Back to AWS Certified SAP on AWS Specialty PAS-C01 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise AWS Certified SAP on AWS Specialty PAS-C01 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
PAS-C01
exam code
Amazon Web Services
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related PAS-C01 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Read the full NAT/PAT explanation →

A company is using AWS Systems Manager Patch Manager to patch a fleet of EC2 instances. The instances are in a patch group and have the SSM Agent installed. After a patching operation, the operations team notices that some instances did not apply the patches. The instances show a status of 'Failed' in the Patch Manager console. Which TWO steps should the team take to troubleshoot and resolve the issue? (Choose TWO.)

Question 2mediumdrag order
Full question →

Drag and drop the steps to troubleshoot an SAP HANA database connection failure from an SAP application in AWS into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 3easymultiple choice
Full question →

A company runs a production EC2 instance that experiences intermittent connectivity issues. The instance is part of an Auto Scaling group behind an Application Load Balancer. Which step should be taken FIRST to diagnose the issue?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A company uses AWS Systems Manager Patch Manager to patch a fleet of EC2 instances. After a recent patching operation, some instances failed with the error 'Unable to retrieve patch baseline'. The instances are in a private subnet with a VPC endpoint for SSM. What is the MOST likely cause?

Question 5hardmultiple choice
Full question →

A company uses AWS Config to record resource changes and evaluate rules. Recently, the compliance status of an S3 bucket rule changed from COMPLIANT to NON_COMPLIANT. The operations team investigates and finds that the bucket policy was modified. What is the MOST efficient way to identify who made the change and the exact time?

Question 6easymultiple choice
Full question →

A DevOps engineer is troubleshooting an AWS CodePipeline that fails at the Deploy stage. The pipeline deploys a static website to an S3 bucket configured for website hosting. The error message indicates 'Access Denied' when the pipeline tries to upload files. Which IAM policy should be attached to the CodePipeline service role to resolve this?

Question 7hardmultiple choice
Full question →

A company uses AWS CloudFormation to manage infrastructure. During an update, a stack fails to roll back and is left in UPDATE_ROLLBACK_FAILED state. The stack contains a DynamoDB table and a Lambda function. The operations team needs to fix the stack with minimal disruption. What should they do?

Question 8mediummultiple choice
Full question →

A security engineer is troubleshooting an issue where a cross-account IAM role (arn:aws:iam::123456789012:role/CrossAccountRole) is unable to upload objects to an S3 bucket (my-bucket) owned by another account. The bucket policy is shown above. What is the MOST likely reason for the failure?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/CrossAccountRole"
      },
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/logs/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}
```
Question 9hardmultiple choice
Read the full NAT/PAT explanation →

A systems administrator is troubleshooting an SAP HANA database that runs on an EC2 instance. The exhibit shows the block device mappings of the EC2 instance. The administrator needs to ensure that the data volumes (/dev/sdf and /dev/sdg) are not accidentally terminated when the instance is terminated. However, the administrator also wants to take a nightly snapshot of these volumes using AWS Backup. Which of the following is a potential issue with the current configuration?

Network Topology
# aws ec2 describe-instancesinstance-ids i-0a1b2c3d4e5f67890query 'Reservations[0].Instances[0].BlockDeviceMappings'Refer to the exhibit.```"DeviceName": "/dev/xvda","Ebs": {"AttachTime": "2023-08-01T10:00:00.000Z","DeleteOnTermination": true,"Status": "attached","VolumeId": "vol-0abcdef1234567890"},"DeviceName": "/dev/sdf","AttachTime": "2023-08-01T10:05:00.000Z","DeleteOnTermination": false,"VolumeId": "vol-0abcdef1234567891""DeviceName": "/dev/sdg","VolumeId": "vol-0abcdef1234567892"
Question 10mediummultiple choice
Full question →

An SAP administrator is creating an IAM policy for an EC2 instance that performs SAP database backups to S3 and creates EBS snapshots. The policy as shown fails to allow the EC2 instance to perform backup operations. What is the most likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::sap-backup-bucket/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateSnapshot",
        "ec2:DescribeSnapshots"
      ],
      "Resource": "*"
    }
  ]
}
Question 11hardmultiple choice
Review the full subnetting walkthrough →

An SAP system on AWS experiences intermittent connectivity issues between the SAP Central Services (SCS) instance and the application servers. The SCS instance is in a private subnet in us-east-1a, and the application servers are spread across us-east-1a and us-east-1b. Security groups allow traffic on all required ports. What is the MOST likely cause of the intermittent connectivity?

Question 12hardmultiple choice
Full question →

An SAP administrator created the above IAM policy for an EC2 instance that performs automated SAP HANA backups. The backup script runs successfully but fails to upload the backup files to the S3 bucket. What is the most likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeVolumes",
        "ec2:CreateSnapshot",
        "ec2:CreateTags"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::sap-backup-bucket/*"
    }
  ]
}
Question 13mediummultiple choice
Full question →

An SAP administrator applies the IAM policy shown in the exhibit to an IAM user. The administrator reports that the user can start and stop EC2 instances but cannot tag them. Why is the user unable to tag instances?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:DescribeInstances"
      ],
      "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*"
      ],
      "Resource": "*"
    }
  ]
}
Question 14easymultiple choice
Full question →

An SAP system is running on an EC2 instance with an instance profile that grants access to an S3 bucket. The application is unable to read a specific object from the bucket. What is the first step to troubleshoot the issue?

Question 15easymultiple choice
Full question →

An SAP administrator is troubleshooting connectivity between SAP application servers and the SAP HANA database. The database security group has an inbound rule as shown in the exhibit. The application servers are in security group sg-12345. However, the application servers cannot connect to the database. What is the most likely reason?

Exhibit

Refer to the exhibit.
{
  "Rules": [
    {
      "SourceSecurityGroupId": "sg-12345",
      "IpProtocol": "tcp",
      "FromPort": 3300,
      "ToPort": 3300
    }
  ]
}

These PAS-C01 practice questions are part of Courseiva's free Amazon Web Services certification practice question bank. Courseiva provides original exam-style PAS-C01 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.