allow outbound traffic on port 39013.
AnswerC

C is correct: NACLs are stateless; outbound rules for return traffic are required.

Why this answer

Option C is correct: The network ACL is stateless and must allow both inbound and outbound traffic; the outbound rule for ephemeral ports may be missing. Option A is incorrect because the security group allows the port. Option B is incorrect because the NACL allows all inbound traffic.

Option D is incorrect because the security group allows the application server's security group.

21
MCQmedium

A company is running an SAP HANA database on an EC2 instance with EBS volumes. The database experiences high write latency during peak hours. Which configuration change would most effectively reduce latency?

A.Switch to gp3 EBS volumes with maximum throughput.
B.Increase the EC2 instance size to a compute-optimized type.
C.Use EBS io2 Block Express volumes with multi-attach enabled.
D.Migrate the data to instance store volumes.
AnswerC

io2 Block Express volumes offer up to 256,000 IOPS and sub-millisecond latency, meeting SAP HANA performance requirements.

Why this answer

Option B is correct because using EBS io2 Block Express volumes provides consistent low latency and high IOPS for demanding workloads like SAP HANA. Option A is wrong because gp3 volumes have lower performance compared to io2 Block Express. Option C is wrong because increasing instance size may not directly address storage latency.

Option D is wrong because instance store volumes are ephemeral and not suitable for persistent database storage.

22
MCQhard

A company is planning a migration of their SAP ERP system to AWS. They want to use SAP HANA as the database. The current on-premises database size is 2 TB. The migration must have minimal downtime. Which combination of AWS services and methods should be used to achieve a near-zero downtime migration?

A.Use AWS DMS with a SAP HANA source and target, configuring ongoing replication to minimize downtime
B.Use AWS Database Migration Service (DMS) with an SAP HANA source and S3 as target
C.Use SAP HANA System Replication (HSR) to replicate data to an EC2 instance in AWS
D.Use AWS Backup to perform a continuous backup of the on-premises HANA database and restore to AWS
AnswerA

DMS supports ongoing replication to keep data in sync with minimal downtime.

Why this answer

Option D is correct because AWS DMS with HANA as target supports minimal downtime using ongoing replication. Option A is incorrect because HSR requires a compatible HANA version setup. Option B is incorrect because DMS cannot replicate from HANA to HANA directly without a source HANA.

Option C is incorrect because AWS Backup cannot replicate data in near-real-time.

23
Multi-Selecthard

A company is designing a disaster recovery (DR) strategy for its SAP system on AWS. The primary site is in us-east-1, and the DR site is in us-west-2. The system uses SAP HANA as the database. Which THREE components must be configured to enable a successful DR failover?

Select 3 answers
A.SAP HANA system replication across regions.
B.Amazon Route53 DNS failover configuration.
C.AWS Backup cross-region backup copy for the HANA database.
D.S3 Cross-Region Replication for SAP transport files.
E.AWS Transit Gateway peering between the two regions.
AnswersA, B, C

HANA SR provides real-time data replication.

Why this answer

Options A, C, and D are correct. Cross-region replication for HANA (A) ensures data consistency. Route53 (C) provides DNS failover.

AWS Backup cross-region copy (D) ensures backups are available. Option B (S3 CRR) is not needed for HANA replication. Option E (AWS Transit Gateway) is for network connectivity, not DR failover.

24
MCQmedium

A company runs a critical web application on EC2 instances behind an Application Load Balancer. The application uses Auto Scaling and a MySQL RDS Multi-AZ DB instance. Users report intermittent connection timeouts, and CloudWatch metrics show CPUUtilization spikes to 90% on the DB instance. The application queries are read-heavy with occasional writes. What is the MOST cost-effective design change to improve performance?

A.Implement ElastiCache Redis cluster to cache query results and reduce DB load.
B.Enable RDS Performance Insights and create a CloudWatch alarm to reboot the DB instance on high CPU.
C.Add an RDS read replica in the same region and configure the application to route read queries to the replica.
D.Switch the DB instance to a larger instance type to handle the load.
AnswerC

A read replica offloads read traffic, reducing CPU on the primary, and is cost-effective for read-heavy workloads.

Why this answer

Option C is the most cost-effective design change because adding an RDS read replica offloads read-heavy queries from the primary DB instance, reducing CPU utilization without requiring a larger instance. Since the workload is read-heavy with occasional writes, a read replica handles SELECT traffic while the Multi-AZ primary manages writes, improving performance at a lower cost than scaling up.

Exam trap

The trap here is that candidates often choose ElastiCache (Option A) thinking caching always reduces DB load, but for a read-heavy workload with occasional writes, an RDS read replica is more cost-effective and directly addresses the CPU spikes from read queries without the overhead of cache invalidation and additional infrastructure.

How to eliminate wrong answers

Option A is wrong because ElastiCache Redis caches query results, which reduces DB load for repeated queries but does not address the root cause of high CPU from read-heavy queries that may not be cacheable; it also adds complexity and cost for a workload better served by a read replica. Option B is wrong because enabling Performance Insights and rebooting the DB instance on high CPU is a reactive measure that does not prevent CPU spikes, and rebooting causes downtime, which is unacceptable for a critical application. Option D is wrong because switching to a larger instance type increases cost significantly without optimizing the read-heavy workload, whereas a read replica provides dedicated read capacity at a lower incremental cost.

25
MCQeasy

A company runs a critical SAP application on AWS. The SAP team needs to reduce network latency between application servers and the database. Which AWS service should be used to achieve this?

A.Amazon Route 53
B.AWS Global Accelerator
C.VPC Peering
D.Placement Groups (cluster)
AnswerD

Cluster placement groups place instances in a single AZ with low-latency networking.

Why this answer

Option B is correct because placement groups, specifically cluster placement groups, provide low-latency network performance by placing instances in a single Availability Zone with high-bandwidth, low-latency connections. Option A is incorrect because VPC Peering connects networks but doesn't guarantee low latency between instances. Option C is incorrect because AWS Global Accelerator improves global traffic routing but not within a region.

Option D is incorrect because Route 53 is a DNS service.

26
Multi-Selectmedium

Which THREE of the following are best practices for securing an SAP HANA database on AWS? (Choose 3.)

Select 3 answers
A.Assign a public IP address to the HANA instance for easy access
B.Disable the HANA password policy to simplify user access
C.Enable encryption at rest for EBS volumes attached to the HANA instance
D.Enable SAP HANA data encryption for data in transit and at rest
E.Use security groups to restrict inbound traffic to the HANA database
AnswersC, D, E

Encryption protects data at rest.

Why this answer

Options A, B, and C are correct. Using security groups, encrypting EBS volumes, and enabling HANA encryption are all security best practices. Option D is incorrect because disabling password policies weakens security.

Option E is incorrect because making the database publicly accessible increases risk.

27
MCQeasy

An SAP system administrator needs to ensure high availability for an SAP HANA database using AWS services. What is the recommended architecture?

A.Deploy SAP HANA on EC2 instances in a cluster across multiple Availability Zones with synchronous replication
B.Use Amazon RDS for SAP HANA with Multi-AZ deployment
C.Use Amazon RDS Multi-AZ for SAP HANA database
D.Deploy a single EC2 instance in one Availability Zone and take daily snapshots
AnswerA

SAP HANA can be deployed as a multi-node cluster using EC2 instances in different AZs with synchronous replication and automatic failover using cluster software like Pacemaker.

Why this answer

SAP HANA can be deployed as a multi-node cluster using EC2 instances in different Availability Zones with synchronous replication and automatic failover using cluster software like Pacemaker. RDS does not support SAP HANA. A single EC2 instance in one AZ is not highly available.

Multi-AZ RDS is for other databases, not SAP HANA.

28
Multi-Selecthard

Which TWO AWS services can be used to monitor the health and performance of an SAP HANA database on AWS?

Select 2 answers
A.AWS Trusted Advisor
B.Amazon CloudWatch
C.AWS Config
D.SAP HANA monitoring tools (e.g., HANA cockpit)
E.VPC Flow Logs
AnswersB, D

CloudWatch can monitor metrics and logs from HANA.

Why this answer

Options A and D are correct. CloudWatch can monitor OS and custom HANA metrics. HANA itself provides monitoring via SQL queries (e.g., SAP HANA cockpit).

Option B is incorrect because AWS Config tracks configuration, not performance. Option C is incorrect because VPC Flow Logs monitor network traffic. Option E is incorrect because Trusted Advisor provides best-practice checks, not real-time monitoring.

29
MCQhard

An SAP system running on AWS is experiencing intermittent connectivity issues between the SAP application servers and the database server. Both are in the same VPC but different subnets. The security groups and network ACLs are correctly configured. The issue occurs only during peak hours. Which of the following is the most likely cause?

A.Security group outbound rules are blocking return traffic.
B.The VPC peering connection is throttling traffic.
C.Network ACLs do not have rules to allow ephemeral ports for return traffic.
D.Security group inbound rules are misconfigured.
AnswerC

NACLs are stateless; failing to allow ephemeral ports can cause intermittent connectivity during high traffic.

Why this answer

Option D is correct because network ACLs are stateless and require explicit rules for both inbound and outbound traffic, and ephemeral ports are often missed. Option A is wrong because NACL rules are evaluated before security groups. Option B is wrong because VPC peering is not mentioned.

Option C is wrong because security groups are stateful and would not cause asymmetric traffic issues.

30
MCQeasy

A company is planning to migrate its SAP HANA database to AWS. The database size is 3 TB, and they need high I/O performance with low latency. The SAP workload is critical and requires high availability. Which AWS storage solution should they choose for the HANA data volume?

A.Amazon EBS gp3 volumes.
B.EC2 Instance Store volumes.
C.Amazon EFS with Provisioned Throughput.
D.Amazon EBS io2 Block Express volumes.
AnswerD

io2 Block Express offers high performance, low latency, and high durability, making it ideal for SAP HANA.

Why this answer

Option C is correct because AWS strongly recommends using io2 Block Express volumes for SAP HANA due to their high performance, durability, and ability to meet SAP's high availability requirements. Option A (EFS) is a file system, not block storage. Option B (gp3) is cost-effective but may not provide the consistent low latency needed for HANA.

Option D (Instance Store) provides low latency but is ephemeral and not suitable for persistent data.

31
MCQhard

An SAP administrator runs the AWS CLI command shown in the exhibit. The SAP HANA instance is running on an r5.4xlarge in us-east-1a. The administrator wants to change the instance type to r5.8xlarge to improve performance. What must the administrator do first?

A.Create an AMI of the instance and launch a new instance with the larger type.
B.Detach the EBS volumes and attach them to a new instance.
C.Stop the instance from the AWS Management Console.
D.Modify the instance type in the instance settings while it is running.
AnswerC

Instance must be stopped to modify instance type.

Why this answer

Option D is correct. To change the instance type, the instance must be in the stopped state. Option A is incorrect because you cannot change instance type while running.

Option B is incorrect because r5.4xlarge and r5.8xlarge are in the same instance family. Option C is incorrect because you can change instance type to any size within the same family without re-attaching volumes.

32
MCQhard

An SAP environment on AWS uses Amazon FSx for NetApp ONTAP for shared storage. The system is experiencing high write latency. The storage administrator suspects the volume is not optimized for SAP workloads. Which configuration change would most likely reduce write latency?

A.Enable data compression on the volume.
B.Enable tiering policy to allow all data to be served from the SSD tier.
C.Enable the capacity pool tiering to auto-tier cold data to Amazon S3.
D.Increase the size of the volume.
AnswerB

Moving data to SSD tier reduces latency compared to HDD.

Why this answer

Option A is correct because read-write SSD tiering reduces latency. Option B is wrong because compression increases CPU overhead. Option C is wrong because it does not affect write latency.

Option D is wrong because it increases latency.

33
MCQhard

A customer runs SAP HANA on an AWS Multi-AZ deployment with a primary and secondary instance. They want to ensure automatic failover in case of instance failure. What is the recommended approach?

A.Implement SAP HANA System Replication in a multi-AZ configuration with automatic failover using AWS services.
B.Set up a Route 53 health check to redirect traffic to the secondary instance manually.
C.Use Amazon RDS for SAP HANA with Multi-AZ enabled.
D.Configure an Auto Scaling group with a lifecycle hook to launch a new HANA instance.
AnswerA

HANA System Replication with automatic failover is the recommended method.

Why this answer

Option D is correct because AWS offers a native HANA multi-AZ solution using HANA System Replication with automatic failover. Option A is wrong because auto-scaling doesn't handle database failover. Option B is wrong because RDS custom does not support HANA.

Option C is wrong because manual DNS change is not automatic.

34
MCQeasy

A company runs its SAP system on AWS and uses a Multi-AZ RDS for Oracle database for the SAP Central Services (SCS) instance. The SCS instance is currently on a single EC2 instance in one Availability Zone. The company wants to ensure high availability for the SCS service. What should they do?

A.Implement an SAP ASCS/ERS cluster using two EC2 instances and a shared file system.
B.Place the SCS instance on a larger EC2 instance and use EBS snapshots for recovery.
C.Use an Application Load Balancer to distribute traffic to multiple SCS instances.
D.Configure the SCS instance on the existing RDS for Oracle database.
AnswerA

This is the standard HA setup for SAP Central Services on AWS.

Why this answer

Option A is correct because SAP Central Services can be deployed in an ASCS/ERS cluster using two EC2 instances with shared storage (like EBS Multi-Attach or FSx for Windows) and a floating IP. Option B (RDS for Oracle) can be HA but not for SCS. Option C (single instance with EBS snapshots) does not provide HA.

Option D (Application Load Balancer) is for HTTP traffic, not SAP protocols.

35
Multi-Selecthard

An SAP system running on AWS is experiencing high latency in the application layer. The system uses a load balancer to distribute traffic across multiple EC2 instances. Which THREE actions could help diagnose the latency issue? (Choose THREE.)

Select 3 answers
A.Monitor the EC2 instance CPU and memory utilization using Amazon CloudWatch metrics.
B.Check AWS Config rules for any non-compliant resources.
C.Use Amazon CloudWatch detailed monitoring to get 1-minute metrics for EC2 instances.
D.Enable and analyze the Application Load Balancer access logs to identify slow requests.
E.Review VPC Flow Logs to check for packet loss or throttling.
AnswersA, C, D

High CPU/memory can cause latency.

Why this answer

Options A, B, and D are correct. CloudWatch metrics help identify resource bottlenecks. ALB access logs show request-level details.

Detailed monitoring provides high-resolution metrics. Option C (VPC Flow Logs) helps with network analysis but not application latency. Option E (AWS Config) tracks configuration changes, not performance.

36
MCQmedium

A company runs an SAP HANA system on AWS. The system uses a three-node cluster with HANA System Replication (HSR) in a scale-out configuration. The cluster spans three Availability Zones. Which architecture ensures the highest availability for the SAP HANA database?

A.Use a cluster of nodes across three Availability Zones with HANA System Replication and automatic failover.
B.Configure HANA System Replication in active/active mode across all nodes.
C.Use Amazon RDS for SAP HANA with Multi-AZ deployment.
D.Deploy all nodes in a single Availability Zone with synchronous replication.
AnswerA

B is correct: multi-AZ with HSR provides high availability.

Why this answer

Option B is correct: for HSR scale-out, a multi-AZ cluster with automatic failover provides high availability. Option A is incorrect because a single AZ is a single point of failure. Option C is incorrect because HSR active/active is not supported for scale-out.

Option D is incorrect because Multi-AZ is for RDS, not HANA on EC2.

37
Matchingmedium

Match the AWS managed service to its SAP-related capability.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Track SAP license usage and compliance

Patch management and automation for SAP instances

Monitoring SAP metrics and logs

Best practice checks for SAP on AWS

Why these pairings

These AWS services help manage SAP operations.

38
Multi-Selectmedium

An SAP customer is running SAP HANA on AWS using m5.8xlarge instances. They want to implement a disaster recovery (DR) strategy using a secondary region with a standby HANA instance. Which TWO options should they consider to replicate the HANA data to the DR region? (Select TWO.)

Select 2 answers
A.Use AWS Database Migration Service (DMS) to continuously replicate HANA to the DR region.
B.Use Amazon EBS Snapshots and copy them to the DR region for periodic restore.
C.Configure SAP HANA System Replication (HSR) to replicate data to the secondary region.
D.Use Amazon EFS to replicate the HANA data directory to the DR region.
E.Use AWS S3 Transfer Acceleration to continuously upload HANA log files to the DR region.
AnswersB, C

EBS Snapshots can be used for backup and copied across regions for DR, though with potential data loss.

Why this answer

Options B and C are correct. SAP HANA System Replication is the standard method for replicating data between HANA instances across regions. Amazon EBS Snapshots can be copied to another region and used to restore volumes.

Option A (EFS) is not suitable for HANA data volumes. Option D (S3 Transfer Acceleration) is not a replication method for HANA. Option E (DMS) is for database migrations, not ongoing replication.

39
MCQhard

A company is designing an SAP HANA disaster recovery solution across AWS Regions. The primary site is in us-east-1 and the DR site is in us-west-2. The database size is 5 TB. The RTO is 1 hour and RPO is 15 minutes. Which method should be used for SAP HANA replication?

A.Use AWS Database Migration Service (DMS) to continuously replicate changes.
B.Configure SAP HANA System Replication in synchronous mode between the two regions.
C.Use AWS Backup to copy EBS snapshots to the DR region every 15 minutes.
D.Configure SAP HANA System Replication in asynchronous mode to the DR region.
AnswerD

Asynchronous replication allows cross-region replication with acceptable RPO.

Why this answer

Option D is correct because SAP HANA System Replication with asynchronous mode can replicate across regions with RPO of seconds to minutes. Option A is wrong because synchronous mode over long distance introduces high latency. Option B is wrong because EBS snapshots alone cannot achieve RPO of 15 minutes due to frequency limits.

Option C is wrong because DMS does not support SAP HANA as a target.

40
Multi-Selecteasy

Which TWO AWS services can be used to monitor the performance of an SAP HANA database running on EC2? (Choose two.)

Select 2 answers
A.AWS Systems Manager
B.AWS CloudTrail
C.AWS Trusted Advisor
D.AWS Config
E.Amazon CloudWatch
AnswersA, E

Systems Manager can collect OS and application metrics.

Why this answer

AWS Systems Manager (SSM) is correct because it provides the Run Command and Inventory features that can execute scripts (e.g., SAP HANA SQL queries) and collect OS-level metrics (CPU, memory, disk) from EC2 instances. Amazon CloudWatch is correct because it can ingest custom metrics from the SAP HANA database (e.g., via the SAP HANA plugin for CloudWatch Agent) and monitor standard EC2 metrics like CPU utilization and memory, enabling performance monitoring and alarming.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (audit logging) with CloudWatch (monitoring), or assume AWS Config can monitor performance because it tracks resource state, but neither provides the real-time metric collection needed for SAP HANA performance monitoring.

41
MCQeasy

An SAP administrator needs to ensure that all changes to an SAP system's AWS resources are tracked and that alerts are sent when SSH access to EC2 instances is modified. Which AWS service should be used?

A.AWS Config
B.Amazon CloudWatch
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerD

Records API calls for auditing.

Why this answer

Option B is correct because AWS CloudTrail records API calls and can trigger alerts via CloudWatch Events. Option A is wrong because Config tracks resource configuration changes but not API calls. Option C is wrong because CloudWatch monitors performance, not API calls.

Option D is wrong because Trusted Advisor provides best-practice checks, not change tracking.

42
MCQeasy

A company is designing a multi-tier web application on AWS. The web tier must scale based on CPU utilization, and the application tier must scale based on request count. Both tiers are deployed in a VPC with public and private subnets. Which combination of AWS services should the company use?

A.Application Load Balancer for the web tier and Network Load Balancer for the application tier
B.Classic Load Balancer for both tiers
C.Network Load Balancer for the web tier and Application Load Balancer for the application tier
D.Amazon API Gateway for the web tier and Application Load Balancer for the application tier
AnswerA

This is a standard architecture: ALB handles HTTP/HTTPS traffic and can scale based on CPU; NLB handles TCP traffic and can scale based on request count.

Why this answer

Option A is correct because the web tier requires an Application Load Balancer (ALB) to distribute HTTP/HTTPS traffic and can scale based on CPU utilization using an Auto Scaling group with a target tracking policy. The application tier needs a Network Load Balancer (NLB) to handle high request counts at the transport layer (TCP/UDP), which is ideal for scaling based on request count per target. This combination allows each tier to use the most appropriate load balancer for its scaling metric and protocol requirements.

Exam trap

The trap here is that candidates often assume the web tier should use an NLB for high performance, but the ALB is required for HTTP/HTTPS traffic and CPU-based scaling, while the NLB is better suited for the application tier when scaling based on request count at the transport layer.

How to eliminate wrong answers

Option B is wrong because the Classic Load Balancer (CLB) is a legacy service that does not support advanced routing or scaling based on request count per target, and it lacks the granularity needed for separate tier scaling. Option C is wrong because a Network Load Balancer (NLB) operates at Layer 4 and cannot inspect HTTP/HTTPS headers or route based on CPU utilization metrics, making it unsuitable for the web tier. Option D is wrong because Amazon API Gateway is a serverless API management service, not a load balancer, and it cannot directly integrate with Auto Scaling groups for CPU-based scaling of EC2 instances in a web tier.

43
MCQeasy

An SAP administrator needs to ensure that the SAP landscape on AWS is compliant with the SAP license requirements. What is the responsibility of the customer regarding SAP licensing on AWS?

A.AWS provides SAP licenses as part of the EC2 instance pricing
B.The customer must bring their own SAP licenses and ensure compliance with SAP licensing terms
C.SAP licensing is automatically handled by AWS Support
D.SAP licenses are included when using SAP HANA on AWS
AnswerB

Customers are responsible for their own SAP licenses and compliance with SAP's licensing policies.

Why this answer

Customers are responsible for bringing their own SAP licenses and ensuring compliance with SAP licensing terms. AWS does not provide SAP licenses. AWS provides the infrastructure.

SAP licensing is not automatically covered by AWS Support.

44
MCQeasy

An SAP administrator needs to ensure that an Amazon RDS for SAP ASE database is automatically backed up daily and the backups are retained for 30 days. The database is currently in a Multi-AZ deployment. What is the simplest way to achieve this?

A.Create a manual snapshot every day using AWS Backup.
B.Enable Multi-AZ, which automatically backs up the database.
C.Configure automated backups with a retention period of 30 days in the RDS instance settings.
D.Set up a scheduled Lambda function to create snapshots.
AnswerC

B is correct: automated backups are built-in and configurable.

Why this answer

Option B is correct: Automated backups are enabled by default with a retention period of up to 35 days. Option A is incorrect because manual snapshots are not automated. Option C is incorrect because the default backup window is sufficient.

Option D is incorrect because Multi-AZ does not replace backups.

45
MCQhard

The exhibit shows the block device mapping of an EC2 instance running SAP HANA. The root volume (/dev/xvda) has DeleteOnTermination set to true, and the data volume (/dev/sdf) has DeleteOnTermination set to false. If the instance is terminated, what happens to the data volume?

A.Only the data volume is deleted; the root volume remains.
B.Both volumes are detached and moved to Amazon S3.
C.Both volumes are deleted.
D.Only the root volume is deleted; the data volume remains.
AnswerD

The data volume's DeleteOnTermination is false, so it persists.

Why this answer

Option B is correct: The data volume (vol-0def456abc1237890) has DeleteOnTermination=false, so it will not be deleted when the instance is terminated. It remains in the AWS account and can be attached to another instance. Option A is wrong: Only the root volume is deleted.

Option C is wrong: The data volume is not deleted. Option D is wrong: The volume is not automatically moved to S3.

46
MCQhard

A company is running SAP HANA on an EC2 instance with multiple EBS volumes for data and log. The instance is experiencing high write latency on the log volume. The administrator notices that the log volume is a gp2 EBS volume with 1,000 GB size and 3,000 IOPS baseline. The average write IOPS to the log volume is 4,000, with peaks up to 5,500. Which action should the administrator take to resolve the latency?

A.Replace the gp2 volume with an io2 Block Express volume provisioned at 6,000 IOPS.
B.Change the volume type to st1 (throughput optimized) to improve throughput.
C.Add a second log volume and stripe them using LVM.
D.Increase the gp2 volume size to 2,000 GB to double the baseline IOPS.
AnswerA

io2 Block Express provides consistent low latency and high IOPS.

Why this answer

Option B is correct because io2 Block Express volumes provide high IOPS and low latency, suitable for HANA log. Option A is wrong because adding more volumes does not help single volume performance. Option C is wrong because increasing volume size increases baseline IOPS but gp2 max is 16,000, but io2 is better.

Option D is wrong because throughput is not the issue.

47
Multi-Selectmedium

An SAP Basis administrator is planning to migrate an SAP NetWeaver system from on-premises to AWS. The system uses a proprietary storage backend for the transport directory. Which AWS storage options are suitable for the SAP transport directory to provide shared access across multiple EC2 instances? (Choose TWO.)

Select 2 answers
A.Amazon FSx for Lustre
B.EC2 instance store
C.Amazon EBS with multi-attach
D.Amazon EFS
E.Amazon S3
AnswersA, D

FSx for Lustre provides high-performance shared storage suitable for SAP transport directories.

Why this answer

Amazon EFS provides a shared file system accessible from multiple Linux instances. Amazon FSx for Lustre is a high-performance file system for HPC and can be used for SAP transport directories if performance is critical. S3 is object storage, not a file system.

EBS can only be attached to one instance at a time (except multi-attach which is limited). Instance store is ephemeral.

48
MCQmedium

An SAP Basis administrator needs to monitor the performance of their SAP HANA database running on an EC2 instance. The administrator wants to visualize key metrics such as CPU utilization, memory usage, and disk I/O in a single dashboard. Which AWS service should be used to create this dashboard?

A.Amazon CloudWatch Dashboards
B.AWS Config
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerA

CloudWatch Dashboards visualize metrics from multiple sources.

Why this answer

Option B is correct because CloudWatch Dashboards can display metrics from EC2, EBS, and other services. Option A is incorrect because CloudTrail is for auditing API calls. Option C is incorrect because Config is for resource compliance.

Option D is incorrect because Trusted Advisor provides best practice checks, not customizable dashboards.

49
MCQmedium

An SAP Basis administrator is troubleshooting a performance issue on an SAP NetWeaver application server running on Amazon EC2. The administrator notices that the CPU utilization is low but the application response times are high. The system is using an Amazon EBS gp2 volume. Which configuration change is most likely to improve performance?

A.Increase the IOPS of the EBS gp2 volume or switch to io1.
B.Change the EBS volume to instance store.
C.Move the EC2 instance to a larger instance family.
D.Increase the number of vCPUs on the EC2 instance.
AnswerA

Higher IOPS improves disk throughput, reducing I/O wait.

Why this answer

Option D is correct: If CPU is low but response times high, the bottleneck is likely disk I/O. Increasing the IOPS of the gp2 volume (by increasing volume size or switching to io1/io2) improves throughput. Option A is wrong: More vCPUs won't help if CPU is not saturated.

Option B is wrong: Larger instance might not fix disk I/O. Option C is wrong: Instance store is ephemeral and not suitable for persistent data.

50
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to configure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). The solution must use AWS native services. Which TWO actions should be taken?

Select 2 answers
A.Associate an Elastic IP address with the active ASCS instance using a script.
B.Place an Application Load Balancer in front of the ASCS instances.
C.Set up AWS Direct Connect for redundant connectivity.
D.Deploy AWS Global Accelerator for failover.
E.Use Amazon Route 53 with health checks and failover routing policy.
AnswersA, E

Elastic IP can be moved during failover to provide a stable endpoint.

Why this answer

Options B and D are correct: Use Amazon Route 53 with health checks for failover DNS routing; use an Elastic IP address for the virtual IP address that moves between instances. Option A is wrong: ELB is for HTTP/HTTPS; ASCS uses proprietary protocols. Option C is wrong: AWS Global Accelerator is for traffic routing, but not typically used for ASCS/ERS failover.

Option E is wrong: AWS Direct Connect is for private connectivity, not high availability.

51
Multi-Selectmedium

A company runs its SAP HANA database on a single EC2 instance with EBS storage. The database is critical and the company needs to ensure data durability and recoverability in case of a disaster. Which TWO actions should the company take?

Select 2 answers
A.Enable Multi-AZ deployment for the HANA database on RDS.
B.Take periodic EBS snapshots and copy them to another region.
C.Configure automated backups of the HANA database to Amazon S3.
D.Use Cross-Region Replication for the EBS volumes.
E.Set up HANA System Replication to a secondary instance in a different Availability Zone.
AnswersC, E

S3 provides durable off-site backup.

Why this answer

Option A is correct because backups to S3 provide durable storage. Option C is correct because HANA System Replication to a secondary instance in another AZ provides high availability. Option B is wrong because EBS snapshots are stored in the same region and not sufficient for disaster recovery.

Option D is wrong because Multi-AZ for RDS is for RDS, not EC2. Option E is wrong because Cross-Region Replication is for S3, not for live database replication.

52
MCQhard

An SAP ERP system on AWS is experiencing intermittent connectivity issues between the SAP application servers and the database server. Both are in the same VPC, but in different subnets. The security group for the database allows traffic from the application security group. Network ACLs are default (allow all). Despite this, some application servers cannot connect during peak loads. What is the most likely cause?

A.The security group inbound rule for the database has reached its rule evaluation limit.
B.The connection tracking table for the database security group is full, dropping new connections.
C.The application servers are using a single NAT Gateway for outbound traffic, causing a bottleneck.
D.The database is accessed through a VPC Endpoint, which is rate-limiting connections.
AnswerB

Security groups maintain connection tracking; when the table fills, new connections are dropped until old ones expire.

Why this answer

Option D is correct because security groups have a limit on the number of connections they can track, and during peak loads, the connection tracking table can become full, causing new connections to be dropped. Option A is wrong because if there are multiple subnets, a single NAT gateway is not relevant for internal traffic. Option B is wrong because VPC endpoints are for AWS services, not for database connectivity.

Option C is wrong because security group rules are stateful and do not have a rule evaluation limit in this context.

53
MCQeasy

An SAP administrator is configuring backups for an SAP HANA database running on Amazon EC2. The backup must be stored in Amazon S3 for long-term retention. Which AWS service should be used to automate the backup process?

A.AWS Backup
B.Amazon S3 Lifecycle policies
C.AWS Lambda
D.Amazon EBS Snapshots
AnswerA

AWS Backup can orchestrate HANA backups with pre/post scripts.

Why this answer

Option B is correct: AWS Backup integrates with SAP HANA (via pre/post scripts) and can automate backups to S3. Option A is wrong: Amazon S3 Lifecycle policies manage object lifecycle, not backup orchestration. Option C is wrong: AWS Lambda could be used but requires custom coding; AWS Backup is simpler.

Option D is wrong: Amazon EBS Snapshots are for block-level backups, not HANA-specific.

54
MCQhard

A company is running SAP on AWS and wants to implement encryption at rest for all data. The company uses AWS KMS with Customer Managed Keys (CMKs) for the EBS volumes. The SAP application servers need to access an S3 bucket that contains sensitive data. How should the company ensure that the S3 bucket is encrypted with the same CMK?

A.Use client-side encryption before uploading to S3
B.Configure the S3 bucket to use SSE-KMS with the same CMK
C.Add a bucket policy that denies if encryption is not present
D.Enable default encryption on the S3 bucket with SSE-S3
AnswerB

SSE-KMS allows specifying a particular CMK.

Why this answer

S3 supports server-side encryption with KMS keys (SSE-KMS). To use the same CMK, the S3 bucket must be configured with SSE-KMS and the key must be specified. Option A is correct.

Default encryption (B) may use a different KMS key. Bucket policy (C) can enforce encryption but not specify the key. Client-side encryption (D) uses client-managed keys.

55
MCQmedium

An SAP Basis team is planning to migrate an SAP ERP system from on-premises to AWS. The system currently uses Oracle Database and runs on a physical server with 256 GB RAM. The team wants to minimize downtime and ensure the migration is supported by SAP. Which AWS service or feature should they use to perform the migration?

A.Use AWS VM Import/Export to migrate the physical server as an AMI.
B.Use AWS CloudEndure Migration to replicate the entire server to AWS.
C.Use AWS Database Migration Service (DMS) to replicate the Oracle database to Amazon RDS for Oracle.
D.Use SAP's Software Provisioning Manager (SWPM) to perform a homogeneous system copy to AWS.
AnswerD

SWPM is the SAP-recommended tool for system copy and migration.

Why this answer

Option C is correct because SAP supports HSR for system replication with HANA, and for Oracle, using SAP's own migration tools (e.g., SAP DMO) or homogenous migration is supported. Option A is wrong because VM Import/Export is not SAP-specific and may cause issues. Option B is wrong because AWS DMS is not certified for SAP migrations.

Option D is wrong because CloudEndure is not SAP-certified.

56
MCQmedium

An SAP workload on AWS uses a Multi-AZ RDS for Oracle instance for its database. The application team reports that a recent batch job caused a spike in database connections and CPU utilization, leading to performance degradation. The database administrator wants to be notified when CPU utilization exceeds 80% for 5 minutes. Which combination of AWS services should be used to set up this monitoring and notification?

A.Amazon EventBridge with AWS Lambda
B.AWS Trusted Advisor with Amazon Simple Email Service (SES)
C.Amazon CloudWatch with an Amazon CloudWatch Alarm and Amazon SNS
D.Amazon Inspector with Amazon Simple Notification Service (SNS)
AnswerC

B is correct: CloudWatch monitors metrics and alarms can trigger SNS notifications.

Why this answer

Option B is correct: CloudWatch can monitor RDS CPU utilization, and with a metric alarm, it can trigger an SNS notification. Option A is incorrect because Inspector is for security assessments. Option C is incorrect because Trusted Advisor is for best practices, not real-time metrics.

Option D is incorrect because EventBridge would require custom events.

57
MCQmedium

A company runs a production web application on AWS using an Application Load Balancer (ALB) with a target group of EC2 instances in an Auto Scaling group. The application uses a custom Amazon Machine Image (AMI) that includes the web server and application code. The Auto Scaling group has a launch template that references the AMI. The company updates the application code weekly and creates a new AMI version. The operations team manually updates the launch template to reference the new AMI and then initiates an instance refresh. Recently, a misconfiguration caused the launch template to point to an old AMI after an instance refresh, resulting in a rollback of the application code. The company wants to automate the deployment process to ensure that new AMIs are deployed consistently and safely. Which solution meets these requirements?

A.Use EC2 Image Builder to create and test the new AMI, then use AWS CodePipeline to automatically update the launch template and perform a rolling instance refresh.
B.Use AWS CodePipeline to run a script that updates the launch template with the new AMI ID and triggers an instance refresh.
C.Use AWS CloudFormation with a custom resource that validates the AMI and updates the Auto Scaling group.
D.Use AWS CodeDeploy to deploy the application code directly to the existing instances, bypassing the AMI update.
AnswerA

EC2 Image Builder automates AMI creation and testing; CodePipeline orchestrates the deployment pipeline.

Why this answer

Option A is correct because EC2 Image Builder automates the creation, testing, and validation of AMIs, ensuring only compliant images are produced. AWS CodePipeline can then automatically update the launch template with the new AMI ID and trigger a rolling instance refresh, eliminating manual steps and preventing misconfigurations like pointing to an old AMI.

Exam trap

The trap here is that candidates often choose a simpler automation option (like Option B) that updates the launch template but lacks the integrated AMI creation and testing pipeline, failing to address the root cause of deploying an untested or incorrect AMI.

How to eliminate wrong answers

Option B is wrong because it only runs a script to update the launch template and trigger an instance refresh, but lacks the automated AMI creation and testing pipeline, so it does not prevent deployment of untested or incorrect AMIs. Option C is wrong because AWS CloudFormation custom resources can validate AMIs but do not natively automate the full AMI build, test, and deployment lifecycle; they also add complexity and potential for custom resource failures. Option D is wrong because it bypasses the AMI update entirely, which contradicts the requirement to deploy new AMIs consistently; CodeDeploy is designed for in-place or blue/green deployments of application code, not for managing AMI-based infrastructure updates.

58
Multi-Selectmedium

Which TWO AWS services can be used to monitor SAP system performance and send alerts? (Choose two.)

Select 2 answers
A.AWS Config
B.Amazon CloudWatch
C.Amazon Inspector
D.AWS Lambda
E.AWS Trusted Advisor
AnswersB, D

CloudWatch monitors metrics and sends alarms.

Why this answer

Option A and Option D are correct. Amazon CloudWatch can collect metrics and send alarms. AWS Lambda can be used to process metrics and send custom alerts.

Option B is wrong because Amazon Inspector is for security assessment. Option C is wrong because AWS Config is for configuration compliance. Option E is wrong because AWS Trusted Advisor provides best practice checks, not real-time monitoring.

59
Multi-Selectmedium

Which TWO of the following are best practices for securing an SAP HANA database on AWS? (Choose two.)

Select 2 answers
A.Deploy the HANA instance in a private subnet without direct internet access.
B.Disable SSL/TLS for client connections to improve performance.
C.Use a single Availability Zone to simplify network security group management.
D.Enable encryption at rest for the HANA data and log volumes using AWS KMS.
E.Assign a public IP address to the HANA instance for easy access from the internet.
AnswersA, D

Private subnet reduces attack surface.

Why this answer

Deploying the HANA instance in a private subnet without direct internet access ensures that the database is not exposed to the public internet, reducing the attack surface. This follows the AWS security best practice of using private subnets for sensitive workloads, with access only through bastion hosts or VPN/Direct Connect. It also aligns with SAP's own security recommendations for HANA deployments.

Exam trap

The trap here is that candidates may think disabling SSL/TLS improves performance (Option B) without recognizing that the performance gain is negligible compared to the catastrophic security risk, or they may incorrectly assume a public IP is acceptable for administrative access, overlooking the fundamental network isolation requirement for production databases.

60
MCQeasy

A company is using AWS Systems Manager to automate patching of SAP application servers. The patching process should run during a maintenance window every Sunday at 2 AM. Which Systems Manager capability should be used to schedule the patching?

A.Automation
B.Patch Manager
C.State Manager
D.Maintenance Windows
AnswerD

Maintenance Windows allow scheduling of patching tasks.

Why this answer

Option D is correct because Maintenance Windows allow scheduling of patching operations. Option A is wrong because State Manager is for configuration management. Option B is wrong because Patch Manager is for patching but needs a schedule; Maintenance Window triggers it.

Option C is wrong because Automation is for runbooks.

61
MCQeasy

An SAP system administrator needs to store application logs for a minimum of 3 years for compliance. The logs are currently stored in Amazon S3 Standard and are accessed infrequently after 30 days. Which lifecycle policy should the administrator implement to minimize costs while meeting compliance?

A.Transition to S3 One Zone-IA after 30 days and delete after 3 years.
B.Transition to S3 Glacier after 30 days and delete after 3 years.
C.Delete logs after 30 days to save costs.
D.Transition to S3 Standard-IA after 30 days, then to S3 Glacier Deep Archive after 1 year, and delete after 3 years.
AnswerD

D is correct: balances access and long-term archival costs.

Why this answer

Option D is correct: transition to S3 Standard-IA after 30 days, then to S3 Glacier Deep Archive after 1 year, and expire after 3 years. Option A is incorrect because immediate transition to Glacier may incur retrieval costs. Option B is incorrect because S3 One Zone-IA is not durable enough for compliance.

Option C is incorrect because deleting after 30 days violates retention.

62
MCQmedium

An SAP environment on AWS consists of several EC2 instances running SAP NetWeaver and a separate HANA database instance. The system is using an Application Load Balancer (ALB) to distribute traffic to the web dispatchers. Recently, the ALB health checks are failing for one of the web dispatchers, causing it to be taken out of service. You investigate and find that the web dispatcher is running and can be reached directly via its private IP. The health check is configured to check the /sap/public/health endpoint. What is the most likely reason for the health check failure?

A.The security group for the web dispatcher does not allow traffic from the ALB.
B.The web dispatcher is configured to redirect HTTP requests to HTTPS, and the health check is using HTTP.
C.The web dispatcher instance is running out of memory, causing slow responses.
D.The web dispatcher has multiple IP addresses and the health check targets the wrong one.
AnswerB

A redirect response (3xx) is considered unhealthy by ALB; the health check should use HTTPS or the web dispatcher should not redirect.

Why this answer

Option A is correct because the health check endpoint must return a 200 OK response. If the web dispatcher returns a redirect (3xx) to a login page, the ALB considers it unhealthy. Option B (security group) would affect direct access as well.

Option C (instance size) is unrelated. Option D (multiple IPs) is not typical for a single instance.

63
MCQmedium

A company runs a critical SAP application on an SAP HANA database in a single Availability Zone on AWS. The database is 2 TB in size. The company needs to implement a disaster recovery (DR) strategy with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. The DR region must be in a different AWS Region. Which solution meets these requirements with the LEAST operational overhead?

A.Configure SAP HANA System Replication (HSR) in a multitier setup with a primary in the source region and a synchronous secondary in the DR region. Use HANA takeover for failover.
B.Use AWS Database Migration Service (DMS) to continuously replicate data from the HANA database to a HANA database in the DR region.
C.Deploy a second HANA node in a different Availability Zone in the same region and configure HANA System Replication. Use AWS Global Accelerator to route traffic to the standby.
D.Use AWS Backup to schedule daily snapshots of the HANA database and copy them to the DR region. In the event of a disaster, restore the latest snapshot to a new HANA instance.
AnswerA

HSR with synchronous replication provides low RPO and RTO, and is a standard SAP DR solution.

Why this answer

Option B is correct because HANA System Replication with a standby in another region provides automatic sync replication with RPO of seconds and RTO of minutes, meeting the requirements. Option A is wrong because manual snapshots have higher RPO and RTO. Option C is wrong because DMS does not support HANA as a source for continuous replication.

Option D is wrong because HSR with a single-node standby in another AZ does not provide cross-region DR.

64
MCQeasy

A company wants to migrate an on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 10 Gbps network connection to AWS. The migration must have minimal downtime. Which AWS service should be used for the initial data load?

A.Amazon S3 Transfer Acceleration to upload the database dump, then restore to RDS.
B.AWS Database Migration Service (DMS) with ongoing replication.
C.AWS Storage Gateway to replicate the database files to Amazon S3, then restore to RDS.
D.AWS Snowball Edge to ship the data physically, then import to RDS.
AnswerB

DMS supports full load plus change data capture (CDC) for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) with ongoing replication is the correct choice because it supports a full load of the 2 TB Oracle database followed by continuous change data capture (CDC) to keep the target RDS instance synchronized with minimal downtime. The 10 Gbps network connection is sufficient for the initial load, and DMS handles schema conversion, data validation, and resumable transfers natively, making it ideal for a near-zero-downtime migration.

Exam trap

The trap here is that candidates often choose Snowball Edge for large datasets without considering the minimal downtime requirement, forgetting that physical shipping introduces hours or days of latency and cannot provide ongoing replication, while DMS with CDC is the only option that keeps the source online during migration.

How to eliminate wrong answers

Option A is wrong because S3 Transfer Acceleration only speeds up uploads to S3 over the public internet but does not provide ongoing replication or CDC; restoring a dump from S3 to RDS would require taking the source database offline for the entire dump and restore process, violating the minimal downtime requirement. Option C is wrong because AWS Storage Gateway is designed for hybrid storage (e.g., file shares, volume backups) and cannot replicate live Oracle database changes or perform CDC; it would only copy static database files, requiring a full outage for the initial copy and lacking incremental sync. Option D is wrong because AWS Snowball Edge is a physical data transfer device intended for large datasets over slow or unreliable networks; while it can move 2 TB, the shipping time (days) and the need to stop writes during data extraction make it unsuitable for minimal downtime, and it does not support ongoing replication.

65
MCQmedium

A company is migrating its SAP landscape to AWS and wants to ensure that all SAP systems can communicate with each other using private IP addresses only. The systems are deployed in multiple VPCs. Which AWS solution should be used to enable private connectivity between these VPCs?

A.VPC Peering.
B.VPC Endpoints.
C.AWS Site-to-Site VPN.
D.AWS Direct Connect.
AnswerA

VPC Peering enables private routing between VPCs.

Why this answer

Option B is correct because VPC Peering allows direct private IP connectivity between VPCs. Option A (VPN) is used for on-premises to VPC. Option C (Direct Connect) is for dedicated connection to on-premises.

Option D (VPC Endpoint) is for accessing AWS services privately.

66
MCQmedium

A security engineer is troubleshooting an issue where a cross-account IAM role (arn:aws:iam::123456789012:role/CrossAccountRole) is unable to upload objects to an S3 bucket (my-bucket) owned by another account. The bucket policy is shown above. What is the MOST likely reason for the failure?

A.The IAM role does not specify the x-amz-acl header with value bucket-owner-full-control in its PutObject request.
B.The S3 bucket has versioning enabled, which requires additional permissions.
C.The resource ARN in the bucket policy is incorrect; it should be arn:aws:s3:::my-bucket/*.
D.The bucket policy does not grant the s3:PutObject permission to the IAM role.
AnswerA

The bucket policy condition requires this header; without it, the request is denied.

Why this answer

The bucket policy grants s3:PutObject to the IAM role, but when objects are uploaded cross-account, the object ACL defaults to the uploading account's full control. Without the `x-amz-acl: bucket-owner-full-control` header, the bucket owner (target account) does not own the object and may not be able to manage or delete it. The IAM role must explicitly set this header in the PutObject request to transfer object ownership to the bucket owner, otherwise the upload fails with an AccessDenied error.

Exam trap

The trap here is that candidates assume the bucket policy alone is sufficient for cross-account uploads, overlooking the requirement for the `bucket-owner-full-control` ACL header to transfer object ownership to the bucket owner.

How to eliminate wrong answers

Option B is wrong because enabling versioning does not require additional permissions for PutObject; versioning affects object version IDs but does not block uploads due to ownership issues. Option C is wrong because the resource ARN `arn:aws:s3:::my-bucket` is correct for granting permissions on the bucket itself; the wildcard `/*` is needed only for object-level operations, but the policy already uses `arn:aws:s3:::my-bucket/*` in the Resource element (the question states the bucket policy is shown above, and the correct ARN is used). Option D is wrong because the bucket policy does grant s3:PutObject to the IAM role; the failure is not due to missing permission but due to missing ACL header.

67
MCQeasy

An SAP system running on AWS is experiencing high CPU usage on the application server during peak hours. The system is already using the largest instance type available in the current generation. What is the most cost-effective solution to handle the peak load?

A.Upgrade to a larger instance type from a different instance family
B.Purchase Reserved Instances to reduce cost and allocate more resources
C.Add an additional SAP application server in the same Availability Zone
D.Use Auto Scaling to automatically add instances during peak hours
AnswerC

Horizontal scaling distributes load across multiple servers.

Why this answer

Option B is correct because adding an additional application server distributes the load horizontally. Option A is incorrect because vertical scaling is not possible if max instance already used. Option C is incorrect because buying reserved instances does not solve peak CPU issue.

Option D is incorrect because enabling Auto Scaling for app tier but without additional instances it doesn't help.

68
MCQeasy

An SAP administrator needs to migrate an on-premises SAP ERP system to AWS. The current system runs on a single Windows Server with SQL Server and uses 2 TB of storage. The migration must minimize downtime and use native AWS tools. Which service should be used to replicate the on-premises server to AWS?

A.AWS CloudFormation
B.AWS Snowball
C.AWS Database Migration Service (DMS)
D.AWS Server Migration Service (SMS)
AnswerD

SMS replicates entire server volumes to AWS, minimizing downtime.

Why this answer

Option B is correct: AWS Server Migration Service (SMS) is designed to replicate on-premises servers to AWS, supporting Windows and SQL Server. Option A is wrong: AWS CloudFormation is for infrastructure as code, not replication. Option C is wrong: AWS DMS is for database migration, but doesn't replicate the full server.

Option D is wrong: AWS Snowball is for offline data transfer, not continuous replication.

69
MCQeasy

A company is deploying SAP S/4HANA on AWS and needs to choose the storage for the HANA data volume. Which EBS volume type provides the highest consistent IOPS for this workload?

A.EBS io2 Block Express
B.EBS gp3
C.EBS io1
D.EBS st1
AnswerA

io2 Block Express offers up to 256,000 IOPS.

Why this answer

Option A is correct because io2 Block Express provides the highest IOPS of the listed types. Option B (io1) is older. Option C (st1) is throughput-optimized.

Option D (gp3) offers baseline performance but lower max IOPS.

70
MCQeasy

A company is running SAP BusinessObjects on AWS. The application is deployed on EC2 instances with an Application Load Balancer. Users are reporting that the application is sometimes unreachable. What is the most likely cause?

A.The target group health checks are failing intermittently on the EC2 instances.
B.The security group for the instances is not allowing traffic from the load balancer.
C.The load balancer is not configured with sticky sessions.
D.The Route 53 TTL is too short for DNS resolution.
AnswerA

Unhealthy instances are removed from the load balancer, causing connection failures.

Why this answer

Intermittent unreachability of an application behind an Application Load Balancer (ALB) is most commonly caused by health checks failing on the target EC2 instances. When health checks fail intermittently, the ALB will periodically mark the instances as unhealthy and stop routing traffic to them, causing the application to become unreachable during those windows. This matches the symptom of 'sometimes unreachable' rather than a persistent failure.

Exam trap

The trap here is that candidates often confuse intermittent reachability with misconfigured security groups or DNS, but the key phrase 'sometimes unreachable' points directly to a dynamic health check failure rather than a static configuration error.

How to eliminate wrong answers

Option B is wrong because if the security group for the instances were not allowing traffic from the load balancer, the application would be persistently unreachable, not intermittent. Option C is wrong because sticky sessions (session affinity) affect which instance handles a user's session, not overall reachability of the application. Option D is wrong because a short Route 53 TTL affects how quickly DNS changes propagate, not the real-time reachability of an already-resolved endpoint; DNS resolution is cached by clients and intermediate resolvers, so a short TTL would not cause intermittent unreachability.

71
MCQeasy

A company wants to ensure that their SAP HANA database backups are stored securely and can be retained for 7 years for compliance. Which AWS service should they use to archive the backups?

A.Amazon EBS Snapshots
B.Amazon S3 Glacier Deep Archive
C.Amazon S3 Intelligent-Tiering
D.Amazon S3 Standard
AnswerB

Glacier Deep Archive provides the lowest cost for 7-year retention, meeting compliance requirements.

Why this answer

Option B is correct because S3 Glacier Deep Archive is the lowest-cost storage for long-term archival with retrieval times of 12 hours. Option A is wrong because S3 Standard is for frequent access, not archival. Option C is wrong because EBS Snapshots are incremental and not designed for long-term archival with compliance.

Option D is wrong because S3 Intelligent-Tiering is for data with unknown access patterns, not purely archival.

72
MCQeasy

An SAP administrator runs the AWS CLI command shown in the exhibit. What does the output indicate about the RDS instance my-sap-db?

A.The database is idle because CPU utilization is low.
B.The database experienced high memory usage.
C.The database CPU utilization spiked to 85.3% at 00:10 UTC.
D.The database had a high number of connections.
AnswerC

C is correct: the data shows a spike.

Why this answer

Option C is correct: The data points show CPU utilization averages over 5-minute intervals. The second point shows 85.3%, indicating a spike. Option A is incorrect because the command does not show memory metrics.

Option B is incorrect because the command does not show connections. Option D is incorrect because the data shows CPU utilization, not database activity.

73
MCQhard

An SAP administrator notices that the SAP HANA database performance has degraded significantly during peak hours. The HANA instance is running on an r5.8xlarge EC2 instance with EBS gp2 volumes. Monitoring shows high I/O wait times on the data volume. Which change is MOST likely to improve performance?

A.Enable Multi-AZ deployment for SAP HANA.
B.Upgrade the EC2 instance to a larger size like r5.16xlarge.
C.Change the EBS volume type from gp2 to gp3 with 3000 IOPS.
D.Use Amazon EBS io2 Block Express volumes with high IOPS.
AnswerD

io2 volumes provide consistent low-latency performance suitable for HANA workloads.

Why this answer

Option D is correct because switching to io2 volumes with provisioned IOPS provides consistent low-latency I/O, solving high I/O wait. Option A (increasing instance size) may not address I/O bottleneck. Option B (gp3) is better than gp2 but still burstable.

Option C (enable Multi-AZ) does not improve I/O performance.

74
MCQeasy

An SAP system needs to store audit logs for 7 years to meet compliance requirements. The logs are accessed rarely. Which storage class is MOST cost-effective?

A.Amazon S3 Standard
B.Amazon S3 Glacier Deep Archive
C.Amazon S3 One Zone-Infrequent Access
D.Amazon S3 Intelligent-Tiering
AnswerB

Glacier Deep Archive is the lowest cost for long-term archival with retrieval times of hours.

Why this answer

Option D is correct because S3 Glacier Deep Archive is the lowest cost for long-term archival. Option A is incorrect because S3 Standard is for frequently accessed data. Option B is incorrect because S3 Intelligent-Tiering incurs monitoring costs.

Option C is incorrect because S3 One Zone-IA is for infrequent access but not archival.

75
MCQmedium

Refer to the exhibit. An IAM policy is attached to an IAM user. Which EC2 instance can the user terminate?

A.Only instance i-1234567890abcdef0
B.Any instance with tag 'Environment:Production'
C.None, because the Deny statement overrides the Allow for that instance
D.Any instance in the account
AnswerC

Explicit Deny always wins over Allow.

Why this answer

Option D is correct because the explicit Deny for all instances (*) overrides the Allow for the specific instance i-1234567890abcdef0, as Deny always wins. Option A is incorrect because the Deny applies to all instances. Option B is incorrect because the Deny covers all instances.

Option C is incorrect because the Deny is explicit and overrides any Allow.

Page 1 of 6 · 412 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Technology questions.