CCNA Technology Questions

75 of 412 questions · Page 4/6 · Technology · Answers revealed

226
MCQmedium

A company is running SAP Business Suite on AWS. The system includes a central services (ASCS) instance, a primary application server (PAS), and a database server running SAP HANA. The company recently experienced an outage when the EC2 instance hosting the ASCS instance failed due to a hardware issue. The system was down for 4 hours while the IT team manually recovered the ASCS instance from an AMI. The company wants to implement a highly available ASCS instance with automatic failover and a Recovery Time Objective (RTO) of less than 15 minutes. The system is currently running in a single Availability Zone. What should the company do to meet these requirements?

A.Place the ASCS instance behind an Application Load Balancer and configure health checks.
B.Configure an Auto Scaling group for the ASCS instance with a minimum of 1 and maximum of 2, and use a lifecycle hook to attach an Elastic IP.
C.Deploy a second ASCS instance in a different Availability Zone, set up SAP enqueue replication, and use a virtual IP address with Route 53 health checks for failover.
D.Enable CloudWatch EC2 Auto Recovery on the ASCS instance and configure it to start a new instance in a different AZ.
AnswerC

SAP's enqueue replication and multi-AZ deployment with DNS failover meets RTO and provides high availability.

Why this answer

Option A is correct because SAP's enqueue replication and ASCS clustering across AZs with a virtual hostname provides automatic failover. Option B is wrong because ASG does not provide application-level clustering. Option C is wrong because CloudWatch recoveries only restart the instance in the same AZ, not cross-AZ, and does not handle enqueue state.

Option D is wrong because ELB is not for ASCS failover.

227
Multi-Selecteasy

Which TWO AWS services can be used to store SAP backup data? (Choose two.)

Select 2 answers
A.Amazon S3
B.Amazon S3 Glacier
C.Amazon RDS
D.Amazon DynamoDB
E.Amazon EBS
AnswersA, B

S3 is a common backup target.

Why this answer

Options A and D are correct. Amazon S3 is an object storage service commonly used for backups. Amazon S3 Glacier is a low-cost archive storage for long-term backups.

Option B is wrong because Amazon EBS is block storage attached to EC2, not a backup target. Option C is wrong because Amazon RDS is a managed database service, not storage for SAP backups. Option E is wrong because Amazon DynamoDB is a NoSQL database.

228
MCQhard

An SAP application on EC2 is experiencing high CPU utilization. The instance is part of an Auto Scaling group. The CPU metric shows spikes every hour. Which scaling policy should be used to preemptively scale out before the spike?

A.Simple scaling policy based on CPU > 80%
B.Step scaling policy with multiple thresholds
C.Target tracking scaling policy with CPU target 75%
D.Scheduled scaling policy to add capacity just before the spike
AnswerD

Scheduled scaling can anticipate predictable patterns.

Why this answer

Option B is correct because a scheduled scaling policy can anticipate predictable spikes. Option A is incorrect because a simple scaling policy reacts to alarms after the spike. Option C is incorrect because a step scaling policy also reacts after alarms.

Option D is incorrect because a target tracking policy maintains an average, not preempt spikes.

229
MCQhard

Refer to the exhibit. An IAM policy is attached to an EC2 instance role used by SAP HANA backup scripts. The backup script attempts to upload a file to the S3 bucket without specifying server-side encryption. What will happen?

A.The upload fails because there is no Allow statement without condition.
B.The upload succeeds because there is an Allow statement.
C.The upload fails because of the Deny statement.
D.The upload succeeds because the Deny condition does not match.
AnswerC

The Deny statement explicitly denies PutObject when encryption is not AES256.

Why this answer

The first statement allows PutObject only if encryption is AES256. The second statement denies PutObject if encryption is not AES256. Since the request does not specify encryption, it does not match the condition in the Allow statement (so not allowed) and it matches the Deny statement because encryption is not AES256 (StringNotEquals).

Therefore, the request is denied.

230
Multi-Selecthard

A company is deploying a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. The application must meet high availability and low latency requirements. The company expects traffic to spike unpredictably. Which THREE strategies should the company implement to ensure the application can handle the load? (Choose THREE.)

Select 3 answers
A.Enable API Gateway caching with a suitable TTL
B.Set the Lambda function timeout to the maximum value of 15 minutes
C.Configure provisioned concurrency for the Lambda functions
D.Configure DynamoDB auto scaling with a minimum capacity of 10 read and 10 write capacity units
E.Use DynamoDB on-demand capacity mode for the tables
AnswersA, C, E

Caching reduces backend load and improves response times for repeated requests, helping handle spikes.

Why this answer

Option A is correct because API Gateway caching stores responses from your endpoints, reducing the number of calls made to the backend Lambda function and DynamoDB. By setting a suitable TTL, you ensure that frequently accessed data is served from the cache, which lowers latency and offloads the backend during unpredictable traffic spikes. This directly supports high availability by preventing backend overload.

Exam trap

The trap here is that candidates often confuse auto scaling (Option D) with on-demand capacity mode, not realizing that auto scaling has a lag time and requires manual capacity planning, whereas on-demand mode is designed for unpredictable traffic with instant scaling.

231
MCQeasy

A company runs a critical web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application uses an Amazon RDS for PostgreSQL database. The operations team reports that the application becomes unresponsive for about 30 seconds every hour at the same time. The team checks the ALB access logs and notices that during the outage, the ALB returns HTTP 504 errors. The RDS monitoring shows a spike in CPU usage and active connections during the same period. The application team confirms there are no scheduled jobs during that time. What should the team do to diagnose the root cause?

A.Review the security group rules for the database to ensure the application can connect.
B.Review the ALB target group health checks and ensure the EC2 instances are passing the health check.
C.Increase the EC2 instance size to handle more concurrent connections.
D.Check the RDS Enhanced Monitoring metrics for the database instance to identify resource bottlenecks such as high memory pressure or disk I/O.
AnswerD

Enhanced Monitoring provides detailed OS-level metrics to pinpoint the root cause of the database spike.

Why this answer

Option D is correct because the symptoms—hourly 30-second unresponsiveness, HTTP 504 errors from the ALB, and a correlated spike in RDS CPU and active connections—point to a database-side bottleneck. RDS Enhanced Monitoring provides OS-level metrics (memory, disk I/O, CPU) that can reveal resource contention or throttling events (e.g., swap usage, IOPS exhaustion) not visible in standard CloudWatch metrics, enabling precise root cause identification.

Exam trap

The trap here is that candidates confuse HTTP 504 errors with ALB or EC2 health check failures, but 504 specifically indicates the ALB received no response from the target (often due to database timeout), not that the target is unhealthy.

How to eliminate wrong answers

Option A is wrong because security group rules are static and would cause persistent connectivity failures, not a predictable hourly 30-second outage. Option B is wrong because ALB target group health checks failing would cause 503 errors (not 504) and would not explain the correlated RDS CPU/connection spike. Option C is wrong because increasing EC2 instance size addresses compute capacity on the application tier, but the bottleneck is on the database tier (RDS CPU/connections spike), so it would not resolve the root cause.

232
MCQhard

A company is migrating its SAP ERP system running on Oracle to SAP HANA on AWS. The system has a database size of 2 TB. During migration planning, the team needs to minimize downtime. Which strategy should be used?

A.Take a full backup of Oracle, restore to SAP HANA, and then apply incremental logs.
B.Use SAP HANA System Replication to initially load data from the source SAP HANA (or migrate using SAP DMO with SUM) and then switch over.
C.Use the AWS Database Migration Service (DMS) to perform an online migration from Oracle to SAP HANA.
D.Perform an export/import using SAP tools while the source database is online.
AnswerB

SAP HANA System Replication allows near-zero downtime migration by replicating data while source is online.

Why this answer

Option D is correct because using SAP HANA System Replication with initial load and then switching over minimizes downtime as data is replicated while source is online. Option A is wrong because SAP HANA doesn't support heterogeneous replication directly. Option B is wrong because DMS does not natively support SAP HANA as a target.

Option C is wrong because it requires more downtime.

233
Multi-Selecthard

An SAP system is running on AWS with a Multi-AZ deployment. The system uses an Amazon RDS for SAP HANA database. Which TWO actions should be taken to ensure high availability?

Select 2 answers
A.Create a read replica in a different region
B.Configure automated backups with a retention period
C.Enable Multi-AZ on the RDS instance
D.Deploy the RDS instance in a single Availability Zone
E.Take manual snapshots every hour
AnswersB, C

Automated backups enable point-in-time recovery, which is essential for HA.

Why this answer

Enabling Multi-AZ on RDS automatically provisions a standby in a different AZ and handles failover. Configuring automated backups allows point-in-time recovery. Read replicas are for read scaling, not HA.

Manual snapshots are not automatic. Using a single AZ does not provide HA.

234
MCQmedium

A company is running SAP HANA on an EC2 instance. The storage is configured with multiple EBS volumes striped using LVM. The SAP administrator notices that disk I/O latency spikes during peak hours. Which change would MOST effectively reduce latency without incurring additional cost?

A.Increase the size of the EBS volumes
B.Provision additional IOPS on the EBS volumes
C.Switch from LVM to RAID 0 striping
D.Use an EBS-optimized EC2 instance type
AnswerD

EBS-optimized instances provide dedicated bandwidth to EBS, reducing latency.

Why this answer

Option B is correct because EBS-optimized instances provide dedicated network bandwidth for EBS I/O, reducing contention. Option A is incorrect because increasing volume size does not directly reduce latency. Option C is incorrect because RAID 0 increases throughput but not lower latency.

Option D is incorrect because provisioning IOPS increases cost.

235
MCQmedium

A company is migrating an SAP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS) instance. Which architecture should be used to meet this requirement?

A.Use a cluster of EC2 instances across two Availability Zones with shared storage and a cluster manager.
B.Deploy the ASCS on a single large EC2 instance with a Multi-Attach EBS volume.
C.Use an Auto Scaling group with a launch configuration for ASCS.
D.Deploy two EC2 instances in the same Availability Zone with a replicated file system.
AnswerA

This provides HA across AZs with failover.

Why this answer

Option B is correct because SAP ASCS can be set up in a cluster across multiple Availability Zones using shared storage (e.g., Amazon EFS or FSx) and a cluster manager like Pacemaker. Option A is wrong because a single EC2 instance does not provide high availability. Option C is wrong because an Auto Scaling group is for horizontal scaling of stateless applications, not for SAP ASCS.

Option D is wrong because placing both nodes in the same AZ does not protect against AZ failure.

236
Multi-Selectmedium

A company is designing a disaster recovery (DR) strategy for a critical application that runs on EC2 instances in a single AWS Region. The application uses an Amazon RDS MySQL Multi-AZ DB instance. The company wants to achieve a Recovery Point Objective (RPO) of 1 minute and a Recovery Time Objective (RTO) of 15 minutes for both compute and database tiers. Which TWO options should the company implement? (Choose TWO.)

Select 2 answers
A.Configure a cross-Region read replica for the RDS MySQL DB instance in the secondary Region
B.Create Amazon Machine Images (AMIs) of the EC2 instances and copy them to the secondary Region
C.Use Amazon EBS snapshots of the EC2 instances and copy them to the secondary Region every minute
D.Migrate the database to Amazon Aurora MySQL and configure an Aurora Global Database
E.Enable cross-Region automated backups for the RDS Multi-AZ DB instance
AnswersA, B

A cross-Region read replica can be promoted to a primary in seconds, meeting the RPO of 1 minute.

Why this answer

Option A is correct because a cross-Region read replica for RDS MySQL can be promoted to a standalone primary in the secondary Region within minutes, meeting the 15-minute RTO. The asynchronous replication lag is typically under 1 minute, satisfying the 1-minute RPO. This provides a managed, low-latency DR database tier without needing to restore from backups.

Exam trap

The trap here is that candidates may confuse cross-Region automated backups (Option E) with cross-Region read replicas, not realizing that backups have a higher RPO and longer restore times, while read replicas provide near-real-time replication and faster promotion.

237
MCQhard

A company is troubleshooting an issue where SAP users cannot log in to the SAP GUI. The SAP application server is running on an EC2 instance behind an Application Load Balancer (ALB). The ALB is configured to use the HTTPS listener on port 443. Which configuration is most likely causing the issue?

A.The ALB's target group is not configured with health checks.
B.The security group for the ALB does not allow inbound traffic on port 3300.
C.The ALB is terminating HTTPS connections, but the SAP application server expects unencrypted DIAG protocol.
D.The ALB's stickiness settings are misconfigured, causing session persistence issues.
AnswerC

SAP GUI uses DIAG (TCP 3200), not HTTP/HTTPS; an ALB is not suitable for non-HTTP traffic.

Why this answer

Option B is correct because SAP GUI typically uses DIAG protocol over TCP 3200, not HTTPS. The ALB should have a Network Load Balancer for TCP traffic. Option A is wrong because listener on 443 is fine for HTTPS but not for SAP GUI traffic.

Option C is wrong because security group rules are not the primary issue. Option D is wrong because health checks are not directly related to user login.

238
Multi-Selecteasy

An SAP system is running on AWS with a production HANA database. The database administrator wants to ensure that backups are consistent and can be restored. Which TWO approaches should be used together for a robust backup strategy?

Select 2 answers
A.AWS Backup with a backup plan that includes both EBS snapshots and Backint.
B.Regular EBS snapshots of the data volume.
C.Amazon EC2 Auto Scaling to create backup instances.
D.AWS Database Migration Service (DMS) for continuous replication.
E.SAP HANA Backint integration with AWS Backup.
AnswersA, E

Combining both provides crash-consistent and application-consistent backups.

Why this answer

Options A and D are correct. EBS snapshots (A) provide crash-consistent backups, and Backint (D) provides application-consistent backups. Option B (AWS Backup) can orchestrate both.

Option C (Auto Scaling) is not backup. Option E (Database Migration Service) is for migration.

239
MCQhard

An SAP HANA database running on an EC2 instance is configured with multiple EBS volumes using RAID 0 for increased throughput. During a backup operation, the instance experiences a significant drop in I/O performance. Which solution would best address this without affecting ongoing backups?

A.Add more EBS volumes to the RAID 0 array to increase total I/O bandwidth.
B.Use instance store volumes for the HANA data instead of EBS.
C.Use EBS snapshots for backup instead of file-level backup to reduce I/O load.
D.Reduce the number of EBS volumes to limit the RAID 0 penalty.
AnswerA

More volumes in RAID 0 increase parallelism and throughput, helping during backup.

Why this answer

Option C is correct because using multiple volumes and striping increases I/O. Option A is wrong because it reduces performance. Option B is wrong because EBS snapshots are asynchronous and can cause latency.

Option D is wrong because instance store is ephemeral and may not be suitable.

240
Multi-Selecthard

An SAP HANA database is running on an EC2 instance with multiple EBS volumes for /hana/data, /hana/log, and /hana/shared. Which TWO AWS features should be used to ensure that the EBS volumes are backed up consistently?

Select 2 answers
A.Amazon S3
B.AWS Storage Gateway
C.EBS snapshots
D.EBS Lifecycle Manager
E.AWS Backup
AnswersC, E

EBS snapshots are the primary backup mechanism.

Why this answer

EBS snapshots are the standard backup method for EBS volumes. However, to ensure consistency across multiple volumes (e.g., for a striped filesystem), the volumes should be snapshotted at the same point in time. AWS Backup can automate this with snapshot consistency groups.

While AWS Backup can create consistent snapshots, it also supports application-consistent backups. The two correct options are EBS snapshots and AWS Backup. Lifecycle Manager can create snapshots but does not ensure cross-volume consistency by default.

241
Multi-Selecthard

A company is deploying SAP S/4HANA on AWS and needs to choose instance types that are certified by SAP. Which THREE instance families are SAP-certified for production SAP HANA workloads?

Select 3 answers
A.R5
B.T3
C.X1e
D.M5
E.P3
AnswersA, C, D

R5 instances are memory-optimized and SAP-certified for HANA.

Why this answer

A, B, and D are SAP-certified for HANA. C (T3) is burstable and not certified for production HANA. E (P3) is GPU-optimized and not certified for HANA.

242
MCQeasy

An SAP system on AWS needs to store sensitive configuration files securely and automatically rotate the encryption keys. Which AWS service should be used?

A.AWS Systems Manager Parameter Store with AWS KMS.
B.Amazon S3 with server-side encryption.
C.AWS Key Management Service (KMS) alone.
D.AWS Secrets Manager.
AnswerA

Parameter Store can store configuration securely and use KMS for encryption with automatic key rotation.

Why this answer

Option A is correct because AWS Systems Manager Parameter Store securely stores configuration and can integrate with KMS for key rotation. Option B is wrong because S3 does not automatically rotate keys. Option C is wrong because Secrets Manager is for secrets, not configuration with automatic rotation of keys.

Option D is wrong because KMS manages keys, not configuration storage.

243
Multi-Selectmedium

Which TWO are best practices for securing SAP on AWS?

Select 2 answers
A.Place all SAP systems in the default VPC.
B.Attach public IP addresses to all SAP EC2 instances for easy management.
C.Use security groups to control traffic between SAP components.
D.Disable security groups and rely on SSH key pairs only.
E.Use IAM roles for EC2 instances to access AWS services securely.
AnswersC, E

Security groups are stateful firewalls.

Why this answer

Option B is correct: Security groups act as virtual firewalls. Option D is correct: IAM roles for EC2 provide secure credential management. Option A is wrong because default VPC is not recommended.

Option C is wrong because public subnets expose instances. Option E is wrong because SSH key pair is for instance access, not security group.

244
MCQhard

An SAP system running on AWS uses a shared file system via Amazon EFS for transport directories. The system administrator notices that file operations are slow across multiple application servers. The EFS file system is configured with Bursting Throughput mode. What is the most effective way to improve performance?

A.Switch the file system to Provisioned Throughput mode and set a higher throughput value.
B.Use EFS Access Points to enforce a different UID/GID for each application server.
C.Increase the burst credit balance by reducing file operations during off-peak hours.
D.Create additional mount targets in each Availability Zone to distribute load.
AnswerA

Provisioned Throughput eliminates the need for burst credits and provides consistent performance.

Why this answer

Option B is correct because EFS Provisioned Throughput mode can provide consistent higher throughput. Option A (increase burst credit) is not directly configurable. Option C (multiple mount targets) does not increase throughput.

Option D (EFS Access Points) does not affect performance.

245
MCQmedium

A company is planning to run SAP BusinessObjects (BOBJ) on AWS. The application servers require consistent low-latency access to a shared file system for storing reports and configuration files. Which AWS storage solution is BEST suited for this requirement?

A.Amazon Elastic Block Store (Amazon EBS) with a multi-attach enabled volume.
B.Amazon Elastic File System (Amazon EFS).
C.Amazon Simple Storage Service (Amazon S3).
D.Amazon FSx for Windows File Server.
AnswerB

EFS provides a scalable, shared NFS file system for Linux instances.

Why this answer

Option A is correct because Amazon EFS provides a fully managed NFS file system that is accessible from multiple EC2 instances with low latency, suitable for shared file storage. Option B (S3) is object storage, not a file system. Option C (EBS) is block storage attached to a single instance.

Option D (FSx for Windows) is for Windows-based workloads, but BOBJ typically runs on Linux.

246
MCQmedium

A company is designing a disaster recovery solution for SAP HANA. The primary site is in us-east-1 and the DR site is in us-west-2. The RPO is 5 minutes and the RTO is 30 minutes. Which replication method meets these requirements?

A.Amazon RDS Multi-AZ deployment
B.Scheduled EBS snapshots copied to us-west-2
C.SAP HANA System Replication with synchronous mode
D.AWS Database Migration Service with ongoing replication
AnswerC

HANA System Replication can achieve sub-minute RPO synchronously.

Why this answer

Option C is correct because HANA System Replication with synchronous mode can achieve low RPO. Option A is incorrect because RDS Multi-AZ is for single Region. Option B is incorrect because EBS snapshots have higher RPO.

Option D is incorrect because DMS continuous replication is for databases but not optimized for HANA.

247
MCQmedium

A company is running SAP on AWS and needs to migrate a large on-premises SAP HANA database to AWS with minimal downtime. Which approach is most suitable?

A.Export the HANA database to a file, upload to S3, and import into a new HANA instance on EC2.
B.Use AWS Server Migration Service (SMS) to replicate the entire on-premises server to AWS.
C.Use AWS Database Migration Service (DMS) to continuously replicate data to an Amazon RDS for SAP HANA instance.
D.Set up SAP HANA System Replication between the on-premises system and an EC2 instance running HANA in AWS.
AnswerD

HSR provides asynchronous or synchronous replication with minimal downtime.

Why this answer

Option B is correct because HANA System Replication allows near-zero downtime. Option A is wrong because it requires downtime. Option C is wrong because it is not for HANA.

Option D is wrong because it requires more downtime.

248
MCQmedium

A company is running SAP HANA on a bare metal EC2 instance. The system experiences a hardware failure that causes an instance stop. The company needs to recover the instance quickly. What should the company do to minimize recovery time?

A.Use AWS CloudFormation to recreate the instance
B.Manually start the instance from the EC2 console
C.Restore the instance from the latest EBS snapshot
D.Configure an Amazon CloudWatch alarm to automatically recover the instance
AnswerD

CloudWatch can automatically recover an instance on healthy hardware.

Why this answer

For bare metal instances, automatic recovery via CloudWatch alarm can restart the instance on healthy hardware if the instance is configured with an Elastic IP or is part of an ASG. Option B is correct. Manual restart (A) is slower.

EBS snapshots (C) require restore time. Changing to a virtualized instance (D) may not be immediate.

249
MCQeasy

Refer to the exhibit. A CloudFormation template is used to launch an SAP application server. The stack creation succeeds, but the application server fails to start correctly. What is the most likely reason?

A.The template is missing an output parameter to verify the instance status.
B.The instance type r5.2xlarge is not supported for SAP application servers.
C.The AMI ID is invalid because it contains numeric characters.
D.The UserData script may not be executed due to timing issues; the sleep command may be insufficient.
AnswerD

The script has a 30-second sleep, but if the instance is not fully ready, the script may fail.

Why this answer

Option B is correct because the UserData script includes a 'sleep 30' command, which may not be sufficient if the instance takes longer to become ready. Option A is wrong because r5.2xlarge is supported for SAP. Option C is wrong because there is no output parameter causing issues.

Option D is wrong because the AMI ID is just an example; the assumption is it's valid.

250
MCQhard

A company runs its SAP HANA database on an EC2 instance with EBS volumes. The database requires consistent low-latency I/O with a high number of IOPS. The current configuration uses EBS gp2 volumes. During peak loads, the application experiences performance degradation. Which change will provide the most consistent performance for SAP HANA?

A.Switch to EBS st1 (Throughput Optimized HDD) volumes.
B.Migrate to EBS io2 Block Express volumes with provisioned IOPS.
C.Configure multiple EBS gp2 volumes in a RAID 0 array to increase IOPS.
D.Increase the size of the existing gp2 volumes to gain higher baseline IOPS.
AnswerB

D is correct: io2 Block Express provides consistent high IOPS and low latency.

Why this answer

Option D is correct: EBS io2 Block Express volumes provide high, consistent IOPS and low latency, suitable for SAP HANA. Option A is incorrect because RAID 0 increases risk and doesn't guarantee consistency. Option B is incorrect because throughput-optimized volumes (st1) are not designed for high IOPS.

Option C is incorrect because increasing volume size for gp2 only increases baseline IOPS but not consistently under high load.

251
MCQhard

An SAP system on AWS is experiencing high latency for database transactions. The system uses a single EBS volume for the SAP HANA data volume. The operations team needs to improve I/O performance without changing the instance type. Which action should be taken?

A.Use a single EBS volume for both data and log
B.Switch to EBS io2 Block Express volumes
C.Increase the EBS volume size to gain more IOPS
D.Enable EBS optimization on the instance
AnswerB

io2 Block Express offers sub-millisecond latency and high IOPS, suitable for SAP HANA.

Why this answer

Switching to EBS io2 Block Express volumes provides higher IOPS and lower latency compared to gp3. Increasing volume size does not necessarily improve latency. Using a single volume for log and data is not recommended.

Enabling EBS optimization is already enabled on current generation instances.

252
MCQmedium

A company operates an SAP system on AWS with a shared SAP HANA database across multiple SAP applications. The database size is 5 TB. The operations team wants to implement a disaster recovery strategy with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. Which solution meets these requirements with the least operational overhead?

A.Use AWS DMS to replicate data to an S3 bucket in a different Region
B.Use SAP HANA backup to S3 and restore in another Region
C.Configure SAP HANA System Replication (HSR) to a secondary instance in another AWS Region
D.Use AWS CloudEndure Disaster Recovery to replicate the entire server
AnswerC

HSR provides near-real-time replication and fast failover.

Why this answer

Option C is correct because HANA System Replication with a standby in another Region provides near real-time replication and fast failover. Option A is incorrect because DMS cannot replicate HANA to S3 for DR. Option B is incorrect because backup to S3 has higher RPO.

Option D is incorrect because CloudEndure is not optimized for HANA replication.

253
MCQeasy

A company wants to automate the backup of its SAP HANA database to Amazon S3. The database is running on an EC2 instance with a 500 GB gp3 volume. The backup should be encrypted at rest in S3. What is the most efficient way to achieve this with minimal operational overhead?

A.Use the SAP HANA Backup and Restore integration with Amazon S3 to back up directly to S3 buckets, enabling default S3 encryption.
B.Back up to an EBS snapshot, then copy the snapshot to S3 using AWS Backup.
C.Schedule an AWS Backup plan to back up the EC2 instance and its EBS volumes.
D.Use AWS Storage Gateway to back up the database to S3, then enable S3 encryption.
AnswerA

SAP natively supports backing up to S3, which is efficient and supports encryption.

Why this answer

Option A is correct because SAP HANA Backup and Restore integration with S3 is native and handles encryption. Option B is wrong because it adds an extra step. Option C is wrong because S3 replication does not replace the backup process.

Option D is wrong because AWS Backup supports HANA but requires additional setup and may not be as efficient as native integration.

254
MCQhard

An SAP Basis administrator needs to apply an SAP kernel patch to the SAP Central Services (ASCS) instance running on an EC2 instance in a Multi-AZ deployment. The ASCS instance is configured with a floating IP address using Elastic IP. The administrator wants to minimize downtime during the patching process. Which approach should the administrator take?

A.Stop the ASCS instance, apply the patch, and start the instance.
B.Create a new EC2 instance with the patched kernel, associate the Elastic IP to the new instance, and terminate the old one.
C.Add the ASCS instance to an Application Load Balancer and then perform the patch.
D.Use an Auto Scaling group with a rolling update to apply the patch.
AnswerB

Minimizes downtime by quickly switching the Elastic IP.

Why this answer

Option A is correct because a blue/green deployment allows testing the patch on a new instance and then switching traffic with minimal downtime. Option B is wrong because stopping the instance causes downtime. Option C is wrong because modifying the launch configuration and performing a rolling update is for Auto Scaling groups, not for a single instance.

Option D is wrong because adding the instance to an ALB would require application changes and may not be compatible with ASCS floating IP.

255
MCQmedium

A company is using AWS CloudFormation to manage infrastructure. The development team wants to deploy a new version of a stack that updates an existing RDS DB instance's DB engine version. The update requires a replacement of the database. Which CloudFormation stack policy setting allows the update to proceed while preventing other resources from being replaced or updated?

A.Set a stack policy that allows updates to RDS resources only.
B.Set a stack policy that allows updates to the specific RDS DB instance resource.
C.Set a stack policy that denies all updates.
D.Set a stack policy that allows all updates.
AnswerB

Stack policies can be written to allow updates to specific resources.

Why this answer

Option B is correct because a stack policy in AWS CloudFormation can be set to explicitly allow updates to a specific resource (e.g., the RDS DB instance) while denying updates to all other resources by default. Since the update requires a replacement of the database, the policy must permit the update action on that exact resource logical ID, ensuring the DB engine version change proceeds without risking unintended modifications to other stack resources.

Exam trap

The trap here is that candidates often confuse a stack policy with an IAM policy or resource-level permissions, mistakenly thinking that allowing updates to a resource type (Option A) is sufficient, when in fact the policy must target the specific resource logical ID to avoid unintended updates to other resources of the same type.

How to eliminate wrong answers

Option A is wrong because allowing updates to all RDS resources is too broad; it would permit updates to any RDS resource in the stack, not just the specific DB instance, potentially causing unintended replacements or updates to other RDS resources like DB subnet groups or read replicas. Option C is wrong because denying all updates would block the intended DB engine version update entirely, preventing the deployment from proceeding. Option D is wrong because allowing all updates removes any protection, making every resource in the stack vulnerable to accidental replacement or modification, which defeats the purpose of using a stack policy for controlled updates.

256
MCQeasy

A company is running an SAP HANA database on an AWS EC2 instance. The SAP application team reports occasional performance issues during peak hours. The CloudWatch metrics show high CPU utilization. What is the MOST cost-effective solution to address this issue?

A.Migrate the instance to a larger instance type permanently.
B.Enable termination protection on the instance.
C.Implement an EC2 Auto Scaling group with a scheduled scaling policy to add instances during peak hours.
D.Increase the provisioned IOPS for the EBS volumes attached to the instance.
AnswerC

Cost-effectively adds capacity only when needed.

Why this answer

Option B is correct because using an EC2 Auto Scaling group with a scheduled scaling policy can add CPU capacity during known peak hours cost-effectively. Option A is wrong because vertical scaling to a larger instance incurs cost even during off-peak. Option C is wrong because it does not directly address CPU.

Option D is wrong because it is not specific to CPU performance.

257
MCQmedium

A company is running an SAP S/4HANA system on AWS. The SAP application is deployed on EC2 instances in a Multi-AZ setup with a shared /sapmnt directory using Amazon EFS. The database is running on Amazon RDS for SAP ASE. Performance monitoring reveals that the /sapmnt volume is experiencing high read latency during peak hours. Which action would most effectively reduce latency?

A.Migrate /sapmnt to Amazon FSx for NetApp ONTAP.
B.Use Amazon ElastiCache for Redis to cache /sapmnt data.
C.Increase the provisioned throughput on the EFS file system.
D.Increase the size of the EC2 instances running SAP.
AnswerA

FSx for NetApp ONTAP offers consistent low-latency performance and is SAP-certified for /sapmnt.

Why this answer

Option B is correct because switching to Amazon FSx for NetApp ONTAP provides a high-performance shared file system with low-latency access and is fully supported for SAP /sapmnt. Option A (increase EFS throughput) may help but is less effective than using FSx. Option C (ElastiCache) does not replace the file system.

Option D (increase instance size) addresses compute, not storage latency.

258
MCQmedium

A company wants to automate the installation of SAP HANA on AWS using CloudFormation. Which AWS resource should be used to run a script that downloads and installs SAP HANA software on an EC2 instance after the instance is launched?

A.AWS::CloudFormation::Init (cfn-init)
B.AWS::CloudFormation::CreationPolicy with cfn-signal
C.AWS Lambda function triggered by EC2 state change
D.EC2 User Data
AnswerB

CreationPolicy waits for signals from cfn-signal after script completes.

Why this answer

Option C is correct because AWS CloudFormation CreationPolicy with a cfn-signal script can be used to run custom scripts after instance launch. Option A is incorrect because cfn-init is used to install packages and files, but for complex installations like SAP HANA, a more robust signaling mechanism is needed. Option B is incorrect because EC2 User Data runs once at launch but does not provide a built-in way for CloudFormation to wait for completion.

Option D is incorrect because Lambda cannot directly run scripts on EC2 without additional orchestration.

259
MCQhard

An SAP system on AWS is using a Multi-AZ deployment for high availability. The SAP Central Services (ASCS) and Enqueue Replication Server (ERS) are running on separate EC2 instances. During a failover test, the ASCS instance fails, but the ERS does not take over. What is the most likely cause?

A.The ERS instance does not have the required security group rules
B.The DNS TTL is set too high
C.The ERS instance is in a different subnet
D.The floating IP address is not configured to move to the ERS instance
AnswerD

Without floating IP reassignment, clients cannot reach the ERS.

Why this answer

SAP Enqueue Replication requires a floating IP address (using AWS Elastic IP or Route 53) that moves from ASCS to ERS during failover. If the floating IP is not properly configured, the ERS cannot take over. DNS resolution is not the primary method.

Health checks are not the issue. Instance type is irrelevant.

260
MCQmedium

A company is migrating its on-premises SAP landscape to AWS. The SAP system uses Oracle Database. The migration must minimize downtime. Which AWS service should be used for the database migration?

A.AWS Snowball Edge
B.AWS Database Migration Service (DMS)
C.AWS CloudEndure Migration
D.Amazon S3 Transfer Acceleration
AnswerB

AWS DMS supports ongoing replication to minimize downtime during migration.

Why this answer

Option D is correct because AWS DMS supports minimal downtime migrations for Oracle to Amazon RDS or EC2. Option A is incorrect because Snowball is for large data transfers, not continuous replication. Option B is incorrect because S3 is for object storage, not database migration.

Option C is incorrect because CloudEndure is for server migration, not database-specific replication.

261
MCQmedium

A company is running a production SAP HANA database on an AWS EC2 instance with a single EBS gp3 volume. The database frequently experiences high write latency during peak hours. Which design change would MOST effectively reduce write latency?

A.Replace the single gp3 volume with multiple io2 Block Express volumes configured in a RAID 0 stripe.
B.Increase the size of the existing gp3 volume to maximize its baseline throughput.
C.Migrate the database to a larger EC2 instance type with higher network bandwidth.
D.Move the SAP HANA database to Amazon RDS for SAP HANA.
AnswerA

io2 Block Express volumes provide very high IOPS and low latency; RAID 0 stripes I/O across volumes to maximize performance.

Why this answer

Option C is correct because using multiple EBS io2 Block Express volumes with a RAID 0 stripe distributes the I/O and provides higher throughput and lower latency than a single gp3 volume. Option A (Increase gp3 volume size) might improve throughput but not latency as much as io2. Option B (Switch to a larger EC2 instance) does not directly address disk latency.

Option D (Move to Amazon RDS) is not applicable for SAP HANA.

262
MCQmedium

An SAP HANA administrator runs the AWS CLI command shown in the exhibit. The volume is attached to an SAP HANA server. The HANA database is experiencing low write throughput. Which action would most likely improve performance?

A.Detach the volume and reattach it to a different instance.
B.Increase the volume size to 1 TB to double the baseline IOPS.
C.Change the volume type to io2 and provision 6000 IOPS.
D.Enable EBS optimization on the attached instance.
AnswerC

io2 provides consistent high IOPS.

Why this answer

Option B is correct: gp2 volumes have baseline IOPS of 3 per GB, so a 500 GB volume has 1500 IOPS. Changing to io2 allows provisioning higher IOPS. Option A is wrong because increasing size increases baseline IOPS but not as effectively as io2.

Option C is wrong because the volume is already in use. Option D is wrong because optimizing the instance is not the issue.

263
MCQeasy

An SAP system administrator needs to ensure that an EC2 instance running SAP can access an S3 bucket containing installation media. The instance is in a private subnet without internet access. What is the recommended way to provide access to S3?

A.Set up a VPN connection to S3.
B.Create a VPC Gateway Endpoint for S3.
C.Set up a NAT Gateway in the public subnet.
D.Use AWS Direct Connect to connect to S3.
AnswerB

Gateway Endpoints provide private access to S3.

Why this answer

A VPC Gateway Endpoint for S3 allows instances in a private subnet to access S3 without internet access. NAT Gateway is for internet access, Direct Connect is for on-premises connectivity, and VPN is for site-to-site.

264
MCQmedium

An SAP administrator created an IAM policy to allow an EC2 instance to upload backups to an S3 bucket. The policy is shown in the exhibit. However, the backup job fails with an access denied error. What is the most likely cause?

A.The KMS key policy does not grant the EC2 instance permission to use the key
B.The policy requires server-side encryption with KMS, but the backup job does not include the required encryption header
C.The resource ARN is incorrect because it does not include the bucket name correctly
D.The IAM role does not have permission to call s3:PutObject
AnswerB

The condition requires the encryption header, which may be missing.

Why this answer

The policy only allows s3:PutObject when the request includes the header x-amz-server-side-encryption with value aws:kms. If the backup job does not include that header, the request is denied. Option A is correct.

The resource is specific to backups/ prefix, so that is fine. The policy does not require KMS key permissions, so D is not the issue.

265
MCQmedium

An SAP system running on AWS uses a large memory-optimized instance (e.g., u-6tb1.metal). The system administrator notices that SAP workloads are occasionally hitting memory swap, causing performance degradation. The SAP application is configured to use SAP HANA. What is the most effective solution to address this issue?

A.Enable HANA memory overcommit and use Kernel Same-page Merging (KSM) to reduce memory pressure
B.Configure HANA Large Pages to reduce memory fragmentation
C.Set up a CloudWatch alarm to notify when memory usage exceeds 90%
D.Increase swap space on an attached EBS volume
AnswerA

Reduces memory usage by sharing identical pages.

Why this answer

Option A is correct because enabling HANA memory overcommit with KSM allows the kernel to share memory pages, reducing overall memory usage. Option B is incorrect because enabling swap on EBS volume adds latency. Option C is incorrect because HANA Large Pages are for CPU efficiency, not memory capacity.

Option D is incorrect because CloudWatch alarm does not solve the issue.

266
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to ensure high availability for the SAP Central Services (ASCS) instance. Which TWO AWS features should be used together to achieve this?

Select 2 answers
A.Network Load Balancer (NLB)
B.Amazon RDS Multi-AZ
C.Application Load Balancer (ALB)
D.Amazon S3
E.Amazon EFS
AnswersA, E

NLB provides a virtual IP address for the ASCS cluster.

Why this answer

Amazon EFS provides a shared filesystem for the ASCS cluster, and a Network Load Balancer (NLB) is used to distribute traffic to the active ASCS instance. S3 is not suitable for shared files, and Multi-AZ for RDS is for databases, not ASCS.

267
Multi-Selecthard

A company has a mission-critical SAP S/4HANA system running on AWS with a multi-node HANA database. The system must be highly available with an RPO of 0 and an RTO of less than 30 minutes. The database uses SAP HANA System Replication (HSR) with synchronous replication. Which THREE components are essential for this high-availability architecture?

Select 3 answers
A.An Application Load Balancer to distribute traffic between HANA nodes.
B.A VPN connection between the two Availability Zones.
C.An ENSA2 (Enqueue Replication 2) enqueue server.
D.A secondary HANA instance in a different Availability Zone.
E.A cluster manager such as Pacemaker to orchestrate failover.
AnswersC, D, E

ENSA2 provides high availability for the enqueue service.

Why this answer

Options A, C, and D are correct: A secondary HANA instance in a different AZ provides failover; a cluster manager (e.g., Pacemaker) manages failover; an ENSA2 enqueue server ensures data consistency. Option B is wrong: An Application Load Balancer is for HTTP traffic, not HANA. Option E is wrong: A VPN connection is not required for AWS internal traffic.

268
MCQeasy

A company running SAP on AWS needs to back up their SAP HANA database daily with point-in-time recovery. Which service should they use to achieve this with minimal operational overhead?

A.Amazon RDS automated backups.
B.Amazon EBS snapshots via a script.
C.AWS Backup with the SAP HANA backup plan.
D.Amazon S3 with lifecycle policies.
AnswerC

AWS Backup provides automated, policy-based backups for SAP HANA.

Why this answer

Option C is correct because AWS Backup supports SAP HANA with automated backups and point-in-time recovery. Option A is wrong because snapshots alone do not provide point-in-time recovery. Option B is wrong because S3 is object storage, not a backup service.

Option D is wrong because RDS does not support SAP HANA.

269
MCQmedium

A company is running a critical SAP HANA database on a single EC2 instance with a large gp2 EBS volume. They need to ensure high availability with a Recovery Time Objective (RTO) of less than 15 minutes and a Recovery Point Objective (RPO) of less than 5 minutes. Which solution meets these requirements?

A.Deploy the SAP HANA database on Amazon RDS for SAP HANA in a Multi-AZ configuration.
B.Use AWS Backup to take daily snapshots of the EBS volume and restore to a new instance in another Availability Zone.
C.Use AWS Application Recovery Controller to continuously replicate data to a standby EC2 instance in another region.
D.Configure SAP HANA System Replication in scale-up mode with a standby HANA instance in a different Availability Zone.
AnswerD

SAP HANA System Replication provides near-synchronous replication and automatic failover, meeting RPO and RTO.

Why this answer

Option B is correct because SAP HANA System Replication in scale-up mode with a standby instance provides fast failover and near-synchronous replication, meeting the RTO and RPO requirements. Option A is wrong because manual snapshots have high RTO. Option C is wrong because Multi-AZ RDS is not supported for SAP HANA.

Option D is wrong because ASR has longer RTO.

270
MCQeasy

An SAP system uses Amazon EFS for shared file storage. The SAP application writes many small files concurrently, causing high metadata operations. Which EFS performance mode should be selected to optimize for this workload?

A.General Purpose
B.Throughput Optimized
C.Max I/O
D.Provisioned Throughput
AnswerC

Max I/O mode is designed for high throughput and parallel metadata operations.

Why this answer

Option A is correct because Max I/O mode is optimized for high throughput and metadata operations. Option B is incorrect because General Purpose mode is for latency-sensitive workloads. Option C is incorrect because there is no 'Throughput Optimized' mode.

Option D is incorrect because Provisioned Throughput is a throughput setting, not a performance mode.

271
MCQmedium

A company is deploying SAP NetWeaver on AWS and needs to ensure high availability for the ASCS instance. They plan to use a shared file system for the transport directory. Which AWS storage service is most appropriate for this shared file system?

A.Amazon EFS
B.Amazon EBS volumes with multi-attach
C.EC2 Instance Store
D.Amazon S3
AnswerA

EFS provides a shared NFS file system that can be accessed from multiple EC2 instances.

Why this answer

Option C is correct because Amazon EFS is a managed NFS file system that can be mounted on multiple EC2 instances across AZs, suitable for shared storage like the SAP transport directory. Option A is incorrect because EBS volumes can only be attached to one instance at a time (unless using multi-attach, which is limited). Option B is incorrect because S3 is object storage, not a file system.

Option D is incorrect because Instance Store is ephemeral.

272
Multi-Selecthard

Which THREE AWS services are commonly used to implement high availability for SAP HANA databases on AWS? (Choose three.)

Select 3 answers
A.Amazon EC2 Auto Recovery
B.AWS Global Accelerator
C.Multi-AZ deployment of SAP HANA
D.Amazon Route 53
E.Elastic Load Balancing
AnswersA, C, E

Auto Recovery can automatically recover an instance from hardware failure.

Why this answer

Options A, B, and E are correct. Amazon EC2 Auto Recovery automatically recovers instances in case of failure. Multi-AZ deployment of SAP HANA uses multiple Availability Zones.

Elastic Load Balancing distributes traffic across healthy instances. Options C and D are incorrect: AWS Global Accelerator is for global traffic, Amazon Route 53 is for DNS, but both can be used for HA but are not as common for HANA HA.

273
MCQhard

A company is running a stateful application on EC2 instances in an Auto Scaling group. The instances store session state locally. The group uses a simple scaling policy based on network traffic. The company notices that when instances are terminated during scale-in, active sessions are lost. What is the MOST effective way to preserve session state during scaling events?

A.Use a step scaling policy instead of a simple scaling policy.
B.Use a lifecycle hook to gracefully drain sessions before instance termination.
C.Increase the cooldown period for the Auto Scaling group.
D.Use a launch configuration that enables termination protection.
AnswerB

Lifecycle hooks allow instances to perform custom actions before being terminated.

Why this answer

A lifecycle hook is the most effective solution because it pauses the instance termination process during scale-in, allowing the application to drain active sessions (e.g., by transferring session state to a shared data store like ElastiCache or DynamoDB) before the instance is fully terminated. This preserves session continuity without requiring architectural changes to the application's stateful design.

Exam trap

The trap here is that candidates often confuse termination protection (which prevents manual termination) with lifecycle hooks (which manage the termination process), or they mistakenly believe that scaling policy types or cooldowns can influence session state preservation.

How to eliminate wrong answers

Option A is wrong because a step scaling policy only adjusts the number of instances to be added or removed based on alarm thresholds; it does not affect the termination process or provide any mechanism to preserve session state during scale-in. Option C is wrong because increasing the cooldown period merely delays the next scaling activity, but it does not prevent active sessions from being lost when an instance is eventually terminated. Option D is wrong because termination protection prevents an instance from being terminated via the EC2 console or API, but Auto Scaling can still terminate instances during scale-in unless the protection is set at the Auto Scaling group level (which is not supported); moreover, it would prevent scale-in entirely, defeating the purpose of dynamic scaling.

274
MCQeasy

An SAP environment uses Amazon CloudWatch to monitor EC2 instances. The operations team wants to receive a notification when the CPU utilization exceeds 90% for 5 consecutive minutes. Which AWS service should they use?

A.Amazon CloudWatch Alarms with Amazon SNS.
B.AWS Config.
C.Amazon CloudWatch Logs.
D.AWS CloudTrail.
AnswerA

Alarms send notifications via SNS when thresholds are breached.

Why this answer

Option C is correct because CloudWatch Alarms can trigger Amazon SNS notifications. Option A is wrong because CloudWatch Logs is for log data. Option B is wrong because CloudTrail is for API auditing.

Option D is wrong because Config is for resource compliance.

275
MCQhard

An SAP Basis team is implementing SAP HANA system replication across two AWS Availability Zones. The HANA primary instance uses Premium SSD v2 (P30) managed disks. The secondary instance must be kept in sync with minimal data loss. Which networking configuration is required to ensure low-latency, high-throughput replication traffic between the instances?

A.Use ClassicLink to connect the instances.
B.Set up a VPN connection between the instances.
C.Enable Enhanced Networking (ENA) and place the instances in a placement group with cluster placement.
D.Configure VPC peering between the two subnets.
AnswerC

ENA provides higher bandwidth and lower jitter; cluster placement groups offer the lowest latency between instances, but cross-AZ still benefits from ENA.

Why this answer

Option A is correct because placement groups with cluster placement provide low-latency networking within a single AZ, but for cross-AZ replication, enabling ENA and using enhanced networking is essential. Option B (ClassicLink) is obsolete. Option C (VPN) adds overhead.

Option D (VPC Peering) is for VPC-to-VPC, not within the same VPC.

276
Matchingmedium

Match the AWS service to its role in SAP high availability.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automatically adjusts capacity of SAP application servers

DNS failover and health checks

Distributes traffic across SAP instances

Infrastructure as code for multi-AZ deployment

Why these pairings

HA in SAP on AWS relies on these services.

277
MCQmedium

Refer to the exhibit. An SAP administrator has the IAM policy shown. The administrator needs to attach an EBS volume to an EC2 instance that is tagged with SAPSystem=DEV. Will the administrator be able to perform the attach operation?

A.No, because the condition requires the tag SAPSystem=PRD
B.No, because the policy does not allow attaching volumes
C.Yes, because the policy allows the actions
D.Yes, because the resource is not restricted
AnswerA

The condition StringEquals requires the tag to be PRD, not DEV.

Why this answer

The policy allows AttachVolume and DetachVolume actions, but only when the volume or instance resource has the tag SAPSystem=PRD. Since the instance is tagged DEV, the condition is not met, and the operation will be denied.

278
MCQeasy

A company runs production workloads on AWS. The Security Team requires that all Amazon S3 buckets with server access logging enabled must have logs delivered to a centralized S3 bucket in a separate account. Which solution meets this requirement?

A.Use S3 bucket policies to restrict log delivery to only the source account.
B.Use S3 replication rules to copy objects from source buckets to the centralized bucket.
C.Enable AWS CloudTrail to log all S3 API calls and store logs in the centralized bucket.
D.Configure the source bucket to deliver logs to the destination bucket. Attach a bucket policy on the destination bucket that grants the log delivery group (e.g., Amazon S3 Log Delivery) write permissions.
AnswerD

A is correct: cross-account S3 server access logging is supported with appropriate bucket policy.

Why this answer

Option A is correct because S3 server access logs can be delivered to a bucket in another account if the destination bucket policy grants the log delivery group write permissions. Option B is incorrect as bucket policies are not limited to the same account; cross-account delivery is supported. Option C is incorrect because CloudTrail is for API activity, not S3 access logs.

Option D is incorrect because replication copies objects after they are logged, not the logs themselves.

279
MCQeasy

A company is designing a disaster recovery (DR) strategy for its SAP environment on AWS. The primary region is us-east-1 and the DR region is us-west-2. The SAP application and database must be recoverable within 4 hours (RTO) and with a maximum data loss of 15 minutes (RPO). The database is SAP HANA. Which combination of services meets these requirements?

A.Use Amazon EBS snapshots replicated across regions, restoring in the DR region with a CloudFormation template.
B.Back up the HANA database to Amazon S3 and copy the backup to the DR region using cross-region replication.
C.Configure HANA System Replication (HSR) between the primary and DR regions, with a standby EC2 instance in us-west-2.
D.Use AWS Database Migration Service (DMS) with ongoing replication to an RDS for SAP HANA instance in the DR region.
AnswerC

HSR provides near-synchronous replication with RPO as low as seconds, meeting the 15-minute requirement.

Why this answer

Option B is correct because HANA System Replication with log shipping provides low RPO (15 minutes) and can be combined with a standby instance in the DR region for failover within 4 hours. Option A is wrong because EBS snapshots alone may not achieve 15-minute RPO. Option C is wrong because DMS is for homogeneous migrations, not real-time replication.

Option D is wrong because S3 is for backups, not replication.

280
Multi-Selectmedium

An organization runs SAP on AWS and wants to encrypt all data at rest for the SAP HANA database. The encryption keys must be managed by the customer and rotated annually. Which THREE AWS services can be used together to meet these requirements? (Choose THREE.)

Select 3 answers
A.Amazon S3 server-side encryption
B.Amazon EBS encryption
C.AWS Key Management Service (KMS)
D.AWS CloudHSM
E.AWS Certificate Manager (ACM)
AnswersB, C, D

EBS volumes can be encrypted using KMS keys.

Why this answer

Options A, B, and C are correct: AWS KMS manages customer master keys, CloudHSM provides hardware security module, and EBS encryption uses KMS. Option D is wrong because S3 encryption can use KMS but not directly for EBS. Option E is wrong because ACM is for SSL/TLS certificates.

281
MCQeasy

A company is designing a network architecture for SAP S/4HANA on AWS. The architecture must support high availability by distributing application servers across two Availability Zones. Which AWS service can provide automatic failover for the SAP central services (ASCS) instance?

A.Amazon Route 53 with DNS failover routing
B.AWS Direct Connect
C.Application Load Balancer (ALB)
D.Amazon CloudFront
AnswerA

Route 53 can perform health checks and fail DNS to a standby ASCS in case of primary failure.

Why this answer

Option B is correct because Amazon Route 53 can route traffic to a health-checked endpoint and failover to a secondary ASCS in another AZ. Option A (ELB) operates at layer 4/7 but does not handle SAP-specific ASCS failover. Option C (CloudFront) is a CDN.

Option D (Direct Connect) is a dedicated network connection.

282
Multi-Selecthard

Which TWO of the following are valid considerations when sizing an SAP HANA instance on AWS for a production environment? (Choose 2.)

Select 2 answers
A.Use EBS consistency groups for snapshot backups
B.Consider instance store volumes for temporary data and high I/O throughput
C.Ensure the instance type supports EBS optimization for dedicated network bandwidth
D.Select an instance with at least 64 GB memory per HANA node
E.Use a single large EBS volume to simplify management
AnswersB, C

Instance store provides high performance for temp data.

Why this answer

Options A and D are correct. EBS-optimized instances are required for consistent network performance, and instance store volumes provide high I/O throughput. Option B is incorrect because consistency group backups are not specific to sizing.

Option C is incorrect because a single EBS volume may not provide enough throughput for large databases. Option E is incorrect because HANA requires a minimum of 128 GB memory per node, but this is not a sizing consideration for instance choice.

283
Multi-Selecthard

A company is running an SAP S/4HANA system on AWS. The system experiences high memory usage. The administrator wants to monitor the SAP HANA memory consumption and set alarms for when memory usage exceeds 85% of available memory. Which steps should the administrator take to achieve this? (Choose THREE.)

Select 3 answers
A.Configure an Amazon SNS topic to send email notifications when memory usage is high.
B.Use SAP HANA SQL queries to monitor memory usage and publish custom metrics to CloudWatch.
C.Install the Amazon CloudWatch agent on the EC2 instance to collect memory metrics.
D.Use Amazon CloudWatch Synthetics to monitor HANA memory.
E.Create a CloudWatch alarm on the memory metric with a threshold of 85%.
AnswersB, C, E

Custom metrics can be published via CloudWatch PutMetricData.

Why this answer

Options A, C, D are correct. A: CloudWatch agent collects OS-level metrics including memory. C: HANA provides detailed metrics via SQL views.

D: CloudWatch alarms can trigger actions. Option B is wrong because CloudWatch does not directly query HANA. Option E is wrong because SNS alone does not provide monitoring.

284
MCQmedium

A company is running SAP NetWeaver on AWS with an Oracle database on an EC2 instance. The database uses Oracle Data Guard for disaster recovery across Regions. The primary database is in us-east-1, and the standby is in us-west-2. The database size is 500 GB and the network link between Regions has about 100 Mbps throughput. During a recent disaster recovery drill, the failover to the standby took over 2 hours because the Data Guard redo logs were not fully applied. The team wants to reduce the recovery time objective (RTO). They are considering using Amazon S3 to store archived redo logs, increasing the bandwidth, or using a different replication method. What is the MOST effective action to reduce the RTO?

A.Configure the primary database to automatically archive redo logs to Amazon S3, and have the standby download them from S3.
B.Use Oracle Automatic Storage Management (ASM) to mirror data across Regions.
C.Replace Oracle Data Guard with Amazon EBS snapshot replication across Regions.
D.Increase the network bandwidth between the Regions to reduce redo log shipping lag.
AnswerD

Higher bandwidth reduces the time to transfer redo logs to the standby, allowing it to apply logs faster and be ready for failover sooner.

Why this answer

Option D is correct. Increasing the bandwidth between Regions will reduce the lag in redo log shipping, allowing the standby to apply logs more quickly and be ready faster. Option A is incorrect because storing archived logs on S3 still requires transferring them to the standby.

Option B is incorrect because EBS replication does not apply to cross-Region scenarios. Option C is incorrect because ASM is a storage management layer, not a replication solution.

285
MCQeasy

An SAP system uses an Application Load Balancer (ALB) to distribute traffic to web servers. The ALB is configured with a health check that fails, causing the web servers to be marked as unhealthy. What is a possible reason for the health check failure?

A.The instance is in a private subnet
B.The instance type is not supported by the ALB
C.The security group for the ALB does not allow outbound traffic
D.The web server is not configured to respond to the health check path
AnswerD

If the health check path is not configured, the server returns an error.

Why this answer

A common health check failure is when the health check path (e.g., /health) returns a non-200 status code. The security group allowing traffic from the ALB is required. Instance type does not affect health check.

The subnet is not a direct cause.

286
MCQhard

A company runs SAP on AWS and uses AWS Transit Gateway to connect multiple VPCs. They notice that inter-VPC traffic is being dropped. What is a likely cause?

A.Security groups not allowing return traffic.
B.Missing routes in the VPC route tables pointing to the Transit Gateway.
C.Transit Gateway does not support transitive routing.
D.Network ACLs blocking traffic.
AnswerB

Without routes, traffic cannot be forwarded to Transit Gateway.

Why this answer

Option A is correct because VPC route tables must have routes pointing to the Transit Gateway for traffic to flow. If routes are missing, traffic is dropped. Option B is wrong because NACLs are stateless and inbound/outbound rules must be correct; but missing routes is more common.

Option C is wrong because security groups are stateful and allow return traffic. Option D is wrong because Transit Gateway supports transitive routing.

287
Multi-Selectmedium

A company is planning to migrate its SAP ERP system to SAP HANA on AWS. Which TWO AWS services can be used to assess the current on-premises environment and plan the migration?

Select 2 answers
A.AWS Server Migration Service (SMS)
B.AWS Database Migration Service (DMS)
C.AWS Migration Hub
D.AWS CloudEndure Migration
E.AWS Application Discovery Service
AnswersC, E

Migration Hub provides visibility into migration progress and integrates with discovery tools.

Why this answer

Option A (AWS Migration Hub) provides a single place to track migration progress. Option D (AWS Application Discovery Service) helps discover on-premises applications and dependencies. Options B, C, E are not primarily used for assessment.

288
MCQmedium

A company is migrating its SAP system to AWS and wants to use AWS Backup to manage backups of SAP HANA databases running on EC2 instances. What is the prerequisite for this integration?

A.The HANA database must be configured to use in-memory backups.
B.The HANA database must not use EBS snapshots for backup.
C.The EC2 instance must be running on a Dedicated Host.
D.The HANA database must be registered as a resource in AWS Backup using the Backint agent.
AnswerD

AWS Backup for SAP HANA requires the Backint agent to be installed and configured.

Why this answer

Option D is correct because AWS Backup supports HANA databases via the SAP HANA Backint integration. The HANA database must be registered as a resource in AWS Backup, which requires the Backint agent. Options A (SAP HANA in-memory backup) is not a thing.

Option B (Dedicated Host) is not required. Option C (not using EBS snapshots) is unnecessary.

289
MCQhard

A company is migrating an SAP ERP system to AWS. The system requires low-latency access to a shared file system for SAP transport directories. The file system must be accessible from multiple EC2 instances in different Availability Zones. Which storage solution meets these requirements?

A.Amazon EBS volumes snapshotted and shared across instances.
B.Instance store volumes on each EC2 instance.
C.Amazon S3 with Transfer Acceleration.
D.Amazon EFS file system.
AnswerD

Provides shared, low-latency file system across AZs.

Why this answer

Option C is correct because Amazon EFS provides a shared file system accessible from multiple AZs with low latency. Option A is wrong because instance store is ephemeral and not shared. Option B is wrong because EBS volumes can only be attached to one instance at a time.

Option D is wrong because S3 is object storage, not a file system.

290
MCQeasy

An SAP application must be highly available across two Availability Zones in a single Region. The SAP Central Services (ASCS) and ERS are to be deployed on EC2 instances. Which AWS service should be used to manage the floating IP address for the ASCS instance?

A.Network Load Balancer
B.AWS Global Accelerator
C.Amazon Route 53 with failover routing
D.Elastic IP address
AnswerC

Route 53 failover routing can automatically redirect traffic to a healthy IP.

Why this answer

Option B is correct because Route 53 health checks can failover to a secondary IP. Option A is incorrect because Elastic IPs can be remapped but do not provide automatic failover. Option C is incorrect because NLB can front-end the ASCS but typically requires a load balancer.

Option D is incorrect because AWS Global Accelerator is for global traffic management.

291
MCQmedium

A company is running an SAP HANA database on an Amazon EC2 instance. The instance type is r5.4xlarge with 16 vCPUs and 128 GiB of memory. The storage is configured with a single 400 GB gp2 EBS volume for /hana/data and a separate 100 GB gp2 volume for /hana/log. The database experiences high latency during peak loads. Which change will most likely improve performance?

A.Change the EBS volumes to io2 Block Express volumes with provisioned IOPS.
B.Increase the instance size to r5.8xlarge.
C.Disable the EBS volume caching.
D.Create a RAID 0 stripe of multiple gp2 volumes.
AnswerA

io2 Block Express provides consistent low latency and high IOPS, critical for SAP HANA.

Why this answer

Option A is correct because SAP HANA requires low latency I/O. io2 Block Express volumes provide higher IOPS and lower latency compared to gp2. Option B is incorrect because increasing instance size may help but does not address the storage bottleneck directly. Option C is incorrect because RAID 0 on gp2 volumes can improve throughput but not as effectively as io2.

Option D is incorrect because disabling caching does not improve performance.

292
MCQhard

A company is migrating its SAP landscape to AWS. The SAP systems consist of multiple instances (development, quality, production) running on different EC2 instances. The company wants to automate the provisioning of these instances using infrastructure as code. Which AWS service should be used to define and provision the SAP infrastructure in a repeatable manner?

A.AWS Elastic Beanstalk
B.AWS CloudFormation
C.AWS Service Catalog
D.AWS OpsWorks
AnswerB

CloudFormation enables you to model and provision AWS resources using templates.

Why this answer

Option B is correct because AWS CloudFormation allows you to define infrastructure as code in templates and provision resources in a repeatable manner. Option A is wrong because AWS Elastic Beanstalk is for deploying applications, not for defining infrastructure. Option C is wrong because OpsWorks is for configuration management, not infrastructure provisioning.

Option D is wrong because AWS Service Catalog is for creating and managing a catalog of approved IT services.

293
MCQeasy

A company is running SAP NetWeaver on AWS and wants to implement high availability for the ASCS instance. Which AWS service can be used to monitor and automatically restart the ASCS instance if it fails?

A.EC2 Auto Scaling group
B.AWS Lambda with a scheduled function
C.Elastic Load Balancing (ELB)
D.Amazon CloudWatch with EC2 Auto Recovery
AnswerD

CloudWatch can detect instance failure and automatically recover the instance.

Why this answer

Option B is correct because Amazon CloudWatch can monitor instance status and trigger an Auto Recovery action to restart the instance in the same Availability Zone. Option A is wrong because ELB is for traffic distribution, not instance recovery. Option C is wrong because Lambda can perform actions but not directly restart instances without additional setup; CloudWatch Auto Recovery is simpler.

Option D is wrong because EC2 Auto Scaling is for scaling groups, not single instance recovery.

294
MCQhard

A company is running SAP S/4HANA on AWS and needs to ensure that the system can survive a single Availability Zone failure. The SAP HANA database is 1.5 TB in size. What is the most cost-effective high availability solution that meets SAP's support requirements?

A.Implement SAP HANA System Replication (HSR) with two EC2 instances in different Availability Zones.
B.Deploy SAP HANA on Amazon RDS for SAP HANA in Multi-AZ.
C.Use Amazon RDS Multi-AZ for the SAP HANA database.
D.Use a single EC2 instance with EBS snapshots taken every 5 minutes.
AnswerA

HSR is SAP's recommended HA solution and supports automatic failover across AZs.

Why this answer

Option D is correct because HANA System Replication in scale-up with two nodes in different AZs is supported and cost-effective. Option A is wrong because it does not protect against AZ failure. Option B is wrong because Multi-AZ RDS is not for HANA.

Option C is wrong because Multi-AZ is for RDS, not HANA.

295
MCQmedium

An SAP system administrator is configuring an SAP HANA database on an EC2 instance with multiple EBS volumes. The administrator wants to ensure that the data volumes are mirrored to protect against volume failure. Which RAID configuration should the administrator use for the HANA data volumes?

A.RAID 5
B.RAID 0
C.RAID 10
D.RAID 6
AnswerC

RAID 10 combines mirroring and striping for performance and redundancy.

Why this answer

Option A is correct because RAID 10 (striping + mirroring) provides both performance and redundancy, recommended for HANA data. Option B is wrong because RAID 0 provides no redundancy. Option C is wrong because RAID 5 has write penalty.

Option D is wrong because RAID 6 has higher write penalty.

296
MCQmedium

You are an SAP Basis consultant for a company running SAP ECC on Oracle on AWS. The system is hosted on a single EC2 instance (r5.8xlarge) with a separate EC2 instance for the database (Oracle on RDS). Recently, users have reported that the system becomes unresponsive for a few minutes every day at 10:00 AM. You check CloudWatch metrics and see a spike in CPU utilization on the application server at that time, but the database metrics are normal. The application server is running SAP instance and also a custom batch job that runs daily at 10:00 AM. The batch job is using a significant amount of CPU. You need to resolve the issue without losing the functionality of the batch job. Which action should you take?

A.Reschedule the batch job to run at a different time, such as 2:00 AM.
B.Move the custom batch job to a separate EC2 instance dedicated to running batch processes.
C.Upgrade the application server instance to a larger size, such as r5.16xlarge.
D.Create an RDS read replica and offload the batch job's database queries to it.
AnswerB

Isolating the batch job prevents it from competing for CPU with the SAP application.

Why this answer

Option A is correct because moving the batch job to a separate EC2 instance isolates the CPU-intensive process from the main SAP application, preventing it from affecting user sessions. Option B (increase instance size) is expensive and may not be necessary if the batch job can be separated. Option C (reschedule the job) might avoid peak hours but does not address the root cause of resource contention.

Option D (RDS read replica) does not help with application server CPU issues.

297
Multi-Selectmedium

A company is running SAP HANA on an EC2 instance. The storage is provided by multiple EBS volumes. Which THREE considerations are important when configuring EBS volumes for SAP HANA? (Choose THREE.)

Select 3 answers
A.Use RAID 0 striping across multiple EBS volumes to increase throughput.
B.Use gp2 volumes with burst credits to handle peak IOPS.
C.Separate data and log volumes to avoid I/O contention.
D.Enable EBS bursting for all volumes to ensure high throughput.
E.Provision EBS volumes with sufficient IOPS to meet SAP HANA performance requirements.
AnswersA, C, E

RAID 0 improves performance by combining multiple volumes.

Why this answer

Options B, C, and E are correct. Option B is correct because HANA requires specific volume sizes and IOPS. Option C is correct because multiple volumes are often striped for performance.

Option E is correct because HANA requires dedicated volumes for data and log. Option A is wrong because gp3 is suitable. Option D is wrong because bursting is not recommended for production HANA.

298
MCQhard

An SAP system running on AWS experiences a significant performance degradation after a patching activity. The SAP application (PAS) and database (HANA) run on separate EC2 instances. The network throughput between the two instances has dropped. What is the MOST likely cause?

A.The EBS-optimization feature was disabled on the database instance.
B.The instances were moved out of a cluster placement group, reducing network throughput.
C.The security group rules were modified during patching, restricting traffic.
D.The route tables were updated, causing traffic to traverse a NAT gateway.
AnswerB

Cluster placement groups provide low-latency, high-throughput networking; leaving the placement group can significantly reduce network performance.

Why this answer

Option C is correct because if the instances were in the same placement group before patching and after patching they are not, or if the patching changed instance types that affect network performance, the throughput could drop. Option A (Security group rules) would block traffic, not degrade performance. Option B (Subnet routing) would cause connectivity loss, not just degradation.

Option D (IOPS limits) affect disk, not network.

299
Multi-Selectmedium

A company is designing an SAP HANA disaster recovery solution on AWS. The primary system is in us-east-1, and the DR system must be in us-west-2. The RPO is 15 minutes, and RTO is 1 hour. Which TWO approaches meet these requirements? (Choose TWO.)

Select 2 answers
A.Use AWS Database Migration Service (DMS) with ongoing replication from the primary HANA database to a target HANA database in us-west-2.
B.Take EBS snapshots of HANA data volumes every 15 minutes and copy them to us-west-2.
C.Use Amazon S3 Cross-Region Replication to copy HANA backup files to us-west-2.
D.Configure SAP HANA System Replication (HSR) from the primary to a secondary HANA instance in us-west-2.
E.Use AWS Application Migration Service (MGN) to replicate the entire HANA server to us-west-2.
AnswersA, D

DMS can replicate changes continuously, meeting RPO.

Why this answer

Option A and Option D are correct. SAP HANA System Replication provides synchronous or asynchronous replication with low RPO. Cross-Region replication to us-west-2 meets RPO of 15 minutes.

AWS DMS can also replicate HANA data with ongoing replication, achieving low RPO. Option B (S3 CRR) is for object replication, not HANA. Option C (EBS snapshots) cannot achieve 15-minute RPO due to frequency.

Option E (Application Migration Service) is for server replication but RPO may not be as low.

300
MCQhard

Refer to the exhibit. A CloudFormation stack for an SAP deployment is in state UPDATE_ROLLBACK_FAILED. What is the MOST likely cause?

A.The stack update was attempted without sufficient IAM permissions
B.The stack has drifted from the template configuration
C.The stack update failed and the subsequent rollback also failed
D.A resource in the stack was deleted outside of CloudFormation
AnswerC

UPDATE_ROLLBACK_FAILED means both update and rollback failed.

Why this answer

Option C is correct because UPDATE_ROLLBACK_FAILED indicates that the rollback of a failed update encountered an error, leaving the stack in an inconsistent state. Option A is incorrect because insufficient IAM permissions would cause a failure, not a rollback failure. Option B is incorrect because drift is detected, but drift does not cause rollback failure.

Option D is incorrect because a deleted resource would cause a different error.

← PreviousPage 4 of 6 · 412 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Technology questions.