CCNA Design of SAP Workloads on AWS Questions

75 of 462 questions · Page 4/7 · Design of SAP Workloads on AWS · Answers revealed

226
MCQeasy

An SAP system is running on AWS and needs to be accessible over the internet securely. Which AWS service should be used to provide secure remote access for administrators?

A.Set up an AWS Site-to-Site VPN connection from the corporate network
B.Use AWS Systems Manager Session Manager
C.Use Amazon WorkSpaces to provide a virtual desktop for administrators
D.Configure the EC2 instance in a public subnet with SSH access from the internet
AnswerB

Session Manager provides secure, audited shell access without opening inbound ports.

Why this answer

Option C is correct because AWS Systems Manager Session Manager allows secure shell access without bastion hosts. Option A is wrong because a public subnet with SSH from the internet is insecure. Option B is wrong because a VPN connection is for site-to-site, not remote admin.

Option D is wrong because Amazon WorkSpaces is a virtual desktop, not a remote administration tool for SAP.

227
MCQmedium

A company is migrating its SAP ERP system to AWS. The system requires high availability for the SAP central services (ASCS) and must support automatic failover. Which AWS architecture should the company use to meet these requirements?

A.Configure a Network Load Balancer in front of two ASCS instances in different Availability Zones.
B.Use Amazon RDS Multi-AZ to host the SAP central services.
C.Deploy ASCS on an EC2 instance in an Auto Scaling group with a lifecycle hook that triggers a Lambda function to reattach the ASCS cluster resources.
D.Run ASCS on a single EC2 instance in a single Availability Zone with an Elastic IP address.
AnswerC

This provides automated failover and high availability for ASCS.

Why this answer

Option A is correct because an Auto Scaling group with a lifecycle hook and custom AMI can automate the recovery of ASCS after a failure, ensuring high availability. Option B is wrong because a multi-AZ RDS instance is for databases, not ASCS. Option C is wrong because a Network Load Balancer distributes traffic but does not provide automatic failover for ASCS.

Option D is wrong because a single EC2 instance in one AZ offers no high availability.

228
MCQmedium

An organization runs SAP ERP on AWS with an SAP HANA database. The database is deployed on an EC2 instance with EBS storage. The company is planning to upgrade the HANA database from version 2.0 to 2.0 SPS 05. The upgrade process requires a system copy to a new instance. The company wants to minimize the downtime during the upgrade and ensure that the existing system remains available until the new system is ready. The current HANA instance has 1 TB of data. The company has a test environment that can be used for the upgrade. Which approach should the company take to minimize downtime?

A.Use SAP HANA Studio to export the production database to a file, import it into a new instance, and upgrade. Then redirect users to the new instance.
B.Perform the upgrade directly on the production HANA instance during a maintenance window.
C.Take a full backup of the production HANA database, restore it to a new instance, and perform the upgrade on the new instance. Then switch DNS to the new instance.
D.Set up SAP HANA System Replication from the production instance to a new instance. Perform the upgrade on the replica. Once upgraded, perform a takeover to make the new instance the primary.
AnswerD

Replication allows the production system to stay online; takeover is quick.

Why this answer

Option D is correct because SAP HANA System Replication allows you to replicate data from the production instance to a new instance in near real-time. You can then perform the upgrade on the replica while the production system remains fully available. Once the upgrade is complete and validated, a takeover operation promotes the replica to primary, minimizing downtime to just the seconds required for the takeover and DNS switch.

Exam trap

The trap here is that candidates often choose Option C (backup and restore) because it seems straightforward, but they overlook that it does not keep the new instance synchronized with ongoing production changes, resulting in longer downtime than the replication-based approach.

How to eliminate wrong answers

Option A is wrong because exporting and importing 1 TB of data via SAP HANA Studio is a slow, manual process that would cause significant downtime, not minimize it. Option B is wrong because performing the upgrade directly on the production HANA instance would require taking the system offline for the entire upgrade duration, resulting in unacceptable downtime. Option C is wrong because taking a full backup and restoring it to a new instance is time-consuming for 1 TB of data, and the restore process does not keep the new instance synchronized with ongoing changes, so the switchover would still require a final outage to apply any delta.

229
MCQeasy

A company is designing an SAP HANA disaster recovery (DR) solution on AWS. The primary site is in us-east-1, and the DR site is in us-west-2. The RPO must be less than 15 minutes, and the RTO must be less than 2 hours. Which replication strategy meets these requirements?

A.SAP HANA log shipping to an S3 bucket in the DR region.
B.S3 cross-region replication for HANA data files.
C.SAP HANA system replication with synchronous mode and pre-provisioned DR instances.
D.EBS snapshot replication to the DR region every 15 minutes.
AnswerC

Synchronous replication meets RPO; pre-provisioned instances reduce RTO.

Why this answer

SAP HANA system replication with synchronous mode ensures that every committed transaction is replicated to the DR site before acknowledgment, meeting the <15-minute RPO. Pre-provisioned DR instances in us-west-2 allow rapid failover, enabling the <2-hour RTO by eliminating the need to provision infrastructure during recovery.

Exam trap

Cisco often tests the misconception that any replication method with a 15-minute interval (like EBS snapshots or S3 replication) automatically meets a <15-minute RPO, ignoring the time required for snapshot finalization, transfer, and restoration, which pushes the actual RPO beyond the requirement.

How to eliminate wrong answers

Option A is wrong because SAP HANA log shipping to an S3 bucket in the DR region introduces significant latency and does not provide automatic failover, making it impossible to achieve a <15-minute RPO and <2-hour RTO. Option B is wrong because S3 cross-region replication for HANA data files only replicates static files, not the live transaction logs or in-memory state, so it cannot meet the RPO requirement and does not support database-level recovery. Option D is wrong because EBS snapshot replication to the DR region every 15 minutes can only achieve at best a 15-minute RPO (and often longer due to snapshot finalization), and restoring from snapshots requires manual steps that exceed the 2-hour RTO.

230
Multi-Selecthard

A company is running SAP HANA in a production environment on AWS. The database administrator wants to implement automated backups using AWS Backup. Which of the following are supported by AWS Backup for SAP HANA? (Select THREE.)

Select 3 answers
A.Amazon RDS databases
B.SAP HANA database backups
C.Amazon EBS volumes
D.Amazon EC2 instances
E.Amazon S3 buckets
AnswersA, C, D

AWS Backup supports RDS snapshots.

Why this answer

AWS Backup supports Amazon RDS databases, including Amazon RDS for SAP HANA, enabling automated backup management. This allows the database administrator to centralize backup policies and retention rules for RDS instances, which is a key requirement for SAP HANA production environments.

Exam trap

The trap here is that candidates may assume AWS Backup supports SAP HANA database backups directly, but it only supports the underlying infrastructure (EBS volumes, EC2 instances, RDS) and not the HANA application-level backup.

231
MCQhard

An SAP administrator is setting up an S3 bucket to store SAP HANA backup files. The backups must be encrypted at rest using an AWS KMS customer managed key. Which bucket policy condition key should be used to enforce that only requests using KMS encryption with that specific key are allowed?

A.kms:EncryptionContext
B.s3:x-amz-server-side-encryption-aws-kms-key-id
C.s3:ServerSideEncryption
D.s3:x-amz-server-side-encryption
AnswerB

This condition key checks the specific KMS key ID used for encryption.

Why this answer

The s3:x-amz-server-side-encryption-aws-kms-key-id condition key allows restricting to a specific KMS key. Option B is wrong because s3:x-amz-server-side-encryption only checks if encryption is enabled, not the key. Option C is wrong because kms:EncryptionContext is for KMS actions, not S3.

Option D is wrong because s3:ServerSideEncryption is not a valid condition key.

232
MCQeasy

An SAP administrator wants to attach the EBS volume shown above to two EC2 instances running SAP HANA in a scale-out configuration. What is the issue?

A.The volume is gp3 type, which does not support Multi-Attach.
B.The volume size is too small for HANA scale-out.
C.SAP HANA scale-out does not support shared volumes.
D.The volume IOPS is insufficient.
AnswerA

Multi-Attach is only available on io1 and io2 volumes.

Why this answer

The gp3 volume type does not support the Multi-Attach feature, which is required to attach a single EBS volume to multiple EC2 instances simultaneously. For SAP HANA scale-out configurations, shared storage is necessary for the /hana/shared file system, and Multi-Attach is only supported on io1 and io2 block express volumes. Therefore, using a gp3 volume prevents the multi-attach capability needed for this architecture.

Exam trap

The trap here is that candidates assume gp3 is a general-purpose volume that supports all features, but AWS explicitly restricts Multi-Attach to io1 and io2 block express only, making this a common pitfall in SAP workload design questions.

How to eliminate wrong answers

Option B is wrong because the volume size (e.g., 1 TiB) is actually sufficient for SAP HANA scale-out; the issue is not size but the volume type's lack of Multi-Attach support. Option C is wrong because SAP HANA scale-out does support shared volumes (specifically for /hana/shared), and this is a documented requirement for scale-out deployments on AWS. Option D is wrong because IOPS is not the limiting factor; gp3 volumes can provision adequate IOPS, but they still cannot be attached to multiple instances due to the absence of Multi-Attach.

233
MCQmedium

An SAP administrator needs to monitor the disk I/O performance of EBS volumes attached to an SAP HANA instance. Which AWS service should be used to capture the average read latency and queue depth metrics?

A.AWS Config
B.AWS Health
C.Amazon CloudWatch
D.AWS CloudTrail
AnswerC

CloudWatch collects and provides metrics like AverageReadLatency and QueueDepth for EBS volumes.

Why this answer

Amazon CloudWatch provides the metrics necessary to monitor disk I/O performance, including `VolumeReadOps`, `VolumeQueueLength`, and `VolumeReadBytes` for EBS volumes. These metrics allow you to calculate average read latency (by dividing `VolumeReadBytes` by `VolumeReadOps`) and directly observe queue depth via `VolumeQueueLength`, making it the correct service for SAP HANA disk I/O monitoring.

Exam trap

The trap here is that candidates may confuse AWS CloudTrail (which logs API calls) with CloudWatch (which monitors performance metrics), or assume AWS Config or AWS Health provide operational performance data when they are designed for configuration auditing and service health notifications, respectively.

How to eliminate wrong answers

Option A is wrong because AWS Config is a service for evaluating, auditing, and recording configuration changes of AWS resources, not for capturing real-time performance metrics like disk latency or queue depth. Option B is wrong because AWS Health provides information about service health and events affecting your AWS infrastructure, but it does not expose granular EBS performance metrics. Option D is wrong because AWS CloudTrail records API activity and user actions for auditing and governance, not operational metrics such as I/O latency or queue depth.

234
MCQeasy

An SAP administrator runs the AWS CLI command shown. The output shows /dev/sdf. Which SAP HANA volume is typically mounted at this device?

A./hana/log
B./usr/sap
C./hana/data
D./hana/shared
AnswerC

The /dev/sdf device is typically assigned to the HANA data volume.

Why this answer

Option A is correct. The /dev/sdf device is commonly used for the /hana/data volume in SAP HANA on AWS. Option B is wrong because /hana/log is often /dev/sdg.

Option C is wrong because /usr/sap is typically /dev/sdh. Option D is wrong because /hana/shared is usually on EFS or another device.

235
MCQmedium

A company is designing an SAP HANA multi-node scale-out deployment on AWS. The system requires high bandwidth and low latency between nodes. Which AWS networking feature should be used to meet these requirements?

A.Elastic Fabric Adapter (EFA)
B.AWS Direct Connect
C.Transit Gateway
D.VPC Peering
AnswerA

EFA provides low-latency, high-bandwidth inter-instance communication required for HANA scale-out.

Why this answer

Elastic Fabric Adapter (EFA) is correct because it provides OS-bypass capabilities using the Libfabric API, enabling direct memory access (DMA) between SAP HANA nodes. This eliminates kernel overhead, delivering the high bandwidth (up to 100 Gbps per adapter) and ultra-low latency (microsecond-level) required for SAP HANA multi-node scale-out workloads, where inter-node communication is critical for table partitioning and data replication.

Exam trap

The trap here is that candidates confuse EFA with standard Elastic Network Adapters (ENA) or assume that any high-bandwidth network feature (like Direct Connect or Transit Gateway) can solve inter-node latency, when only EFA provides the OS-bypass and RDMA semantics required for SAP HANA scale-out performance.

How to eliminate wrong answers

Option B (AWS Direct Connect) is wrong because it is a dedicated network connection from on-premises to AWS, not an inter-node networking feature within a VPC; it does not reduce latency or increase bandwidth between SAP HANA compute nodes. Option C (Transit Gateway) is wrong because it is a hub-and-spoke router for connecting multiple VPCs and on-premises networks, not a high-performance, low-latency interconnect for tightly coupled compute nodes within the same VPC. Option D (VPC Peering) is wrong because it is a simple layer-3 connection between VPCs that still traverses the standard AWS network stack with kernel overhead, lacking the OS-bypass and RDMA capabilities needed for SAP HANA scale-out performance.

236
Multi-Selecteasy

An organization runs SAP BusinessObjects on AWS and wants to improve the performance of report generation. The current environment uses EBS gp2 volumes. Which TWO changes could potentially reduce report generation time?

Select 2 answers
A.Increase the size of the EBS root volume.
B.Enable EBS optimization on the instance.
C.Configure automated snapshots of the EBS volumes.
D.Switch to EBS io2 Block Express volumes with higher IOPS.
E.Add more SAP BusinessObjects application servers to distribute the workload.
AnswersD, E

Higher IOPS improves data access speed.

Why this answer

Option D is correct because switching to EBS io2 Block Express volumes provides higher IOPS and lower latency compared to gp2 volumes, which directly improves the I/O performance for SAP BusinessObjects report generation that often involves heavy database and file system reads. Option E is correct because adding more SAP BusinessObjects application servers distributes the report generation workload across multiple nodes, reducing the processing bottleneck on a single server and decreasing overall generation time.

Exam trap

The trap here is that candidates often confuse EBS optimization (a prerequisite for dedicated bandwidth) with a performance-tuning feature, or assume that increasing volume size (Option A) is a valid performance improvement method, when in fact switching to a higher-performance volume type like io2 Block Express is the correct storage-level optimization.

237
MCQmedium

A company is deploying SAP on AWS and wants to ensure that the SAP system can automatically recover from an EC2 instance failure. Which AWS feature should be used?

A.Auto Scaling group with a scheduled scaling policy
B.Elastic Load Balancer health checks
C.EC2 Auto Recovery with CloudWatch alarms
D.Manual restart of the instance from the AWS Management Console
AnswerC

Auto Recovery automatically recovers the instance.

Why this answer

Option B is correct because EC2 Auto Recovery automatically recovers an instance if it becomes impaired. Option A requires manual intervention. Option C is for load balancing, not recovery.

Option D is for scaling, not recovery.

238
MCQmedium

An SAP administrator is setting up an SAP HANA system replication across two AWS Availability Zones (AZs). The primary and secondary instances use EBS volumes for data and log storage. What is the best practice for ensuring data consistency and minimizing data loss during a failover?

A.Take frequent EBS snapshots of the primary volume and restore them on the secondary.
B.Enable synchronous replication mode in SAP HANA.
C.Use asynchronous replication mode for better performance.
D.Configure the EBS volumes as Multi-Attach to allow both instances to access the same volume.
AnswerB

Synchronous replication ensures data consistency and minimal data loss.

Why this answer

SAP HANA synchronous replication mode ensures that a transaction is committed on both the primary and secondary instances before an acknowledgment is sent to the application. This guarantees zero data loss (RPO=0) during a failover, because the secondary always has an identical copy of the committed data. For cross-AZ deployments, this is the best practice to maintain data consistency while still providing high availability.

Exam trap

The trap here is that candidates often choose asynchronous replication (Option C) because they mistakenly prioritize performance over data consistency, failing to recognize that SAP HANA synchronous replication is the only mode that guarantees zero data loss across AZs in a system replication configuration.

How to eliminate wrong answers

Option A is wrong because EBS snapshots are point-in-time backups, not real-time replication; they introduce significant lag and cannot guarantee data consistency at the moment of failover, leading to potential data loss. Option C is wrong because asynchronous replication, while offering better performance, allows the secondary to lag behind the primary, which can result in data loss (RPO > 0) during a failover. Option D is wrong because EBS Multi-Attach does not support attaching a single volume to instances in different Availability Zones, and it does not provide the log-shipping or synchronization logic required for SAP HANA system replication.

239
MCQeasy

A company plans to migrate its SAP ERP system to AWS. The system currently runs on IBM Db2 and uses a large amount of memory. The architect needs to choose an EC2 instance type that is SAP certified and provides high memory. Which instance family should the architect select?

A.c5.18xlarge
B.x1e.32xlarge
C.r5.24xlarge
D.i3.16xlarge
AnswerB

x1e instances are SAP-certified with up to 3,904 GiB of memory, suitable for large SAP systems.

Why this answer

The x1e.32xlarge instance is SAP-certified for high-memory workloads and is specifically designed for large in-memory databases like IBM Db2. It offers up to 3,904 GiB of memory, making it suitable for SAP ERP systems that require a large memory footprint. Other instance families like C5, R5, and I3 are not SAP-certified for high-memory SAP workloads or lack the necessary memory capacity.

Exam trap

The trap here is that candidates often confuse memory-optimized families (like R5) with SAP-certified high-memory families (like X1e), not realizing that SAP certification requires specific instance types that have passed SAP's validation for large memory configurations and database compatibility.

How to eliminate wrong answers

Option A is wrong because the C5 instance family is compute-optimized and not SAP-certified for high-memory workloads; it lacks the memory capacity required for large SAP ERP systems on Db2. Option C is wrong because the R5 instance family is memory-optimized but not SAP-certified for the high-memory requirements of this scenario; it offers less memory per vCPU compared to the X1e family and is not listed in the SAP AWS certified instances for large memory configurations. Option D is wrong because the I3 instance family is storage-optimized for high I/O workloads (e.g., NVMe SSD) and is not designed for high-memory SAP applications; it is not SAP-certified for memory-intensive ERP systems.

240
MCQeasy

An SAP administrator is creating an IAM policy for an automation script that needs to start and stop a specific SAP HANA EC2 instance. The policy is shown in the exhibit. However, the script fails with an authorization error when trying to start the instance. What is the most likely cause?

A.The policy is missing an effect for the specific instance.
B.The policy does not include ec2:DescribeInstances action.
C.The ARN in the resource element does not match the actual instance ID.
D.The script does not have the correct region specified.
AnswerC

The instance ID in the policy is likely different from the actual instance.

Why this answer

The policy uses a resource ARN that specifies a particular instance ID. If the ARN does not match the actual instance ID of the SAP HANA EC2 instance, the `ec2:StartInstances` action will fail with an authorization error because IAM evaluates the resource ARN against the instance being started. AWS IAM policies require an exact match between the resource ARN in the policy and the instance ID for actions that operate on specific resources.

Exam trap

The trap here is that candidates often overlook the exact ARN matching requirement and assume the error is due to missing permissions or region misconfiguration, rather than a simple mismatch in the instance ID within the resource element.

How to eliminate wrong answers

Option A is wrong because the policy already includes an 'Allow' effect for the `ec2:StartInstances` and `ec2:StopInstances` actions, so adding another effect is unnecessary. Option B is wrong because `ec2:DescribeInstances` is a read-only action that is not required for starting or stopping instances; the `ec2:StartInstances` and `ec2:StopInstances` actions are sufficient for the automation script. Option D is wrong because the region is specified in the ARN (e.g., `us-east-1`) and the script's region configuration does not affect IAM policy evaluation; the error is due to the instance ID mismatch, not the region.

241
Multi-Selectmedium

A company runs SAP HANA on AWS using an r5.8xlarge instance with 3.8 TB of EBS gp3 storage. The HANA data volume is 2 TB. The system is experiencing performance issues, and the database administrator suspects that the storage I/O is the bottleneck. Which TWO actions should be taken to improve I/O performance?

Select 2 answers
A.Increase the size of the log volume to improve write performance.
B.Change the data volume type from gp3 to io2 Block Express with higher IOPS.
C.Enable HANA delta merge operations to run more frequently.
D.Upgrade the instance to a larger size with higher network bandwidth.
E.Increase the provisioned IOPS on the HANA data volume.
AnswersB, E

io2 provides consistent low-latency performance.

Why this answer

Option B is correct because io2 Block Express provides up to 256,000 IOPS per volume with sub-millisecond latency, which is essential for SAP HANA's demanding I/O patterns. The current gp3 volume, while offering baseline performance, cannot match the consistent low-latency and high-IOPS capabilities required for HANA data volumes under heavy write workloads. Option E is also correct because increasing provisioned IOPS on the existing gp3 volume directly addresses the I/O bottleneck by raising the performance ceiling, though gp3 has a maximum of 16,000 IOPS per volume, which may still be insufficient for large HANA deployments.

Exam trap

The trap here is that candidates may confuse increasing volume size with improving performance, or assume that network bandwidth upgrades affect storage I/O, when in fact EBS performance is independent of instance network bandwidth and governed by volume type and IOPS provisioning.

242
MCQeasy

A company plans to migrate its SAP ERP system from an on-premises environment to AWS. The system uses an Oracle database. Which AWS service provides the most cost-effective and high-performance storage for the Oracle data files?

A.Amazon EBS io2 Block Express volumes
B.EC2 Instance Store
C.Amazon EFS
D.Amazon S3
AnswerA

Provides high performance for databases.

Why this answer

Option B is correct because Amazon EBS io2 Block Express volumes offer high durability, high IOPS, and low latency suitable for Oracle databases. Option A is wrong because S3 is object storage. Option C is wrong because EFS is file storage.

Option D is wrong because Instance Store is ephemeral.

243
Multi-Selectmedium

A company is migrating its SAP ERP system to AWS and wants to minimize downtime during the migration. Which THREE strategies should be considered? (Choose three.)

Select 3 answers
A.Use Amazon S3 Transfer Acceleration to speed up data transfer.
B.Shut down the source system and perform a full database export to S3.
C.Perform a full export and import of the SAP system during a maintenance window.
D.Use SAP Landscape Transformation (SLT) to replicate data in real-time to the target system.
E.Set up AWS Database Migration Service (DMS) for ongoing replication after initial load.
AnswersA, D, E

S3 Transfer Acceleration speeds up data transfer, reducing migration window.

Why this answer

Using SAP Landscape Transformation (SLT) for real-time data replication, setting up AWS DMS for ongoing replication, and performing a near-zero downtime migration using SAP SWPM with DB migration option are all valid strategies. Option B (shutting down source) causes downtime. Option D (full export/import) causes extended downtime.

Option E (using only S3) is not a migration strategy for live systems.

244
MCQhard

An SAP system on AWS is experiencing high read latency from the SAP HANA database. The system uses Provisioned IOPS EBS volumes. Which action would most likely improve read latency?

A.Change the EBS volume type to gp2.
B.Disable write caching on the EBS volumes.
C.Move the HANA data to instance store volumes.
D.Increase the provisioned IOPS on the EBS volumes.
AnswerD

More IOPS can reduce read latency.

Why this answer

Increasing the provisioned IOPS on the EBS volumes directly addresses high read latency by raising the I/O performance ceiling for the SAP HANA database. Since the system already uses Provisioned IOPS (io1/io2) volumes, higher IOPS reduces queue depth and read latency under heavy workloads, which is a common requirement for SAP HANA.

Exam trap

The trap here is that candidates may think increasing IOPS always helps, but the key nuance is that the system already uses Provisioned IOPS, so the correct action is to increase the provisioned IOPS value, not change volume types or rely on ephemeral storage.

How to eliminate wrong answers

Option A is wrong because changing to gp2 (general purpose SSD) would likely reduce performance, as gp2 offers lower and burstable IOPS compared to Provisioned IOPS volumes, worsening latency under sustained SAP HANA loads. Option B is wrong because disabling write caching on EBS volumes does not improve read latency; write caching affects write operations, and EBS volumes do not support configurable read caching at the volume level. Option C is wrong because instance store volumes are ephemeral and not suitable for SAP HANA data, which requires persistent, durable storage; moving data there would risk data loss on instance stop/termination and does not guarantee lower read latency.

245
MCQeasy

A company runs SAP HANA on AWS and needs to ensure that the database can be restored to any point in time within the last 48 hours with minimal data loss. Which backup strategy should be used?

A.Use Amazon EBS snapshots every 6 hours.
B.Schedule daily full backups and hourly incremental log backups to Amazon S3 using Backint.
C.Use AWS Backup with a daily backup plan.
D.Take weekly full backups and daily differential backups to Amazon S3.
AnswerB

This combination allows point-in-time recovery with minimal data loss.

Why this answer

Option B is correct because SAP HANA supports Backint integration with Amazon S3 for log backups, enabling point-in-time recovery (PITR) with minimal data loss. Daily full backups combined with hourly incremental log backups ensure that any transaction committed within the last 48 hours can be restored, meeting the RPO requirement of minimal data loss.

Exam trap

The trap here is that candidates often confuse EBS snapshots or AWS Backup with SAP HANA's specific requirement for Backint-based log backups, assuming general-purpose backup tools can achieve the same PITR granularity without understanding SAP HANA's dependency on transaction log continuity.

How to eliminate wrong answers

Option A is wrong because Amazon EBS snapshots every 6 hours cannot achieve point-in-time recovery to any moment within 48 hours; they only provide recovery points every 6 hours, leading to potential data loss of up to 6 hours. Option C is wrong because AWS Backup with a daily backup plan does not support the granular log backups needed for SAP HANA PITR; it lacks the Backint integration for transaction log backups. Option D is wrong because weekly full backups with daily differential backups do not provide the hourly log backup granularity required for minimal data loss; differential backups capture changes since the last full backup, not transaction-level logs, so PITR within 48 hours is not possible.

246
MCQmedium

A company runs SAP on AWS and uses a shared Amazon EFS file system for /sapmnt and /usr/sap/trans. The administrator wants to control access to specific directories based on the source IP address of the SAP application servers. Which method should be used to achieve this?

A.Configure security group rules to allow only specific IP addresses
B.Use Amazon S3 bucket policies with IP conditions
C.Use Amazon EFS access points with IAM policies
D.Use network ACLs to restrict access by IP
AnswerC

Access points enforce directory access, IAM policies can restrict by IP.

Why this answer

Option C is correct because EFS access points with IAM authorization can enforce user/group and root directory permissions, and IAM policies can restrict access based on source IP. Option A is wrong because security group rules apply at the network level, not directory level. Option B is wrong because NACLs are stateless and not directory-aware.

Option D is wrong because S3 bucket policies are for S3, not EFS.

247
MCQmedium

An SAP system on AWS uses an Application Load Balancer (ALB) to distribute traffic to multiple SAP application servers. The ALB is configured with a TCP listener. Users report that some sessions are terminated unexpectedly. What is the MOST likely cause?

A.The ALB is not configured with SSL termination.
B.The target group health check interval is set too low.
C.The ALB idle timeout setting is shorter than the SAP session timeout.
D.The ALB is configured with cross-zone load balancing disabled.
AnswerC

If idle timeout is lower than SAP session timeout, connections are dropped.

Why this answer

The ALB's idle timeout setting controls how long the load balancer keeps a connection open without data transfer. If this timeout is shorter than the SAP session timeout, the ALB will close the connection prematurely, causing the user's session to be terminated unexpectedly. This is a common mismatch when long-running SAP transactions or background jobs do not send data within the ALB's idle timeout window.

Exam trap

The trap here is that candidates often confuse the ALB's idle timeout with the target group health check interval, assuming that frequent health checks cause session drops, when in fact health checks do not affect established connections.

How to eliminate wrong answers

Option A is wrong because SSL termination is not required for TCP listeners; TCP listeners pass traffic through without decryption, and the lack of SSL termination does not cause session termination. Option B is wrong because setting the health check interval too low would cause the target group to mark instances as unhealthy more frequently, potentially dropping connections, but the described symptom is unexpected session termination, not health check failures; a low interval actually increases health check frequency, which does not directly terminate established sessions. Option D is wrong because disabling cross-zone load balancing affects traffic distribution across Availability Zones, not the persistence of individual TCP sessions; it may cause uneven load but does not terminate active sessions.

248
MCQeasy

An SAP application server on an EC2 instance is unable to connect to the SAP HANA database on another EC2 instance. Both instances are in the same VPC and security groups allow traffic. What is the most likely cause?

A.The VPC does not have an Internet Gateway
B.The security group for the database instance does not allow inbound traffic on the HANA port
C.Network ACLs are blocking traffic
D.The route table does not have a local route
AnswerB

HANA uses port 3XX13; must be allowed.

Why this answer

Option B is correct because the most likely cause is that the security group attached to the SAP HANA database instance does not have an inbound rule allowing traffic on the SAP HANA database port (typically 3<span>00</span>15 for HANA system DB or 3<span>NN</span>13 for tenant DBs). Even if the security group for the application server allows outbound traffic, the database security group must explicitly permit inbound TCP traffic from the application server's security group or IP address on the correct HANA port. Without this rule, the database will reject the connection at the instance level.

Exam trap

The trap here is that candidates often confuse security groups (stateful, instance-level) with Network ACLs (stateless, subnet-level) and assume that if the security group allows outbound traffic from the app server, the connection should work, forgetting that the database's security group must also allow inbound traffic on the specific HANA port.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway is only required for instances to communicate with the internet or with other VPCs via public IPs; it is not needed for communication between two EC2 instances within the same VPC. Option C is wrong because Network ACLs are stateless and, by default, allow all inbound and outbound traffic in a default VPC; even if custom NACLs were used, they would need to explicitly block traffic on the HANA port, which is less common than a missing security group rule. Option D is wrong because the route table in a VPC always includes a local route for the VPC CIDR by default, which enables direct communication between instances in the same VPC without any additional configuration.

249
MCQmedium

An SAP system is experiencing performance issues during peak hours. The SAP application servers are running on EC2 instances behind a Network Load Balancer (NLB). The NLB is configured to use cross-zone load balancing. The issue is that one application server receives significantly more traffic than others. What is the most likely cause?

A.The application servers have different instance sizes, causing the NLB to send more traffic to larger instances
B.The NLB is using round-robin algorithm and one server is slower
C.The flow hash algorithm is causing an uneven distribution of client traffic
D.The health check is failing on the other servers
AnswerC

NLB uses a flow hash based on source IP, port, and protocol; with few clients, distribution can be uneven.

Why this answer

Option D is correct because NLB distributes traffic based on flow hash, which can lead to uneven distribution, especially with fewer flows. Option A is wrong because NLB does not use round-robin. Option B is wrong because NLB does not have a health check that would skew traffic.

Option C is wrong because NLB distributes traffic regardless of instance size.

250
MCQmedium

A company runs SAP HANA on EC2 with EBS io1 volumes. The administrator notices that the disk queue depth is consistently high during peak hours, causing increased latency. The volume is 2 TB with 5000 provisioned IOPS. The instance is an r5.4xlarge with EBS bandwidth of 4750 Mbps. The database workload is write-intensive. The administrator wants to reduce latency without increasing costs significantly. Which action should the administrator take?

A.Increase the provisioned IOPS to 10,000
B.Enable EBS Multi-Attach and use multiple instances to share the volume
C.Change the volume type to gp3 with 5000 IOPS
D.Upgrade the EC2 instance to an r5.8xlarge
AnswerA

Higher IOPS reduces queue depth and latency.

Why this answer

Option A is correct because increasing IOPS to 10,000 will double the IOPS, reducing queue depth. Option B is wrong because changing to gp3 may not provide the same performance. Option C is wrong because instance size increases cost.

Option D is wrong because enabling Multi-Attach does not address queue depth.

251
MCQhard

An SAP on AWS environment is experiencing intermittent connectivity issues between the SAP application servers and the SAP HANA database. Both are in the same VPC but in different Availability Zones. The network team has confirmed that the security groups allow traffic on the required ports. What is a likely cause of the issue?

A.AWS Shield Advanced is blocking legitimate traffic.
B.Network ACLs are misconfigured, blocking return traffic.
C.VPC Flow Logs are enabled and dropping packets.
D.The VPC is using AWS Direct Connect, which adds latency.
AnswerB

NACLs are stateless and must allow both inbound and outbound.

Why this answer

Network ACLs are stateless, meaning they evaluate inbound and outbound traffic separately. Even if inbound rules allow traffic from the SAP application servers to the HANA database, the outbound rules on the database subnet's NACL must explicitly allow the return traffic (ephemeral ports) back to the application servers. Misconfigured outbound rules in the NACL can drop the response packets, causing intermittent connectivity issues between the application and database tiers across Availability Zones.

Exam trap

The trap here is that candidates often assume security groups (which are stateful) are the only firewall layer, forgetting that Network ACLs are stateless and require explicit outbound rules for return traffic, especially when traffic crosses Availability Zones.

How to eliminate wrong answers

Option A is wrong because AWS Shield Advanced is a DDoS protection service that does not block legitimate traffic based on application-layer rules; it only mitigates volumetric attacks and requires explicit configuration to filter traffic. Option C is wrong because VPC Flow Logs are a monitoring feature that captures metadata about IP traffic; they do not drop or block packets. Option D is wrong because AWS Direct Connect provides a dedicated network connection that reduces latency compared to the public internet; it does not add latency and is not the cause of intermittent connectivity within the same VPC.

252
MCQmedium

An SAP system on AWS uses an Application Load Balancer (ALB) to distribute traffic to multiple SAP Web Dispatchers. The system is experiencing intermittent session drops. What is the most likely cause?

A.The ALB is not configured for sticky sessions.
B.The ALB deletion protection is enabled.
C.The ALB health check interval is too short.
D.Cross-zone load balancing is not enabled on the ALB.
AnswerA

Without sticky sessions, subsequent requests may go to different Web Dispatchers, breaking session state.

Why this answer

The ALB operates at Layer 7 and, by default, distributes each request independently across healthy targets. SAP Web Dispatchers maintain user session state (e.g., logon tickets, application context) locally. Without sticky sessions (session affinity) enabled on the ALB, subsequent requests from the same user can be routed to a different Web Dispatcher, causing the new dispatcher to lack the session context and dropping the user's session.

Enabling stickiness based on the ALB-generated cookie ensures all requests from a session are sent to the same Web Dispatcher, preventing these intermittent drops.

Exam trap

The trap here is that candidates often confuse health check intervals or cross-zone load balancing with session persistence, assuming that any routing issue must be caused by target availability or distribution, rather than recognizing that the ALB's default stateless behavior is the root cause of session drops in stateful SAP Web Dispatcher deployments.

How to eliminate wrong answers

Option B is wrong because deletion protection only prevents accidental deletion of the ALB itself; it has no effect on traffic routing or session persistence. Option C is wrong because a health check interval that is too short would cause the ALB to mark targets as unhealthy more aggressively, potentially removing them from rotation, but it would not cause intermittent session drops for requests that reach a healthy target; the described symptom is session affinity loss, not target availability. Option D is wrong because cross-zone load balancing distributes traffic evenly across targets in all Availability Zones, which improves utilization but does not affect session stickiness; without sticky sessions, requests can still be routed to different targets regardless of cross-zone settings.

253
MCQmedium

An SAP administrator notices that the SAP application server on AWS is experiencing high latency when connecting to the SAP HANA database. The database is on a separate EC2 instance in the same VPC. What is the MOST likely cause?

A.Enhanced Networking is not enabled on the EC2 instances.
B.EBS optimization is not enabled on the application server.
C.The HANA database is using a public IP address.
D.The instances are not in a placement group.
AnswerA

Enhanced Networking reduces latency and packet drops.

Why this answer

High latency between an SAP application server and a SAP HANA database in the same VPC is most likely caused by Enhanced Networking not being enabled on the EC2 instances. Enhanced Networking uses the Elastic Network Adapter (ENA) to provide higher bandwidth, higher packet-per-second performance, and consistently lower inter-instance latencies. Without it, network traffic is handled by the Xen or Nitro hypervisor's default driver, which introduces additional overhead and latency, especially under the high-throughput, low-latency requirements of SAP HANA communication.

Exam trap

The trap here is that candidates often confuse EBS optimization (storage I/O) with network performance, or assume that being in the same VPC automatically guarantees low latency, overlooking that Enhanced Networking is a required feature for high-performance workloads like SAP HANA.

How to eliminate wrong answers

Option B is wrong because EBS optimization affects storage I/O performance between the EC2 instance and its attached EBS volumes, not network latency between two EC2 instances. Option C is wrong because using a public IP address would introduce additional routing through the internet gateway and potential NAT overhead, but the question states both instances are in the same VPC, so traffic would still use the local VPC routing unless explicitly configured otherwise; the most likely cause is a missing network performance feature, not a public IP. Option D is wrong because placement groups reduce network latency by ensuring instances are in close physical proximity, but they are not required for low-latency communication; Enhanced Networking is a prerequisite for achieving the lowest latency even within a placement group.

254
Multi-Selecteasy

A company is migrating its SAP ERP system from an on-premises environment to AWS. The database is SAP HANA. The migration must minimize downtime. Which TWO approaches should the company consider?

Select 2 answers
A.Use AWS Database Migration Service (DMS) with full load only.
B.Use VM Import/Export to migrate the entire on-premises virtual machine to AWS.
C.Use the SAP Software Provisioning Manager (SWPM) to perform a homogeneous system copy over the network.
D.Use AWS DMS with full load and ongoing change data capture (CDC).
E.Set up SAP HANA System Replication from the on-premises HANA database to AWS HANA.
AnswersD, E

CDC keeps the target updated with minimal downtime.

Why this answer

Option D is correct because AWS DMS with full load and ongoing change data capture (CDC) enables a near-zero-downtime migration by continuously replicating changes from the source SAP HANA database to the target on AWS after the initial full load, allowing the cutover to occur with minimal disruption. Option E is correct because SAP HANA System Replication provides a native, asynchronous or synchronous replication mechanism that can be configured between the on-premises HANA database and an AWS-hosted HANA instance, supporting a controlled switchover with very low downtime.

Exam trap

The trap here is that candidates often overlook the native SAP HANA System Replication option (E) because they assume only AWS-native services like DMS are valid, or they mistakenly believe that VM Import/Export (B) can achieve minimal downtime without understanding the need for ongoing replication.

255
MCQeasy

A company is planning to run SAP S/4HANA on AWS. They need to ensure that the SAP system can be accessed from the corporate network via a secure VPN connection. Which AWS service should be used to establish this connectivity?

A.AWS Client VPN
B.AWS Transit Gateway
C.AWS Site-to-Site VPN
D.AWS Direct Connect
AnswerC

Provides secure IPsec VPN between corporate network and AWS VPC.

Why this answer

AWS Site-to-Site VPN creates a secure IPsec tunnel between the corporate network's on-premises VPN device and a Virtual Private Gateway (VGW) attached to the VPC hosting the SAP S/4HANA system. This enables encrypted communication over the public internet, meeting the requirement for secure VPN connectivity from the corporate network to the SAP workload.

Exam trap

The trap here is that candidates confuse AWS Client VPN (remote access for individual users) with Site-to-Site VPN (network-to-network connectivity), or assume Transit Gateway alone provides VPN connectivity without understanding it requires a VPN attachment.

How to eliminate wrong answers

Option A is wrong because AWS Client VPN is a managed remote-access VPN service that connects individual clients (e.g., laptops) to AWS, not a site-to-site connection between a corporate network and AWS. Option B is wrong because AWS Transit Gateway is a network transit hub that interconnects VPCs and on-premises networks, but it does not itself establish a VPN connection; it requires a VPN attachment (e.g., Site-to-Site VPN) to connect to the corporate network. Option D is wrong because AWS Direct Connect provides a dedicated private physical connection, not a VPN over the internet, and does not use IPsec encryption by default; it is a separate service for dedicated bandwidth and lower latency, not a VPN solution.

256
MCQeasy

A company is designing a new SAP S/4HANA workload on AWS. Which storage service should be used for the SAP HANA data volume to meet the required throughput and latency for production systems?

A.Amazon EBS io2 Block Express volumes
B.Amazon S3
C.Amazon EFS
D.Amazon EBS gp3 volumes
AnswerA

io2 Block Express provides up to 256K IOPS and low latency, ideal for SAP HANA.

Why this answer

Option B is correct because SAP HANA requires high IOPS and low latency, which is best provided by Amazon EBS io2 Block Express volumes with provisioned IOPS. Option A is wrong because EBS gp3 may not provide sufficient performance for large production HANA systems. Option C is wrong because S3 is object storage, not block storage.

Option D is wrong because EFS is file storage, not block storage.

257
MCQmedium

A company is deploying a new SAP HANA database on AWS and needs to ensure the EBS volumes are optimized for throughput. Which EBS volume type should be used for the HANA data and log volumes?

A.sc1
B.io2 Block Express
C.gp3
D.st1
AnswerB

io2 Block Express offers high performance and is certified for SAP HANA.

Why this answer

The correct answer is D because io2 Block Express volumes provide high throughput, low latency, and are certified for SAP HANA. Option A is incorrect because gp3 is a general-purpose SSD with lower performance. Option B is incorrect because st1 is throughput-optimized but not suitable for databases.

Option C is incorrect because sc1 is cold HDD.

258
Multi-Selectmedium

Which TWO of the following are required for SAP HANA high availability on AWS using HANA System Replication (HSR) with automatic failover? (Select TWO.)

Select 2 answers
A.Application Auto Scaling to automatically scale HANA instances.
B.An Amazon Route 53 health check that monitors the primary instance and updates a DNS record to the secondary IP on failure.
C.An Elastic Load Balancer (ELB) in front of the HANA instances to distribute traffic.
D.Placement of primary and secondary HANA instances in different Availability Zones.
E.An Amazon Route 53 alias record pointing to the primary instance's private IP.
AnswersB, D

Route 53 health checks can be used to update DNS for automatic failover.

Why this answer

Option B is correct because Amazon Route 53 health checks can monitor the primary HANA instance's availability. On failure, a Route 53 failover routing policy automatically updates the DNS record to point to the secondary instance's private IP, enabling clients to reconnect without manual intervention. This is a key component of HANA System Replication (HSR) with automatic failover on AWS.

Exam trap

The trap here is that candidates often confuse load balancers (ELB) with DNS-based failover, but ELBs are stateless and cannot handle HANA's direct client connections or replication state, making Route 53 health checks with failover routing the correct choice for HSR automatic failover.

259
MCQmedium

A company is running SAP on AWS and wants to ensure high availability for SAP Central Services (ASCS) and Enqueue Replication Server (ERS). Which architecture meets this requirement?

A.Deploy ASCS and ERS on the same EC2 instance with S3 replication.
B.Configure Route 53 health checks to switch between two instances in the same AZ.
C.Deploy ASCS and ERS on separate EC2 instances in different Availability Zones, with a Network Load Balancer.
D.Use a single EC2 instance with an S3 bucket for shared storage and Lambda for failover.
AnswerC

Multi-AZ with separate instances and NLB ensures HA.

Why this answer

Option C is correct because SAP Central Services (ASCS) and Enqueue Replication Server (ERS) must run on separate EC2 instances in different Availability Zones to achieve high availability. A Network Load Balancer (NLB) is used to distribute traffic and provide a single endpoint, while the enqueue replication mechanism (enrep) synchronizes the lock table between the two instances, enabling automatic failover without data loss.

Exam trap

The trap here is that candidates often assume ASCS and ERS can be co-located on the same instance or in the same AZ for simplicity, but the PAS-C01 exam explicitly tests the requirement for separate instances in different AZs with an NLB to meet SAP's HA architecture for critical services.

How to eliminate wrong answers

Option A is wrong because deploying ASCS and ERS on the same EC2 instance creates a single point of failure; S3 replication does not provide the low-latency shared storage or enqueue replication required for SAP HA. Option B is wrong because placing both instances in the same Availability Zone does not protect against AZ-level failures, and Route 53 health checks alone cannot handle the rapid, stateful failover required for SAP enqueue replication. Option D is wrong because a single EC2 instance is a single point of failure, S3 is not a supported shared filesystem for SAP (it lacks POSIX semantics and low latency), and Lambda cannot perform the real-time enqueue replication or orchestrate the failover of SAP Central Services.

260
MCQhard

A company is running SAP HANA on AWS using a scale-out architecture with multiple worker nodes. The system is used for real-time analytics. Recently, query performance has degraded. The HANA administrator notices that the data is not evenly distributed across nodes. What is the best course of action?

A.Redistribute the tables across nodes using HANA's table partitioning features.
B.Increase the memory allocation for the HANA database.
C.Add more worker nodes to the scale-out cluster to distribute the load.
D.Upgrade the EC2 instance type of all nodes to a memory-optimized type.
AnswerA

Partitioning and redistribution ensures even data distribution.

Why this answer

HANA scale-out relies on table partitioning and distribution to ensure even data distribution. Redistributing tables using ALTER TABLE with REORGANIZE or reloading data can fix imbalance. Option A (add nodes) may help but does not fix existing imbalance.

Option B (change instance type) is not directly related. Option D (memory) is not the issue. Option C is the targeted fix.

261
MCQhard

An SAP Basis team is designing a high-availability (HA) setup for SAP NetWeaver on AWS. They plan to use a shared file system for transport directories. Which storage solution provides the most cost-effective NFS share with support for automatic failover across Availability Zones?

A.Amazon Elastic File System (EFS)
B.Amazon EBS Multi-Attach gp3 volume
C.Amazon FSx for NetApp ONTAP
D.Amazon S3 with AWS Storage Gateway file gateway
AnswerC

FSx for NetApp ONTAP provides a fully managed NFS share with cross-AZ HA, suitable for SAP transport directories.

Why this answer

Amazon FSx for NetWeaver (FSx for NetApp ONTAP) provides a fully managed NFS share with HA across AZs. Option A is wrong because EFS is a POSIX file system but not specifically optimized for SAP transport directories and may have cost implications. Option B is wrong because EBS can't be mounted across AZs.

Option C is wrong because S3 is object storage, not a file system.

262
MCQeasy

An SAP system administrator needs to ensure that all SAP application logs are centrally collected and monitored for errors. Which AWS service should they use to aggregate logs from multiple EC2 instances?

A.Amazon S3 with server access logs
B.Amazon Kinesis Data Firehose
C.Amazon CloudWatch Logs
D.AWS Lambda to process logs from each instance
AnswerC

CloudWatch Logs with the unified CloudWatch agent can collect and aggregate logs from multiple EC2 instances.

Why this answer

Amazon CloudWatch Logs is the correct service because it provides a centralized, agent-based log aggregation solution. The CloudWatch Logs agent (or unified CloudWatch agent) can be installed on each EC2 instance to automatically collect, encrypt, and stream SAP application logs to a central CloudWatch Logs group. This allows the administrator to monitor logs in real time, set metric filters for error patterns, and trigger alarms without needing to build custom infrastructure.

Exam trap

The trap here is that candidates often confuse Amazon Kinesis Data Firehose as a direct log collector, but it requires a separate data producer and is not an agent-based aggregation service like CloudWatch Logs.

How to eliminate wrong answers

Option A is wrong because Amazon S3 with server access logs only captures HTTP requests made to the S3 bucket itself, not application logs from EC2 instances. Option B is wrong because Amazon Kinesis Data Firehose is a streaming data delivery service that requires a separate producer (e.g., a CloudWatch Logs subscription filter or a custom agent) to send logs; it does not natively collect logs from EC2 instances without additional setup. Option D is wrong because AWS Lambda is a serverless compute service that can process logs but cannot directly aggregate them from multiple EC2 instances; it would need to be triggered by another service (like CloudWatch Logs or S3) and is not designed for continuous log collection.

263
MCQeasy

A company wants to implement a backup strategy for SAP HANA on AWS. The backup must be stored securely and be accessible for restore to a different AWS Region. Which combination of AWS services should be used?

A.Take EBS snapshots and copy them to another region
B.Use AWS Backup with cross-region backup copy
C.Store HANA backups in Amazon S3 Standard-IA
D.Use Amazon S3 Glacier Deep Archive
AnswerB

AWS Backup supports cross-region copies and is integrated with HANA.

Why this answer

AWS Backup with cross-region backup copy is the correct choice because it provides a fully managed, policy-driven backup service that natively supports SAP HANA on Amazon EC2, including automated cross-region copy for disaster recovery. This ensures backups are stored securely (encrypted at rest and in transit) and can be restored in a different AWS Region without manual intervention.

Exam trap

The trap here is that candidates often assume EBS snapshots (Option A) are sufficient for database backups, overlooking the need for application-consistent backups and the managed cross-region replication that AWS Backup provides.

How to eliminate wrong answers

Option A is wrong because EBS snapshots alone do not provide application-consistent backups for SAP HANA; they capture only the block-level state of the volume, which can lead to data corruption if the database is not quiesced. Option C is wrong because storing HANA backups directly in Amazon S3 Standard-IA does not include built-in cross-region copy capabilities, requiring additional custom scripting and infrastructure to replicate backups to another region. Option D is wrong because Amazon S3 Glacier Deep Archive is designed for long-term archival with retrieval times of 12 hours or more, making it unsuitable for operational backups that need to be accessible for restore to a different region within acceptable recovery time objectives (RTOs).

264
MCQeasy

An SAP administrator runs the df command on an SAP HANA server and sees the output above. The /hana/data filesystem is 96% full. Which action should be taken to prevent the database from running out of space?

A.Increase the IOPS of the EBS volume
B.Delete old database logs to free up space
C.Increase the size of the EBS volume and extend the filesystem
D.Migrate the database to a larger instance type
AnswerC

This is the standard procedure to add more disk space.

Why this answer

The filesystem is nearly full. The best action is to increase the size of the EBS volume and then extend the filesystem. Option A is wrong because deleting logs may not be sufficient and could disrupt operations.

Option B is wrong because moving to a new instance requires migration. Option D is wrong because increasing IOPS does not add capacity.

265
MCQmedium

A company is running SAP NetWeaver on AWS and wants to implement a high-availability solution for the SAP Central Services (ASCS). Which AWS service can be used to manage the virtual IP address for failover?

A.Amazon Route 53 with failover routing
B.AWS Global Accelerator
C.Elastic Load Balancer (ELB)
D.Elastic IP address reassignment
AnswerA

Route 53 failover routing can redirect clients to the secondary ASCS.

Why this answer

Amazon Route 53 can be used for DNS-based failover by updating records. Elastic IP can be reassigned, but Route 53 is simpler for multi-AZ scenarios.

266
MCQmedium

A company runs SAP HANA on AWS and needs to restore a database from a backup stored in Amazon S3. The backup was created using the SAP HANA backup to S3 feature (backint). Which AWS service is required to facilitate this restore?

A.AWS Database Migration Service (DMS)
B.AWS Backup
C.AWS Snowball Edge
D.AWS Storage Gateway
AnswerB

AWS Backup can manage and restore SAP HANA databases from S3 backups using backint.

Why this answer

AWS Backup is the correct service because it natively integrates with SAP HANA's backint interface to manage backups stored in Amazon S3. When a backup is created using the SAP HANA backup to S3 feature (backint), AWS Backup provides the necessary orchestration and lifecycle management to restore the database from those S3 objects, including handling the metadata and catalog required for SAP HANA to recognize and apply the backup.

Exam trap

The trap here is that candidates often confuse AWS Backup with generic S3 access or assume that simply having the backup files in S3 is sufficient for a restore, overlooking that SAP HANA requires a backint-compatible service to interpret the backup metadata and execute the restore operation.

How to eliminate wrong answers

Option A is wrong because AWS Database Migration Service (DMS) is designed for migrating databases between engines or to AWS, not for restoring SAP HANA backups created via backint; DMS does not interface with SAP HANA's native backup format or S3-based backint backups. Option C is wrong because AWS Snowball Edge is a physical data transfer device used for large-scale offline data migration, not for facilitating online restore operations from S3 to a running SAP HANA instance. Option D is wrong because AWS Storage Gateway provides on-premises access to cloud storage (e.g., file, volume, tape gateways) but does not integrate with SAP HANA's backint API to orchestrate database restores from S3.

267
MCQhard

An SAP environment on AWS uses a shared /sapmnt file system via Amazon EFS. The company wants to encrypt data at rest for the entire stack. Which services require separate encryption configurations?

A.EBS volumes and EFS file system
B.Application Load Balancer and EFS
C.EFS file system and S3 bucket
D.CloudWatch Logs and EBS volumes
AnswerA

Both require separate encryption enablement.

Why this answer

Option A is correct because EBS volumes, EFS file systems, and RDS databases each have their own encryption settings. Option B is wrong because S3 is not used. Option C is wrong because CloudWatch does not store persistent data.

Option D is wrong because ALB does not store data.

268
MCQeasy

A company is planning to migrate its SAP HANA workload to AWS. The system requires high network throughput and low latency between application and database servers. Which AWS networking feature should be used to meet these requirements?

A.Create a VPC Peering connection between the application and database subnets.
B.Use Elastic Fabric Adapter (EFA) for network connectivity.
C.Use Enhanced Networking on all instances.
D.Place the instances in a Cluster Placement Group.
AnswerD

Cluster Placement Groups provide low-latency, high-bandwidth connectivity between instances.

Why this answer

A Cluster Placement Group (CPG) is a logical grouping of instances within a single Availability Zone that provides low-latency, high-throughput network connectivity by placing them in close physical proximity. For SAP HANA workloads requiring consistent high network throughput and low latency between application and database servers, a CPG ensures that all instances are co-located, minimizing network hops and jitter. This is the correct choice because it directly addresses the need for low-latency, high-bandwidth communication between tightly coupled components.

Exam trap

The trap here is that candidates often confuse Enhanced Networking (which improves individual instance performance) with the co-location benefits of a Cluster Placement Group, failing to recognize that low latency between instances requires physical proximity, not just faster virtualized networking.

How to eliminate wrong answers

Option A is wrong because VPC Peering connects separate VPCs but does not provide any special performance guarantees; it relies on the standard AWS network infrastructure and does not reduce latency or increase throughput between subnets within the same VPC. Option B is wrong because Elastic Fabric Adapter (EFA) is designed for tightly coupled HPC/ML workloads using MPI or NCCL, not for standard SAP HANA traffic, and it requires special OS and application support that SAP does not provide. Option C is wrong because Enhanced Networking (using SR-IOV) improves network performance by providing higher bandwidth and lower jitter compared to traditional virtualized networking, but it does not guarantee the low-latency, high-throughput co-location that a Cluster Placement Group offers; it is a prerequisite but not sufficient alone.

269
MCQeasy

An SAP administrator needs to integrate SAP S/4HANA with Amazon S3 for archival purposes. Which AWS service should be used to enable secure and efficient data transfer from SAP to S3?

A.Amazon Kinesis
B.Amazon Athena
C.AWS Glue
D.AWS DataSync
AnswerD

DataSync is optimized for data transfers to S3.

Why this answer

AWS DataSync is the correct choice because it is purpose-built for efficiently and securely transferring large volumes of data from on-premises or SAP systems to Amazon S3. It automates the transfer process, supports encryption in transit (TLS) and at rest, and can handle the high-throughput requirements of SAP S/4HANA archival jobs without requiring custom scripting or complex network configurations.

Exam trap

The trap here is that candidates often confuse AWS DataSync with AWS Glue or Amazon Kinesis, mistakenly thinking that any data movement to S3 requires an ETL or streaming service, rather than recognizing DataSync as the dedicated, high-performance transfer service for large-scale batch workloads like SAP archiving.

How to eliminate wrong answers

Option A is wrong because Amazon Kinesis is a real-time data streaming service designed for ingesting and processing streaming data (e.g., clickstreams, logs), not for batch archival transfers from SAP S/4HANA to S3. Option B is wrong because Amazon Athena is an interactive query service for analyzing data directly in S3 using SQL, not a data transfer or integration tool. Option C is wrong because AWS Glue is a serverless data integration and ETL service primarily used for preparing and transforming data for analytics, not for direct, efficient bulk data movement from SAP to S3.

270
Multi-Selecthard

Which THREE of the following are valid considerations when designing a SAP landscape on AWS?

Select 3 answers
A.The EBS volumes for HANA data and logs must be provisioned with the correct IOPS and throughput.
B.AWS Managed Services (AMS) is mandatory for running SAP on AWS.
C.The SAPRouter must be configured to allow SAP support access to the AWS environment.
D.An AWS Support plan that includes SAP support is required to get SAP support for AWS-related issues.
E.All SAP instances must be launched in a cluster placement group.
AnswersA, C, D

IOPS and throughput are critical for HANA performance.

Why this answer

Option A is correct because SAP HANA is extremely sensitive to storage performance; EBS volumes for HANA data and log must be provisioned with sufficient IOPS and throughput to meet SAP's documented sizing guidelines. Inadequate IOPS can cause HANA to abort transactions or crash, and AWS allows you to use Provisioned IOPS (io1/io2) or gp3 volumes with custom IOPS and throughput settings to meet these requirements.

Exam trap

The trap here is that candidates often assume AWS Managed Services (AMS) is required for SAP on AWS because of the complexity, but AWS explicitly allows self-managed SAP deployments, and the exam tests knowledge of optional vs. mandatory services.

271
MCQhard

A company is migrating an SAP HANA system from on-premises to AWS. The database size is 3 TB, and the network bandwidth to AWS is 1 Gbps. The migration window is limited to 48 hours. What is the most efficient migration strategy?

A.Set up an AWS Direct Connect connection and use HANA backup and restore
B.Use AWS Database Migration Service (DMS) for continuous replication
C.Use AWS Snowball Edge to transfer the HANA backup
D.Upload the HANA backup to Amazon S3 using multipart upload
AnswerC

Snowball Edge can transfer data offline at high speed.

Why this answer

Option C is correct because AWS Snowball Edge provides high-capacity storage and can transfer data faster than over the network given the bandwidth constraint. Option A is wrong because S3 multipart upload over 1 Gbps would take more than 48 hours. Option B is wrong because DMS is for ongoing replication, not initial load.

Option D is wrong because Direct Connect still limited to 1 Gbps.

272
Multi-Selectmedium

Which TWO AWS services can be used to monitor SAP HANA database performance in real time? (Select TWO.)

Select 2 answers
A.AWS Systems Manager
B.AWS CloudTrail
C.AWS Trusted Advisor
D.Amazon CloudWatch
E.AWS Config
AnswersA, D

Systems Manager can run scripts and collect performance data.

Why this answer

Amazon CloudWatch can ingest HANA metrics via the SAP HANA CloudWatch agent, and AWS Systems Manager can run scripts to collect performance data. AWS Config is for configuration auditing, not performance monitoring.

273
MCQmedium

A company is designing a disaster recovery (DR) strategy for SAP S/4HANA on AWS. The primary site is in us-east-1. They want a secondary site in us-west-2 with a Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 2 hours. Which solution meets these requirements with the LEAST operational overhead?

A.Take hourly backups to S3 and restore in us-west-2 when needed.
B.Use HANA System Replication to us-west-2 with manual failover.
C.Use HANA System Replication in async mode to us-west-2.
D.Use HANA System Replication in sync mode with automatic failover to us-west-2.
AnswerD

Sync mode meets RPO and automated failover meets RTO.

Why this answer

Option D is correct because HANA System Replication in synchronous mode with automatic failover provides the lowest RPO (near-zero data loss) and meets the 15-minute RPO and 2-hour RTO requirements with minimal operational overhead. Automatic failover eliminates manual intervention, reducing recovery time and complexity compared to other options.

Exam trap

The trap here is that candidates often choose async mode (Option C) thinking it is sufficient for a 15-minute RPO, but they overlook that async mode can lose data and does not include automatic failover, which increases operational overhead and risks exceeding the RTO.

How to eliminate wrong answers

Option A is wrong because hourly backups to S3 cannot achieve a 15-minute RPO (backups are taken only once per hour) and restoring from S3 would take significantly longer than 2 hours, failing both RPO and RTO. Option B is wrong because HANA System Replication with manual failover introduces human intervention, which typically exceeds the 2-hour RTO due to detection and execution delays, and does not meet the 'least operational overhead' requirement. Option C is wrong because HANA System Replication in async mode can achieve a 15-minute RPO but may lose data during a failover if the primary fails before the last asynchronous replication completes; however, the primary issue is that it does not include automatic failover, so recovery still requires manual steps, increasing operational overhead and potentially exceeding the 2-hour RTO.

274
MCQmedium

A company has deployed an SAP HANA database on AWS using a single EC2 instance with EBS volumes. The database is used for a critical SAP system. The company needs to ensure that the database can be restored to a point in time within the last 24 hours with minimal data loss. The administrator currently takes nightly EBS snapshots of the data and log volumes. However, recent tests show that recovery to a specific point in time (e.g., one hour ago) is not possible because the log volume is not backed up frequently enough. The administrator must implement a solution that allows point-in-time recovery with a recovery point objective (RPO) of 15 minutes. Which solution should the administrator implement?

A.Create EBS snapshots of the log volume every 15 minutes using a cron job
B.Use Amazon Data Lifecycle Manager (DLM) to schedule snapshots of the log volume every 15 minutes
C.Configure SAP HANA Backint agent to back up log files to Amazon S3 every 15 minutes
D.Enable EBS Multi-Attach on the log volume and attach it to a second instance to replicate logs
AnswerC

Backint can stream log backups to S3 with minimal overhead, enabling point-in-time recovery.

Why this answer

Option B is correct because using SAP HANA Backint to stream logs to S3 every 15 minutes allows point-in-time recovery. Option A is wrong because EBS snapshots of log volumes every 15 minutes are costly and may cause I/O spikes. Option C is wrong because enabling Multi-Attach does not address backup.

Option D is wrong because DLM automates snapshot creation but still has the same cost and performance issues.

275
Multi-Selecteasy

Which TWO of the following are best practices for running SAP HANA on AWS? (Choose 2)

Select 2 answers
A.Stop HANA instances when not in use to save costs
B.Use general-purpose instances (e.g., t3) to reduce costs
C.Use separate EBS volumes for HANA data and log files
D.Use EBS-optimized instances for dedicated EBS bandwidth
E.Launch all HANA instances in a single placement group
AnswersC, D

Avoids I/O contention.

Why this answer

Options A and D are correct. A: EBS-optimized instances ensure dedicated network bandwidth for EBS. D: Separate EBS volumes for log and data help avoid I/O contention.

B is wrong because placement groups reduce network latency but may limit instance diversity. C is wrong because memory-optimized instances are recommended for HANA. E is wrong because stopping instances loses memory data; HANA requires persistent storage.

276
Multi-Selecthard

Which THREE considerations are important when designing a disaster recovery (DR) strategy for SAP on AWS?

Select 3 answers
A.Use EBS snapshots in the same Region for recovery
B.Copy Amazon Machine Images (AMIs) to the DR Region
C.Define Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
D.Use cross-Region replication for SAP HANA database backups
E.Deploy all SAP resources in a single AWS Region
AnswersB, C, D

Pre-built AMIs allow quick instance launch in DR.

Why this answer

Amazon Machine Images (AMIs) must be copied to the DR Region to ensure that the exact EC2 instance configuration, including the operating system, SAP application binaries, and any custom patches, is available for recovery. Without copying AMIs, you cannot launch identical instances in the DR Region, which is essential for a consistent SAP environment.

Exam trap

The trap here is that candidates often assume EBS snapshots in the same Region are sufficient for DR, but they fail to recognize that true DR requires cross-Region replication of both AMIs and database backups to meet RTO and RPO objectives.

277
MCQeasy

An SAP system is running on AWS with an SAP HANA database. The administrator needs to back up the HANA database to Amazon S3. Which AWS service or feature should be used to perform efficient incremental backups?

A.AWS Backup with the SAP HANA backup plan
B.Amazon S3 Transfer Acceleration
C.AWS Storage Gateway with volume gateway
D.Amazon EBS snapshots of the HANA data volumes
AnswerA

AWS Backup integrates with SAP HANA to perform incremental backups to S3.

Why this answer

Option A is correct. AWS Backup supports SAP HANA with incremental backups to S3. Option B is wrong because EBS snapshots are for volumes, not database-level backups.

Option C is wrong because AWS Storage Gateway is for on-premises integration. Option D is wrong because S3 Transfer Acceleration speeds up uploads but does not manage backups.

278
Multi-Selectmedium

Which THREE of the following are valid methods to secure network traffic between SAP application servers and the SAP HANA database on AWS? (Choose three.)

Select 3 answers
A.Use VPC peering to connect different VPCs securely.
B.Use AWS Direct Connect to encrypt traffic.
C.Use network ACLs to control traffic at the subnet level.
D.Use security groups to restrict traffic between instances.
E.Use AWS Shield to encrypt traffic.
AnswersA, C, D

VPC peering enables private connectivity.

Why this answer

Options A, B, and D are correct. A is correct because security groups act as a virtual firewall. B is correct because NACLs provide stateless filtering at the subnet level.

D is correct because VPC peering enables secure connectivity. C is incorrect because AWS Shield is for DDoS protection, not network traffic security. E is incorrect because Direct Connect is for connectivity, not security.

279
MCQmedium

A company is migrating an SAP ECC system to AWS and needs to ensure low-latency connectivity between the application server and the database server. Both servers will be in the same VPC but different subnets. Which configuration best minimizes latency?

A.Place the servers in different placement groups but the same Availability Zone
B.Use a cluster placement group spanning two Availability Zones
C.Place the servers in different Availability Zones but within the same region
D.Place the servers in the same placement group and the same Availability Zone
AnswerD

Same placement group and AZ ensures physical proximity and low latency.

Why this answer

Placing both servers in the same placement group and same Availability Zone ensures physical proximity, reducing network latency. Option A is wrong because different AZs introduce cross-AZ latency. Option C is wrong because a placement group can span AZs but that adds latency.

Option D is wrong because cluster placement groups are for HPC, not necessary for SAP.

280
Multi-Selectmedium

A company is designing an SAP HANA disaster recovery solution on AWS across two regions. Which TWO actions meet the requirement of a Recovery Point Objective (RPO) of less than 5 minutes?

Select 2 answers
A.Set up AWS Database Migration Service (DMS) with ongoing replication from the primary to the DR region.
B.Use Amazon S3 Cross-Region Replication to copy HANA data files to the DR region every minute.
C.Schedule a script to run every minute that exports HANA data and uploads to S3 in the DR region.
D.Implement SAP HANA System Replication with asynchronous replication to the DR region.
E.Configure automated nightly snapshots of the HANA database and copy them to the DR region using AWS Backup.
AnswersA, D

AWS DMS with ongoing replication can achieve sub-5-minute RPO by continuously replicating changes.

Why this answer

Option A is correct because AWS Database Migration Service (DMS) with ongoing replication can continuously capture and apply changes from the SAP HANA source database to a target in the DR region, achieving sub-5-minute RPO by replicating transactions in near real-time. Option D is correct because SAP HANA System Replication with asynchronous mode replicates data at the database level, typically achieving RPO of seconds to a few minutes, well under the 5-minute requirement.

Exam trap

The trap here is that candidates may confuse S3 Cross-Region Replication or scripted exports as viable for low RPO, not realizing that these methods cannot provide the continuous, transactional consistency required for SAP HANA disaster recovery.

281
Multi-Selectmedium

A company is designing an SAP system on AWS with SAP HANA as the database. The system must be highly available across multiple Availability Zones. Which TWO actions should the company take to meet this requirement?

Select 2 answers
A.Configure SAP HANA System Replication (HSR) in synchronous mode
B.Perform periodic EBS snapshots and restore in another AZ
C.Use Amazon S3 cross-region replication for the database files
D.Set up a Pacemaker cluster to automate failover between primary and secondary
E.Use manual failover by changing DNS records
AnswersA, D

HSR provides real-time replication to a secondary instance in another AZ.

Why this answer

Options A and B are correct. A: HANA System Replication is the primary method for synchronous replication across AZs. B: A Pacemaker cluster manages automatic failover.

Option C is wrong because manual failover is not HA. Option D is wrong because EBS snapshots are not real-time. Option E is wrong because S3 replication is not for database.

282
MCQeasy

A company is migrating an SAP ERP system on Oracle to SAP HANA on AWS. The migration requires near-zero downtime. The company has a test environment that can be used for the migration rehearsal. The SAP HANA database will be 3 TB. Which migration approach should the company use to achieve near-zero downtime?

A.Use AWS Database Migration Service (DMS) for ongoing replication.
B.Perform a full backup of the Oracle database and restore to SAP HANA.
C.Use SAP Software Update Manager (SUM) with Database Migration Option (DMO).
D.Use SAP HANA Studio to export the Oracle schema and import into HANA.
AnswerC

DMO supports near-zero downtime migration.

Why this answer

SAP Software Update Manager (SUM) with Database Migration Option (DMO) is the correct approach because it combines the SAP system upgrade and the migration from Oracle to SAP HANA into a single process, leveraging SAP's own tools to minimize downtime. DMO uses a trigger-based replication mechanism that can achieve near-zero downtime by keeping the source Oracle database and target SAP HANA database synchronized during the migration window, which is critical for a 3 TB database where traditional backup-restore would exceed downtime limits.

Exam trap

The trap here is that candidates often assume AWS DMS is the universal tool for any database migration to AWS, but for SAP HANA migrations, the certified and supported approach is SAP's own DMO tool, not a generic AWS service.

How to eliminate wrong answers

Option A is wrong because AWS Database Migration Service (DMS) does not support SAP HANA as a target for ongoing replication from Oracle in a certified SAP migration scenario; DMS is designed for homogeneous or heterogeneous database migrations but lacks the SAP-specific schema and application-level consistency required for SAP workloads. Option B is wrong because performing a full backup of the Oracle database and restoring to SAP HANA would require a significant downtime window to complete the backup transfer and restore, which cannot achieve near-zero downtime for a 3 TB database. Option D is wrong because using SAP HANA Studio to export the Oracle schema and import into HANA is a manual, offline process that does not support ongoing replication or near-zero downtime; it would require the source system to be stopped during the export and import phases.

283
MCQeasy

A company wants to run SAP S/4HANA on AWS and needs to ensure that the SAP application and database are deployed according to AWS best practices. Which deployment method should they use?

A.Manual deployment using EC2 and RDS
B.AWS Launch Wizard for SAP
C.AWS Quick Start for SAP
D.AWS CloudFormation with custom templates
AnswerB

Launch Wizard automates SAP deployment following AWS best practices.

Why this answer

AWS Launch Wizard for SAP is the correct deployment method because it provides a guided, best-practice-based deployment experience specifically for SAP S/4HANA, automatically provisioning EC2 instances, storage, and networking while validating SAP requirements such as kernel compatibility, sizing, and high availability. It reduces manual effort and errors by integrating directly with AWS services like Amazon EBS and Elastic Load Balancing, ensuring compliance with SAP on AWS best practices.

Exam trap

The trap here is that candidates often confuse AWS Quick Start for SAP with a guided deployment tool, but Quick Start only provides static templates without the real-time validation and optimization that Launch Wizard offers for SAP-specific workloads.

How to eliminate wrong answers

Option A is wrong because manual deployment using EC2 and RDS is not supported for SAP S/4HANA; SAP requires a certified database (e.g., SAP HANA or ASE) and RDS does not support SAP HANA, making this option technically invalid. Option C is wrong because AWS Quick Start for SAP provides reference architectures and CloudFormation templates but is not a guided deployment wizard; it requires manual configuration and does not perform real-time validation of SAP-specific parameters like SAPS sizing or high-availability setup. Option D is wrong because AWS CloudFormation with custom templates, while powerful, lacks the built-in SAP validation and optimization logic of Launch Wizard; users must manually ensure compliance with SAP on AWS best practices, increasing risk of misconfiguration.

284
Multi-Selecthard

A company is designing a highly available SAP NetWeaver AS ABAP environment on AWS with a 2-node ASCS/ERS cluster. Which TWO of the following must be configured to ensure a successful failover? (Choose 2)

Select 2 answers
A.An AWS ASW (Automated SAP Workload) service
B.Amazon EBS io1 volumes with Multi-Attach enabled for the database
C.A shared file system (e.g., Amazon EFS) for /sapmnt
D.Each node must have its own /usr/sap/<SID>/ASCS and /usr/sap/<SID>/ERS directory on instance store
E.A virtual IP address (VIP) using Route53 health checks or the AWS CLI
AnswersC, E

Required for shared profile data.

Why this answer

Options A and D are correct. A: A shared file system (e.g., EFS) is needed for /sapmnt. D: A virtual IP via Route53 or AWS CLI is required for client reconnection.

B is wrong because EBS Multi-Attach is not supported for io1 volumes with Linux. C is wrong because each node needs its own instance store or EBS for local data. E is wrong because ASW is not an AWS service.

285
Multi-Selecthard

Which THREE storage options are supported for SAP HANA data files on AWS? (Select THREE.)

Select 3 answers
A.Amazon EFS
B.NVMe instance store SSDs on i3en instances
C.Amazon EBS gp3 volumes with sufficient IOPS
D.Amazon EBS io2 Block Express volumes
E.Amazon S3
AnswersB, C, D

Instance store is supported on certified instances.

Why this answer

SAP HANA supports EBS io2, EBS gp3 (with sufficient IOPS), and NVMe instance store on certified instances. EFS and S3 are not supported for HANA data files.

286
MCQmedium

A company runs SAP ERP on AWS with an Oracle database on an r5.4xlarge instance. The system experiences performance degradation during month-end closing. Monitoring shows high CPU and I/O wait on the database server. The storage is EBS gp2 volumes. The company plans to migrate to SAP HANA in the future. What immediate change should be made to improve performance?

A.Implement AWS RDS Oracle read replicas to offload reporting queries.
B.Migrate the database to SAP HANA immediately to improve performance.
C.Change the EBS volumes from gp2 to gp3 to improve I/O performance and throughput.
D.Increase the EC2 instance size to r5.8xlarge to provide more CPU and memory.
AnswerC

gp3 offers more consistent performance and higher throughput at lower cost than gp2.

Why this answer

Switching from gp2 to gp3 provides better baseline performance and higher throughput at lower cost. Option A (increase instance size) might help but is more expensive. Option C (add read replicas) is for RDS, not self-managed Oracle.

Option D (migrate to HANA) is a longer-term solution, not immediate. Option B is the most immediate and cost-effective change.

287
MCQhard

A company is running SAP S/4HANA on AWS. The SAP application servers and database are in the same VPC. The security team requires encryption in transit between all SAP components. Which combination of services and configurations meets this requirement?

A.Use AWS Transit Gateway with encryption enabled.
B.Enable SAP SNC with TLS certificates on all SAP instances.
C.Use AWS VPN to connect all SAP instances to a single endpoint.
D.Create a VPC peering connection between the application and database subnets.
AnswerB

SNC encrypts SAP-specific communications.

Why this answer

Option B is correct because SAP SNC (Secure Network Communications) with TLS certificates provides end-to-end encryption for communication between SAP components, including application servers and databases, regardless of network topology. Since all SAP components reside in the same VPC, the encryption requirement is satisfied at the application layer without relying on network-level encryption. SNC ensures that data in transit between SAP systems is encrypted using X.509 certificates, meeting the security team's mandate.

Exam trap

The trap here is that candidates often assume network-level encryption services like Transit Gateway or VPN are required for in-transit encryption, but the question specifically requires encryption between SAP components, which is natively achieved through SAP SNC at the application layer, not through AWS networking features.

How to eliminate wrong answers

Option A is wrong because AWS Transit Gateway is a network transit hub for routing traffic between VPCs and on-premises networks, but it does not natively encrypt traffic between resources within the same VPC; encryption would require additional VPN or TLS configurations. Option C is wrong because AWS VPN creates an encrypted tunnel between a VPC and an external network, but it does not encrypt traffic between SAP components within the same VPC; using it to connect all instances to a single endpoint would add unnecessary complexity and latency without addressing internal encryption. Option D is wrong because VPC peering connects subnets or VPCs at Layer 3 without providing any encryption; traffic between peered subnets remains unencrypted unless additional measures like TLS are applied.

288
Multi-Selectmedium

A company is planning to run SAP HANA on AWS. Which TWO of the following are required to ensure the system is supported by SAP? (Choose TWO.)

Select 2 answers
A.Place all instances in a cluster placement group
B.Use only EBS io2 Block Express volumes for all HANA data
C.Use an operating system that is on the SAP HANA supported OS list
D.Enable termination protection on all instances
E.Use an SAP-certified EC2 instance type
AnswersC, E

SAP requires specific OS versions.

Why this answer

Option C is correct because SAP requires the operating system to be listed on the SAP HANA supported OS list. Running an unsupported OS violates SAP's support policy and can lead to denial of support for the entire HANA system.

Exam trap

The trap here is that candidates often confuse operational best practices (like placement groups or termination protection) with mandatory SAP support requirements, leading them to select options that are not explicitly required by SAP.

289
Multi-Selecteasy

Which TWO of the following are valid storage options for SAP HANA data files on AWS?

Select 2 answers
A.Amazon EBS gp3 volumes with sufficient IOPS
B.Amazon S3
C.Amazon EBS io2 Block Express volumes
D.Instance Store volumes
E.Amazon EFS
AnswersA, C

gp3 can be provisioned with adequate IOPS.

Why this answer

Amazon EBS gp3 volumes are a valid storage option for SAP HANA data files because they provide consistent baseline performance of 3,000 IOPS and 125 MB/s throughput, with the ability to provision additional IOPS independently of storage capacity. SAP HANA requires high IOPS and low latency for its data persistence layer, and gp3 volumes meet these requirements when configured with sufficient IOPS, making them a cost-effective choice for many HANA workloads on AWS.

Exam trap

The trap here is that candidates often confuse Amazon S3 or EFS as viable storage for SAP HANA data files because they are durable and scalable, but they fail to recognize that HANA requires block-level storage with low latency and high IOPS that only EBS volumes can provide.

290
MCQmedium

A company is planning to migrate its SAP ECC system to SAP S/4HANA on AWS. The current system uses an IBM Db2 database on-premises. The target system will use SAP HANA as the database. The company wants to perform the migration with minimal downtime. Which tool or method should be used?

A.Use IBM Db2 native tools to export the database and import into HANA.
B.Use AWS Database Migration Service (DMS) to replicate data from Db2 to HANA.
C.Use SAP Software Update Manager (SUM) with the Database Migration Option (DMO).
D.Use SAP Landscape Transformation (SLT) to replicate data in real-time.
AnswerC

SUM with DMO supports migration from Db2 to HANA with minimal downtime.

Why this answer

SAP provides the Software Update Manager (SUM) with Database Migration Option (DMO) that supports migration from Db2 to HANA. Option A (IBM tools) are not applicable. Option B (AWS DMS) does not support Db2 to HANA well.

Option C (SAP LT) is for ongoing replication, not one-time migration. Option D is correct.

291
Multi-Selecthard

Which THREE security best practices should be implemented for SAP systems on AWS? (Choose three.)

Select 3 answers
A.Disable SSH key pair access and use only password authentication.
B.Use security groups to restrict inbound and outbound traffic to SAP systems.
C.Deploy all SAP systems in a single VPC for simplified management.
D.Use IAM roles for EC2 instances to access AWS services.
E.Enable encryption at rest for all EBS volumes used by SAP.
AnswersB, D, E

Security groups provide stateful filtering.

Why this answer

Security groups act as a virtual firewall for EC2 instances, controlling inbound and outbound traffic at the instance level. For SAP systems, this is critical to restrict access to only necessary ports (e.g., 3200 for SAP Application Server, 36xx for SAProuter, 443 for HTTPS) and trusted IP ranges, reducing the attack surface. Unlike network ACLs, security groups are stateful, meaning return traffic is automatically allowed, simplifying rule management for SAP communication flows.

Exam trap

The trap here is that candidates may confuse security groups with network ACLs or assume that a single VPC simplifies management, but AWS best practices emphasize isolation and least privilege for SAP workloads, not consolidation.

292
Multi-Selecthard

Which THREE of the following are valid considerations when designing an SAP HANA backup strategy on AWS?

Select 3 answers
A.Use EBS snapshots for backing up HANA data volumes.
B.Store backups in Amazon S3 for long-term retention.
C.Use the AWS Backint agent for SAP HANA to back up to S3.
D.Back up HANA data directly to Amazon S3 using standard tools.
E.Replicate backups to another AWS Region using S3 Cross-Region Replication.
AnswersA, B, C

EBS snapshots are a valid backup method.

Why this answer

Option A is correct because EBS snapshots provide a consistent, point-in-time backup of HANA data volumes when the database is in backup mode (e.g., using hdbsql to create a snapshot). This method is supported by SAP and AWS, and it allows for fast recovery by restoring the entire volume without needing to replay transaction logs from a separate backup.

Exam trap

The trap here is that candidates may assume any S3-based backup method (like direct copy) is valid, but AWS and SAP require certified tools (Backint or snapshot integration) to guarantee HANA consistency and supportability.

293
Multi-Selectmedium

Which TWO of the following are required when integrating SAP HANA with AWS Direct Connect for hybrid connectivity?

Select 2 answers
A.A Public Virtual Interface to access the VPC.
B.A Virtual Private Gateway attached to the VPC.
C.A Direct Connect Gateway for the connection.
D.BGP peering between on-premises router and AWS router.
E.A VPN tunnel between on-premises and AWS.
AnswersB, D

VGW is required for Direct Connect private VIF.

Why this answer

A Virtual Private Gateway (VGW) is required to attach the VPC to the Direct Connect connection, enabling private IP traffic between on-premises and the VPC. Without a VGW, the Direct Connect virtual interface cannot terminate within the VPC, making hybrid connectivity impossible for SAP HANA workloads that require low-latency, private network paths.

Exam trap

The trap here is that candidates confuse a Public Virtual Interface with a Private Virtual Interface, assuming any Direct Connect interface can reach the VPC, but only a Private Virtual Interface combined with a VGW provides private VPC access.

294
MCQeasy

A company runs SAP ERP on AWS using an Oracle database. To meet disaster recovery requirements, they need to replicate the database to a second AWS Region with low RPO. Which AWS service should be used for continuous, asynchronous replication of the Oracle database?

A.Copy the EC2 instance with the Oracle database as an AMI to the DR Region.
B.AWS Database Migration Service (DMS) with ongoing replication from the source Oracle database to a target Oracle database in the DR Region.
C.Amazon S3 Cross-Region Replication (CRR) to replicate database backups.
D.Amazon RDS for Oracle Read Replicas in the DR Region.
AnswerB

DMS supports continuous replication with low RPO.

Why this answer

Option A is correct because AWS DMS with ongoing replication can continuously replicate Oracle data to another Region with low latency. Option B is wrong because S3 Cross-Region Replication is for objects, not databases. Option C is wrong because RDS for Oracle Read Replicas only work within the same Region.

Option D is wrong because EC2 AMI copy is not continuous.

295
Multi-Selecteasy

A company is planning to run SAP NetWeaver on AWS and needs to ensure that the architecture supports high availability for the application layer. Which TWO components are essential for an HA SAP NetWeaver application server setup? (Choose TWO.)

Select 2 answers
A.Amazon ElastiCache for session management
B.Multiple EC2 instances in different Availability Zones
C.A single large EC2 instance for all application servers
D.An Application Load Balancer to distribute traffic
E.Amazon RDS for database layer
AnswersB, D

Multiple instances across AZs provide failover capability.

Why this answer

For high availability of the SAP NetWeaver application layer, you need multiple EC2 instances distributed across different Availability Zones (AZs) to eliminate a single point of failure. An Application Load Balancer (ALB) is essential to distribute incoming traffic across these instances and perform health checks, ensuring that if one instance or AZ fails, traffic is routed to healthy instances. This combination provides fault tolerance and automatic failover for the SAP application servers.

Exam trap

The trap here is that candidates often confuse the database layer (RDS) or caching services (ElastiCache) as part of the application layer HA, when in fact the core requirement is multiple EC2 instances across AZs and a load balancer to distribute traffic.

296
MCQmedium

An SAP customer is using AWS KMS to encrypt EBS volumes for an SAP HANA database. The database administrator reports that the database is slow after enabling encryption. What is the MOST likely cause?

A.The KMS key is not rotated frequently enough.
B.The KMS API request rate limit is being exceeded, causing throttling.
C.The EBS volume is not using the correct instance type for encrypted volumes.
D.The KMS key is using a symmetric algorithm that degrades CPU performance.
AnswerB

High request rate can cause throttling and delays.

Why this answer

When EBS volumes are encrypted, every I/O operation to the volume must call AWS KMS to decrypt the data key. If the database workload generates a high rate of these requests, it can exceed the KMS API request rate limit (default 5,500 requests per second per Region for symmetric keys), causing throttling and increased latency. This is the most likely cause of the observed slowdown after enabling encryption.

Exam trap

The trap here is that candidates often attribute performance degradation to CPU overhead from encryption algorithms, but AWS KMS throttling is the real bottleneck because EBS encryption relies on API calls for key decryption, not on-instance cryptographic processing.

How to eliminate wrong answers

Option A is wrong because KMS key rotation does not affect the performance of ongoing encryption/decryption operations; it only changes the backing key used for new data, and the old key remains available for decryption. Option C is wrong because there is no 'correct instance type for encrypted volumes' — all EBS volume types and instance types support encryption without inherent performance degradation from the instance itself. Option D is wrong because symmetric encryption algorithms (like AES-256 used by KMS) are hardware-accelerated on modern AWS instances (e.g., using Intel AES-NI) and do not degrade CPU performance; the slowdown is due to API call throttling, not CPU overhead.

297
MCQhard

A company runs SAP Business Suite on AWS with an Oracle database. The database is stored on Amazon EBS volumes. The architect wants to implement a backup strategy that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 2 hours. Which solution is the most cost-effective?

A.Maintain a standby Oracle database in another Availability Zone using Oracle Data Guard
B.Use Oracle Recovery Manager (RMAN) to back up to Amazon S3 every 15 minutes
C.Take EBS snapshots of the database volumes every 15 minutes and store them in Amazon S3
D.Use AWS Database Migration Service (DMS) with ongoing replication to a separate EC2 instance
AnswerC

EBS snapshots are incremental and cost-effective; automation can achieve 15-minute RPO.

Why this answer

Option C is the most cost-effective because EBS snapshots are incremental, storing only changed blocks, and can be automated via Amazon Data Lifecycle Manager to meet a 15-minute RPO. Restoring from an EBS snapshot to a new volume typically completes within minutes, easily satisfying the 2-hour RTO, and there are no ongoing compute costs for a standby instance or replication server.

Exam trap

The trap here is that candidates often assume a standby database (Data Guard) or continuous replication (DMS) is required for low RPO/RTO, overlooking that EBS snapshots taken every 15 minutes can achieve the same RPO at a fraction of the cost without ongoing compute overhead.

How to eliminate wrong answers

Option A is wrong because maintaining a standby Oracle database with Oracle Data Guard requires a second EC2 instance and additional EBS storage, incurring continuous compute and storage costs that are not cost-effective compared to snapshot-based backups. Option B is wrong because using RMAN to back up to Amazon S3 every 15 minutes would require frequent full or incremental backups that consume significant CPU and I/O on the database server, and RMAN backups to S3 typically involve higher latency and cost per backup than native EBS snapshots. Option D is wrong because AWS DMS with ongoing replication requires a separate replication instance and target EC2 instance, incurring ongoing costs and complexity, and is designed for migration rather than as a primary backup strategy for an Oracle database on EBS.

298
Multi-Selectmedium

A company is designing a disaster recovery solution for SAP HANA on AWS. The primary site is in us-east-1, and the DR site is in us-west-2. Which TWO strategies can be used to replicate HANA data to the DR region? (Choose TWO.)

Select 2 answers
A.Use AWS Database Migration Service (DMS) for ongoing replication
B.Use SAP HANA System Replication (HSR) with ASYNC mode
C.Copy EBS snapshots to the DR region using AWS CLI
D.Configure S3 Cross-Region Replication for HANA data files
E.Use AWS CloudEndure Disaster Recovery
AnswersA, B

DMS can perform continuous replication to a target database in DR.

Why this answer

Options A and C are correct. SAP HANA System Replication can be configured across regions for continuous replication. AWS DMS can also replicate data to a target database in another region.

Option B is wrong because EBS snapshots are not real-time and require manual copying. Option D is wrong because S3 Cross-Region Replication is for objects, not block storage. Option E is wrong because CloudEndure is for server migration, not HANA replication.

299
MCQhard

An SAP system administrator needs to monitor the memory usage of SAP HANA on AWS. Which CloudWatch metric or log should be used to track HANA memory consumption?

A.CloudWatch Logs from HANA trace files
B.SAP HANA CloudWatch integration via SQL queries
C.EC2 instance-level memory metrics
D.AWS CloudWatch Agent for OS metrics
AnswerB

HANA exposes memory metrics via SQL, which can be sent to CloudWatch.

Why this answer

Option B is correct because SAP HANA exposes memory consumption metrics via built-in SQL views (e.g., M_HOST_MEMORY, M_MEMORY), and the SAP HANA CloudWatch integration uses a dedicated AWS Lambda function to execute these SQL queries and push the results as custom CloudWatch metrics. This is the only option that directly captures HANA-specific memory usage, such as allocation limit, used memory, and heap memory, rather than generic OS-level metrics.

Exam trap

The trap here is that candidates often confuse OS-level memory metrics (which require the CloudWatch Agent) with HANA-specific memory metrics, not realizing that HANA’s internal memory management (e.g., column store, row store, heap) is only accessible through its SQL views, not through standard OS monitoring tools.

How to eliminate wrong answers

Option A is wrong because HANA trace files contain diagnostic logs (e.g., error traces, SQL traces) but do not expose structured, real-time memory consumption metrics suitable for CloudWatch monitoring. Option C is wrong because EC2 instance-level memory metrics are not available by default in CloudWatch; they require the CloudWatch Agent or a custom script, and even then they report OS-level memory (e.g., RAM usage) rather than HANA-specific memory allocation. Option D is wrong because the AWS CloudWatch Agent for OS metrics collects operating system metrics (e.g., memory utilization, disk I/O) from the EC2 instance, but it cannot query SAP HANA’s internal memory views or provide HANA-specific memory consumption data.

300
Drag & Dropmedium

Drag and drop the steps to implement disaster recovery for SAP S/4HANA using AWS Elastic Disaster Recovery (DRS) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

DRS involves agent installation, configuration, testing, recovery initiation, and post-recovery steps.

← PreviousPage 4 of 7 · 462 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Design of SAP Workloads on AWS questions.