CCNA Technology Questions

75 of 412 questions · Page 3/6 · Technology · Answers revealed

151
MCQeasy

An SAP administrator needs to provide temporary, time-limited access to an S3 bucket containing SAP backup files for an external auditor. The auditor should be able to download files from the bucket. Which method provides the most secure way to grant access?

A.Create an IAM user with read-only access to the bucket and share the credentials with the auditor.
B.Provide the auditor with the root user credentials of the AWS account.
C.Make the bucket publicly readable and share the bucket URL.
D.Generate a presigned URL for each file the auditor needs to download.
AnswerD

Presigned URLs are time-limited and scoped to specific objects.

Why this answer

Option C is correct: Generate a presigned URL that provides temporary access to a specific object. It is secure because permissions are time-limited and scoped to a single object. Option A is wrong: Creating an IAM user for the auditor is not time-limited and requires managing credentials.

Option B is wrong: Making the bucket public is insecure. Option D is wrong: Sharing AWS credentials is a security risk.

152
MCQhard

An organization uses AWS Systems Manager to run automation documents on their SAP EC2 instances. Recently, some automation runbooks have failed because the EC2 instances did not have the required SSM Agent version. The operations team wants to ensure all existing and future instances automatically have the latest SSM Agent. Which solution meets this requirement?

A.Use an automation document to update the SSM Agent and schedule it via a cron job on each instance.
B.Enable the 'Auto-update SSM Agent' option in the EC2 launch settings for all instances.
C.Configure AWS Systems Manager Patch Manager to update the SSM Agent.
D.Create an AWS Systems Manager State Manager association that runs the AWS-UpdateSSMAgent document on the instances.
AnswerD

State Manager ensures compliance and automatic updates.

Why this answer

Option B is correct because the AWS-UpdateSSMAgent document can be used as a step in State Manager associations to update the agent on targeted instances. Option A is incorrect because running the document manually does not provide automation. Option C is incorrect because the SSM Agent is automatically updated by default only for new instances in certain regions, but not guaranteed.

Option D is incorrect because patching is for OS updates, not SSM Agent.

153
Multi-Selecthard

A company runs its SAP HANA database on an EC2 instance with EBS volumes. The database requires consistent high IOPS and low latency. The system is currently using EBS gp2 volumes, but performance is inconsistent during peak loads. Which TWO steps should the administrator take to improve storage performance? (Choose 2)

Select 2 answers
A.Increase the size of the existing gp2 volumes to increase baseline IOPS.
B.Take regular EBS snapshots to improve performance.
C.Configure multiple EBS volumes in a RAID 0 stripe set.
D.Migrate to EBS io2 Block Express volumes with provisioned IOPS.
E.Enable EBS-optimized on the EC2 instance.
AnswersC, D

D is correct: striping increases aggregate IOPS.

Why this answer

Options B and D are correct. B: io2 Block Express provides consistent high IOPS. D: Configuring multiple EBS volumes in a RAID 0 striping can increase throughput.

A is incorrect because increasing gp2 size only increases baseline IOPS but not consistently. C is incorrect because EBS-optimized instances are enabled by default for current generation. E is incorrect because snapshots degrade performance during creation.

154
MCQhard

A company runs its SAP Business Suite on AWS with an Oracle database on an EC2 instance. The database is stored on multiple EBS volumes configured as a RAID 0 array. The company wants to migrate the database to SAP HANA on a new EC2 instance. The SAP HANA instance will use EBS volumes for data and log storage. The current Oracle database size is 500 GB. The company needs to minimize downtime during the migration. Which migration strategy should they use?

A.Use AWS Application Migration Service to migrate the entire EC2 instance.
B.Use SAP HANA System Replication to replicate data from the source Oracle database to the target HANA database.
C.Export the Oracle database to a flat file and import into SAP HANA.
D.Use AWS Database Migration Service (DMS) to migrate from Oracle to SAP HANA.
AnswerB

System replication allows near-zero downtime.

Why this answer

Option A is correct: Using SAP HANA System Replication with initial load from backup is the standard low-downtime method. Option B is wrong because DMS does not support SAP HANA as a target for homogeneous migration. Option C is wrong because AWS Application Migration Service is for server migration, not database.

Option D is wrong because a manual export/import requires significant downtime.

155
Multi-Selecthard

A company is migrating a legacy three-tier web application to AWS. The application uses a MySQL database and stores session data in the database. The company wants to minimize database load and improve scalability. Which TWO actions should the company take to achieve these goals?

Select 2 answers
A.Configure Amazon RDS Multi-AZ for high availability.
B.Use Auto Scaling for the web server tier to handle variable traffic.
C.Use Amazon ElastiCache to store session data instead of the database.
D.Use Amazon RDS read replicas to offload read traffic from the primary database.
E.Use Amazon ElastiCache to cache frequently accessed database queries.
AnswersC, E

Storing session data in ElastiCache reduces database write load and improves performance.

Why this answer

Option C is correct because storing session data in the database creates unnecessary write load and latency. Amazon ElastiCache (Memcached or Redis) provides an in-memory key-value store that is ideal for transient session data, reducing database load and improving application scalability by offloading session management from the persistent MySQL layer.

Exam trap

The trap here is that candidates often confuse high-availability features (Multi-AZ) or read-scaling (read replicas) with load reduction, failing to recognize that session data is write-heavy and requires a dedicated in-memory store like ElastiCache to truly minimize database load.

156
Multi-Selecthard

An SAP application on AWS needs to be migrated to a new virtual private cloud (VPC). The SAP system uses SAProuter to connect to SAP support. Which THREE components must be updated or re-configured during the migration to ensure uninterrupted connectivity?

Select 3 answers
A.Adjust the S3 bucket policy to allow access from the new VPC.
B.Update the Amazon Route 53 DNS records for the SAP application and database servers.
C.Modify the SAProuter configuration (e.g., saprouttab) to use the new IP address or hostname of the SAProuter instance.
D.Recreate IAM roles for the SAP application servers.
E.Update security group rules and network ACLs to allow SAP traffic in the new VPC.
AnswersB, C, E

When instances are migrated to a new VPC, their private IP addresses may change; DNS records must be updated to maintain name resolution.

Why this answer

Options A, C, and D are correct. Security groups and network ACLs control traffic at the instance and subnet level; they must be updated for the new VPC. The SAProuter configuration includes the SAProuter IP address or hostname; if the SAProuter instance gets a new IP in the new VPC, the connection string (e.g., in saprouttab) must be updated.

DNS entries in Amazon Route 53 must be updated to reflect new IP addresses of SAP application servers. Option B is incorrect because IAM roles are not tied to VPC and remain valid. Option E is incorrect because the S3 bucket policy does not change due to VPC migration unless bucket names or ARNs change.

157
Multi-Selectmedium

Which TWO of the following are valid strategies to improve the availability of an SAP HANA database on AWS?

Select 2 answers
A.Implement automatic failover using SAP HANA System Replication.
B.Use Amazon RDS for HANA with Multi-AZ deployment.
C.Take daily snapshots of the HANA data volume.
D.Configure SAP HANA System Replication across two Availability Zones.
E.Use a larger EC2 instance type for the HANA server.
AnswersA, D

Automatic failover is a key HA feature.

Why this answer

Option A is correct: Multi-AZ HSR provides synchronous replication for failover. Option C is correct: Automatic failover with HSR in same region is a high availability pattern. Option B is wrong because HANA doesn't support Multi-AZ on RDS.

Option D is wrong because backup is for disaster recovery, not high availability. Option E is wrong because large instance does not provide availability.

158
MCQhard

An SAP HANA database on AWS requires a backup strategy that includes incremental backups to minimize storage costs. The database is large (2 TB) and the backup window is short. Which AWS service or feature is most suitable for performing incremental backups of SAP HANA?

A.Amazon S3 Lifecycle policies
B.AWS Backup
C.SAP HANA backup to Amazon S3
D.Amazon EBS Snapshots
AnswerD

EBS Snapshots are incremental and capture only changed blocks, ideal for large databases.

Why this answer

Option B is correct because Amazon EBS Snapshots are incremental, capturing only changed blocks. Option A is wrong because AWS Backup uses EBS snapshots but adds overhead. Option C is wrong because S3 Lifecycle policies manage object transitions, not backups.

Option D is wrong because HANA backup to S3 requires full backups typically.

159
MCQhard

A company is designing a disaster recovery (DR) strategy for SAP on AWS. The primary region is us-east-1 and the DR region is us-west-2. The SAP HANA database is 2 TB. The recovery point objective (RPO) is 15 minutes and the recovery time objective (RTO) is 4 hours. Which solution meets these requirements most cost-effectively?

A.HANA System Replication in synchronous mode
B.Log shipping to an S3 bucket in DR region
C.HANA System Replication in asynchronous mode
D.EBS snapshot replication to DR region using AWS Backup
AnswerC

Async replication over long distance meets RPO of 15 minutes and RTO of 4 hours.

Why this answer

HANA system replication in sync mode over a reasonable distance (us-east-1 to us-west-2) can achieve sub-15 minute RPO. However, latency may cause performance impact. Async mode is typically used for long distance.

Option A (HANA System Replication in async mode) meets RPO and RTO cost-effectively. Option B (sync mode) may not be feasible due to latency. Option C (EBS snapshots) has higher RPO.

Option D (RTO too high).

160
Multi-Selecteasy

A company wants to monitor the performance of its SAP HANA database on AWS. Which THREE Amazon CloudWatch metrics should be monitored to ensure optimal database performance?

Select 3 answers
A.NetworkIn
B.CPUCreditBalance
C.EBSIOBalance%
D.DiskReadOps
E.MemoryUtilization
AnswersA, B, C

Monitors incoming network traffic to the instance.

Why this answer

CPUCreditBalance indicates if the instance is using burstable CPU. EBSIOBalance% shows I/O credit balance for EBS volumes. NetworkIn/Out monitor network traffic.

These are key for HANA performance. MemoryUtilization is not a standard CloudWatch metric (needs custom agent). DiskReadOps is also not standard.

161
MCQeasy

A company is running SAP HANA on an EC2 instance with an EBS volume for data storage. The company wants to take daily snapshots of the EBS volume for backup. However, they are concerned about data consistency because the database is running. What should they do to ensure consistent snapshots?

A.Freeze the filesystem using fsfreeze before taking the snapshot.
B.Stop the EC2 instance before taking the snapshot.
C.Use AWS Backup with pre-scripts and post-scripts to quiesce SAP HANA.
D.Take the snapshot while the database is running without any preparation.
AnswerC

AWS Backup can run scripts to ensure application consistency.

Why this answer

Option B is correct: Using AWS Backup with application-consistent snapshots ensures data consistency by coordinating with the OS and database. Option A is wrong because simply freezing the filesystem is not sufficient without application awareness. Option C is wrong because taking snapshot while database is running may result in inconsistent state.

Option D is wrong because stopping the instance causes downtime.

162
MCQeasy

A company wants to automate the creation of an SAP application server in AWS. Which AWS service is best suited for this task?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS CodeDeploy
D.AWS OpsWorks
AnswerB

Infrastructure as code to automate resource creation.

Why this answer

Option A is correct because AWS CloudFormation allows you to define infrastructure as code, automating the creation of EC2 instances, networking, and other resources needed for SAP. Option B is wrong because OpsWorks is for Chef/Puppet, not typically used for SAP. Option C is wrong because Elastic Beanstalk is for web applications, not SAP.

Option D is wrong because CodeDeploy deploys application code, not infrastructure.

163
MCQmedium

A company is running SAP HANA on AWS and wants to encrypt the EBS volumes at rest. The company requires key rotation and audit logging of key usage. Which solution should be used?

A.Use AWS Certificate Manager
B.Use AWS CloudHSM to manage keys
C.Use S3 server-side encryption
D.Use EBS encryption with AWS KMS
AnswerD

KMS provides key rotation and CloudTrail logging for key usage.

Why this answer

Amazon EBS encryption with AWS KMS provides key management, rotation, and audit logging. S3 server-side encryption does not apply to EBS. AWS CloudHSM is for hardware-based key management but does not provide automatic key rotation.

AWS Certificate Manager is for SSL/TLS certificates.

164
MCQhard

An SAP system on AWS uses a shared file system (e.g., /sapmnt) that must be accessible from multiple EC2 instances. Which storage solution provides the highest availability and scalability?

A.Amazon EFS
B.Amazon S3 with S3 File Gateway
C.AWS Storage Gateway file gateway
D.Amazon EBS with multi-attach enabled
AnswerA

EFS provides a scalable NFS file system with automatic replication across AZs, ideal for /sapmnt.

Why this answer

Option C is correct because Amazon EFS provides a fully managed, scalable NFS file system with high availability across multiple AZs. Option A is wrong because EBS volumes can only be attached to one instance at a time unless using multi-attach (limited). Option B is wrong because S3 does not support POSIX file system semantics required by SAP.

Option D is wrong because a standalone EBS volume with multi-attach has limitations and is less scalable.

165
Multi-Selectmedium

A company runs an SAP HANA database on an EC2 instance with a 2 TB EBS gp3 volume. The instance type is r5.8xlarge. To improve disk performance for high-throughput write operations, the SAP administrator wants to increase IOPS. Which TWO actions should the administrator take to achieve the required IOPS? (Choose two.)

Select 2 answers
A.Configure the instance to use T2 unlimited credits.
B.Change the volume type to st1 (throughput optimized HDD).
C.Modify the volume to provision additional IOPS up to 16,000.
D.Enable EBS optimization on the EC2 instance.
E.Increase the EBS volume size to increase baseline IOPS.
AnswersC, E

gp3 allows independent IOPS provisioning.

Why this answer

Option A (increase volume size) is correct because gp3 volumes have a baseline IOPS-to-GiB ratio of 3 IOPS/GiB; increasing size increases baseline IOPS. Option E (modify IOPS) is correct because gp3 allows provisioning up to 16,000 IOPS independently of size. Option B is wrong because switching to st1 is for throughput-optimized workloads, not for high IOPS.

Option C is wrong because EBS optimization is enabled by default on r5 instances. Option D is wrong because Nitro T2 credits are not related to EBS performance.

166
MCQeasy

A company wants to migrate its SAP ERP system from on-premises to AWS using the SAP Application Performance Standard (SAPS) sizing approach. The current on-premises system has a SAPS rating of 15,000. The company needs to select an EC2 instance type that can provide sufficient compute capacity. Which EC2 instance family is most suitable for SAP HANA workloads?

A.c5
B.p3
C.x1e
D.m5
AnswerC

x1e is memory-optimized and certified for SAP HANA.

Why this answer

Option A is correct because SAP HANA is memory-intensive and x1e instances are certified for HANA. Option B is wrong because c5 is compute-optimized, not memory-optimized. Option C is wrong because m5 is general purpose.

Option D is wrong because p3 is GPU-optimized.

167
MCQmedium

Refer to the exhibit. An SAP HANA administrator runs the command to check the attached volume. The volume is attached to an instance but the database is reporting low IOPS. What should the administrator check next?

A.Check if the volume size is sufficient; increase to 1 TB.
B.Check if the EC2 instance is EBS-optimized and has sufficient network bandwidth.
C.Check if the volume type should be changed to gp2 for better burst performance.
D.Check if the instance is using the NVMe driver for the EBS volume.
AnswerB

If the instance is not EBS-optimized, it cannot deliver the provisioned IOPS.

Why this answer

Option D is correct because the volume is io1 with 10,000 IOPS, but the instance may not have EBS-optimized enabled, limiting throughput. Option A is wrong because the volume type is io1, not gp2. Option B is wrong because the volume size (500 GB) does not directly affect IOPS.

Option C is wrong because NVMe driver is for instance store volumes, not EBS.

168
MCQeasy

A company runs an SAP HANA database on an EC2 instance with a single EBS volume. The database is experiencing high I/O latency during peak hours. Which solution would provide consistent, low-latency performance without downtime?

A.Migrate the database to an instance with NVMe instance store volumes.
B.Replace the existing volume with an EBS io2 Block Express volume.
C.Attach an Elastic Fabric Adapter (EFA) to the instance to offload storage I/O.
D.Switch the volume type to EBS gp3 with maximum throughput.
AnswerC

EFA is for inter-instance communication, not storage. This would not help.

Why this answer

Option C is correct because AWS Elastic Fabric Adapter (EFA) is designed for HPC and not storage. Option A (EBS io2 Block Express volumes) provides high performance and can be attached without downtime. Option B (instance store) would require data migration.

Option D (EBS gp3) may not meet latency requirements.

169
Multi-Selecthard

A company runs SAP HANA in a multi-node scale-out configuration on AWS. The system is experiencing network bottlenecks that impact performance. Which AWS services or features can be used to monitor and analyze network performance between the HANA nodes? (Choose THREE.)

Select 2 answers
A.VPC Flow Logs
B.AWS Trusted Advisor
C.Amazon Inspector
D.AWS X-Ray
E.Amazon CloudWatch (Network metrics)
AnswersA, E

VPC Flow Logs capture IP traffic information for network interfaces, useful for analyzing traffic patterns.

Why this answer

VPC Flow Logs capture network traffic metadata. Amazon CloudWatch provides metrics for network throughput and errors. AWS X-Ray traces application requests but not network-level.

AWS Trusted Advisor provides best practices but not detailed analysis. Amazon Inspector is for security assessment.

170
MCQmedium

An SAP system administrator is troubleshooting an issue where the SAP HANA database is using more memory than expected on an Amazon EC2 instance. The instance type is an x1e.32xlarge with 3,904 GB of RAM. The HANA global.ini file includes the parameter 'memorymanager = global'. The administrator suspects that the HANA memory limit is not set correctly. What should the administrator check to confirm the memory limit?

A.Review Amazon CloudWatch metrics for HANA memory usage.
B.Run the SQL statement 'SELECT * FROM M_SERVICE_MEMORY' and compare with 'SELECT VALUE FROM M_INIFILE WHERE KEY='global_allocation_limit'.'
C.Check the output of 'free -g' command on the EC2 instance.
D.Check the 'global_allocation_limit' parameter in the global.ini file.
AnswerB

This shows effective allocation limit and actual usage.

Why this answer

Option C is correct because the effective memory limit is determined by the minimum of the global allocation limit and the physical memory. Option A is wrong because only checking the configuration file does not show effective limit. Option B is wrong because CloudWatch metrics show usage, not limit.

Option D is wrong because 'free -g' shows OS free memory, not HANA limit.

171
MCQmedium

A company is running an SAP HANA database on an EC2 instance with Amazon EBS volumes. The database is experiencing high write latency. The storage is configured as two gp2 volumes in a RAID 0 stripe. Which change is most likely to improve write performance?

A.Migrate to a RAID 0+1 configuration with four volumes.
B.Replace gp2 volumes with io1 volumes provisioned with sufficient IOPS for the workload.
C.Increase the volume size of each gp2 volume to 1 TB to increase baseline IOPS.
D.Move the data to instance store volumes attached to the EC2 instance.
AnswerB

io1 volumes provide provisioned IOPS, ensuring consistent low latency for write-intensive workloads.

Why this answer

Option C is correct because io1 volumes provide consistent IOPS performance, which is critical for write-heavy workloads like SAP HANA. Option A is wrong because RAID 0+1 increases cost and complexity without significant write benefit. Option B is wrong because increasing volume size increases baseline IOPS but not burst performance.

Option D is wrong because instance store provides ephemeral storage, which is not persistent.

172
MCQhard

A company is migrating its SAP landscape to AWS. They have a mix of production and non-production systems. The SAP systems use a shared storage architecture for transport directories. Which AWS storage solution should be used for the SAP transport directory to provide low-latency access across multiple EC2 instances in the same region?

A.Amazon EFS
B.Amazon EBS with multi-attach
C.Amazon S3 with S3FS
D.Amazon FSx for Windows File Server
AnswerA

Amazon EFS provides a scalable, shared file system accessible from multiple EC2 instances with low latency, ideal for SAP transport directories.

Why this answer

Amazon EFS provides a scalable, shared file system accessible from multiple EC2 instances with low latency, ideal for SAP transport directories. Amazon S3 is object storage, not a file system. Amazon FSx for Windows File Server is for Windows workloads.

Amazon EBS volumes can only be attached to one instance at a time (except for multi-attach, which has limitations).

173
MCQeasy

A company is migrating an SAP ERP system to AWS and needs to connect on-premises users to the SAP application securely. The SAP application is deployed in a VPC private subnet. Which service should be used to provide secure access for remote users?

A.AWS Site-to-Site VPN
B.AWS Transit Gateway
C.AWS Direct Connect
D.AWS Client VPN
AnswerD

Client VPN allows remote users to securely connect to the VPC.

Why this answer

AWS Client VPN provides secure access for individual remote users to resources in a VPC. AWS Direct Connect is for dedicated network connections, Site-to-Site VPN is for site-to-site connectivity, and Transit Gateway is for connecting multiple VPCs and on-premises networks.

174
MCQmedium

A company is running a critical SAP HANA database on AWS. The database administrator wants to ensure that the SAP HANA backup files are stored in a secure, durable, and cost-effective manner. They need to retain backups for 7 years to meet compliance requirements. Which AWS service should be used for long-term backup storage?

A.AWS Backup
B.Amazon S3 Glacier Deep Archive
C.Amazon EBS Snapshots
D.Amazon S3 Standard
AnswerB

Amazon S3 Glacier Deep Archive is the lowest-cost storage class for long-term retention of data that is accessed rarely.

Why this answer

Option B is correct because Amazon S3 Glacier Deep Archive is the most cost-effective storage class for long-term archival of data that is rarely accessed, with a retention period of 7 years. Option A is wrong because Amazon S3 Standard is suitable for frequently accessed data but has higher costs for long-term retention. Option C is wrong because AWS Backup is a service to centralize backups, not a storage class.

Option D is wrong because Amazon EBS Snapshots are block-level backups, not designed for long-term archival with compliance retention.

175
MCQmedium

A company is running a critical SAP HANA database on an EC2 instance with a single EBS volume for /hana/data. They need to ensure high durability and recoverability of the data. Which storage configuration meets SAP best practices?

A.Mount an Amazon EFS filesystem for /hana/data.
B.Configure RAID 0 over multiple EBS volumes for the /hana/data filesystem.
C.Use a single gp3 EBS volume with provisioned IOPS.
D.Use EBS Multi-Attach to attach the same volume to multiple instances.
AnswerB

RAID 0 striping across multiple EBS volumes provides the necessary throughput and IOPS.

Why this answer

SAP HANA requires striped volumes for /hana/data to achieve the required IOPS and throughput. EBS Multi-Attach is not supported for SAP HANA, and a single volume does not provide enough performance. RAID 0 over multiple EBS volumes is the recommended configuration.

176
MCQmedium

An SAP system administrator needs to automate the creation of an SAP HANA database backup and copy it to another AWS Region for disaster recovery. The backup is stored in an Amazon S3 bucket. Which AWS service should be used to replicate the backup to another Region?

A.S3 Cross-Region Replication (CRR)
B.S3 Lifecycle Policies
C.S3 Batch Operations
D.S3 Transfer Acceleration
AnswerA

CRR automatically replicates objects across regions.

Why this answer

S3 Cross-Region Replication (CRR) automatically replicates objects from a source bucket to a destination bucket in a different region. S3 Batch Operations is for bulk actions, S3 Transfer Acceleration speeds up uploads, and S3 Lifecycle Policies manage storage tiers, not replication.

177
MCQhard

An SAP system running on AWS experienced a database failure. The recovery plan uses cross-Region Amazon RDS snapshots. The RPO is 15 minutes and the RTO is 2 hours. Which AWS service should be used to automate snapshot replication across Regions?

A.AWS CloudFormation
B.AWS Backup
C.Amazon RDS automated backups
D.Amazon S3 Cross-Region Replication
AnswerB

AWS Backup can automate cross-Region snapshot copying with scheduled policies.

Why this answer

Option C is correct because AWS Backup can automate cross-Region snapshot copying with scheduling. Option A is incorrect because RDS automated backups are region-specific and cannot be cross-Region. Option B is incorrect because S3 Cross-Region Replication is for objects, not RDS snapshots.

Option D is incorrect because CloudFormation does not automate snapshot replication.

178
MCQeasy

Refer to the exhibit. An SAP administrator is reviewing the block device mappings of an EC2 instance. What is the impact of the DeleteOnTermination setting on /dev/sdf?

A.The volume will persist after the instance is terminated
B.The volume will be automatically deleted after 30 days
C.The volume will be deleted when the instance is terminated
D.The volume is a snapshot of the root volume
AnswerA

The volume will remain and can be attached to another instance.

Why this answer

Option B is correct because DeleteOnTermination is false for /dev/sdf, meaning the volume will persist after the instance is terminated. Option A is incorrect because the volume will not be deleted. Option C is incorrect because the volume is attached, not a snapshot.

Option D is incorrect because the volume will not be automatically deleted.

179
MCQeasy

A company wants to set up an SAP HANA system replication across two AWS Regions for disaster recovery. Which AWS service should they use to achieve the lowest possible recovery point objective (RPO)?

A.Amazon S3 Transfer Acceleration
B.AWS Site-to-Site VPN
C.AWS Direct Connect
D.AWS Global Accelerator
AnswerA

S3 Transfer Acceleration uses AWS edge locations to accelerate uploads, reducing RPO for replication data.

Why this answer

Option B is correct because Amazon S3 Transfer Acceleration uses optimized network paths for fast data transfer, reducing RPO for HANA replication. Option A is wrong because AWS Direct Connect is a private connection but does not inherently accelerate data transfer. Option C is wrong because VPN can be slower and less reliable over long distances.

Option D is wrong because AWS Global Accelerator improves application performance but not specifically for data replication.

180
Multi-Selectmedium

A company is running SAP HANA on AWS and wants to implement a disaster recovery strategy using a standby system in another AWS Region. Which THREE components are essential for this setup?

Select 3 answers
A.Amazon Route53
B.A secondary EC2 instance in the DR Region
C.AWS CloudEndure Migration
D.Cross-Region VPC Peering or Transit Gateway
E.SAP HANA System Replication
AnswersB, D, E

The DR system runs on an EC2 instance.

Why this answer

Option B is correct because a secondary EC2 instance in the DR Region is required to host the standby SAP HANA system. This instance must be sized and configured to match the primary, and it will receive replicated data via SAP HANA System Replication to enable failover.

Exam trap

The trap here is that candidates often confuse AWS CloudEndure Migration (a migration tool) with a disaster recovery solution, but SAP HANA has its own native replication mechanism that must be used for database-level DR, making CloudEndure irrelevant for this specific scenario.

181
MCQhard

An SAP system running on AWS is configured with a Multi-AZ RDS for SAP HANA database. The primary database fails, but the automatic failover does not occur. What is the most likely reason?

A.The Multi-AZ configuration was not paid for
B.The standby instance was not configured with EBS snapshots
C.Multi-AZ is not supported for RDS for SAP HANA
D.The primary instance does not have an Elastic IP attached
AnswerC

RDS for SAP HANA does not support Multi-AZ; use native HANA replication.

Why this answer

Option B is correct because Multi-AZ for RDS for SAP HANA is not supported; RDS for SAP HANA does not have Multi-AZ capability. Option A is incorrect because RDS does not use Elastic IPs. Option C is incorrect because Multi-AZ is not a paid option; it incurs costs but is not disabled by billing.

Option D is incorrect because RDS for HANA does not use EBS snapshots for replication.

182
Multi-Selectmedium

Which TWO AWS services can be used to create a private, low-latency network connection between an on-premises data center and an SAP environment on AWS? (Choose two.)

Select 2 answers
A.VPC peering
B.AWS Site-to-Site VPN
C.AWS Direct Connect
D.AWS Transit Gateway
E.AWS PrivateLink
AnswersB, C

Creates a secure connection over the internet between on-premises and AWS.

Why this answer

Options A and C are correct. AWS Direct Connect provides a dedicated private connection, and AWS VPN provides encrypted tunnels over the internet. Option B is wrong because VPC peering is for VPC-to-VPC.

Option D is wrong because AWS Transit Gateway is a hub for multiple VPCs, not a direct connection. Option E is wrong because PrivateLink is for service access within VPC.

183
MCQhard

An SAP system on AWS is configured with an Application Load Balancer (ALB) for health checks. The ALB marks all targets as unhealthy. The health check path is /sap/public/health.html, and the SAP Web Dispatcher is configured to serve this file. What is the most likely cause of the health check failure?

A.The health check path is incorrect.
B.The security group for the Web Dispatcher does not allow traffic from the ALB.
C.The health check port is wrong.
D.The ALB is in a different VPC.
AnswerB

Security groups must allow inbound traffic from the ALB.

Why this answer

ALB health checks originate from private IP addresses within the VPC. If the SAP Web Dispatcher's security group does not allow inbound traffic from the ALB's security group, the health check requests will be blocked. Path or port issues would also cause failures, but the most common cause is security group misconfiguration.

184
MCQhard

An SAP system uses AWS Direct Connect to connect to on-premises networks. The SAP application servers are in a private subnet with a NAT gateway for outbound internet. The SAProuter instance is behind an Internet-facing Network Load Balancer (NLB). Connections from SAP support to the SAProuter timeout. What is the likely cause?

A.The NLB target group is configured with the wrong protocol or port for SAProuter.
B.The security group for the SAProuter instance does not allow inbound traffic from the NLB.
C.The Direct Connect virtual interface is not advertising the SAProuter's IP address.
D.The NAT gateway does not allow inbound traffic from the internet.
AnswerB

This is a possible cause, but the question asks for the most specific cause given the symptom.

Why this answer

Option D is correct because SAProuter requires TCP port 3298 to be open. Option A (NAT gateway) is for outbound traffic. Option B (Direct Connect) is for on-premises.

Option C (security group) is important but not the most specific cause.

185
MCQhard

A company runs SAP HANA on AWS using a scale-up configuration. The system is experiencing high CPU utilization on the HANA server during peak load. The SAP administrator wants to add more CPU resources without disruption. Which action should be taken?

A.Add an additional HANA node to create a scale-out configuration and distribute the load.
B.Enable Multi-AZ deployment for high availability.
C.Change the EC2 instance type to a larger size using the AWS Management Console.
D.Increase the provisioned IOPS on the EBS volumes.
AnswerA

Scale-out can be added online if using HANA system replication, but involves new instances. However, among options, this is the only one that adds CPU without stopping existing instance (though new instances needed).

Why this answer

Option B is correct because resizing an EC2 instance (changing the instance type) requires stopping the instance, which causes disruption. HANA scale-out (adding nodes) can be done online with HANA system replication, but requires additional instances. Option A (change instance type) requires stop/start.

Option C (add EBS) does not add CPU. Option D (multi-AZ) is for HA.

186
MCQeasy

A company needs to set up a disaster recovery solution for SAP on AWS with a Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 2 hours. Which strategy is most appropriate?

A.Deploy all SAP components in a single AWS Region.
B.Use cross-region backup and restore with AWS Backup.
C.Use Multi-AZ deployment for the database.
D.Set up a pilot light environment with database replication.
AnswerB

Backups to S3 can be restored in another region within RPO/RTO.

Why this answer

Option B is correct because using backups to S3 and restoring in another region can meet the RPO and RTO with proper planning. Option A is wrong because a single region cannot provide DR if the region fails. Option C is wrong because Multi-AZ is for HA, not DR across regions.

Option D is wrong because pilot light with replication can meet RPO/RTO but is more complex; however, backup/restore is simpler and can meet the targets if automated.

187
MCQhard

A company runs SAP on EC2 instances in a private subnet. The instances need to download patches from the internet but must not be directly accessible from the internet. Which configuration meets these requirements?

A.Place a proxy server on a bastion host in a public subnet
B.Attach an Internet Gateway to the VPC and add a route to the private subnet
C.Use a VPN connection to the on-premises network and route internet traffic through it
D.Deploy a NAT Gateway in a public subnet and route traffic from the private subnet to it
AnswerD

NAT Gateway enables outbound internet traffic while blocking inbound.

Why this answer

Option C is correct because a NAT Gateway in a public subnet allows outbound traffic while blocking inbound. Option A is incorrect because an Internet Gateway allows inbound traffic. Option B is incorrect because a VPN does not provide internet access.

Option D is incorrect because a Proxy on a bastion host is more complex and less secure.

188
Multi-Selecthard

An SAP system is deployed on EC2 instances in a VPC. The security team requires that all traffic between the SAP application and database tiers must be encrypted in transit. Which TWO actions should be taken to meet this requirement? (Choose two.)

Select 2 answers
A.Attach an Internet Gateway to the VPC
B.Configure SSL/TLS certificates on the database and application servers
C.Restrict security group rules to only allow traffic from the application tier
D.Create a VPC Peering connection between the subnets
E.Use network ACLs to allow only database traffic
AnswersB, C

SSL/TLS encrypts data in transit between tiers.

Why this answer

Options A and D are correct: an SSL/TLS certificate enables encryption, and security group rules should restrict traffic to only necessary ports. Option B is incorrect because NACLs are stateless and do not encrypt traffic. Option C is incorrect because VPC Peering does not encrypt traffic by itself.

Option E is incorrect because Internet Gateway is for internet traffic.

189
Multi-Selectmedium

A company is deploying SAP S/4HANA on AWS and needs to choose a storage solution for the HANA data volume that provides high IOPS and low latency. Which TWO storage options are suitable? (Choose TWO.)

Select 2 answers
A.Amazon EBS gp2 volumes
B.Amazon EC2 instance store (NVMe SSD)
C.Amazon EBS io2 Block Express volumes
D.Amazon Elastic File System (EFS)
E.Amazon S3
AnswersB, C

Instance store provides very low latency and high IOPS, but data is ephemeral; often used for /hana/log.

Why this answer

Options B and C are correct. Option B (EBS io2 Block Express) delivers high IOPS and low latency for HANA. Option C (Instance store NVMe SSD) provides very low latency but is ephemeral.

Option A (EBS gp2) is burstable and not suitable for production HANA. Option D (EFS) is file storage with higher latency. Option E (S3) is object storage, not block-level.

190
MCQhard

An SAP system administrator is troubleshooting a high CPU usage issue on an SAP application server (AS) running on an EC2 instance. The administrator suspects that a specific ABAP report is consuming excessive resources. Which AWS service can provide detailed CPU utilization metrics at the process level to confirm the suspicion?

A.AWS CloudTrail
B.Amazon CloudWatch agent with the 'procstat' plugin
C.AWS Systems Manager Inventory
D.AWS Compute Optimizer
AnswerB

The CloudWatch agent can collect per-process CPU, memory, and disk metrics and publish them as custom CloudWatch metrics.

Why this answer

Option B is correct because CloudWatch Agent can collect custom metrics, including per-process CPU utilization, and send them to CloudWatch. Option A (CloudTrail) logs API calls, not OS metrics. Option C (Systems Manager Inventory) collects software inventory, not real-time CPU metrics.

Option D (Compute Optimizer) provides recommendations but not per-process metrics.

191
Multi-Selecteasy

A company is planning to migrate its SAP environment to AWS. The SAP landscape includes development, test, and production systems. The company wants to ensure data security and compliance. Which THREE AWS services should the company use to achieve this?

Select 3 answers
A.AWS Key Management Service (KMS) for encryption of EBS volumes and S3 buckets.
B.AWS Identity and Access Management (IAM) for user and role management.
C.AWS Direct Connect for dedicated network connection.
D.AWS CloudTrail for auditing API calls.
E.Elastic Load Balancing for distributing traffic.
AnswersA, B, D

KMS provides encryption key management.

Why this answer

Option A is correct because KMS encrypts data at rest. Option C is correct because CloudTrail logs API calls for auditing. Option D is correct because IAM manages access control.

Option B is wrong because Direct Connect is for connectivity, not security. Option E is wrong because Elastic Load Balancing is for traffic distribution.

192
MCQeasy

A company is implementing SAP HANA on AWS and needs to ensure that the storage configuration meets the required IOPS and throughput. The SAP HANA system uses a scale-out architecture with multiple worker nodes. Which type of Amazon EBS volume is recommended for the /hana/data and /hana/log volumes in a production environment?

A.Throughput Optimized HDD (st1)
B.General Purpose SSD (gp2 or gp3)
C.Provisioned IOPS SSD (io1 or io2)
D.Cold HDD (sc1)
AnswerC

Provides consistent low-latency performance required for HANA.

Why this answer

For SAP HANA, AWS recommends Provisioned IOPS (io1 or io2) volumes for /hana/data and /hana/log to ensure consistent high performance. Option B is correct. gp2/gp3 are burstable and may not sustain required performance. st1/sc1 are throughput-optimized and not suitable for HANA data or log.

193
MCQhard

An SAP administrator created the IAM policy shown in the exhibit for a team managing SAP HANA instances. What is the effective permission for the team regarding an EC2 instance with the tag 'Environment=Production'?

A.The team can start, stop, and terminate the instance.
B.The team cannot start, stop, or terminate the instance.
C.The team can only describe the instance.
D.The team can start and stop the instance, but cannot terminate it.
AnswerD

The Deny for TerminateInstances blocks termination.

Why this answer

Option B is correct: Even though the first statement allows TerminateInstances, the second Deny statement explicitly denies the same action for the same condition. An explicit Deny overrides any Allow. Options A, C, D are incorrect because the Deny prohibits termination; start and stop remain allowed.

194
Drag & Dropmedium

Drag and drop the steps to optimize SAP HANA performance by moving to an Amazon RDS for SAP HANA instance into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Performance optimization via RDS migration involves assessment, sizing, data migration, configuration, and testing.

195
Multi-Selecteasy

An SAP administrator needs to set up disaster recovery for an SAP system on AWS. Which TWO AWS services can be used to replicate data across regions?

Select 2 answers
A.Amazon CloudFront
B.Amazon EFS replication
C.Amazon EBS snapshots copied to another region
D.Amazon S3 Cross-Region Replication
E.Amazon RDS read replicas in another region
AnswersC, D

Snapshots can be copied cross-region for volume replication.

Why this answer

Amazon EBS snapshots can be copied to another AWS region, providing a reliable mechanism for disaster recovery of SAP systems by creating point-in-time backups of critical volumes. This allows the SAP administrator to restore the system in a different region if the primary region fails, ensuring data durability and recoverability.

Exam trap

The trap here is that candidates may confuse Amazon RDS read replicas with cross-region disaster recovery replication, but read replicas are designed for read scaling and do not support write operations or failover for SAP systems.

196
MCQeasy

An SAP system administrator needs to grant an external auditor read-only access to view EC2 instance configurations and CloudWatch logs. Which IAM policy should they use?

A.AWS managed policy: SecurityAudit
B.AWS managed policy: ReadOnlyAccess
C.AWS managed policy: AdministratorAccess
D.AWS managed policy: PowerUserAccess
AnswerB

ReadOnlyAccess provides read-only access to all services, suitable for auditors.

Why this answer

Option A is correct because ReadOnlyAccess grants read-only permissions to all AWS services, including EC2 and CloudWatch Logs. Option B is wrong because AdministratorAccess grants full access. Option C is wrong because PowerUserAccess allows creating resources, violating read-only.

Option D is wrong because SecurityAudit is limited to security services.

197
MCQeasy

An administrator is setting up an SAP system on AWS and needs to assign a static private IP address to the SAP application server. Which AWS resource should be used to ensure the private IP address remains the same even after an instance stop/start?

A.VPC endpoint
B.Elastic Network Interface (ENI) with a primary private IP
C.Secondary private IP address on the primary network interface
D.Elastic IP address
AnswerB

An ENI retains its private IP address even when detached or attached to a different instance.

Why this answer

Option C is correct because an Elastic Network Interface (ENI) retains its private IP address and can be attached to an instance. Option A is wrong because Elastic IP is for public IPs. Option B is wrong because a secondary private IP on an ENI can change if not attached.

Option D is wrong because a VPC endpoint is for connecting to AWS services, not for instance IPs.

198
MCQmedium

A company runs SAP on AWS and uses AWS KMS for encryption of EBS volumes. The security team requires that the EBS volumes used for SAP HANA data and log files be encrypted with a customer-managed key. They also want to ensure that the key cannot be deleted. What should the security team do to protect the KMS key?

A.Set a key policy that prevents the kms:ScheduleKeyDeletion action.
B.Use an AWS managed key instead of a customer-managed key.
C.Store the key in AWS Secrets Manager.
D.Enable automatic key rotation.
AnswerA

A key policy can explicitly deny the deletion action.

Why this answer

Option B is correct because enabling key rotation does not prevent deletion; the correct approach is to use a multi-Region key (not relevant) or implement deletion protection via a resource-based policy, but the simplest is to enable deletion protection by setting a key policy that denies deletion. However, among the options, 'Enable automatic key rotation' is a best practice but does not prevent deletion. The actual method to prevent deletion is to set a key policy that denies the kms:ScheduleKeyDeletion action.

Since that is not an option, the closest is to set a key policy to prevent deletion, but it's not listed. Given the choices, option B is the only one that helps with key management but not deletion prevention. The question is flawed; I'll correct: The correct answer is to set a key policy that denies deletion.

None of the options directly say that, so I'll adjust the options. Revised:

199
MCQhard

A company is migrating an SAP ERP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). The solution must use a shared file system for the SAP transport directory. Which combination of AWS services should be used?

A.Amazon FSx for Windows File Server for the transport directory
B.Amazon S3 as the transport directory with two application servers
C.Amazon EFS for the transport directory and two EC2 instances with a floating IP
D.Amazon EBS volumes attached to both ASCS and ERS instances
AnswerC

EFS provides shared NFS; floating IP enables failover for ASCS/ERS.

Why this answer

Option D is correct because Amazon EFS provides a shared NFS file system for the transport directory, and using two EC2 instances in an active/passive configuration with a floating IP (e.g., via Route 53 or Elastic IP reassignment) provides high availability for ASCS/ERS. Option A is incorrect because EBS volumes cannot be attached to multiple instances simultaneously. Option B is incorrect because S3 is not a POSIX-compliant file system for SAP.

Option C is incorrect because Amazon FSx for Windows File Server is for Windows workloads, not Linux SAP.

200
Multi-Selecteasy

Which TWO AWS services are commonly used to monitor the performance of SAP applications and infrastructure?

Select 2 answers
A.AWS X-Ray
B.AWS CloudTrail
C.Amazon CloudWatch
D.AWS Config
E.AWS Trusted Advisor
AnswersA, C

X-Ray helps trace and debug application performance.

Why this answer

Option A (CloudWatch) and Option D (AWS X-Ray) are monitoring services. Option B is wrong because CloudTrail is for auditing. Option C is wrong because Config is for compliance.

Option E is wrong because Trusted Advisor is for best practices.

201
Multi-Selectmedium

A company is planning to migrate a large SAP HANA database to AWS using AWS Snowball Edge devices. The database size is 50 TB and the migration must be completed within a week. Which TWO actions should the company take to ensure a successful migration?

Select 2 answers
A.Use AWS Direct Connect to accelerate data transfer from Snowball Edge to AWS.
B.Order multiple Snowball Edge devices to transfer data in parallel.
C.Split the data into smaller chunks because each Snowball Edge can only hold 10 TB.
D.Copy the data directly to an Amazon S3 bucket using the Snowball Edge client.
E.Compress the HANA data files before loading them onto the Snowball Edge devices.
AnswersB, E

Parallel transfers reduce overall time.

Why this answer

Options A and B are correct: Using multiple Snowball Edge devices in parallel and compressing data before transfer reduce time. Option C is wrong: AWS Direct Connect is not used with Snowball. Option D is wrong: Snowball Edge supports NFS; using S3 would require additional steps.

Option E is wrong: Snowball Edge can handle up to 80 TB per device.

202
MCQhard

A company has deployed SAP BusinessObjects (BO) on AWS using a multi-tier architecture with a Windows-based application server and a SQL Server database hosted on Amazon RDS. The application server is behind an Application Load Balancer (ALB) that handles HTTPS traffic. Users report that sometimes they receive a '502 Bad Gateway' error when accessing the BO web interface. The error occurs intermittently and is not reproducible on demand. The operations team checks the ALB logs and sees that the target response time occasionally exceeds 120 seconds. The BO application has a default timeout of 60 seconds. The team also notices that the ALB idle timeout is set to 60 seconds. What is the most likely cause of the 502 errors?

A.Place an Amazon CloudFront distribution in front of the ALB to cache responses and reduce load.
B.Increase the max_connections parameter in the RDS SQL Server instance.
C.Increase the idle timeout of the Application Load Balancer to 180 seconds.
D.Increase the deregistration delay on the ALB target group to 300 seconds.
AnswerC

The ALB request timeout (idle timeout) can be increased to accommodate longer application processing times, preventing premature connection closure.

Why this answer

Option B is correct. The ALB idle timeout is 60 seconds, but the application sometimes takes longer than 120 seconds to respond. However, the ALB idle timeout is for idle connections, not request processing.

Actually, the ALB has a request timeout (the time it waits for a response from the target). By default, the ALB request timeout is 60 seconds. If the application takes longer than 60 seconds to respond, the ALB will return a 502 error.

The stem says 'ALB idle timeout' but the relevant timeout is the request timeout. The correct answer should be to increase the ALB request timeout to 180 seconds. Option B says 'Increase the idle timeout of the ALB to 180 seconds.' That would actually be the request timeout.

In AWS, the 'idle timeout' for ALB is the maximum time the connection can be idle before the ALB closes it. For request timeout, it's the time the ALB waits for the target to respond. The idle timeout doesn't affect request processing; the request timeout is fixed at 60 seconds and cannot be changed.

That is a trick. Actually, the ALB request timeout is configurable from 1 to 3600 seconds. So Option B is correct.

Option A is wrong because increasing target group deregistration delay doesn't affect 502s. Option C is wrong because CloudFront doesn't help. Option D is wrong because increasing RDS connections doesn't address the timeout.

203
MCQeasy

An organization wants to ensure that its SAP HANA database backups are stored in a separate AWS Region for disaster recovery. The backups are currently stored in Amazon S3 in the primary Region. Which AWS service should be used to replicate the backups to another Region automatically?

A.Amazon S3 Cross-Region Replication (CRR).
B.AWS Storage Gateway with volume gateway.
C.AWS Backup with a cross-region backup plan.
D.Amazon S3 Transfer Acceleration.
AnswerA

S3 CRR automatically replicates objects to another Region.

Why this answer

Option C is correct because S3 Cross-Region Replication is designed to automatically replicate objects to a destination bucket in another Region. Option A (AWS Backup) can copy backups but is not S3-specific and requires additional setup. Option B (S3 Transfer Acceleration) speeds up uploads but does not replicate.

Option D (AWS Storage Gateway) is for on-premises integration.

204
MCQmedium

A company runs SAP S/4HANA on AWS and needs to ensure that the system can automatically recover from an Availability Zone failure. The solution must use synchronous replication for zero data loss. Which AWS architecture meets these requirements?

A.EBS snapshots taken every 5 minutes
B.Multi-AZ RDS for SAP HANA
C.Cluster placement group spanning two AZs
D.SAP HANA System Replication with synchronous replication
AnswerD

Synchronous HSR provides zero RPO and automatic failover across AZs.

Why this answer

Option D is correct because SAP HANA System Replication with synchronous replication across Availability Zones ensures zero data loss and automatic failover. Option A is incorrect because Multi-AZ RDS is not supported for HANA. Option B is incorrect because EBS snapshots are asynchronous and do not provide zero data loss.

Option C is incorrect because cluster placement groups are within a single AZ and do not provide cross-AZ failover.

205
MCQmedium

Refer to the exhibit. An Application Load Balancer is configured to route traffic to an Auto Scaling group of web servers. The health check for the target group is failing. The web servers are healthy and running, but the health check endpoint is returning a 503 status code because the application cannot connect to the database. The database is an Amazon RDS instance in the same VPC. Which action should the solutions architect take to resolve the health check failure?

A.Restart the web server instances to reset the database connection.
B.Change the health check endpoint to a static page that does not require database connectivity.
C.Modify the application's health check endpoint to return a 200 OK status even when the database is unavailable.
D.Increase the health check interval to allow more time for the database to respond.
AnswerB

A static health check page will return 200 even if the database is down, allowing the instance to pass the health check.

Why this answer

Option B is correct because the health check endpoint should validate the web server's ability to serve traffic, not the database's availability. By changing the health check to a static page (e.g., /health.html) that does not depend on database connectivity, the load balancer will correctly assess the web server's health independently. This decouples the health check from the database, preventing cascading failures where a database outage causes all web servers to be marked unhealthy and removed from the target group.

Exam trap

The trap here is that candidates may think the health check must reflect the full application stack (including database connectivity), but AWS best practice is to keep health checks lightweight and independent of external dependencies to prevent cascading failures.

How to eliminate wrong answers

Option A is wrong because restarting the web server instances does not resolve the underlying database connectivity issue; the application will still fail to connect to the database after restart, and the health check will continue to return 503. Option C is wrong because modifying the application to return a 200 OK status even when the database is unavailable would mask a real application failure, causing the load balancer to route traffic to unhealthy servers that cannot serve complete requests, leading to user-facing errors. Option D is wrong because increasing the health check interval does not fix the database connectivity problem; it only delays the detection of the failure, and the health check will still fail when it eventually runs.

206
MCQeasy

Refer to the exhibit. An SAP system administrator checks disk usage on an SAP HANA instance. The /hana/log volume is at 80% usage. What is the recommended course of action to prevent issues?

A.Take a snapshot of the instance and terminate it.
B.Increase the size of the EBS volume for /hana/log and extend the filesystem.
C.Delete old backup files from /hana/log.
D.Move some data from /hana/log to /hana/data.
AnswerB

Increasing volume size provides more space for log files.

Why this answer

SAP HANA requires that the log volume have sufficient free space to avoid transaction log overflow. The best practice is to increase the size of the log volume. Deleting logs manually is risky, and moving data volumes is not appropriate.

The recommended action is to increase the EBS volume size and extend the filesystem.

207
MCQmedium

An administrator runs the AWS CLI command shown and receives the output. The administrator wants to retrieve the private IP address of the ASCS instance using CloudFormation stack outputs. What is the most efficient way to get this IP address?

A.Check the CloudFormation stack events for the private IP.
B.Use the AWS CLI to describe the EC2 instance using the instance ID.
C.Use AWS Systems Manager to find the IP from the instance ID.
D.Modify the CloudFormation template to add the private IP as an output.
AnswerD

Adding the private IP as an output in the template is the most direct way to expose it via CloudFormation.

Why this answer

Option B is correct because CloudFormation stack outputs can be passed as parameter values or referenced in other stacks. The ASCS instance ID is available, but the private IP is not directly in outputs. However, the question asks for 'most efficient way to get this IP address' using CloudFormation.

Option A is incorrect because the output does not include IP. Option C is incorrect because it's a different approach (EC2 API). Option D is incorrect because Systems Manager can get IP but is not using CloudFormation.

208
MCQhard

An SAP administrator created the IAM policy shown above to control access to an S3 bucket used for SAP HANA backups. The policy is attached to an IAM role used by an EC2 instance. The instance fails to upload backups. What is the cause?

A.The policy does not allow encryption (SSE-S3) which is required for backups.
B.The 'aws:SecureTransport' condition in the Deny statement is incorrectly using 'BoolIfExists' instead of 'Bool'.
C.The VPC endpoint ID in the policy does not match the actual endpoint.
D.The Deny statement overrides the Allow statement for all actions.
AnswerB

Using 'BoolIfExists' will deny requests even if the key is absent, which may deny legitimate HTTPS requests if the condition is mis-evaluated. 'Bool' should be used to explicitly check for false.

Why this answer

Option D is correct because the Deny statement for 'aws:SecureTransport': 'false' will deny requests that are not using HTTPS. However, the condition 'BoolIfExists' evaluates to true if the key exists and is false, or if the key does not exist. If the request comes from an EC2 instance, the condition might not be met as expected.

Option A (wrong VPC endpoint) is not relevant. Option B (explicit deny) is not the issue. Option C (lack of encryption) is not enforced by the policy.

209
MCQeasy

An SAP customer has deployed SAP HANA on AWS using an r5.12xlarge instance with 16 EBS io1 volumes for data and log. The system is running in production. The operations team receives an alert that one of the EBS volumes has failed (status check failed). The volume is part of the RAID 0 stripe for the data volume. What should they do to recover the system with minimal data loss?

A.Detach the failed volume, attach a new identical volume, and rebuild the RAID array.
B.Contact AWS Support to recover the data from the failed EBS volume.
C.Increase the size of the remaining volumes to compensate for the lost capacity.
D.Restore the HANA database from the latest backup to a new set of EBS volumes.
AnswerD

Restoring from backup ensures data consistency and recovery with minimal loss.

Why this answer

Option D is correct because since the failed volume is part of a RAID 0 stripe, the entire stripe is compromised. Restoring from the most recent backup is the safest way to recover with minimal data loss. Option A (replace volume and rebuild RAID) may not work because RAID 0 has no redundancy.

Option B (AWS Support) may help but not recover data directly. Option C (increase volume size) does not fix the failed volume.

210
MCQhard

A company is migrating an SAP ERP system to AWS and needs to minimize downtime during the cutover. The database is SAP ASE. Which migration strategy is most appropriate?

A.Use SAP ASE replication to replicate data to an EC2 instance running ASE, then cut over.
B.Create a nightly backup of the on-premises database, copy to AWS, and restore.
C.Perform a full database export from on-premises and import into Amazon RDS for ASE.
D.Use AWS Database Migration Service (DMS) with ongoing replication.
AnswerA

ASE replication provides near-zero downtime migration.

Why this answer

Option D is correct because ASE replication can keep the target in sync and allow a fast cutover with minimal downtime. Option A is wrong because AWS DMS does not support ASE as a source. Option B is wrong because export/import requires downtime during export.

Option C is wrong because copying EBS snapshots requires downtime for consistent snapshot.

211
MCQeasy

A company has deployed SAP S/4HANA on AWS using a single EC2 instance for the HANA database. The database volume is an EBS io1 volume with 5,000 provisioned IOPS. The company wants to implement a high availability (HA) solution for the database using SAP HANA System Replication (HSR) with automatic failover. They plan to use a second EC2 instance in a different Availability Zone. The database administrator is concerned about data consistency during replication. Which additional AWS service should be used to ensure data consistency and minimize data loss during failover?

A.AWS Backup to schedule backups of the HANA database.
B.AWS Database Migration Service (DMS) to continuously replicate data.
C.Amazon EBS snapshots to capture point-in-time copies of the data volume.
D.Amazon Route53 with health checks to automatically redirect traffic to the standby instance.
AnswerD

Route53 can provide DNS failover with health checks.

Why this answer

Option C is correct because Elastic Load Balancing with a TCP listener can be used to front the HSR traffic and provide a floating IP. Alternatively, Amazon Route53 with health checks can redirect clients. Option A (EBS snapshots) are for backup, not replication.

Option B (AWS Backup) is not for replication. Option D (DMS) is for migration.

212
MCQmedium

During an SAP system migration to AWS, the team needs to ensure that the SAP application can automatically restart if the EC2 instance fails. Which combination of AWS services should they use?

A.AWS Elastic Beanstalk and Amazon RDS
B.Amazon EC2 Auto Scaling and Amazon CloudWatch
C.AWS Lambda and Amazon SQS
D.Amazon Route 53 and Elastic Load Balancing
AnswerB

Auto Scaling replaces unhealthy instances, and CloudWatch alarms can initiate recovery actions.

Why this answer

Option A is correct because Auto Scaling with a fixed instance count can automatically replace failed instances, and CloudWatch alarms can trigger recovery. Option B is wrong because Lambda does not natively restart instances. Option C is wrong because Route 53 health checks do not restart instances.

Option D is wrong because Elastic Beanstalk is for web applications, not SAP.

213
MCQmedium

Refer to the exhibit. An SAP administrator is creating an IAM policy for launching EC2 instances. Which instance type will the policy allow?

A.r5.16xlarge
B.r5.xlarge
C.r5.2xlarge
D.r5.4xlarge and r5.8xlarge
AnswerD

These are the only instance types allowed by the condition.

Why this answer

Option C is correct because the policy allows r5.4xlarge and r5.8xlarge instances. Option A is incorrect because r5.2xlarge is not listed. Option B is incorrect because r5.xlarge is not listed.

Option D is incorrect because r5.16xlarge is not listed.

214
MCQeasy

An SAP administrator is reviewing a CloudFormation template snippet shown in the exhibit. The template creates an EC2 instance for SAP. What is missing from the template to ensure the instance is placed in a specific subnet?

A.The SubnetId property is not specified in the NetworkInterface
B.The InstanceType is not suitable for SAP
C.The ImageId is invalid
D.The SecurityGroup reference is missing
AnswerA

SubnetId is required to place the instance in a subnet.

Why this answer

The template defines a network interface but does not specify a SubnetId. To place the instance in a specific subnet, the NetworkInterface must include a SubnetId property. Option B is correct.

The template already has a SecurityGroup reference. The ImageId is present. The instance type is specified.

215
MCQeasy

An SAP HANA database is running on an EC2 instance with EBS volumes. The operations team needs to take nightly backups of the database. Which AWS service provides the most cost-effective backup solution for long-term retention?

A.Amazon S3 Glacier Deep Archive
B.Amazon EBS Snapshots
C.Amazon S3 Standard
D.AWS Backup
AnswerA

Glacier Deep Archive is the lowest cost storage for long-term backups.

Why this answer

Amazon S3 Glacier Deep Archive is the most cost-effective storage class for long-term retention of backups that are accessed infrequently. Amazon EBS Snapshots are stored in S3 but cost more for long-term retention. AWS Backup is a service but does not change storage class.

Amazon S3 Standard is expensive for long-term.

216
Multi-Selectmedium

A company is designing a disaster recovery plan for SAP S/4HANA on AWS. The plan must have a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 2 hours. Which solutions can meet these requirements? (Choose TWO.)

Select 2 answers
A.Multi-AZ deployment of SAP HANA within the same region
B.SAP HANA log shipping to Amazon S3 every 15 minutes and restore in another region
C.Cross-Region Amazon S3 backup and restore using AWS Backup
D.Synchronous storage-level replication using EBS snapshots every 15 minutes and automated restore
E.SAP HANA system replication to a secondary region with automatic failover
AnswersD, E

With EBS snapshots every 15 minutes and automated restore in a secondary region, RPO of 15 minutes and RTO of 2 hours can be achieved.

Why this answer

SAP HANA system replication with synchronous replication can achieve RPO of seconds and RTO of minutes. Storage-level replication with EBS snapshots scheduled every 15 minutes can achieve RPO of 15 minutes, but RTO may be longer due to restore time. However, with pre-warmed instances and automation, RTO of 2 hours is achievable.

Log shipping to S3 may not meet RPO. Cross-Region Amazon S3 backup and restore is slower. Multi-AZ deployment in one region does not protect against region failure.

217
MCQhard

A company is using SAP HANA on AWS and needs to back up the database to Amazon S3. The backup must be encrypted at rest in S3. The company already uses AWS KMS for encryption. What is the MOST secure way to configure the backup?

A.Use SSE-KMS with a customer managed key and restrict key usage with key policies.
B.Use client-side encryption before uploading to S3.
C.Enable default S3 encryption with SSE-S3.
D.Use SSE-KMS with the AWS managed key for S3.
AnswerA

Provides control and integration with existing KMS.

Why this answer

Option D is correct because using a customer managed key with appropriate key policies ensures the backup is encrypted and access is controlled. Option A is wrong because SSE-S3 uses AWS-managed keys, not the company's KMS keys. Option B is wrong because SSE-C requires managing keys yourself, which is less integrated.

Option C is wrong because SSE-KMS with an AWS managed key does not allow the same level of control.

218
MCQhard

A company runs SAP BusinessObjects on AWS using multiple EC2 instances. The system uses a shared file system (EFS) for the repository and output files. Recently, users have reported that generating large reports takes much longer than usual. The SAP administrator checks the EFS metrics in CloudWatch and sees that the BurstCreditBalance is consistently near zero. The EFS file system is in General Purpose mode with default throughput settings. The current size of the file system is 500 GB. What should the administrator do to improve performance?

A.Migrate the EFS file system to EFS One Zone for better performance.
B.Enable Max I/O throughput mode on the EFS file system.
C.Switch to Provisioned Throughput mode and set a higher value.
D.Increase the size of the EFS file system by adding more data to it.
AnswerB

Max I/O provides higher throughput at scale.

Why this answer

Option B is correct because enabling Max I/O throughput mode increases the throughput baseline for larger file systems, providing more consistent performance. Option A is wrong because increasing EFS size does not directly improve burst credits; the burst model depends on size. Option C is wrong because using Provisioned Throughput would incur costs but may be appropriate; however, Max I/O is a better first step for a system that has exhausted burst credits.

Option D is wrong because transitioning to EFS One Zone does not improve throughput performance.

219
MCQmedium

A company runs SAP BusinessObjects on AWS and needs to scale the application tier based on CPU utilization. Which AWS service should be used to automatically add or remove EC2 instances?

A.AWS Elastic Load Balancing
B.AWS Lambda
C.AWS Auto Scaling
D.AWS CloudFormation
AnswerC

Auto Scaling can adjust instance count based on CPU metrics.

Why this answer

AWS Auto Scaling can automatically adjust the number of EC2 instances based on CloudWatch alarms for CPU utilization. AWS Elastic Load Balancing distributes traffic but does not scale instances. AWS Lambda is for serverless, not EC2 scaling.

AWS CloudFormation is for infrastructure provisioning, not auto-scaling.

220
MCQhard

A company runs its SAP S/4HANA system on AWS using a multi-node HANA scale-out configuration. After a recent OS update, the application layer cannot connect to the HANA database. The HANA database processes are running, but the SAP application servers report 'communication failure' errors. Initial checks show that the security group rules allow traffic on the required ports. What is the MOST likely cause of the issue?

A.The DNS resolution is misconfigured after the OS update, causing hostname lookup failures.
B.The NTP synchronization is off, causing time drift and authentication errors.
C.The OS update has reset the iptables firewall rules, blocking internal HANA ports.
D.The SAP system is not correctly licensed for the new OS version.
AnswerC

OS updates can clear iptables rules, blocking required ports even if security groups allow traffic.

Why this answer

Option D is correct because after OS updates, the firewall (iptables) rules may be reset or changed, blocking HANA internal communication even if security groups are correct. Option A (incorrect SAP license) would cause license errors, not communication failure. Option B (incorrect DNS resolution) is possible but less likely if hostnames are in /etc/hosts.

Option C (NTP synchronization) would affect time, not connectivity.

221
MCQmedium

A company is running SAP HANA on AWS and needs to perform a backup to S3 using the SAP HANA BACKUP command. The backup fails with an error indicating that the S3 bucket cannot be accessed. The EC2 instance has an IAM role assigned with the necessary S3 permissions. What is the most likely cause of the failure?

A.The S3 bucket is in a different region.
B.The instance does not have internet access.
C.The IAM role does not have the correct trust policy.
D.The S3 bucket policy denies access from the instance's VPC.
AnswerD

A bucket policy can explicitly deny access even if IAM allows.

Why this answer

SAP HANA backup to S3 requires a properly configured S3 bucket and the backup tool must be able to write to it. The error is likely due to the bucket policy blocking the request. IAM role permissions are correct, but bucket policies can override them.

222
MCQmedium

An SAP administrator has created the IAM policy shown in the exhibit and attached it to an IAM role used by an EC2 instance running SAP HANA. The instance needs to download backup files from the S3 bucket 'sap-backup-bucket' and then stop itself after the backup is complete. However, the backup script fails with an access denied error when trying to list the bucket. What is the most likely cause? (Note: This question is reused from above but with correct exhibit now. I need to change the exhibit to have a mistake. Let me fix: remove the bucket ARN from the Resource list for S3 actions, so only the object ARN is present. That will cause the list operation to fail.)

A.The S3 bucket is encrypted and the policy does not allow kms:Decrypt
B.The instance does not have an internet gateway to reach S3
C.The policy does not include the ec2:StopInstances permission
D.The policy does not allow the s3:ListBucket action on the bucket ARN
AnswerD

The policy allows s3:ListBucket but the Resource array only includes the object ARN (sap-backup-bucket/*), not the bucket ARN. The ListBucket action requires the bucket ARN as resource.

223
MCQeasy

An administrator needs to back up an SAP HANA database running on an EC2 instance. The backup must be stored in a durable, cost-effective storage solution. Which AWS service is best suited for storing the backup files?

A.Amazon S3
B.Amazon S3 Glacier
C.Amazon EFS
D.Amazon EBS snapshots
AnswerA

S3 is durable, scalable, and cost-effective for backup files.

Why this answer

Option A is correct because Amazon S3 is designed for durable, cost-effective object storage, ideal for backups. Option B is incorrect because EBS snapshots are stored in S3 but are not directly accessible as files. Option C is incorrect because EFS is a file system, not optimized for backup storage.

Option D is incorrect because Glacier is a lower-cost archival storage, but S3 is more appropriate for general backups with faster retrieval.

224
MCQhard

A company is using AWS Systems Manager to manage their SAP environment. They want to ensure that only specific users can run automation documents on production SAP instances. Which IAM policy action should be used to control access to executing automation documents?

A.ssm:SendCommand
B.ssm:GetParameter
C.ssm:StartAutomationExecution
D.ssm:ListDocuments
AnswerC

This action permits starting automation documents.

Why this answer

Option B is correct because the ssm:StartAutomationExecution action allows starting an automation execution. Option A is for running commands (not automations). Option C is for getting parameters.

Option D is for listing documents.

225
MCQeasy

A company is running an SAP HANA database on an EC2 instance with a large amount of memory. The system is experiencing performance issues during peak loads. Which AWS service should be used to capture detailed performance metrics for analysis?

A.AWS Config
B.AWS CloudTrail
C.AWS X-Ray
D.Amazon CloudWatch
AnswerD

CloudWatch with agent can capture detailed performance metrics including memory.

Why this answer

Option D is correct because Amazon CloudWatch can collect detailed performance metrics from EC2 instances, including memory utilization, if the CloudWatch agent is installed. Option A is wrong because AWS CloudTrail records API activity, not performance metrics. Option B is wrong because AWS Config tracks resource configuration changes.

Option C is wrong because AWS X-Ray traces application requests, not system-level performance.

← PreviousPage 3 of 6 · 412 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Technology questions.