CCNA Sap Operations Questions

75 of 491 questions · Page 6/7 · Sap Operations topic · Answers revealed

376
Multi-Selecthard

An SAP system on AWS is running on a single Availability Zone. The operations team wants to improve high availability. Which THREE actions should they take?

Select 3 answers
A.Use an Application Load Balancer to distribute traffic across AZs.
B.Use EBS Multi-Attach to share volumes across AZs.
C.Assign Elastic IP addresses to instances for failover.
D.Deploy SAP application servers in an Auto Scaling group across multiple AZs.
E.Configure the SAP database for Multi-AZ deployment.
AnswersA, D, E

ALB can route traffic to healthy targets in multiple AZs.

Why this answer

Options A, C, and D are correct. A: Use Multi-AZ for database. C: Use an Auto Scaling group across AZs.

D: Use an Application Load Balancer to distribute traffic. B is incorrect because EBS is AZ-specific and cannot attach across AZs. E is incorrect because Elastic IPs do not provide HA across AZs.

377
Multi-Selecthard

An SAP administrator is troubleshooting a performance issue on an SAP HANA database running on an EC2 instance. The instance type is r5.4xlarge with EBS-optimized enabled. CloudWatch metrics show high WriteIOPS but low throughput. Which THREE factors could be causing this behavior? (Choose three.)

Select 3 answers
A.The SAP HANA database is performing many small write operations.
B.The database is experiencing lock contention or thread contention.
C.The EBS volume's throughput limit is lower than the burst credit threshold.
D.The instance's EBS-optimized feature is not enabled.
E.The EBS volume is configured with a large block size.
AnswersA, B, C

Small writes increase IOPS but result in low throughput.

Why this answer

Options A, C, and D are correct. Small I/O operations cause high IOPS but low throughput. EBS volume limits can cap throughput.

Multithreading contention reduces throughput. Option B (large block size) would increase throughput. Option E (EBS optimization) is enabled and not the issue.

378
MCQeasy

A company wants to automate the backup of SAP HANA databases running on EC2 instances. The backups must be stored in Amazon S3 for long-term retention. Which AWS service can be used to schedule and manage these backups?

A.AWS Storage Gateway
B.AWS Database Migration Service (DMS)
C.AWS Backup
D.Amazon S3 Lifecycle policies
AnswerC

AWS Backup provides centralized backup automation and supports EC2 with pre/post scripts for application consistency.

Why this answer

Option A is correct because AWS Backup can automate backups of EC2 instances and supports application-consistent backups for SAP HANA via pre- and post-scripts. Option B is wrong because Storage Gateway is for on-premises storage integration. Option C is wrong because S3 Lifecycle policies manage object transitions, not backups.

Option D is wrong because DMS is for database migration, not backup.

379
MCQeasy

A company wants to automate the patching of SAP application servers running on EC2 instances. Which AWS service should be used to schedule and apply OS patches?

A.AWS Config
B.AWS CloudFormation
C.AWS Systems Manager Patch Manager
D.AWS OpsWorks
AnswerC

Systems Manager Patch Manager automates OS patching.

Why this answer

Option B is correct because AWS Systems Manager Patch Manager allows scheduling and applying OS patches. Option A is wrong because AWS OpsWorks is for Chef/Puppet, not primarily for patching. Option C is wrong because AWS Config is for compliance and configuration.

Option D is wrong because CloudFormation is for infrastructure provisioning.

380
Multi-Selectmedium

An SAP system on AWS uses an Application Load Balancer (ALB) to distribute traffic across multiple EC2 instances. The operations team notices that some instances are marked as unhealthy even though the application is running correctly. Which TWO actions could resolve this issue?

Select 2 answers
A.Increase the healthy threshold count.
B.Associate an Elastic IP address with each instance.
C.Change the health check protocol to TCP.
D.Change the health check path to a simpler endpoint.
E.Decrease the health check interval.
AnswersA, D

A higher threshold reduces the chance of flapping.

Why this answer

Option A is correct because increasing the healthy threshold can prevent flapping. Option D is correct because changing the health check path to a simpler endpoint can reduce false failures. Option B is wrong because decreasing the interval might increase load.

Option C is wrong because associating an Elastic IP is not relevant. Option E is wrong because changing the protocol to TCP is not possible with ALB.

381
MCQeasy

A company runs SAP on AWS and needs to ensure that the SAP application logs are centrally collected and analyzed for security incidents. Which AWS service should be used to collect and store the logs from EC2 instances?

A.Amazon Kinesis Data Firehose
B.AWS CloudTrail
C.Amazon S3
D.Amazon CloudWatch Logs
AnswerD

CloudWatch Logs can collect and store application logs from EC2 instances.

Why this answer

CloudWatch Logs can collect logs from EC2 instances via the unified CloudWatch agent. Option A is correct. Option B is wrong because S3 can store logs but not collect them directly from instances.

Option C is wrong because Kinesis is for streaming data. Option D is wrong because CloudTrail records API activity, not application logs.

382
MCQeasy

Solutions Architect needs to automate the patching of Amazon EC2 instances running Amazon Linux 2. The instances are in an Auto Scaling group and must be patched without downtime. Which approach is BEST?

A.Use Amazon Inspector to scan for vulnerabilities and automatically apply patches.
B.Terminate all instances and let the Auto Scaling group launch new instances from a patched AMI.
C.Use AWS Systems Manager Patch Manager with a maintenance window and update the Auto Scaling group launch configuration to use a patched AMI for new instances.
D.Create a custom AMI with latest patches and update the Auto Scaling group manually during a maintenance window.
AnswerC

Patch Manager applies patches and rolling updates minimize downtime.

Why this answer

Option C is correct because AWS Systems Manager Patch Manager automates patching of existing EC2 instances without downtime by using a maintenance window to schedule patch installation, and updating the Auto Scaling group launch configuration ensures new instances launched by the group use a patched AMI, maintaining consistency. This approach avoids terminating all instances at once (which would cause downtime) and leverages AWS-native automation for ongoing compliance.

Exam trap

The trap here is that candidates may think Amazon Inspector can automatically patch instances (option A) because it integrates with Systems Manager, but Inspector only scans and reports vulnerabilities, not applying patches directly.

How to eliminate wrong answers

Option A is wrong because Amazon Inspector is a vulnerability assessment service that identifies security issues but does not automatically apply patches; it integrates with Systems Manager for remediation but cannot patch instances on its own. Option B is wrong because terminating all instances in an Auto Scaling group simultaneously would cause downtime, as the group would need to launch new instances from a patched AMI, which violates the 'no downtime' requirement. Option D is wrong because creating a custom AMI and manually updating the Auto Scaling group during a maintenance window is not automated and does not address patching of existing running instances, only new ones; it also requires manual intervention, which is less reliable and scalable than the automated approach in option C.

383
Multi-Selectmedium

Which TWO actions are required to set up automated failover for an SAP HANA database using AWS services? (Choose TWO.)

Select 2 answers
A.Create an AWS Lambda function to reassign an Elastic IP address to the standby instance
B.Configure a CloudWatch alarm to detect database failure
C.Use an Amazon RDS Multi-AZ deployment for the HANA database
D.Schedule a snapshot and restore on failure
E.Store HANA data on Amazon EFS and mount it on both instances
AnswersA, B

Lambda can automate the IP reassignment during failover.

Why this answer

Automated failover requires detecting failure and reassigning resources. CloudWatch alarms can detect database unavailability and trigger a Lambda to reassign the Elastic IP to the standby instance. Stopping the primary is unnecessary and might not be desired.

Multi-AZ RDS is for non-HANA databases. EFS is not typically used for HANA failover. Snapshot restore is too slow for automated failover.

384
MCQhard

A company runs SAP ERP on AWS with a two-tier architecture: application and database on the same EC2 instance. The instance is part of an Auto Scaling group with a minimum of 1 and maximum of 1, so it's effectively a single instance. The operations team wants to implement a patching strategy for the operating system that minimizes downtime. They need to apply security patches quarterly. Which approach should they take?

A.Use AWS Systems Manager Patch Manager to apply patches during a maintenance window.
B.Use AWS Systems Manager Automation to create a new AMI, launch a new instance, and update the DNS record.
C.Create a second instance in the Auto Scaling group and detach the original.
D.Apply patches in-place using yum update and reboot the instance.
AnswerB

This blue/green deployment minimizes downtime.

Why this answer

Option D is correct because using AWS Systems Manager Automation to create an AMI, launch a new instance, and update DNS allows a controlled replacement with minimal downtime. Option A is wrong because in-place patching requires downtime. Option B is wrong because AWS Patch Manager can patch in-place but still requires reboot.

Option C is wrong because Auto Scaling with two instances would work but the architecture is single-tier.

385
MCQhard

A company runs SAP on AWS and uses a distributed deployment with multiple application servers in an Auto Scaling group. They want to ensure that when a new instance is launched, it is automatically registered with the SAP Central Services instance. Which approach should they use?

A.Configure the user data script to run the registration command on instance boot.
B.Use an AWS CloudFormation template to create the instance and include the registration in the template.
C.Use AWS Systems Manager Run Command to register the instance after it launches.
D.Use an Auto Scaling lifecycle hook that triggers a Lambda function to perform the registration when the instance enters the 'InService' state.
AnswerD

Lifecycle hooks can pause instance launch and run custom actions before the instance is fully in service.

Why this answer

Option C is correct because using a lifecycle hook with a custom Lambda function allows running custom actions at instance launch, such as registration with Central Services. Option A is wrong because user data runs at boot but does not wait for the instance to be fully ready for service registration. Option B is wrong because CloudFormation is for stack creation, not for ongoing Auto Scaling events.

Option D is wrong because SSM Run Command is manual or scheduled, not automated at launch.

386
Multi-Selecteasy

Which TWO AWS services can be used to automate the patching of SAP application servers?

Select 2 answers
A.AWS CloudFormation
B.AWS Systems Manager Patch Manager
C.Amazon EC2 Auto Scaling
D.AWS Lambda
E.AWS Elastic Beanstalk
AnswersB, D

Patch Manager automates patching.

Why this answer

AWS Systems Manager Patch Manager (Option B) is correct because it provides a fully managed service specifically designed to automate the process of patching operating systems and applications, including SAP application servers running on EC2 instances. It uses patch baselines to define approved patches and can schedule patching across multiple instances, ensuring SAP systems remain compliant without manual intervention.

Exam trap

The trap here is that candidates may confuse infrastructure automation (CloudFormation, Auto Scaling) with operational patching, or assume Elastic Beanstalk can manage SAP workloads, when in fact only Systems Manager Patch Manager and Lambda (for custom orchestration) are directly applicable for automating SAP patching.

387
MCQmedium

A company runs SAP on AWS and needs to patch the operating system of multiple EC2 instances on a schedule. The instances are part of an Auto Scaling group. Which AWS service can be used to apply patches without disrupting the Auto Scaling group's desired capacity?

A.AWS Systems Manager Patch Manager
B.Amazon EC2 Auto Scaling
C.AWS CloudFormation
D.AWS CodeDeploy
AnswerA

Patch Manager automates OS patching on a schedule.

Why this answer

Option C is correct because Systems Manager Patch Manager can patch instances on a schedule, and with instance refresh, can maintain capacity. Option A is incorrect because EC2 Auto Scaling does not apply OS patches. Option B is incorrect because CloudFormation is for infrastructure provisioning.

Option D is incorrect because CodeDeploy deploys applications, not OS patches.

388
MCQeasy

A company is running SAP on AWS and wants to automatically recover an unhealthy EC2 instance that hosts their SAP application. Which AWS feature should they configure to automatically restart the instance in the same Availability Zone if it fails?

A.Cluster Placement Group
B.Auto Scaling group
C.EC2 Auto Recovery
D.Lifecycle Hook
AnswerC

Auto Recovery restarts the same instance in the same AZ.

Why this answer

Option B is correct because Amazon EC2 Auto Recovery automatically recovers an instance in the same AZ when it becomes impaired. Option A is wrong because Auto Scaling replaces instances across AZs, not necessarily the same AZ. Option C is wrong because a Cluster Placement Group is for low latency, not recovery.

Option D is wrong because a Lifecycle Hook is for custom actions during scaling events.

389
MCQeasy

Refer to the exhibit. An SAP administrator has created this CloudFormation snippet to create a Route 53 record for an SAP system. The record is intended to point to an Application Load Balancer. What is a potential issue with this configuration?

A.Using a CNAME record for the root domain (zone apex) is not allowed.
B.The TTL value of 60 seconds is too low for production use.
C.The RecordSet type should be A instead of CNAME for an ALB.
D.The ResourceRecords value should be an IP address, not a DNS name.
AnswerA

DNS standards prohibit CNAME at the zone apex; an Alias record should be used instead.

Why this answer

Option D is correct because using a CNAME record for the zone apex (e.g., example.com) is not allowed by DNS standards. CNAME records can only be used for subdomains. Option A is wrong because TTL of 60 seconds is acceptable.

Option B is wrong because the ALB endpoint is a valid FQDN. Option C is wrong because Route 53 supports CNAME records to external endpoints.

390
MCQhard

An SAP system administrator notices that the SAP Central Services (ASCS) instance on an EC2 instance has failed. The instance is still running, but the ASCS service is unresponsive. What is the MOST efficient way to restore the ASCS service without affecting the SAP application?

A.Manually fail over the ASCS to the secondary node in the cluster.
B.Reboot the EC2 instance hosting the ASCS.
C.Restore the ASCS instance from the most recent AMI backup.
D.Restart the ASCS service using SAP MMC or sapcontrol.
AnswerD

Restarting the service is targeted and quick, restoring functionality without full reboot.

Why this answer

Option B is correct because restarting the ASCS service via SAP MMC is the quickest and least impactful method. Option A is wrong because rebooting the instance takes longer and may affect other services. Option C is wrong because restoring from backup is time-consuming and unnecessary.

Option D is wrong because failing over to the secondary node requires a complete environment and may introduce complexity if not already configured.

391
MCQhard

An SAP administrator is restoring an SAP HANA database from a backup stored in Amazon S3. The restore fails with an error indicating that the backup file is corrupt. The backup was created using the SAP HANA BACKUP command with the S3 backint agent. What could cause the backup file to be corrupt?

A.S3 Transfer Acceleration was used during backup.
B.The multipart upload of the backup file was interrupted and not completed.
C.The S3 bucket has versioning enabled.
D.The backup was replicated to another AWS Region using S3 Cross-Region Replication.
AnswerB

Incomplete multipart upload results in a corrupt object.

Why this answer

Option D is correct because multipart upload failures can result in incomplete objects that appear corrupt. Option A is wrong because S3 Versioning does not affect file integrity. Option B is wrong because S3 Transfer Acceleration improves speed, not integrity.

Option C is wrong because cross-region replication results in identical copies.

392
MCQeasy

Refer to the exhibit. A CloudTrail log entry shows that the user 'sapadmin' stopped an instance. Which of the following is true based on the log?

A.The StopInstances API call failed.
B.The user 'sapadmin' started the instance.
C.The user 'sapadmin' stopped the instance i-0abcdef1234567890.
D.The event was related to an RDS instance.
AnswerC

The log shows the event name and user.

Why this answer

Option A is correct because the eventName is StopInstances and the user is sapadmin. Option B is wrong because the event is not a StartInstances. Option C is wrong because the eventSource is ec2.amazonaws.com, not rds.

Option D is wrong because the event was successful (no error in responseElements, and responseElements is null but that does not indicate failure; in CloudTrail, a null responseElements often indicates success for some APIs).

393
Multi-Selecthard

Which THREE components are required to set up SAP HANA System Replication (HSR) on AWS for high availability? (Choose THREE.)

Select 3 answers
A.A dedicated replication network interface with low latency.
B.Two EC2 instances in different Availability Zones.
C.An Amazon S3 bucket for storing backup logs.
D.Shared storage (e.g., Amazon EFS) for log replication.
E.A Network Load Balancer to distribute database connections.
AnswersA, B, D

Low-latency network is critical for replication performance.

Why this answer

Options A, C, and E are correct. HSR requires two instances, replication network, and shared storage for log replication. Option B is not required; HSR uses its own replication.

Option D is optional.

394
Multi-Selecteasy

Which THREE actions should be taken to secure an SAP environment running on AWS?

Select 3 answers
A.Open all ports to allow any traffic for flexibility.
B.Disable AWS CloudTrail to reduce costs.
C.Enable encryption at rest for Amazon EBS volumes.
D.Use security groups to restrict inbound and outbound traffic to necessary ports.
E.Use AWS Identity and Access Management (IAM) roles to grant permissions to EC2 instances.
AnswersC, D, E

Encryption protects data stored on EBS.

Why this answer

Options A, B, and D are correct. A (Use security groups) controls traffic. B (Enable encryption at rest for EBS) protects data.

D (Use IAM roles for EC2) avoids long-term credentials. C (Open all ports) is insecure. E (Disable CloudTrail) reduces auditability.

395
MCQhard

During an SAP system refresh, the operations team needs to restore an SAP HANA database from an S3 backup to a new EC2 instance. The backup was created using SAP HANA Backint. Which AWS service is required to read the backup from S3?

A.Amazon EBS snapshots
B.AWS Backup
C.AWS Storage Gateway
D.SAP HANA Backint agent for Amazon S3
AnswerD

The Backint agent is required to read backups from S3.

Why this answer

Option A is correct because SAP HANA Backint is a certified backup tool that integrates with S3. Option B is wrong because AWS Storage Gateway is not used for Backint. Option C is wrong because AWS Backup offers SAP HANA support but not via Backint.

Option D is wrong because EC2 Snapshots are not used with Backint.

396
MCQeasy

An SAP NetWeaver administrator needs to patch the operating system of an SAP application server running in an Auto Scaling group. The instances are behind an Application Load Balancer. What is the correct procedure to minimize downtime?

A.Use an Auto Scaling rolling update with lifecycle hooks to launch new instances from a patched AMI and gradually deregister old ones.
B.Detach one instance from Auto Scaling, patch it, test, then reattach.
C.Stop accepting traffic at the ALB, patch all instances manually, then re-enable traffic.
D.Terminate all instances at once and let Auto Scaling launch new ones with a patched AMI.
AnswerA

This minimizes downtime by replacing instances one at a time while maintaining capacity.

Why this answer

Option C is correct because it uses a rolling update with lifecycle hooks to safely drain connections and replace instances. Option A is wrong because stopping traffic to ALB causes full downtime. Option B is wrong because terminating all instances simultaneously causes full downtime.

Option D is wrong because detaching from Auto Scaling does not automate replacement.

397
Multi-Selectmedium

Which TWO actions should be taken to improve the performance of an SAP HANA database running on AWS? (Choose TWO.)

Select 2 answers
A.Increase the size of the HANA instance to allocate more memory.
B.Enable termination protection on EC2 instances.
C.Use an Application Load Balancer to distribute traffic.
D.Use EBS-optimized instances to ensure dedicated network bandwidth for EBS.
E.Enable detailed monitoring on EC2 instances.
AnswersA, D

More memory improves HANA performance.

Why this answer

Options A and C are correct because they improve I/O and memory respectively. Option B does not directly improve HANA performance. Option D is unrelated to database.

Option E is unrelated to performance.

398
Multi-Selecthard

An SAP administrator is troubleshooting an issue where the SAP system is not responding. The administrator checks the AWS Management Console and finds that the EC2 instance status checks are failing. Which three actions should the administrator take to recover the instance? (Choose THREE.)

Select 3 answers
A.Change the instance type
B.Check the system logs for errors
C.Attach a new EBS volume
D.Reboot the instance
E.Stop and start the instance
AnswersB, D, E

Logs help identify the cause of failure.

Why this answer

Option A (Stop and start the instance) is correct because it moves the instance to new hardware. Option C (Reboot the instance) is correct because it may resolve transient issues. Option E (Check system logs) is correct because it helps diagnose the root cause.

Option B is wrong because attaching a new EBS volume won't fix the instance health. Option D is wrong because changing instance type might not help if the issue is underlying hardware.

399
Multi-Selecteasy

Which TWO of the following AWS services can be used to create and manage SAP system backups in an automated manner?

Select 2 answers
A.AWS Backup
B.AWS CloudTrail
C.SAP HANA Cloud Platform (SAP BTP)
D.AWS Lambda
E.AWS CloudFormation
AnswersA, C

AWS Backup provides centralized backup automation.

Why this answer

Option A is correct because AWS Backup can schedule and manage backups of various AWS resources including EC2 instances. Option D is correct because SAP HANA Cloud Platform (now SAP Business Technology Platform) provides backup services for SAP systems. Option B is wrong because CloudFormation is for infrastructure as code, not backup.

Option C is wrong because CloudTrail is for auditing. Option E is wrong because Lambda can be used to automate backup scripts but is not a dedicated backup service.

400
Multi-Selecteasy

An SAP administrator is setting up backup for an SAP HANA database running on an EC2 instance. The database is 1 TB in size. Which TWO AWS services can be used to create a cost-effective backup strategy?

Select 2 answers
A.AWS Database Migration Service (DMS)
B.AWS Storage Gateway
C.AWS Backup
D.Amazon EBS snapshots
E.Amazon S3 with lifecycle policies
AnswersC, D

AWS Backup can automate EBS snapshots for HANA volumes.

Why this answer

Options B and E are correct. AWS Backup is a managed service that can back up EBS volumes, and EBS snapshots are a direct way to back up the database volumes. Option A is wrong because S3 is not directly used for HANA backups without additional tools.

Option C is wrong because Storage Gateway is for on-premises integration. Option D is wrong because DMS is for migration, not backup.

401
MCQmedium

A company runs SAP S/4HANA on AWS with a High Availability (HA) cluster spanning two Availability Zones (us-east-1a and us-east-1b). The cluster uses an Amazon FSx for NetApp ONTAP file system for the global transport directory. Recently, the cluster experienced a split-brain situation, leading to data corruption. The administrator wants to prevent this from recurring. The current setup uses a single FSx file system mounted on both cluster nodes. What should the administrator do to prevent split-brain?

A.Add a third cluster node in a third Availability Zone
B.Increase the memory on both EC2 instances
C.Configure a STONITH (Shoot The Other Node In The Head) mechanism using AWS Lambda
D.Set up cross-region replication for the FSx file system
AnswerC

STONITH ensures a failed node is terminated, preventing split-brain.

Why this answer

Option B is correct because using the Stonith mechanism ensures a failed node is forcefully isolated before the other node takes over, preventing split-brain. Option A is wrong as more nodes increase complexity. Option C is wrong because replication doesn't prevent split-brain.

Option D is wrong as memory upgrade doesn't affect cluster communication.

402
MCQmedium

A company runs SAP on AWS using an SAP HANA database on an R5.8xlarge EC2 instance. The SAP application generates alerts about high disk I/O latency. Which AWS service should the administrator use to identify the root cause?

A.AWS Trusted Advisor
B.Amazon CloudWatch
C.AWS Systems Manager
D.AWS Config
AnswerB

CloudWatch collects and monitors disk I/O latency metrics for EC2 instances.

Why this answer

Option B is correct because Amazon CloudWatch provides detailed metrics for disk I/O, including latency. Option A is wrong because AWS Config is for resource compliance. Option C is wrong because AWS Systems Manager automates operational tasks, not performance monitoring.

Option D is wrong because AWS Trusted Advisor provides best-practice checks, not real-time performance metrics.

403
MCQmedium

An SAP Basis administrator is monitoring the health of an SAP HANA database on AWS. The administrator wants to receive alerts when the CPU utilization of the HANA instance exceeds 90% for 5 consecutive minutes. Which combination of AWS services should be used?

A.AWS X-Ray and Amazon CloudWatch Logs
B.AWS CloudTrail and AWS Lambda
C.AWS Config and Amazon Simple Email Service (SES)
D.Amazon CloudWatch metrics and CloudWatch Alarms with Amazon SNS
AnswerD

CloudWatch monitors CPU, alarms trigger on threshold, SNS sends notifications.

Why this answer

Option A is correct: CloudWatch collects metrics and Alarms trigger notifications via SNS. Option B (Lambda) is not needed for simple alarm. Option C (Config) is for compliance.

Option D (X-Ray) is for tracing.

404
Multi-Selecthard

An administrator deploys the CloudFormation stack above. The EC2 instance launches but the s3fs mount fails. Which TWO actions are needed to fix the issue? (Choose two.)

Select 2 answers
A.Create an IAM role with permissions to access the S3 bucket and attach it to the EC2 instance.
B.Add an IAM instance profile to the EC2 instance resource in the CloudFormation template.
C.Modify the security group to allow outbound HTTPS traffic.
D.Ensure the S3 bucket is in the same region as the EC2 instance.
E.Add 'sudo' before the s3fs command in the UserData script.
AnswersA, B

s3fs requires IAM credentials; an instance profile provides them.

Why this answer

Options A and C are correct. The instance needs an IAM role with S3 access (A) and the instance profile must be attached (C). Option B is wrong because the bucket region is not the issue.

Option D is wrong because security group does not affect S3 access. Option E is wrong because the script runs as root, so sudo is not needed.

405
MCQmedium

An SAP workload running on AWS is experiencing intermittent performance issues. The operations team suspects that a recent change to a security group is causing traffic to be dropped. Which AWS service should the team use to analyze network traffic patterns and identify the source of the issue?

A.Amazon Inspector
B.AWS Config
C.AWS CloudTrail
D.VPC Flow Logs
AnswerD

VPC Flow Logs capture IP traffic information and can be analyzed to identify dropped packets due to security group rules.

Why this answer

VPC Flow Logs capture IP traffic information and can be used to analyze network traffic patterns, helping to diagnose security group rule issues.

406
Multi-Selecteasy

Which TWO AWS services can be used to monitor the health of SAP systems and send notifications? (Select TWO.)

Select 2 answers
A.AWS Config
B.Amazon CloudWatch
C.AWS CloudTrail
D.Amazon Athena
E.Amazon Simple Notification Service (SNS)
AnswersB, E

CloudWatch monitors metrics and creates alarms.

Why this answer

Option A is correct - CloudWatch can monitor metrics and send alarms. Option C is correct - SNS can send notifications. Option B is incorrect - CloudTrail logs API calls, not health.

Option D is incorrect - Config tracks configuration changes. Option E is incorrect - Athena is for querying data.

407
Multi-Selectmedium

Which THREE AWS services can be used to automate the patching of SAP application servers on EC2? (Choose 3).

Select 3 answers
A.AWS Auto Scaling
B.AWS OpsWorks
C.AWS CodeDeploy
D.AWS CloudFormation
E.AWS Systems Manager Patch Manager
AnswersB, C, E

OpsWorks can manage configurations and patching.

Why this answer

AWS OpsWorks is correct because it provides a configuration management service that uses Chef or Puppet to automate the patching and lifecycle management of SAP application servers on EC2. You can define custom recipes or manifests to apply OS and application patches consistently across your SAP infrastructure, ensuring compliance and reducing manual effort.

Exam trap

The trap here is that candidates often confuse infrastructure provisioning tools like CloudFormation with operational automation tools, or assume Auto Scaling can handle patching because it can replace instances with new AMIs, but it does not patch existing instances directly.

408
Multi-Selectmedium

An SAP system administrator needs to perform a backup of an SAP HANA database running on EC2. Which TWO AWS services can be used together to create consistent backups? (Choose TWO.)

Select 2 answers
A.Amazon S3
B.Amazon EBS snapshots
C.AWS Backup
D.AWS CloudFormation
E.AWS Storage Gateway
AnswersB, C

EBS snapshots provide consistent backups when used with application quiescing.

Why this answer

Option A (AWS Backup) can orchestrate backups, and Option D (Amazon EBS snapshots) capture block-level data. Option B (Amazon S3) is not for database backup directly. Option C (AWS Storage Gateway) is for hybrid storage.

Option E (AWS CloudFormation) is for infrastructure as code.

409
MCQeasy

An SAP administrator notices that the SAP application performance has degraded over the past week. The system is running on Amazon EC2 with EBS volumes. Which AWS service should be used to analyze the performance impact of the EBS volumes?

A.Amazon Inspector
B.AWS CloudTrail
C.Amazon CloudWatch
D.AWS Trusted Advisor
AnswerC

CloudWatch provides detailed metrics for EBS performance analysis.

Why this answer

Option C (Amazon CloudWatch) is correct because it provides metrics for EBS volumes like throughput, IOPS, and latency. Option A (AWS Trusted Advisor) provides best practices but not detailed performance analysis. Option B (AWS CloudTrail) logs API calls.

Option D (Amazon Inspector) is for security assessment.

410
MCQeasy

A company has an SAP system running on AWS with a production database on an RDS for SAP ASE instance. The operations team needs to perform a minor version upgrade of the database engine. The upgrade must be applied with minimal downtime. The team has a maintenance window scheduled for the upcoming weekend. Which action should the team take to apply the upgrade?

A.Enable auto minor version upgrade on the DB instance and let the upgrade occur during the maintenance window.
B.Manually upgrade the DB instance using the AWS Management Console immediately.
C.Modify the DB instance to specify the new engine version and apply immediately.
D.Create a new DB instance with the new version and migrate the data.
AnswerA

This minimizes downtime and is automated.

Why this answer

Option A is correct because setting the AutoMinorVersionUpgrade flag to true allows RDS to apply minor upgrades automatically during the maintenance window with minimal downtime. Option B is wrong because manual upgrade via the console can cause downtime if not done during a maintenance window. Option C is wrong because modifying the DB instance to a new version immediately can cause downtime.

Option D is wrong because creating a new instance and migrating requires additional setup and downtime.

411
MCQmedium

A company runs its SAP HANA database on an EC2 instance in a single Availability Zone. The system is critical and requires high availability. The current setup uses an EBS volume for data storage. During a recent failure simulation, the database took 45 minutes to recover because the EBS volume had to be reattached and the database had to replay logs. The operations team wants to reduce recovery time to less than 15 minutes. Which solution should they implement?

A.Deploy a second EC2 instance in a different Availability Zone and configure SAP HANA system replication.
B.Use AWS Backup to create more frequent snapshots.
C.Increase the provisioned IOPS of the EBS volume.
D.Move the database to Amazon S3 for faster access.
AnswerA

Multi-AZ setup with HANA replication enables fast failover.

Why this answer

Option C is correct because using Multi-AZ deployment with synchronous replication ensures that a standby database is ready to take over immediately, reducing recovery time significantly. Option A is wrong because increasing EBS volume size does not reduce recovery time. Option B is wrong because Amazon S3 is not suitable for low-latency database storage.

Option D is wrong because manual snapshots take time to restore and do not provide automatic failover.

412
MCQeasy

An SAP administrator needs to ensure that an EC2 instance hosting SAP HANA is rebooted automatically after a hardware failure. Which AWS feature provides this capability?

A.Placement group
B.Auto Scaling group
C.EC2 Auto Recovery
D.Elastic IP address
AnswerC

Auto Recovery automatically recovers an instance from hardware failure.

Why this answer

EC2 Auto Recovery is the correct AWS feature because it automatically recovers an EC2 instance when a hardware failure on the underlying physical host is detected. For SAP HANA workloads, this ensures the instance is rebooted on a healthy host without manual intervention, maintaining high availability for critical database operations.

Exam trap

The trap here is that candidates often confuse Auto Scaling groups (which replace instances) with EC2 Auto Recovery (which recovers the same instance), leading them to choose Auto Scaling for automatic reboot, but Auto Scaling does not reboot the same instance and can cause data loss for stateful applications like SAP HANA.

How to eliminate wrong answers

Option A is wrong because a placement group controls the physical proximity of instances (e.g., cluster placement groups for low-latency networking) but does not provide automatic recovery from hardware failures. Option B is wrong because an Auto Scaling group replaces instances based on scaling policies or health checks, but it does not reboot the same instance; it terminates and launches a new one, which would lose the SAP HANA instance's state and attached EBS volumes unless properly configured. Option D is wrong because an Elastic IP address is a static public IPv4 address that can be remapped to another instance, but it has no capability to detect or recover from hardware failures.

413
Multi-Selecteasy

Which TWO AWS services can be used to perform automated backups of an SAP HANA database running on EC2? (Choose 2.)

Select 2 answers
A.Amazon CloudWatch Events
B.Amazon S3
C.AWS CloudTrail
D.AWS Backup
E.Amazon Data Lifecycle Manager
AnswersD, E

AWS Backup supports HANA backups via pre-scripts.

Why this answer

Option A (AWS Backup) and Option D (Amazon Data Lifecycle Manager) can automate backups. Option B (CloudWatch) does not perform backups. Option C (CloudTrail) audits.

Option E (S3) is storage, not backup automation.

414
MCQeasy

A company is running SAP on AWS and wants to automate the creation of consistent snapshots of EBS volumes attached to SAP HANA instances. Which AWS service is BEST suited for this task?

A.AWS Lambda
B.AWS CloudFormation
C.Amazon S3
D.AWS Backup
AnswerD

AWS Backup is a fully managed backup service that can automate EBS snapshots with scheduling.

Why this answer

Option B is correct because AWS Backup is designed for creating automated, scheduled backups of EBS volumes and other resources. Option A is wrong because AWS CloudFormation is for infrastructure provisioning. Option C is wrong because Amazon S3 is object storage, not snapshot management.

Option D is wrong because AWS Lambda can be used but requires custom code; AWS Backup is a managed service.

415
MCQeasy

A company runs SAP on AWS and uses a Multi-AZ RDS for SAP ASE database. The operations team receives an alert that the database instance failed over automatically. After the failover, the SAP application servers are unable to connect to the database. The team checks the RDS console and sees that the DB instance status is 'available' and the endpoint is the same as before. The security groups and network ACLs have not changed. What is the MOST likely reason for the connectivity issue?

A.The RDS endpoint changed after the failover.
B.The application servers have cached the old database IP address and need to flush DNS.
C.The DNS record for the RDS endpoint did not update after the failover.
D.The security group for the database instance no longer allows traffic from the application servers.
AnswerB

DNS caching can cause stale IP addresses.

Why this answer

Option A is correct because after a failover, the DNS record for the RDS endpoint is updated to point to the new primary, but the application may still be using the old IP due to DNS caching. Option B is wrong because the endpoint remains the same. Option C is wrong because Multi-AZ failover updates the DNS record.

Option D is wrong because the failover does not change the security group.

416
MCQhard

A company uses SAP S/4HANA on AWS with a multi-AZ deployment. The primary database is in us-east-1a and the secondary in us-east-1b. During a failover test, the secondary database becomes active but performance degrades significantly. Which configuration is most likely causing the performance issue?

A.The secondary instance is in a different VPC
B.The secondary instance is a smaller instance type than the primary
C.The secondary instance uses a different storage type (e.g., GP2 instead of Provisioned IOPS)
D.The secondary database is running a different HANA version
AnswerB

Smaller instance type cannot handle the same workload, causing performance degradation.

Why this answer

Option C is correct because in a multi-AZ deployment, primary and secondary instances should be of the same size to avoid performance degradation after failover. Option A is wrong because different storage types can cause performance differences. Option B is wrong because network latency between AZs is typically low.

Option D is wrong because the HANA version should be the same.

417
MCQhard

During a disaster recovery test, an SAP administrator finds that the SAP application cannot connect to the replicated HANA database in the DR region. The replication is done using SAP HANA System Replication. What is the MOST likely cause?

A.The replication link is down because the source database is not accessible.
B.The application connection string still points to the primary database endpoint.
C.The HANA database in the DR region is not synchronized due to network latency.
D.The application server needs to be restarted to recognize the new database.
AnswerB

After failover, the application must use the DR database endpoint.

Why this answer

Option C is correct because HANA System Replication replicates the database, but the application connection strings must be updated manually or via automation. Option A is wrong because replication is asynchronous, so there is no mismatch. Option B is wrong because the replication is not interrupted by lack of connectivity.

Option D is wrong because the DR database is a separate instance; application restart is not sufficient.

418
MCQhard

A company runs a multi-tier application on AWS. The application consists of an Application Load Balancer (ALB) that distributes traffic to a fleet of EC2 instances running a web server. The web servers write logs to an Amazon EFS file system mounted across all instances. The operations team reports that the web application is experiencing intermittent high latency and timeouts. Monitoring shows that the ALB's target response time is normal, but the application's internal processing time is high. Further investigation reveals that the EFS performance metrics show high 'BurstCreditBalance' and 'PercentIOLimit' during the latency spikes. The EFS file system is configured with 'Bursting' throughput mode. The team needs to resolve the latency issue with minimal cost. What should they do?

A.Migrate the log files to Amazon S3 and use S3 Transfer Acceleration for writes.
B.Switch the EFS throughput mode to Provisioned Throughput to guarantee higher performance.
C.Add more EC2 instances to the Auto Scaling group to distribute the I/O load.
D.Increase the size of the EFS file system to increase the baseline throughput and burst credits.
AnswerD

Larger EFS file systems have higher baseline throughput and accumulate more burst credits, reducing I/O wait.

Why this answer

Option D is correct because increasing the size of an EFS file system in Bursting mode raises its baseline throughput and burst credit accumulation rate. The high BurstCreditBalance and PercentIOLimit indicate the file system is exhausting its burst credits and hitting its I/O limit, causing throttling and latency. A larger EFS volume provides a higher baseline throughput, reducing reliance on burst credits and smoothing performance without additional cost for Provisioned Throughput.

Exam trap

The trap here is that candidates assume 'Bursting' mode is always sufficient and look to add compute capacity (Option C) or change storage type (Option A), when the real issue is that the file system is too small to sustain the workload's I/O demands, and resizing it is the most cost-effective fix.

How to eliminate wrong answers

Option A is wrong because migrating logs to S3 with S3 Transfer Acceleration does not address the EFS I/O bottleneck; it changes the storage target but the web servers still write to EFS, and S3 Transfer Acceleration is for accelerating uploads over long distances, not for reducing local file system latency. Option B is wrong because switching to Provisioned Throughput would increase cost unnecessarily; the issue is that the current Bursting mode is insufficient due to small file system size, and Provisioned Throughput is a more expensive solution when simply resizing the file system can resolve the problem at lower cost. Option C is wrong because adding more EC2 instances would increase the aggregate I/O load on the same EFS file system, worsening the contention and latency, not resolving it.

419
MCQeasy

A company is running SAP on AWS and wants to automate the deployment of new SAP application servers. The company uses AWS CloudFormation to manage infrastructure. Which AWS service should they use to run custom scripts during the CloudFormation stack creation to configure the SAP application?

A.AWS Systems Manager Run Command
B.AWS CodeDeploy
C.AWS Lambda
D.AWS OpsWorks
AnswerC

Lambda can be used as a custom resource in CloudFormation to run scripts.

Why this answer

Option A is correct because AWS CloudFormation supports custom resources via Lambda functions to run scripts. Option B is wrong because EC2 Run Command is not integrated into CloudFormation natively. Option C is wrong because OpsWorks is for Chef/Puppet, not directly for CloudFormation.

Option D is wrong because CodeDeploy is for code deployment, not initial configuration.

420
Multi-Selecthard

Which THREE of the following are best practices for operating an SAP HANA database on AWS in a production environment?

Select 3 answers
A.Configure a swap partition on the instance store.
B.Ensure the EC2 instance is EBS-optimized.
C.Separate data and log files onto different EBS volumes.
D.Use a single large EBS volume for both data and logs to simplify management.
E.Use multiple EBS volumes striped with LVM or RAID 0 for data and log files.
AnswersB, C, E

EBS-optimized instances provide dedicated network bandwidth to EBS.

Why this answer

Option A is correct because multiple EBS volumes striped with LVM or RAID 0 provide higher throughput. Option B is correct because a separate volume for log and data is recommended by SAP. Option D is correct because EBS-optimized instances provide dedicated bandwidth for EBS.

Option C is wrong because snapshotting a multi-volume database without application-consistent state can lead to corruption. Option E is wrong because swap on EC2 instance store is not recommended for HANA; HANA uses memory and swap is discouraged.

421
MCQmedium

An SAP Basis administrator needs to monitor the health of SAP application servers running on EC2. The administrator wants to receive alerts when a server becomes unreachable or when critical SAP processes stop. Which AWS service should be used to create a custom dashboard and set up alarms?

A.AWS CloudTrail
B.Amazon CloudWatch
C.AWS Config
D.AWS Trusted Advisor
AnswerB

CloudWatch monitors instances and can trigger alarms on metrics like status checks or custom process metrics.

Why this answer

Option B is correct because CloudWatch can monitor EC2 instances and create alarms based on custom metrics, including process status. Option A is wrong because CloudTrail is for auditing API calls. Option C is wrong because Config is for resource compliance.

Option D is wrong because Trusted Advisor provides best-practice checks but not custom monitoring.

422
MCQeasy

Refer to the exhibit. An SAP administrator is configuring Route 53 to point a custom domain name to an Application Load Balancer (ALB) that fronts SAP Web Dispatchers. The record set is configured as shown. However, when users access sap.example.com, they receive a 503 error. What is the MOST likely cause?

A.The EvaluateTargetHealth is set to true, which is causing the record to be marked as unhealthy.
B.The security group for the ALB is not allowing inbound traffic on port 443 from the internet.
C.The Alias Target is incorrect; it should be the ALB's DNS name without 'dualstack'.
D.The health check for the ALB target group is failing, causing Route 53 to return 503.
AnswerB

If the security group blocks traffic, the ALB will return 503 errors because it cannot forward requests to targets.

Why this answer

Option D is correct because the ALB's security group must allow inbound traffic on port 443 from the internet. Option A is wrong because the Alias record is correctly configured for an ALB. Option B is wrong because EvaluateTargetHealth is set to true, which is fine.

Option C is wrong because the ALB health checks are separate from Route 53 health checks.

423
MCQhard

An SAP system on AWS is experiencing performance degradation. Amazon CloudWatch metrics show high CPU utilization on the application server, but the database server (RDS) metrics are normal. The application team suspects a memory leak. Which action should the operations team take FIRST to confirm the issue?

A.Review the existing CloudWatch CPU utilization and memory metrics for the application server.
B.Install the CloudWatch agent on the application server and enable memory metrics.
C.Reboot the application server and monitor performance after reboot.
D.Increase the instance size of the application server to handle the load.
AnswerB

Installing the agent allows collection of memory metrics, which can confirm a memory leak.

Why this answer

Option B is correct because CloudWatch cannot see inside the OS without the CloudWatch agent. Installing the agent and collecting memory metrics is the first step to confirm a memory leak. Option A is wrong because CloudWatch does not provide memory metrics by default.

Option C is wrong because rebooting is disruptive and does not help diagnose. Option D is wrong because switching to a larger instance is a reactive fix, not diagnostic.

424
MCQeasy

A company runs a production EC2 instance that experiences intermittent connectivity issues. The instance is part of an Auto Scaling group behind an Application Load Balancer. Which step should be taken FIRST to diagnose the issue?

A.Modify the security group to allow all traffic temporarily
B.Review CloudWatch metrics for the instance and the ALB target group
C.Terminate the instance and let Auto Scaling launch a new one
D.Attach an additional Elastic Network Interface (ENI) to the instance
AnswerB

CloudWatch metrics provide baseline data for troubleshooting connectivity issues.

Why this answer

Reviewing CloudWatch metrics for the instance and the ALB target group is the correct first step because it provides immediate visibility into the root cause of intermittent connectivity issues. Metrics such as TargetResponseTime, RequestCount, and HealthyHostCount can reveal whether the problem is due to high latency, request failures, or the instance being marked unhealthy by the ALB health checks. This data-driven approach avoids unnecessary changes and aligns with the AWS Well-Architected Framework's principle of observability.

Exam trap

The trap here is that candidates often jump to reactive actions like terminating the instance or modifying security groups, failing to recognize that CloudWatch metrics provide the non-invasive, systematic starting point for diagnosing intermittent issues in an Auto Scaling group behind an ALB.

How to eliminate wrong answers

Option A is wrong because modifying the security group to allow all traffic temporarily bypasses security controls without providing diagnostic information; connectivity issues are rarely caused by overly restrictive security groups in a production environment, and this action could introduce a security risk. Option C is wrong because terminating the instance and letting Auto Scaling launch a new one is a reactive, disruptive action that destroys the evidence needed to diagnose the intermittent issue, and it does not address the underlying cause. Option D is wrong because attaching an additional Elastic Network Interface (ENI) to the instance adds complexity and does not help diagnose connectivity problems; it is typically used for specialized networking scenarios like dual-homed instances or network appliances, not for troubleshooting intermittent ALB connectivity.

425
MCQhard

An administrator runs the command shown in the exhibit to check the status of an EBS volume attached to an SAP HANA instance. The volume is 200 GB gp3 and is attached to instance i-0a1b2c3d4e5f67890. The administrator wants to increase the I/O performance. The volume is currently set to 3000 IOPS (baseline for gp3). Which action will increase IOPS without downtime?

A.Modify the volume's IOPS setting to a higher value (e.g., 6000) using the modify-volume API.
B.Detach the volume, increase the size to 500 GB, and reattach.
C.Modify the volume type to io2 Block Express and increase IOPS.
D.Take a snapshot of the volume and create a new volume with higher IOPS from the snapshot.
AnswerA

gp3 supports modifying IOPS without downtime.

Why this answer

Option B is correct because gp3 volumes allow modifying IOPS independently of size without detaching. Option A is wrong because modifying volume type to io2 would require detaching or stopping instance. Option C is wrong because detaching the volume causes downtime.

Option D is wrong because taking a snapshot does not increase IOPS.

426
Multi-Selectmedium

Which TWO of the following are valid methods to monitor the health of an SAP HANA database running on AWS?

Select 2 answers
A.Amazon CloudWatch alarms based on EC2 instance metrics
B.AWS Trusted Advisor checks for HANA best practices
C.AWS Config rules to check HANA configuration
D.SAP HANA SQL queries to check service status
E.AWS CloudTrail logs for HANA API calls
AnswersA, D

CloudWatch can monitor OS-level metrics of the HANA instance.

Why this answer

Option A is correct because CloudWatch can monitor EC2 instance metrics like CPU and memory. Option D is correct because SAP HANA provides built-in SQL queries for health checks. Option B is wrong because AWS Config is for configuration tracking, not real-time health.

Option C is wrong because CloudTrail is for API auditing. Option E is wrong because Trusted Advisor does not monitor HANA-specific health.

427
Multi-Selecteasy

An SAP system administrator needs to monitor the health of Amazon RDS for SAP ASE database instances. Which TWO CloudWatch metrics should be used to detect if the database is under memory pressure?

Select 2 answers
A.`WriteIOPS`
B.`ReadIOPS`
C.`FreeableMemory`
D.`SwapUsage`
E.`DatabaseConnections`
AnswersC, D

Low freeable memory indicates the database is using most of the available memory.

Why this answer

`FreeableMemory` shows available memory, and `SwapUsage` indicates memory pressure when swap is used.

428
Multi-Selectmedium

A company is running SAP HANA on AWS and wants to implement a disaster recovery strategy with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. The primary site is in us-east-1, and the DR site is in us-west-2. Which two actions should the company take to meet these objectives? (Choose TWO.)

Select 2 answers
A.Set up SAP HANA System Replication (HSR) in async mode between the two regions.
B.Take daily snapshots of the HANA volumes and copy them to the DR region.
C.Use AWS CloudEndure Disaster Recovery to replicate the entire server.
D.Use AWS Backup to schedule cross-region backups of the HANA database.
E.Pre-configure EC2 instances in the DR region with the same SAP HANA software and configuration.
AnswersA, E

HSR with async mode provides low RPO.

Why this answer

Option B is correct because HANA System Replication with log replication can achieve an RPO of less than 15 minutes. Option D is correct because having pre-configured EC2 instances in the DR region reduces RTO. Option A is wrong because daily backups are too slow for 15-minute RPO.

Option C is wrong because CloudEndure Disaster Recovery is not optimized for SAP HANA. Option E is wrong because AWS Backup does not support HANA replication.

429
MCQhard

An SAP system uses a shared file system mounted via EFS from multiple EC2 instances. The operations team notices that the file system is not performing well during peak loads. What is the most effective way to improve throughput without changing the application?

A.Enable Provisioned Throughput on the EFS file system
B.Replace EFS with an EBS Multi-Attach volume
C.Migrate the file system to Amazon FSx for Lustre
D.Change the EFS performance mode from General Purpose to Max I/O
AnswerD

Max I/O mode is optimized for high throughput and parallel access.

Why this answer

Option B is correct because EFS performance mode can be set to 'max I/O' to increase throughput for parallel workloads. Option A is wrong because Provisioned Throughput is independent of General Purpose vs Max I/O. Option C is wrong because moving to FSx for Lustre is a different architecture.

Option D is wrong because EBS is block storage and not suitable for shared access across multiple instances.

430
Multi-Selecthard

A company is using AWS Systems Manager Patch Manager to patch a fleet of EC2 instances. The instances are in a patch group and have the SSM Agent installed. After a patching operation, the operations team notices that some instances did not apply the patches. The instances show a status of 'Failed' in the Patch Manager console. Which TWO steps should the team take to troubleshoot and resolve the issue? (Choose TWO.)

Select 2 answers
A.Assign the patch baseline to the instance IDs directly.
B.Ensure that the instances have the appropriate IAM role that allows them to be patched.
C.Verify that the SSM Agent on the failed instances is running and is able to communicate with the Systems Manager service.
D.Check the output of the AWS-RunPatchBaseline SSM document in the Systems Manager Run Command history for the failed instances.
E.Configure a Maintenance Window for the patching operation.
AnswersC, D

The SSM Agent must be online to execute patching commands.

Why this answer

Option C is correct because if the SSM Agent is not running or cannot communicate with the AWS Systems Manager service, Patch Manager cannot execute the patching commands. The agent must be in a healthy state and have network connectivity (e.g., via VPC endpoints or internet gateway) to receive the patch baseline and report status. Option D is correct because the AWS-RunPatchBashelline SSM document execution history in Run Command provides detailed logs and error messages for each instance, allowing the team to identify why the patching failed, such as missing dependencies or timeout issues.

Exam trap

The trap here is that candidates may assume the IAM role (Option B) is the primary cause of failure, but the question already indicates the SSM Agent is installed and the instances show a 'Failed' status, which often points to agent communication or execution errors rather than missing permissions.

431
MCQmedium

A company is running SAP on AWS and wants to implement a patching strategy for the operating system of EC2 instances with minimal downtime. The instances are part of an Auto Scaling group. Which of the following approaches is the MOST appropriate?

A.Apply patches directly to the running instances using AWS Systems Manager Patch Manager and reboot each instance one at a time.
B.Stop the Auto Scaling group, patch the instances, and start the group again.
C.Use AWS Systems Manager Patch Manager to patch all instances at the same time during a maintenance window.
D.Create a new Amazon Machine Image (AMI) with the latest patches, update the launch configuration, and perform a rolling update of the Auto Scaling group.
AnswerD

This approach replaces instances with patched ones without downtime as the Auto Scaling group launches new instances before terminating old ones.

Why this answer

Option D is correct because using a rolling update with a new launch configuration ensures that instances are replaced with patched AMIs without downtime. Option A is wrong because applying patches directly to running instances requires reboots and causes downtime. Option B is wrong because stopping the Auto Scaling group would stop all instances.

Option C is wrong because using Systems Manager Patch Manager on all instances simultaneously would cause downtime.

432
MCQhard

A company runs SAP S/4HANA on AWS using an ASCS and PAS cluster with SUSE Linux Enterprise Server. The cluster fails over unexpectedly several times a day. What is the most likely cause and solution?

A.High network latency between nodes; use placement groups
B.Cluster quorum loss due to insufficient votes; add a third node or configure a witness
C.Insufficient memory on the cluster nodes; increase memory
D.Incorrect ASCS instance configuration; verify SAP profiles
AnswerB

Quorum loss triggers failover; adding a node stabilizes the cluster.

Why this answer

Option D is correct because cluster quorum loss causes unnecessary failovers, and adding a third node resolves it. Option A is wrong as memory is not a typical cause. Option B is wrong because network latency wouldn't cause frequent failovers.

Option C is wrong because disk I/O doesn't cause failovers.

433
MCQeasy

An IAM policy is attached to a user. The user attempts to upload a file to s3://my-bucket/restricted/data.txt. What is the outcome?

A.The upload succeeds because there is no explicit Deny for the specific object.
B.The upload succeeds because the Allow statement for s3:GetObject implies PutObject.
C.The upload fails because the explicit Deny overrides the Allow.
D.The upload succeeds because the Allow for s3:GetObject is on all resources.
AnswerC

Explicit Deny always overrides Allow.

Why this answer

C is correct because IAM policy evaluation follows a default-deny model where an explicit Deny always overrides any Allow. Even though the user has an Allow for s3:GetObject on all resources, the explicit Deny for the specific object path s3://my-bucket/restricted/* takes precedence, causing the upload (which requires s3:PutObject) to fail.

Exam trap

Cisco often tests the misconception that an Allow on one action (like s3:GetObject) somehow implies or grants permissions for other actions (like s3:PutObject), or that the absence of an explicit Deny means the request will succeed, ignoring the explicit Deny's overriding effect.

How to eliminate wrong answers

Option A is wrong because the absence of an explicit Deny for the specific object does not guarantee success; the default implicit deny would block the action if no Allow applies, but here an explicit Deny exists for the prefix. Option B is wrong because s3:GetObject does not imply s3:PutObject; they are distinct actions with separate permissions, and the Allow for GetObject does not grant upload rights. Option D is wrong because the Allow for s3:GetObject on all resources does not cover the s3:PutObject action required for uploading, and the explicit Deny overrides any Allow regardless of resource scope.

434
Multi-Selecthard

Which THREE are valid steps when performing a cross-Region disaster recovery failover for SAP HANA using AWS? (Choose THREE.)

Select 3 answers
A.Create an EBS snapshot of the primary database volume
B.Start the SAP HANA database on the secondary instance
C.Stop the SAP HANA database on the primary instance
D.Configure SAP HANA System Replication (HSR) between primary and secondary Regions
E.Update DNS records to point to the secondary instance
AnswersB, D, E

The secondary database must be started to serve requests.

Why this answer

Option B is correct because starting the SAP HANA database on the secondary instance is a required step during a cross-Region disaster recovery failover. After promoting the secondary system replication target to primary, the SAP HANA database must be started to make it available for client connections and resume operations.

Exam trap

The trap here is that candidates may mistakenly think creating EBS snapshots is a valid DR failover step, but snapshots are for backup and not part of the SAP HANA System Replication failover process, which relies on log-based replication instead.

435
MCQmedium

A company runs SAP HANA on AWS and needs to perform a backup of the HANA database to Amazon S3. Which AWS service should be used to orchestrate the backup and ensure consistency?

A.AWS Backup with pre- and post-backup scripts for application-consistent backups.
B.Amazon S3 Lifecycle policies to transition backups to Glacier.
C.Amazon Data Lifecycle Manager (DLM) to schedule EBS snapshots.
D.AWS Storage Gateway file gateway to back up to S3.
AnswerA

AWS Backup can orchestrate HANA backups.

Why this answer

Option B is correct because AWS Backup supports SAP HANA on EC2 with pre- and post-scripts for consistency. Option A is wrong because S3 Lifecycle policies manage object lifecycle, not backups. Option C is wrong because DLM manages EBS snapshots, not application-consistent backups.

Option D is wrong because Storage Gateway is for hybrid storage, not SAP HANA backups.

436
Multi-Selectmedium

A company runs SAP on AWS and needs to implement a disaster recovery (DR) strategy that meets a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 2 hours. The DR region must have the SAP application stack ready but the database can be replayed from backups. Which TWO actions should be taken to meet these requirements? (Choose two.)

Select 2 answers
A.Use a single-region Multi-AZ deployment for the database.
B.Use S3 cross-region replication for the application log files.
C.Set up a cross-region read replica for the Aurora PostgreSQL database.
D.Take daily snapshots of the database and copy them to the DR region.
E.Pre-provision EC2 instances with the SAP application stack in the DR region.
AnswersC, E

Cross-region read replicas provide low RPO (usually seconds) and can be promoted quickly.

Why this answer

Options A and D are correct. A cross-region read replica for Aurora PostgreSQL provides near-real-time replication meeting the 15-minute RPO. Pre-provisioning EC2 instances in the DR region reduces RTO.

Option B (cross-region snapshot) may have higher RPO. Option C (single-region) does not meet DR requirements. Option E (S3 cross-region replication) is for files, not database.

437
MCQhard

An SAP administrator receives an alert that the SAP application server is not responding. The administrator checks the EC2 console and sees that the instance state is 'running' but the status checks have failed. Which step should be taken first to restore the SAP application?

A.Terminate the instance and launch a new one using the same AMI.
B.Use the EC2 console to stop and start the instance, which will move it to new underlying hardware.
C.Reboot the EC2 instance from the AWS Management Console.
D.Create a new EC2 instance from the latest AMI and attach the existing EBS volumes.
AnswerB

Stop/start recovers from hardware issues and preserves the instance ID, EBS volumes, and Elastic IP.

Why this answer

If status checks fail, the instance may have OS or network issues. Recovering the instance with the same Elastic IP and EBS volumes restores the SAP application. Option A is wrong because creating a new instance takes time and may not have the same configuration.

Option B is wrong because rebooting might not fix underlying issues. Option C is correct. Option D is wrong because terminating loses data.

438
Multi-Selecthard

Which THREE steps should an administrator take to troubleshoot an issue where an SAP application server cannot connect to the database server after a security group change? (Choose THREE.)

Select 3 answers
A.Check the outbound rules of the application server's security group
B.Modify the route tables to ensure direct communication
C.Restart both the application and database servers
D.Review the network ACL rules for the subnets
E.Verify the inbound rules of the database server's security group allow traffic from the application server
AnswersA, D, E

Security groups are stateful, but outbound rules can affect traffic if not configured properly.

Why this answer

The first step is to verify the security group rules. Then check network ACLs. VPC Flow Logs can confirm if traffic is allowed or denied.

Checking the OS firewall is also important. Restarting instances and changing route tables are too disruptive and unlikely to be the root cause. Changing security groups again without analysis is guesswork.

439
MCQmedium

A company is migrating an SAP HANA database to AWS and needs to ensure high availability with automatic failover. Which solution meets this requirement with the least administrative overhead?

A.Configure SAP HANA System Replication across two EC2 instances in different Availability Zones and use a custom script for failover.
B.Use AWS SAP HANA Multi-AZ deployment.
C.Deploy a single EC2 instance with an EBS volume and take regular snapshots.
D.Use an Application Load Balancer to distribute traffic to multiple HANA instances.
AnswerB

AWS manages automatic failover and replication, reducing overhead.

Why this answer

Option D is correct because AWS SAP HANA Multi-AZ is a managed service that automatically handles failover. Option A is wrong because manual scripts require administrative overhead. Option B is wrong because it does not provide automatic failover.

Option C is wrong because it requires manual intervention.

440
MCQhard

A company is running SAP ERP on a single EC2 instance with an SAP HANA database. The operations team receives an alert that the /hana/data filesystem is 85% full. The filesystem is mounted from an EBS volume. Which of the following actions should be taken to resolve the issue with MINIMAL downtime?

A.Increase the size of the existing EBS volume and extend the filesystem.
B.Add an additional EBS volume and mount it to /hana/data2, then relocate some data.
C.Delete unnecessary log files from the /hana/data directory.
D.Create a new, larger EBS volume, attach it to the instance, and copy the data.
AnswerA

EBS volumes can be resized online, and the filesystem can be extended without stopping the instance.

Why this answer

Option C is correct because increasing the EBS volume size and extending the filesystem can be done online without stopping the instance. Option A is wrong because it would require stopping the instance. Option B is wrong because cleaning up data is not practical for a production system with critical data.

Option D is wrong because it introduces a new EBS volume which requires additional configuration.

441
MCQmedium

A company is running a production SAP HANA database on an AWS EC2 instance with multiple EBS volumes. The operations team notices that the database performance degrades during peak hours. Which AWS service can be used to analyze the disk I/O performance and identify bottlenecks?

A.AWS Trusted Advisor
B.AWS Config
C.Amazon CloudWatch
D.AWS Config
AnswerC

CloudWatch provides detailed EBS metrics for performance analysis.

Why this answer

CloudWatch provides metrics for EBS volumes including read/write throughput and IOPS, which can be used to analyze disk I/O performance. Option A is wrong because AWS Config tracks configuration changes, not performance. Option B is wrong because Trusted Advisor provides best-practice checks but not real-time performance analysis.

Option C is correct. Option D is wrong because AWS Config is not for performance monitoring.

442
MCQeasy

A company is running SAP HANA on AWS and needs to ensure that the database can be recovered to a specific point in time within the last 24 hours. Which backup strategy should be used?

A.Incremental backups using Backint
B.Daily full EBS snapshots
C.Daily SAP HANA full backups
D.Full backups plus log backups every 5 minutes
AnswerD

Log backups enable point-in-time recovery within the backup window.

Why this answer

Option D is correct because full plus log backups enable point-in-time recovery. Option A is wrong because single snapshot does not allow point-in-time. Option B is wrong because full backups only restore to backup time.

Option C is wrong because incremental alone does not provide point-in-time.

443
MCQmedium

An SAP system running on EC2 is experiencing intermittent connectivity issues between application servers and the database server. The network team suspects that the security group rules are too restrictive. What is the best approach to identify which traffic is being blocked?

A.Check the SAP application logs for connection errors.
B.Enable AWS CloudTrail and look for security group modification events.
C.Use Amazon CloudWatch to monitor network packets.
D.Enable VPC Flow Logs on the subnet or ENI and review the logs for rejected traffic.
AnswerD

VPC Flow Logs capture information about IP traffic going to and from network interfaces.

Why this answer

Option A is correct because VPC Flow Logs capture traffic metadata and can show accepted and rejected traffic. Option B is wrong because CloudTrail logs API calls, not network traffic. Option C is wrong because CloudWatch metrics do not provide per-packet detail.

Option D is wrong because the question is about network traffic, not application logs.

444
Multi-Selectmedium

Which THREE AWS services can be used to monitor the performance of an SAP HANA database running on EC2? (Choose 3)

Select 3 answers
A.AWS Config
B.Amazon CloudWatch Logs
C.SAP HANA built-in monitoring (e.g., SAP HANA Studio, SQL queries)
D.Amazon CloudWatch
E.AWS CloudTrail
AnswersB, C, D

CloudWatch Logs can ingest and monitor SAP HANA trace logs.

Why this answer

Options A, C, and E are correct. CloudWatch provides metrics like CPU and memory; SAP HANA built-in monitoring provides detailed database metrics; CloudWatch Logs can collect and analyze log files. Option B is wrong because CloudTrail tracks API calls, not performance.

Option D is wrong because Config tracks resource configurations.

445
MCQmedium

A company has an SAP HANA database running on an EC2 instance with EBS volumes. The operations team needs to ensure that database backups are stored in Amazon S3 and are automatically deleted after 90 days. What is the most efficient way to achieve this?

A.Use S3 Object Lock with a retention period of 90 days.
B.Enable S3 Versioning and delete old versions manually.
C.Write a script that runs daily to list backups older than 90 days and delete them.
D.Configure an S3 Lifecycle policy to expire objects after 90 days.
AnswerD

Lifecycle policies automate deletion without custom code.

Why this answer

Option B is correct because S3 Lifecycle policies can automatically transition objects to cheaper storage classes or expire them after a specified number of days. Option A is wrong because manual deletion is not automated. Option C is wrong because S3 Object Lock is for preventing deletion, not automating it.

Option D is wrong because versioning alone does not delete objects.

446
MCQeasy

A company wants to monitor the disk space utilization of their SAP application servers. Which AWS service can provide a centralized view of disk space metrics without installing additional agents?

A.AWS Systems Manager Inventory
B.Amazon CloudWatch
C.AWS CloudTrail
D.Amazon Inspector
AnswerA

Systems Manager Inventory collects OS-level information, including disk space, using the SSM Agent which is often pre-installed.

Why this answer

Option D is correct because CloudWatch can collect disk metrics via the CloudWatch agent, but the question says 'without installing additional agents'. However, CloudWatch does require an agent for disk metrics. But the question might mean without third-party agents.

Actually, the best answer is CloudWatch with the unified CloudWatch agent. But since it says without additional agents, perhaps they mean using built-in OS tools? Option B is wrong. Option C is wrong.

Option A is wrong. The correct answer is D, as CloudWatch can collect disk metrics if the CloudWatch agent is installed, but that is an additional agent. Hmm.

Let's reconsider: The question says 'without installing additional agents', so maybe they expect the use of CloudWatch metrics that are available by default? EC2 does not send disk metrics by default. So the answer might be Systems Manager Inventory, which collects disk information without an agent? Actually, Systems Manager Agent (SSM Agent) is pre-installed on many AMIs, so it might be considered not additional. Option B: Systems Manager Inventory can collect disk information.

Option D: CloudWatch requires an agent. So B is correct. Let's go with B.

447
MCQhard

Your company runs SAP ERP on AWS with a multi-AZ deployment. The SAP HANA database is replicated across two Availability Zones using HANA System Replication. The application servers are behind an Application Load Balancer. During a recent Availability Zone failure, the primary HANA instance failed, and the standby took over. However, the application servers continued to try to connect to the primary instance for several minutes, causing downtime. The DNS record for the database endpoint was manually updated after the failover. What is the most effective solution to automate the failover and minimize downtime?

A.Configure a Network Load Balancer in front of the HANA instances
B.Create a custom script on each application server to detect failover and update the connection string
C.Implement Amazon Route 53 DNS failover with health checks on the primary and secondary HANA instances
D.Use an Amazon RDS for SAP HANA instead of self-managed
AnswerC

Route 53 health checks detect primary failure and automatically route to the secondary.

Why this answer

Using Amazon Route 53 with a primary and secondary routing policy and health checks can automatically update DNS to the healthy instance. Option C is correct.

448
MCQhard

A company runs SAP S/4HANA in a multi-AZ deployment with a standby database in a different Availability Zone. The primary database fails. What is the expected behavior of the SAP HANA system replication?

A.A new standby database is automatically provisioned in the same AZ.
B.The standby database automatically takes over as the new primary.
C.The primary database is automatically restarted in the same AZ.
D.The administrator must manually promote the standby database.
AnswerB

SAP HANA system replication with sync mode enables automatic failover.

Why this answer

Option A is correct because with HANA system replication in sync mode, automatic failover to the standby occurs. Option B is wrong because manual intervention is not needed with sync replication. Option C is wrong because the standby is already in another AZ.

Option D is wrong because replication is ongoing.

449
MCQmedium

A company uses Amazon CloudWatch Logs to store SAP application logs. The Security team requires that logs be encrypted at rest using a customer-managed KMS key (CMK). How can this be achieved?

A.Associate the KMS key with the CloudWatch Logs log group.
B.Enable default encryption on the S3 bucket where logs are exported.
C.Use an encrypted EBS volume for the EC2 instances generating the logs.
D.Enable encryption on the CloudWatch Logs log stream.
AnswerA

CloudWatch Logs allows encryption at rest using a KMS CMK associated with the log group.

Why this answer

Option B is correct because CloudWatch Logs supports encryption with KMS CMK by associating the key with the log group. Option A is wrong because S3 default encryption does not apply to CloudWatch Logs. Option C is wrong because CloudWatch Logs does not support EBS encryption.

Option D is wrong because enabling encryption on the log group not the stream is the correct action.

450
MCQeasy

An SAP administrator needs to ensure that all API calls made to create, modify, or delete AWS resources are logged for auditing. Which AWS service should be enabled?

A.Amazon CloudWatch
B.AWS CloudTrail
C.AWS Config
D.Amazon GuardDuty
AnswerB

CloudTrail records all API activity for auditing.

Why this answer

Option B is correct: AWS CloudTrail logs API calls. Option A (CloudWatch) is for monitoring metrics. Option C (Config) is for resource configuration.

Option D (GuardDuty) is for security threats.

← PreviousPage 6 of 7 · 491 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Sap Operations questions.