CCNA Sap Technology Questions

75 of 412 questions · Page 5/6 · Sap Technology topic · Answers revealed

301
MCQmedium

An SAP system on AWS is experiencing high latency between the application server and the database server. Both are in the same VPC but different subnets. What is the most effective way to reduce latency?

A.Move the database to a different Availability Zone.
B.Use a VPN connection between subnets.
C.Increase the instance size of both servers.
D.Place both instances in a placement group in the same Availability Zone.
AnswerD

Placement groups provide low-latency network.

Why this answer

Option C is correct because placing both servers in the same placement group ensures low-latency network connectivity. Option A is wrong because increasing instance size may improve performance but not necessarily reduce latency. Option B is wrong because using a VPN adds overhead.

Option D is wrong because moving to different AZs typically increases latency.

302
MCQmedium

A company is running SAP on AWS and wants to ensure high availability for the SAP Central Services (ASCS) instance. They have two EC2 instances in different Availability Zones within a single AWS Region. Which AWS service should be used to automatically fail over the ASCS instance if the primary instance fails?

A.Application Load Balancer (ALB)
B.AWS Auto Scaling
C.AWS CloudFormation
D.Amazon Route 53
AnswerD

Route 53 health checks and failover routing can direct traffic to the healthy instance.

Why this answer

Option C is correct: Amazon Route 53 with health checks and failover routing policy can redirect traffic to the secondary ASCS instance. Option A is wrong: ELB is not suitable for ASCS because ASCS uses non-HTTP ports. Option B is wrong: AWS Auto Scaling does not handle failover of stateful services.

Option D is wrong: AWS CloudFormation is for provisioning, not automatic failover.

303
MCQhard

During an SAP migration to AWS, the migration team faces a challenge with the Transport Management System (TMS). The SAP system landscape includes development, quality assurance, and production systems running on separate EC2 instances. The TMS is configured with transport routes between these systems. After migration, transports fail with errors related to missing files on the transport directory. What should the team do to ensure the TMS works correctly?

A.Create an EBS volume for each SAP system and copy transport files manually.
B.Set up an Amazon EFS file system and mount it as the transport directory on all SAP instances.
C.Store the transport directory in an S3 bucket and mount it using S3FS.
D.Use AWS Storage Gateway with SMB file share to host the transport directory.
AnswerB

EFS provides a shared NFS file system suitable for TMS.

Why this answer

Option D is correct because TMS relies on a shared transport directory; using EFS with NFS provides a shared file system accessible by all instances. Option A is wrong because S3 is object storage and not compatible as a transport directory. Option B is wrong because EBS volumes are block storage and cannot be shared across multiple instances.

Option C is wrong because SMB on AWS is not a standard solution for TMS.

304
MCQhard

A company is running SAP ERP on AWS and using a shared file system for the SAP transport directory. The file system must be accessible from multiple EC2 instances in different Availability Zones. Which AWS storage solution should be used?

A.Amazon FSx for Windows File Server
B.Amazon EFS
C.Amazon S3
D.Amazon EBS
AnswerB

EFS provides a shared NFS file system accessible from multiple AZs.

Why this answer

Amazon EFS provides a scalable, shared file system that can be mounted from multiple EC2 instances across Availability Zones. Amazon S3 is object storage, not a file system. Amazon FSx for Windows File Server is for Windows-based environments.

Amazon EBS cannot be shared across instances.

305
Multi-Selectmedium

A company is deploying a multi-tier web application on AWS. The application consists of an Application Load Balancer (ALB), a fleet of EC2 instances in an Auto Scaling group, and an Amazon RDS MySQL Multi-AZ DB instance. The security team requires that all traffic between the ALB and EC2 instances is encrypted, and that the EC2 instances can only be accessed by the ALB. Which TWO steps should be taken to meet these requirements? (Choose TWO.)

Select 2 answers
A.In the EC2 security group, allow inbound HTTPS traffic from 0.0.0.0/0.
B.Enable encryption at rest on the EC2 instances using EBS encryption.
C.In the EC2 security group, allow inbound traffic on port 443 from the ALB's security group.
D.Configure the target group of the ALB to use HTTPS protocol.
E.Configure the ALB with an HTTPS listener and upload the SSL/TLS certificate.
AnswersC, D

This restricts access to only the ALB, meeting the requirement.

Why this answer

Option C is correct because referencing the ALB's security group in the inbound rule of the EC2 security group ensures that only traffic originating from the ALB is allowed, meeting the requirement that EC2 instances can only be accessed by the ALB. Option D is correct because configuring the target group to use HTTPS protocol ensures that traffic between the ALB and EC2 instances is encrypted using TLS, satisfying the encryption requirement.

Exam trap

The trap here is that candidates often confuse the ALB listener protocol (which encrypts client-to-ALB traffic) with the target group protocol (which encrypts ALB-to-instance traffic), leading them to select Option E instead of Option D.

306
MCQeasy

A company is deploying a new SAP S/4HANA system on AWS. The system will be used by 500 concurrent users. The SAP application server and the HANA database will run on separate EC2 instances. The company needs to ensure that the database instance has enough memory for the HANA database, which requires 512 GB of RAM. The application server requires 32 vCPUs and 128 GB of RAM. The company wants to minimize costs while meeting these requirements. Which combination of EC2 instance types should the company choose?

A.Use an r5.12xlarge for the database and an m5.4xlarge for the application server.
B.Use an x1e.8xlarge for the database and an r5.8xlarge for the application server.
C.Use an x1e.32xlarge for the database and an m5.8xlarge for the application server.
D.Use an r5.24xlarge for the database and an r5.8xlarge for the application server.
AnswerD

r5.24xlarge has 768 GB, sufficient; r5.8xlarge has 32 vCPU and 256 GB, sufficient.

Why this answer

Option B is correct because an x1e.4xlarge has 122 GB memory, too low; x1e.8xlarge has 244 GB; x1e.16xlarge has 488 GB; x1e.32xlarge has 976 GB. For 512 GB, the x1e.32xlarge is overkill; but x1e.16xlarge has 488 GB, which is insufficient. Actually, the correct instance for 512 GB is x1e.16xlarge (488 GB) is not enough; x1e.32xlarge (976 GB) is too large.

Better: use an r5.24xlarge with 768 GB. Among options, D: r5.24xlarge (768 GB) for DB and r5.8xlarge (32 vCPU, 256 GB) for app. That fits.

Option A: x1e.32xlarge is expensive. Option B: x1e.8xlarge (244 GB) insufficient. Option C: r5.12xlarge (384 GB) insufficient.

So D is correct.

307
Drag & Dropmedium

Drag and drop the steps to migrate an on-premises SAP system to AWS using AWS Application Migration Service (MGN) into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

MGN migration involves installing agent, configuring replication, testing, cutover, and post-migration steps.

308
MCQmedium

A company is migrating an SAP NetWeaver system to AWS. The system uses a shared file system for central transport directories and logs. Which AWS storage service should be used to provide a scalable, highly available, and shared file system that can be mounted by multiple EC2 instances across different Availability Zones?

A.Amazon EBS with Multi-Attach enabled
B.Amazon EFS
C.EC2 Instance Store
D.Amazon S3 with S3 File Gateway
AnswerB

C is correct: EFS is a scalable NFS file system for multiple AZs.

Why this answer

Option C is correct: Amazon EFS provides a scalable, shared NFS file system accessible from multiple AZs. Option A is incorrect because EBS cannot be attached to multiple instances simultaneously. Option B is incorrect because S3 is object storage, not a file system.

Option D is incorrect because Instance Store is ephemeral and not shared.

309
Multi-Selecthard

A company runs SAP on AWS and uses SAP HANA as its database. The system is experiencing high latency during peak hours. The SAP HANA administrator wants to identify performance bottlenecks at the CPU, memory, and disk I/O levels. Which TWO AWS services can be used together to monitor and correlate these metrics?

Select 2 answers
A.AWS Config
B.Amazon CloudWatch Logs
C.Amazon Inspector
D.Amazon CloudWatch
E.AWS X-Ray
AnswersB, D

CloudWatch Logs can ingest HANA traces for correlation.

Why this answer

Options A and D are correct: Amazon CloudWatch collects metrics from EC2 instances and EBS volumes; Amazon CloudWatch Logs can ingest SAP HANA traces; combined they allow correlation. Option B is wrong: AWS X-Ray is for tracing application requests, not system metrics. Option C is wrong: Amazon Inspector is for security assessment.

Option E is wrong: AWS Config tracks configuration changes, not real-time performance.

310
MCQmedium

A company is deploying SAP NetWeaver on AWS and wants to use Amazon FSx for NetApp ONTAP as the shared file system for the SAP transport directory (/usr/sap/trans). The company needs to ensure that the transport directory is highly available and can be accessed from multiple SAP application servers across different Availability Zones. Which configuration should the SAP administrator use?

A.Use Amazon EFS with a mount target in each AZ.
B.Mount the transport directory from an Amazon EC2 instance running NFS in the same AZ.
C.Store the transport directory in Amazon S3 and use an S3 mount point.
D.Create an FSx for ONTAP file system with Multi-AZ configuration and mount the NFS share on all SAP servers.
AnswerD

FSx for ONTAP Multi-AZ provides HA and cross-AZ access.

Why this answer

Option B is correct because FSx for ONTAP provides highly available file shares that can be mounted via NFS from multiple AZs. Option A is wrong because a single file server in one AZ is not HA. Option C is wrong because S3 is not POSIX-compliant and not suitable for SAP transport.

Option D is wrong because EFS is also HA but FSx for ONTAP is specifically mentioned and preferred for SAP.

311
Multi-Selectmedium

A company is designing an SAP HANA disaster recovery solution using SAP HANA System Replication. Which TWO AWS services are required to enable automatic failover across AWS Regions?

Select 2 answers
A.AWS Elastic Load Balancing (NLB)
B.AWS Direct Connect
C.AWS CloudFormation
D.AWS Route 53
E.AWS Shield
AnswersA, D

NLB can be used with a static IP and health checks to route traffic to the active HANA instance.

Why this answer

AWS Route 53 provides DNS-based failover routing to redirect traffic to the DR region. AWS Elastic Load Balancing (NLB) is used to distribute traffic to the HANA instances and can be used with a floating IP. AWS Direct Connect is not required.

AWS CloudFormation is not needed for automatic failover. AWS Shield is for DDoS protection.

312
Multi-Selectmedium

A company is running SAP ERP on AWS and wants to implement a disaster recovery (DR) strategy with a Recovery Point Objective (RPO) of 15 minutes and Recovery Time Objective (RTO) of 2 hours. The primary site is in us-east-1, and the DR site is in us-west-2. Which TWO AWS features should be combined to achieve this? (Choose TWO.)

Select 2 answers
A.Amazon RDS Multi-Region replication
B.Amazon S3 Cross-Region Replication for database backups
C.AWS CloudEndure Disaster Recovery
D.Amazon EBS Multi-AZ snapshots
E.EC2 AMI Copy to copy server images to the DR region
AnswersB, E

S3 CRR can replicate backups to the DR region with low RPO.

Why this answer

Options A and C are correct: S3 Cross-Region Replication provides asynchronous replication of backups, and EC2 AMI Copy can be used to copy AMIs to the DR region. Option B is wrong because EBS snapshots are not automatically cross-region; they need to be copied. Option D is wrong because CloudEndure may not meet RPO/RTO.

Option E is wrong because RDS is not used for SAP.

313
MCQmedium

An SAP system running on AWS is experiencing performance degradation. The system uses a shared file system for /sapmnt and /usr/sap/trans. The file system is hosted on an Amazon EFS file system. Which configuration change is most likely to improve throughput for these file systems?

A.Change the EFS performance mode to Max I/O to support higher levels of aggregate throughput and operations per second.
B.Increase the Provisioned Throughput of the EFS file system.
C.Switch the EFS file system to General Purpose (Burstable) performance mode.
D.Enable burst credits on the EFS file system to handle peak loads.
AnswerA

Max I/O mode is designed for large-scale, parallel workloads like SAP shared directories.

Why this answer

Option D is correct because EFS performance mode 'Max I/O' is designed for high throughput and parallel operations, typical for SAP shared mounts. Option A is wrong because General Purpose (Burstable) mode is for lower throughput workloads. Option B is wrong because Provisioned Throughput is for consistent throughput but not specifically for parallel access.

Option C is wrong because increasing burst credit balance is not a configuration option; burst credits are earned automatically.

314
Multi-Selectmedium

Which THREE factors should be considered when selecting an EC2 instance type for an SAP HANA production system?

Select 3 answers
A.Memory (RAM) size
B.SAP certification
C.Network bandwidth
D.Instance store volumes
E.GPU capabilities
AnswersA, B, C

HANA is an in-memory database; RAM size is primary.

Why this answer

Options A, C, and D are correct. SAP HANA is memory-intensive, so memory size is critical. The instance must be certified for SAP HANA on AWS.

Network bandwidth is important for replication. Option B is incorrect because GPU is not required for HANA. Option E is incorrect because HANA uses local attach EBS, not instance store.

315
MCQhard

A company has deployed its SAP S/4HANA system on AWS in a single Availability Zone. The system consists of a primary application server (PAS), additional application servers (AAS), and a HANA database server, all running on EC2 instances. The company is experiencing occasional performance degradation during peak hours. The CloudWatch metrics show that the database server's CPU utilization spikes to 90% during these periods, while the application servers' CPU remains below 50%. The storage is configured with two EBS io1 volumes (each 1 TB, 10,000 IOPS) for HANA data and one io1 volume (500 GB, 5,000 IOPS) for log. The network throughput is not saturated. The company wants to resolve the performance issue without increasing costs significantly. Which course of action should the company take?

A.Implement SAP HANA System Replication with a secondary node in the same AZ to offload read operations.
B.Increase the Provisioned IOPS on the data volumes to 20,000 each.
C.Switch the EBS volumes from io1 to gp3 to reduce latency.
D.Upgrade the database instance to a larger type, such as r5.12xlarge.
AnswerA

HSR allows read workloads to be redirected to the secondary, reducing CPU on primary.

Why this answer

Option C is correct because adding another HANA node with HSR distributes read load and can improve performance. Option A is wrong because increasing EBS IOPS increases costs and may not resolve CPU bottleneck. Option B is wrong because switching to gp3 may reduce costs but not solve CPU issue.

Option D is wrong because increasing instance size is costly; using HSR is more cost-effective.

316
MCQhard

An SAP administrator has created the IAM policy shown in the exhibit and attached it to an IAM role used by an EC2 instance running SAP HANA. The instance needs to download backup files from the S3 bucket 'sap-backup-bucket' and then stop itself after the backup is complete. However, the backup script fails with an access denied error when trying to list the bucket. What is the most likely cause?

A.The S3 bucket is encrypted and the policy does not allow kms:Decrypt
B.The policy does not allow the s3:ListBucket action on the bucket ARN
C.The policy does not include the ec2:StopInstances permission
D.The instance does not have an internet gateway to reach S3
AnswerB

The policy allows s3:ListBucket but the Resource array does not include the bucket ARN; it only includes the object ARN (sap-backup-bucket/*). The ListBucket action requires the bucket ARN as resource.

Why this answer

The policy lists both 's3:GetObject' and 's3:ListBucket' but for the ListBucket action, the resource must be the bucket ARN itself, not the bucket and its contents. The separate resource line for the bucket and its contents is correct. However, the error may be due to the instance not having the correct permissions for the specific S3 endpoint (e.g., if using a VPC endpoint, the policy may need s3:ListBucket on the bucket ARN).

But the policy as shown appears correct. Wait, the policy allows ListBucket on the bucket ARN. Possibly the error is due to missing s3:ListBucket permission on the bucket ARN? Actually the policy includes both the bucket ARN and the object ARN.

So it should work. Perhaps the issue is that the policy does not allow s3:GetObject on the bucket itself? But GetObject is on objects. The error might be due to a missing permission for s3:ListAllMyBuckets? No.

Another possibility: the instance profile role may not have been attached properly, or the S3 bucket policy denies access. But based on the exhibit, the policy looks sufficient. However, the question states the error is 'access denied when trying to list the bucket'.

The list operation requires s3:ListBucket on the bucket resource. The policy includes that. So maybe the error is due to the instance not having the correct IAM role or the bucket policy? But the most likely cause given the exhibit is that the policy does not include s3:ListBucket? Wait, it does.

Actually the exhibit shows s3:ListBucket as an action. So the policy should allow listing. Perhaps the issue is that the instance is in a different region? No.

Let me reconsider. The policy includes ListBucket on the bucket ARN. So it should work.

I need to find a plausible reason. Maybe the error is because the policy also needs to allow s3:ListBucket on the bucket ARN with a condition? No. Alternatively, maybe the backup script is trying to list objects using a different method that requires additional permissions, like s3:ListObjects? s3:ListBucket is the correct action.

Actually, the s3:ListBucket action corresponds to the ListObjects API. So it should work. Maybe the bucket policy explicitly denies access? But the question asks about the IAM policy.

Possibly the answer is that the policy does not specify the correct resource for the s3:ListBucket action? But it does. I think there might be a mistake. Let me read the exhibit again: the Resource for S3 is an array with two ARNs: the bucket and its contents.

That is correct. So the policy should allow listing. Perhaps the issue is that the instance does not have the correct credentials? But the IAM role should provide them.

Another thought: the policy allows s3:GetObject and s3:ListBucket, but the script might be using a different endpoint like s3:ListObjectsV2 which also requires s3:ListBucket. So it should still work. Maybe the error is because the policy is missing s3:GetObjectVersion? Unlikely.

I'll go with the most plausible: the policy does not include the necessary permissions for the backup tool being used, but since the question says 'list the bucket', it's likely a ListObjects action. The policy includes ListBucket, so it should be fine. Wait, perhaps the answer is that the policy is missing s3:ListAllMyBuckets? No, that's for listing all buckets.

For listing a specific bucket, ListBucket is correct. I think the correct answer might be that the policy is correct but the bucket policy denies access, but that's not an option. The options provided (not shown yet) would include plausible causes.

Since I'm generating the question, I need to create options. Let me set the correct answer as: The policy is missing the s3:ListBucket permission on the bucket ARN. But it's not missing.

I'll adjust: maybe the exhibit shows a typo where the action is s3:ListBucket but the resource for that action is only the bucket ARN? Actually the policy shows both. I'll change the exhibit slightly to make it incorrect: remove the bucket ARN from the Resource list, so only object ARN is present. That would cause the list operation to fail.

Let me modify the exhibit accordingly.

317
MCQeasy

An SAP system needs to send email notifications from the SAP application server running on EC2. Which AWS service should be used?

A.Amazon Simple Email Service (SES)
B.Amazon Pinpoint
C.Amazon Simple Queue Service (SQS)
D.Amazon Simple Notification Service (SNS)
AnswerA

SES is designed for sending email from applications.

Why this answer

Option C is correct because Amazon SES is for sending emails. Option A is wrong because SQS is for message queuing. Option B is wrong because SNS is for push notifications, not transactional email.

Option D is wrong because Pinpoint is for targeted campaigns.

318
MCQhard

An SAP system administrator notices that an SAP S/4HANA system on AWS is experiencing high network latency between the application server and the database server. Both servers are in the same VPC but in different Availability Zones. What is the most effective way to reduce latency?

A.Set up VPC peering between the two subnets.
B.Deploy AWS Global Accelerator to optimize the traffic path.
C.Add multiple Elastic Network Interfaces (ENIs) to the instances.
D.Launch both instances in the same placement group and enable EBS optimization.
AnswerD

Placement groups ensure low-latency network performance between instances, and EBS optimization dedicates bandwidth for storage traffic.

Why this answer

Option D is correct because using an EBS-optimized instance with dedicated network bandwidth and placement groups reduces latency and improves throughput. Option A is wrong because adding more ENIs increases complexity without guaranteed latency reduction. Option B is wrong because VPC peering is for cross-VPC communication, not within the same VPC.

Option C is wrong because AWS Global Accelerator is for global traffic, not intra-VPC.

319
MCQeasy

A company is running a critical SAP application on SAP HANA in an AWS Single-AZ deployment. The application has experienced downtime twice in the last month due to underlying hardware failures. What is the MOST cost-effective solution to minimize future downtime without compromising performance?

A.Move the SAP HANA instance to a larger instance type to improve hardware reliability.
B.Deploy the SAP HANA database in a Multi-AZ configuration using AWS services like Multi-AZ DB instance for SAP HANA.
C.Use Dedicated Hosts to ensure physical isolation from other AWS customers.
D.Implement automated snapshots of the SAP HANA data volume and restore in case of failure.
AnswerB

Multi-AZ provides automatic failover to a standby in another AZ, reducing downtime.

Why this answer

Option A is correct because Multi-AZ deployment provides high availability by replicating data across Availability Zones, reducing downtime from hardware failures without needing additional SAP licenses. Option B (upgrading instance size) does not address AZ-level failures. Option C (manual snapshots) introduces longer recovery time.

Option D (Dedicated Hosts) provides hardware isolation but still single-AZ.

320
Multi-Selecteasy

Which TWO AWS services can be used to automate the backup of SAP HANA databases? (Choose two.)

Select 2 answers
A.Amazon RDS
B.AWS Lambda
C.AWS Storage Gateway
D.AWS Backup
E.SAP HANA Backint agent for Amazon S3
AnswersD, E

AWS Backup can schedule and manage EBS snapshots for HANA volumes.

Why this answer

Options A and B are correct. AWS Backup can automate EBS snapshots, and SAP HANA Backint with S3 can perform database-level backups. Option C is wrong because Lambda is not a backup service.

Option D is wrong because RDS is for relational databases, not HANA. Option E is wrong because Storage Gateway is for on-premises backup.

321
MCQeasy

A company is migrating its SAP ERP system to AWS and wants to use SAP HANA as the database. Which AWS service can be used to automate the installation and configuration of SAP HANA?

A.AWS CodePipeline
B.AWS CloudFormation
C.AWS OpsWorks
D.AWS Systems Manager
AnswerD

Systems Manager automates tasks via runbooks and can install SAP HANA.

Why this answer

Option A is correct: AWS Systems Manager can automate installation and configuration using runbooks. Option B is wrong because AWS OpsWorks is for Chef/Puppet. Option C is wrong because AWS CloudFormation is for infrastructure provisioning, not software installation.

Option D is wrong because AWS CodePipeline is for CI/CD.

322
MCQhard

A company runs its SAP ERP system on AWS using SAP HANA as the database. The HANA database is deployed on an EC2 instance with 2 TB of memory. The system has been running for months, but recently the application team reported that some queries are taking significantly longer than usual. The operations team checks the CloudWatch metrics and sees that the database instance's CPU utilization is consistently above 90% during peak hours. They also notice that the EBS volume used for HANA data files has a read latency of over 20 ms. The volume is a gp3 volume with 16,000 IOPS. The instance type is an x1e.8xlarge. The team suspects that the instance is not optimized for the workload. What should they do to resolve the performance issue?

A.Change the EBS volume type to gp2 with a larger size.
B.Increase the gp3 volume IOPS to 32,000 to reduce read latency.
C.Replace the instance with an x1e.16xlarge instance to increase CPU and memory capacity.
D.Enable EBS optimization on the EC2 instance.
AnswerC

More vCPUs and memory will handle the workload.

Why this answer

Option D is correct: The high CPU and read latency suggest that the instance type is insufficient. Switching to an x1e.16xlarge doubles vCPUs and memory, addressing both issues. Option A is wrong because increasing IOPS may help latency but does not address CPU.

Option B is wrong because enabling EBS optimization is already default on x1e instances. Option C is wrong because moving to gp2 may reduce performance.

323
MCQhard

You are an AWS administrator for a company running SAP S/4HANA on AWS. The system uses a three-tier architecture: web dispatchers, application servers, and a HANA database. All components are in a single VPC. Security requirements demand that the web dispatchers are in a public subnet, application servers in private subnets, and the database in a private subnet. The web dispatchers need to communicate with the application servers on port 443, and application servers communicate with the database on port 31341. You have configured security groups accordingly. However, the web dispatchers cannot connect to the application servers. The network ACL for the public subnet allows inbound HTTPS from the internet and outbound all traffic. The private subnet NACL allows inbound HTTPS from the public subnet and outbound all traffic. The security group for the web dispatchers allows outbound HTTPS to the application security group. The application security group allows inbound HTTPS from the web security group. What is the issue?

A.The network ACL for the public subnet does not allow inbound ephemeral ports from the private subnet.
B.The security group for the application servers does not allow inbound HTTPS from the web dispatchers.
C.The security group for the web dispatchers does not allow outbound HTTPS to the application security group.
D.The VPC does not have a route between the public and private subnets.
AnswerA

The response traffic from the application servers uses ephemeral ports; the public NACL must allow inbound on those ports from the private subnet.

Why this answer

Option B is correct because security groups are stateful; if the application security group allows inbound HTTPS from the web security group, the return traffic is automatically allowed. However, network ACLs are stateless, so the private subnet NACL must allow inbound traffic from the public subnet, which it does, but it must also allow outbound return traffic from the application servers to the web dispatchers. The outbound rule in the private NACL allows all traffic, so that is not the issue.

Actually, the problem is likely that the web dispatchers are in a public subnet with a NACL that allows inbound HTTPS from the internet, but the application servers are in a private subnet and need to send return traffic. Since NACLs are stateless, the private subnet NACL must allow inbound HTTPS from the web dispatchers, which is configured, but also outbound traffic from the application servers. The outbound rule allows all, so that's fine.

The real issue could be that the web dispatchers' security group does not allow inbound traffic from the application servers for the return traffic? But security groups are stateful, so no. Let's re-evaluate: The web dispatchers initiate connection to application servers on port 443. The application servers respond.

The web dispatchers' security group must allow outbound HTTPS to the application servers, which it does. The application servers' security group must allow inbound HTTPS from the web dispatchers, which it does. Since security groups are stateful, the return traffic is allowed.

So the issue might be with routing? But all in same VPC. Perhaps the web dispatchers are in a public subnet without a route to the private subnet? Actually, by default, VPC has local route. So routing is fine.

The most common issue is that the network ACL for the private subnet must allow inbound ephemeral ports for the response traffic. Since NACLs are stateless, the outgoing response from application servers uses ephemeral ports, and the private subnet NACL must allow outbound traffic on those ports. The outbound rule allows all, so that's fine.

But the public subnet NACL must allow inbound ephemeral ports for the response traffic coming back to the web dispatchers. The public subnet NACL allows inbound HTTPS from the internet, but not necessarily ephemeral ports from the private subnet. So the issue is that the public subnet NACL does not allow inbound traffic on ephemeral ports from the private subnet.

Option A is incorrect because security groups are fine. Option C is incorrect because security groups are stateful. Option D is incorrect because routing should work.

324
MCQmedium

A company is running SAP BusinessObjects on AWS. The application servers are behind an Application Load Balancer (ALB). The ALB is configured to use a single target group. The company wants to deploy a new version of the application with zero downtime. Which deployment strategy should be used?

A.Perform a rolling update by terminating one instance at a time and launching a new one.
B.Implement a blue/green deployment by creating a new target group and updating the ALB listener.
C.Create a new ALB and update the DNS record to point to the new ALB.
D.Use a canary release by routing 10% of traffic to the new version.
AnswerB

Blue/green allows instant traffic switch with no downtime.

Why this answer

Option D is correct: Blue/green deployment creates a new target group with new instances, then updates the ALB listener rule to route traffic to the new group, enabling zero downtime. Option A is wrong: Rolling update with in-place replacement can cause downtime. Option B is wrong: Canary releases are for gradual rollout, not necessarily zero downtime.

Option C is wrong: Creating a new ALB and updating DNS can cause DNS propagation delays.

325
Multi-Selectmedium

Which TWO options are valid methods for encrypting data at rest in an SAP HANA database running on Amazon EBS? (Choose two.)

Select 2 answers
A.Use SSL/TLS connections to the database.
B.Enable SAP HANA native encryption for the database.
C.Use AWS KMS to encrypt the database schema.
D.Store database files in Amazon S3 with SSE-S3.
E.Enable EBS encryption when launching the EC2 instance.
AnswersB, E

HANA can encrypt data at rest.

Why this answer

Options A and C are correct. Option A: EBS encryption at launch provides at-rest encryption. Option C: SAP HANA native encryption also encrypts data at rest.

Option B is wrong because SSL/TLS is for data in transit. Option D is wrong because KMS encrypts EBS volumes, not the database directly. Option E is wrong because S3 encryption is for S3 objects, not EBS.

326
MCQhard

A company runs SAP on AWS and wants to automate the failover of their SAP HANA database across Availability Zones using a multi-AZ setup. They are using Pacemaker and STONITH fencing. Which AWS resource is commonly used as a fencing device for SAP HANA multi-AZ clusters?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon RDS
D.Amazon CloudWatch alarm and EC2 API
AnswerD

The AWS STONITH agent uses CloudWatch and EC2 API to stop an unresponsive node.

Why this answer

Option A is correct because AWS provides a STONITH agent that uses EC2 API to stop/fence instances (e.g., via CloudWatch alarm). Option B is incorrect because SQS is a queue service, not a fencing mechanism. Option C is incorrect because RDS is a managed database service, not used for EC2 fencing.

Option D is incorrect because SNS is a notification service.

327
MCQmedium

An SAP Basis administrator is deploying a new SAP S/4HANA system on AWS. The architecture uses a multi-AZ deployment for high availability: primary database in us-east-1a, standby in us-east-1b. The ASCS instance is in us-east-1a with a replicated enqueue server (ERS) in us-east-1b. For the application servers, two instances are in us-east-1a and two in us-east-1b. The administrator needs to ensure that the SAP system remains available if an entire Availability Zone fails. What is the MOST important configuration step to achieve this?

A.Configure Amazon Route53 with a failover routing policy for the SAP application URLs.
B.Place an Application Load Balancer in front of the database instances.
C.Enable HANA system replication and configure ASCS with enqueue replication across the two AZs.
D.Use larger instance types for all SAP instances to handle the load.
AnswerC

These are the standard SAP HA mechanisms for cross-AZ failover.

Why this answer

Option D is correct because cross-AZ failover for both database and SAP central services requires proper configuration of HANA system replication and enqueue replication. Option A is wrong because Route53 routing is not sufficient for automatic failover of SAP services; it only handles DNS. Option B is wrong because a single ELB does not provide cross-AZ failover for the database.

Option C is wrong because increasing instance size does not improve availability.

328
MCQeasy

A company wants to migrate its SAP HANA database to AWS and needs to minimize downtime. Which AWS service should be used for a near-zero downtime migration?

A.AWS Direct Connect
B.AWS Snowball
C.AWS Database Migration Service (DMS)
D.AWS Server Migration Service (SMS)
AnswerC

DMS supports continuous replication for minimal downtime.

Why this answer

AWS Database Migration Service (DMS) supports ongoing replication and can migrate SAP HANA to AWS with minimal downtime. Server Migration Service (SMS) is for server migrations, Snowball is for large data transfers offline, and Direct Connect is for network connectivity.

329
MCQmedium

A company is designing a disaster recovery solution for a critical SAP HANA database running on AWS. The primary site is in us-east-1 and the recovery site must be in us-west-2. The database must have a Recovery Point Objective (RPO) of less than 15 minutes and a Recovery Time Objective (RTO) of less than 2 hours. Which approach meets these requirements with the least operational overhead?

A.Use AWS Backup to take snapshots of the HANA data volume every 5 minutes and copy them to us-west-2.
B.Use Amazon S3 Cross-Region Replication to copy HANA data files to us-west-2.
C.Set up AWS Database Migration Service (DMS) with ongoing replication from the primary to a secondary HANA database.
D.Configure SAP HANA System Replication (HSR) in active/standby mode between the primary and secondary regions.
AnswerD

HSR provides synchronous or near-synchronous replication with low RPO and fast failover, meeting requirements.

Why this answer

Option A is correct: Using SAP HANA System Replication with HANA's own replication mechanism to a secondary HANA instance in us-west-2 meets RPO <15 min and RTO <2h with minimal overhead, as it is native and automated. Option B is wrong: Cross-Region snapshot copy can take longer than 15 min for RPO. Option C is wrong: DMS is not suitable for real-time HANA replication.

Option D is wrong: S3 is for object storage, not direct database replication.

330
MCQmedium

A company is migrating its on-premises SAP HANA database to AWS. The database size is 2 TB, and the acceptable downtime is 4 hours. The company needs to ensure minimal data loss during the migration. Which AWS service should be used for the initial data transfer?

A.AWS Storage Gateway
B.AWS Snowball Edge
C.AWS Direct Connect
D.AWS DataSync
AnswerB

Snowball Edge can physically ship the data, meeting the 2 TB transfer within 4 hours downtime.

Why this answer

AWS Snowball Edge is designed for large data transfers where network bandwidth is limited or downtime is constrained. It can transfer 2 TB within the required time frame. AWS Direct Connect requires setup time and may not meet the 4-hour downtime.

AWS DataSync is for smaller transfers over the network. AWS Storage Gateway is not optimized for initial large-scale migrations.

331
Multi-Selecteasy

Which TWO AWS services can be used to provide shared storage for SAP systems running on multiple EC2 instances?

Select 2 answers
A.EC2 Instance Store
B.Amazon S3
C.Amazon EBS
D.Amazon FSx for NetApp ONTAP
E.Amazon EFS
AnswersD, E

FSx for ONTAP provides shared NFS/SMB storage.

Why this answer

Options A and D are correct. Amazon EFS provides NFS shared storage for Linux instances. Amazon FSx for NetApp ONTAP provides NFS and SMB shared storage.

Option B is incorrect because EBS volumes cannot be attached to multiple instances. Option C is incorrect because S3 is object storage, not a file system. Option E is incorrect because Instance Store is ephemeral and not shared.

332
MCQmedium

A company runs an SAP HANA database on an AWS EC2 instance. The database experiences high latency during peak hours. The operations team suspects network bottlenecks. Which AWS service should be used to analyze network traffic patterns and identify the source of latency?

A.VPC Flow Logs
B.AWS X-Ray
C.AWS Trusted Advisor
D.AWS CloudTrail
AnswerA

VPC Flow Logs capture IP traffic information for network interfaces, enabling analysis of traffic patterns and bottlenecks.

Why this answer

VPC Flow Logs capture IP traffic information for network interfaces, enabling analysis of traffic patterns and bottlenecks. AWS CloudTrail logs API calls, not network traffic. AWS Trusted Advisor provides best-practice checks but not detailed network analysis.

AWS X-Ray traces application requests, not network-level traffic.

333
Multi-Selecteasy

An SAP system on AWS is experiencing performance issues. The operations team wants to set up monitoring to identify bottlenecks. Which TWO AWS services should they use to collect and analyze SAP performance metrics? (Select TWO.)

Select 2 answers
A.AWS Config
B.AWS X-Ray
C.Amazon CloudWatch
D.AWS CloudTrail
E.AWS Trusted Advisor
AnswersC, D

CloudWatch can collect and store SAP performance metrics such as CPU, memory, and custom application metrics.

Why this answer

Options A and D are correct. Amazon CloudWatch can collect custom metrics from SAP and EC2. AWS CloudTrail logs API calls for auditing.

Option B (X-Ray) is for tracing microservices, not SAP. Option C (Config) is for resource compliance. Option E (Trusted Advisor) provides recommendations but not granular monitoring.

334
MCQmedium

An SAP administrator notices that the SAP HANA database on an r5.8xlarge instance is experiencing high swap usage. The instance has 256 GB of RAM. The SAP HANA memory usage is 200 GB. What is the most likely cause?

A.The instance memory is exhausted
B.HANA is using huge pages instead of swap
C.The swap space is too small for the HANA workload
D.Swap is disabled on the instance
AnswerC

HANA recommends swap equal to RAM; 256 GB swap is needed.

Why this answer

Option C is correct because SAP HANA requires a swap space equal to at least the amount of RAM for HANA to function correctly during memory overcommit scenarios. Option A is incorrect because 200 GB is within the 256 GB RAM limit, so memory is not exhausted. Option B is incorrect because swap is not disabled by default.

Option D is incorrect because HANA typically uses huge pages, not swap, for memory allocation.

335
MCQeasy

An SAP system on AWS is experiencing intermittent connectivity issues between the application server and the HANA database. The application team confirms the database is healthy. Which AWS service should be used to analyze network traffic between the two instances?

A.AWS Config
B.AWS CloudTrail
C.VPC Flow Logs
D.Amazon CloudWatch Logs
AnswerC

VPC Flow Logs capture network traffic metadata.

Why this answer

Option A is correct because VPC Flow Logs capture IP traffic information for network interfaces, helping to identify dropped packets or blocked traffic. Option B is incorrect because CloudTrail logs API calls, not network traffic. Option C is incorrect because Config records resource configurations.

Option D is incorrect because CloudWatch logs application and system logs, not network flows.

336
MCQmedium

An SAP system running on AWS is experiencing performance issues. The operations team suspects that the Amazon EBS volumes attached to the SAP application server are not providing sufficient IOPS. Which AWS service should be used to monitor the IOPS performance of the EBS volumes?

A.AWS Config
B.AWS CloudTrail
C.Amazon Inspector
D.Amazon CloudWatch
AnswerD

Amazon CloudWatch provides detailed metrics for EBS volumes, including IOPS.

Why this answer

Option D is correct because Amazon CloudWatch provides metrics for EBS volumes including IOPS. Option A is wrong because AWS CloudTrail logs API calls, not performance metrics. Option B is wrong because Amazon Inspector is for security assessment.

Option C is wrong because AWS Config tracks resource configuration changes.

337
MCQhard

An SAP administrator attaches this IAM policy to a user. Which action will the user be allowed to perform on an EC2 instance with the tag 'Environment: Production'?

A.Start the instance
B.Terminate the instance
C.Reboot the instance
D.Modify the instance type
AnswerC

Reboot is allowed under the Allow statement.

Why this answer

Option A is correct because the policy allows StartInstances, StopInstances, and RebootInstances on instances with the tag Environment=Production. TerminateInstances is denied. B and C are denied.

D is allowed but not listed in the options; however, only reboot is correct among the given.

338
MCQhard

A company runs a stateful web application on EC2 instances in an Auto Scaling group with a dynamic scaling policy based on CPU utilization. The application maintains session state in memory on each instance. Users report that they are frequently logged out and lose their session data during scaling events. What should the company do to resolve this issue?

A.Change the scaling policy to a simple scaling policy instead of dynamic scaling
B.Enable sticky sessions (session affinity) on the Application Load Balancer
C.Modify the application to store session state in an Amazon ElastiCache cluster
D.Increase the cooldown period for the Auto Scaling group
AnswerC

ElastiCache provides a centralized session store that persists across instance terminations, ensuring session continuity during scaling events.

Why this answer

Option C is correct because storing session state externally in ElastiCache decouples session data from individual EC2 instances. This ensures that when instances are terminated or added during scaling events, users retain their session state regardless of which instance serves their request. ElastiCache provides a low-latency, in-memory cache that is ideal for session persistence in stateful web applications.

Exam trap

The trap here is that candidates often confuse sticky sessions (session affinity) with true session persistence, not realizing that sticky sessions only route traffic to the same instance but do not protect against instance termination during scaling events.

How to eliminate wrong answers

Option A is wrong because changing to a simple scaling policy does not address the root cause of session loss; simple scaling still terminates instances and does not preserve in-memory session state. Option B is wrong because sticky sessions (session affinity) on the Application Load Balancer only route a user to the same instance, but if that instance is terminated during scale-in, the session is lost and the user cannot be reconnected to the same instance. Option D is wrong because increasing the cooldown period only delays the next scaling activity but does not prevent session loss when instances are eventually terminated.

339
Multi-Selecthard

Which TWO options are valid strategies for backing up an SAP HANA database running on Amazon EC2? (Choose two.)

Select 2 answers
A.Use Amazon RDS automated backups for SAP HANA.
B.Use SAP HANA Backint to back up to Amazon S3.
C.Use AWS Backup to create EBS snapshots of the HANA data volumes.
D.Use Amazon S3 Lifecycle policies to transition HANA backups to Glacier.
E.Use EC2 instance store to copy HANA data files.
AnswersB, C

Backint is the native SAP HANA backup integration.

Why this answer

Option A is correct: AWS Backup can back up EBS volumes, which can be used for HANA. Option C is correct: SAP HANA Backint integration with Amazon S3 is a supported backup method. Option B is wrong because RDS does not support SAP HANA.

Option D is wrong because S3 Lifecycle policies are for object management, not database backup. Option E is wrong because EC2 instance store is ephemeral and not for backup.

340
Multi-Selectmedium

An SAP system administrator is planning to migrate an on-premises SAP ERP system to AWS. The system uses Oracle Database. Which THREE AWS services can be used to migrate the Oracle database to Amazon RDS for Oracle with minimal downtime? (Choose 3)

Select 3 answers
A.Oracle Data Guard
B.AWS Snowball Edge
C.AWS Schema Conversion Tool (SCT)
D.AWS Database Migration Service (DMS)
E.AWS CloudEndure Migration
AnswersA, C, D

C is correct: Data Guard can replicate to RDS.

Why this answer

Options A, C, and D are correct. A: AWS DMS can perform live migration with minimal downtime. C: Oracle Data Guard can be used for cross-database replication.

D: AWS SCT helps convert schemas. B is incorrect because Snowball is for large data transfer, not minimal downtime live migration. E is incorrect because CloudEndure is for server migration, not database migration.

341
MCQmedium

A company is migrating its SAP system to AWS and needs to ensure high availability for the SAP Central Services (ASCS/ERS) instance. The solution must support automatic failover in case of an instance failure. Which AWS service should be used to manage the floating IP address required for the SAP high availability setup?

A.Amazon Route 53
B.Elastic IP address
C.Amazon CloudFront
D.AWS Global Accelerator
AnswerA

Route 53 with health checks and failover routing can manage floating IP via DNS.

Why this answer

Amazon Route 53 with health checks and failover routing can be used to manage a DNS-based floating IP. Option B is correct. Elastic IP addresses are static public IPs but do not automatically reassign on instance failure without custom scripting.

AWS Global Accelerator provides static IP addresses but is designed for traffic optimization, not SAP HA failover. Amazon CloudFront is a CDN service.

342
MCQmedium

An SAP system is running on EC2 and uses a Classic Load Balancer to distribute traffic to web dispatchers. The operations team notices that the load balancer is not distributing traffic evenly. What is the most likely cause?

A.Cross-zone load balancing is disabled.
B.Connection draining is not enabled.
C.The load balancer uses a flow hash algorithm that may not evenly distribute requests with many long-lived connections.
D.The health check interval is set too high.
AnswerC

Classic Load Balancer's flow hash can lead to uneven distribution for persistent connections.

Why this answer

Option D is correct because Classic Load Balancer uses a flow hash algorithm that may cause uneven distribution with long-lived connections. Option A is wrong because health checks don't affect distribution balance. Option B is wrong because cross-zone load balancing helps but does not guarantee even distribution.

Option C is wrong because connection draining does not affect distribution.

343
MCQhard

Refer to the exhibit. An SAP application load balancer (ALB) is configured with the CloudFormation snippet. The ALB is not distributing traffic to the EC2 instances. What is the most likely cause?

A.The security group does not allow inbound traffic
B.The target type is instance but the instances are not registered
C.The target group is not associated with the load balancer
D.The load balancer scheme is internet-facing but instances are in private subnets
AnswerC

A listener is needed to associate the target group; missing listener prevents traffic distribution.

Why this answer

The snippet does not include a listener for the ALB. Without a listener, the ALB cannot accept traffic. The target group is defined but not associated with the ALB via a listener rule.

The scheme is internet-facing, which is correct. The security group may allow traffic, but no listener exists.

344
MCQhard

An SAP system on AWS is experiencing slow performance for batch jobs. The jobs are I/O intensive and write large amounts of data to EBS volumes. CloudWatch metrics show that the EBS volumes are reaching their throughput limits. Which action will MOST effectively improve performance?

A.Add read replicas to offload read traffic.
B.Increase the size of the EBS volumes to improve baseline throughput.
C.Use Multi-AZ for the database.
D.Move the data to instance store volumes.
AnswerB

Larger gp2/gp3 volumes have higher throughput.

Why this answer

Option C is correct because increasing the volume size of gp2/gp3 increases baseline throughput. Option A is wrong because instance store is ephemeral and not suitable for persistent data. Option B is wrong because read replicas do not help with write throughput.

Option D is wrong because Multi-AZ does not increase throughput.

345
MCQmedium

An SAP system is deployed on AWS using an Auto Scaling group of EC2 instances for the SAP application server layer. The application servers are stateless. The company wants to ensure that when a new instance is launched, it automatically registers with the SAP Web Dispatcher. The Web Dispatcher is configured with an Application Load Balancer (ALB). What is the best way to achieve automatic registration?

A.Use Amazon CloudWatch Events to trigger an AWS Lambda function that registers the instance.
B.Use AWS Systems Manager State Manager to run a registration script on the instance.
C.Configure the EC2 instance's user data to run a script that registers with the Web Dispatcher.
D.Attach the Auto Scaling group to an ALB target group.
AnswerD

Auto Scaling automatically registers instances with the target group.

Why this answer

Option C is correct: The Auto Scaling group can be attached to the ALB target group, so instances are automatically registered. Option A is wrong because user data can configure the instance but not register with Web Dispatcher directly. Option B is wrong because CloudWatch Events can trigger a Lambda, but this is more complex.

Option D is wrong because Systems Manager State Manager can run scripts, but not as straightforward as attaching to ALB.

346
Multi-Selecthard

Which THREE considerations are important when designing an SAP HANA multi-node (scale-out) deployment on AWS? (Choose three.)

Select 3 answers
A.Use a cluster placement group for low-latency network.
B.Use EBS Multi-Attach to share volumes between nodes.
C.The number of nodes is limited by the instance type's network and EBS performance.
D.Use a single large EC2 instance with many vCPUs.
E.Each node should have its own EBS volume for data.
AnswersA, C, E

Placement groups ensure low latency between nodes.

Why this answer

Options A, C, and D are correct. SAP HANA multi-node requires low latency between nodes, so placement groups are recommended (A). Each node needs its own EBS volume for data and log (C).

The number of nodes is limited by the instance type's networking and EBS bandwidth (D). Option B is wrong because multi-node uses multiple instances, not a single large instance. Option E is wrong because EBS Multi-Attach is not supported for HANA; each node needs its own volume.

347
Multi-Selecthard

Which THREE services can be used together to implement a disaster recovery solution for SAP S/4HANA on AWS with a recovery time objective (RTO) of less than 1 hour and a recovery point objective (RPO) of less than 15 minutes?

Select 3 answers
A.SAP HANA System Replication across regions.
B.AWS CloudEndure Disaster Recovery.
C.AWS Database Migration Service (DMS) for ongoing replication.
D.Amazon S3 Glacier for long-term backups.
E.Amazon S3 for storing HANA log backups.
AnswersA, B, E

HSR provides low RPO.

Why this answer

Option A is correct: HANA System Replication provides low RPO. Option C is correct: S3 can store backups for log replay. Option D is correct: CloudEndure Disaster Recovery can replicate entire servers.

Option B is wrong because DMS doesn't support HANA. Option E is wrong because Glacier has retrieval times > 1 hour.

348
MCQeasy

An SAP administrator needs to monitor the memory usage of an SAP HANA database running on an EC2 instance. The administrator wants to receive alerts when memory usage exceeds 90% for more than 5 minutes. Which AWS service should be used to set up this monitoring and alerting?

A.AWS Trusted Advisor
B.Amazon CloudWatch with custom metrics
C.AWS Config
D.AWS CloudTrail
AnswerB

CloudWatch can monitor custom metrics and trigger alarms.

Why this answer

Option B is correct because CloudWatch can collect custom metrics from the HANA instance and trigger alarms. Option A is wrong because AWS Config is for configuration compliance, not monitoring. Option C is wrong because Trusted Advisor provides best practice checks, not custom monitoring.

Option D is wrong because CloudTrail is for API auditing.

349
MCQhard

Refer to the exhibit. A CloudFormation stack creation failed with the message 'WaitCondition received failed signal'. What is the most likely cause?

A.The security group rules are blocking the cfn-signal communication
B.The stack creation timed out after 1 hour
C.The script executed via cfn-signal failed to complete successfully
D.The EC2 instance type is not supported in the region
AnswerC

The WaitCondition expects a success signal; failure indicates script error.

Why this answer

Option A is correct because a WaitCondition fails when the expected signal from cfn-signal is not received, often due to a script error. Option B is incorrect because the signal failure is about the script, not instance size. Option C is incorrect because security groups would cause a different error.

Option D is incorrect because the error message explicitly mentions a signal failure, not a time limit.

350
Matchingmedium

Match the AWS service to its primary use in an SAP environment.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Shared file storage for SAP NetWeaver

High-performance NFS for SAP HANA

Centralized backup management for SAP workloads

DNS resolution for SAP systems

Why these pairings

These AWS services commonly support SAP infrastructure.

351
Multi-Selecthard

Which THREE factors should be considered when choosing an EC2 instance type for an SAP HANA production system? (Choose three.)

Select 3 answers
A.The instance type must be certified by SAP for HANA.
B.The instance type should include instance store volumes for data persistence.
C.The instance must include GPU acceleration for HANA operations.
D.The instance must have enough memory to accommodate the HANA database.
E.The instance should provide high network bandwidth for replication and client access.
AnswersA, D, E

Only certified instances are supported for production HANA.

Why this answer

Options A, C, and D are correct. SAP HANA requires certified instance types (A), sufficient memory (C), and high network bandwidth (D). Option B is wrong because HANA uses dedicated storage, not instance store.

Option E is wrong because GPU is not required for standard HANA.

352
MCQhard

An SAP HANA database is running on an EC2 instance with 16 EBS volumes in a striped RAID 0 configuration. The system administrator notices that one of the volumes is degraded in the RAID array. How can the administrator recover the array with minimal downtime?

A.Detach the degraded volume, create a new volume of the same size and type, attach it to the instance, and add it to the RAID array.
B.Detach the degraded volume and attach a new volume with the same device name.
C.Take a snapshot of the degraded volume and restore it to a new volume.
D.Run a filesystem repair on the degraded volume while it is still attached.
AnswerA

C is correct: this is the standard procedure for replacing a failed disk in a RAID array.

Why this answer

Option C is correct: Detach the degraded volume, replace it with a new volume, and re-add it to the RAID array. Option A is incorrect because you cannot repair a physical volume. Option B is incorrect because you cannot replace an attached volume.

Option D is incorrect because snapshots are not needed for a degraded volume.

353
MCQmedium

Refer to the exhibit. An SAP administrator checks the configuration of an EBS volume. The volume is attached to an SAP HANA instance. What is the potential performance bottleneck?

A.The IOPS and throughput are too low for SAP HANA
B.The volume is attached to an instance in a different Availability Zone
C.The DeleteOnTermination flag is set to false
D.The volume is not encrypted
AnswerA

SAP HANA typically requires higher IOPS and throughput than gp3 baseline.

Why this answer

The volume type is gp3 with 3000 IOPS and 125 MB/s throughput. SAP HANA requires high IOPS and throughput. With only 3000 IOPS and 125 MB/s, this volume may be a bottleneck for production HANA workloads.

The DeleteOnTermination setting is not a performance issue. The size and snapshot are not immediate concerns.

354
MCQmedium

A company is deploying SAP S/4HANA on AWS and needs to ensure that the system can be recovered within 4 hours in case of a disaster in the primary region. The secondary region is in a different AWS region. Which approach should be used to meet the recovery time objective (RTO)?

A.Configure SAP HANA system replication to a secondary region with a pre-provisioned standby instance
B.Use cross-region EBS snapshots and restore them in the secondary region
C.Back up SAP HANA to Amazon S3 and restore in the secondary region
D.Set up a pilot light environment using application-level replication
AnswerA

HANA system replication with pre-provisioned standby allows fast failover, potentially within minutes, meeting the RTO.

Why this answer

Replicating SAP HANA to a standby instance in another region using HANA system replication with pre-provisioned infrastructure allows fast failover. Cross-region EBS snapshots take time to restore. Backup and restore from S3 may be slower.

Pilot light with application-level replication is not sufficient for HANA.

355
Multi-Selecteasy

Which TWO AWS services can be used to automate the backup of SAP HANA databases? (Choose two.)

Select 2 answers
A.AWS Lambda
B.AWS Storage Gateway
C.Amazon EBS Snapshots
D.Amazon S3
E.AWS Backup
AnswersC, E

EBS Snapshots can be automated using lifecycle policies.

Why this answer

Options B and D are correct. AWS Backup can automate backup of EBS volumes, and Amazon EBS Snapshots can be automated via scripts. Option A is wrong because AWS Lambda can run scripts but is not a backup service.

Option C is wrong because Amazon S3 is storage, not a backup automation service. Option E is wrong because AWS Storage Gateway is for hybrid storage.

356
MCQmedium

Refer to the exhibit. An SAP administrator is reviewing the EBS volume configuration for a SAP HANA /hana/data volume. The volume is 500 GB gp2 with DeleteOnTermination set to false. The instance is in us-east-1a. Which action should the administrator take to improve performance for SAP HANA?

A.Take a snapshot and create a new volume in us-east-1b.
B.Enable encryption on the volume.
C.Modify the volume to gp3 and provision 5000 IOPS.
D.Set DeleteOnTermination to true.
AnswerC

gp3 allows provisioning higher IOPS independently of size.

Why this answer

SAP HANA requires a minimum of 5000 IOPS for /hana/data. The gp2 volume provides 1500 IOPS (3 IOPS per GB). The administrator should either increase the volume size to at least 1667 GB to get 5000 IOPS, or change to gp3 with provisioned IOPS of 5000 or more.

The best practice for SAP HANA is to use multiple volumes in RAID 0, but the question asks about improving performance for this volume. Changing to gp3 with higher IOPS is a direct improvement.

357
Multi-Selecthard

Which TWO AWS services can be used to monitor SAP system availability and send notifications when a system goes down? (Choose two.)

Select 2 answers
A.AWS Trusted Advisor
B.Amazon CloudWatch Events
C.Amazon S3 event notifications
D.Amazon CloudWatch Alarms
E.AWS Config
AnswersB, D

Can trigger notifications based on events.

Why this answer

Options B and D are correct. Option B: CloudWatch alarms can monitor health checks and metrics. Option D: CloudWatch Events can trigger notifications on state changes.

Option A is wrong because Config tracks configuration, not availability. Option C is wrong because Trusted Advisor provides best practices, not monitoring. Option E is wrong because S3 is storage, not monitoring.

358
MCQhard

An SAP customer is using AWS Direct Connect to connect their on-premises network to AWS. They have multiple SAP systems in different VPCs. The network team wants to centralize connectivity and simplify routing. Which AWS service should they use to connect all VPCs to the on-premises network?

A.Use a VPN connection from each VPC to the on-premises network
B.Use VPC Peering between each VPC and the Direct Connect VIF
C.Use AWS Transit Gateway to connect all VPCs and the Direct Connect gateway
D.Use AWS PrivateLink to connect services across VPCs
AnswerC

Transit Gateway provides a hub for multiple VPCs and Direct Connect.

Why this answer

Option B is correct because AWS Transit Gateway simplifies connectivity between multiple VPCs and on-premises networks via Direct Connect. Option A is incorrect because VPC Peering does not support transitive routing. Option C is incorrect because VPN is not centralized.

Option D is incorrect because PrivateLink is for service access, not routing.

359
Multi-Selecteasy

A company is migrating an SAP ERP system to AWS. The migration must be completed within a limited time window. Which THREE services can be used to accelerate the migration? (Choose three.)

Select 3 answers
A.AWS CloudEndure Migration
B.AWS Database Migration Service (DMS)
C.AWS Server Migration Service (SMS)
D.AWS Trusted Advisor
E.AWS CloudFormation
AnswersA, B, C

CloudEndure provides continuous replication for servers.

Why this answer

Options A, B, and C are correct: AWS SMS (now MGN) can automate server replication, AWS DMS can migrate databases, and AWS CloudEndure (now part of MGN) can replicate servers. Option D is incorrect because Trusted Advisor is for optimization, not migration. Option E is incorrect because CloudFormation is for infrastructure provisioning, not data migration.

360
Multi-Selecteasy

Which TWO of the following are valid methods for monitoring SAP system performance on AWS? (Choose two.)

Select 2 answers
A.Enable AWS CloudTrail to capture system performance logs.
B.Configure SAP Solution Manager to send monitoring data to Amazon CloudWatch via the SAP Cloud Platform.
C.Use AWS Trusted Advisor to monitor real-time CPU utilization.
D.Use Amazon CloudWatch custom metrics to monitor SAP application metrics.
E.Use VPC Flow Logs to monitor database query performance.
AnswersB, D

Solution Manager integration provides comprehensive monitoring.

Why this answer

Options B and D are correct. B: CloudWatch can publish custom metrics. D: SAP Solution Manager integrates with AWS.

A: CloudTrail is for API auditing, not performance. C: Trusted Advisor is for best-practice checks, not real-time performance.

361
Multi-Selecthard

A company runs SAP S/4HANA on AWS using a multi-ABAP application server setup with a central services instance (ASCS) and enqueue replication. After a recent OS patching, the secondary application server fails to start, with errors indicating it cannot connect to the enqueue replication server (ERS). The ERS process is running on the ASCS instance. The network team confirms that security groups and NACLs are properly configured. Which THREE steps should be taken to resolve this issue? (Choose three.)

Select 3 answers
A.Change the secondary application server instance type to a larger size.
B.Check the SAP instance profile for the enqueue replication parameters (e.g., rdisp/enq_repl_server).
C.Confirm that the ERS process (enre) is running on the ASCS instance and is listening on the correct port.
D.Verify that the DNS or /etc/hosts file on the secondary application server resolves the ERS hostname correctly.
E.Update the SAP kernel on the secondary application server to the latest version.
AnswersB, C, D

Profile parameters define ERS connection details.

Why this answer

Option A is correct because the hostname resolution for the ERS instance may have changed after patching. Option C is correct because the SAP profile must contain the correct enqueue replication parameters. Option E is correct because the ERS service must be running and reachable.

Option B is wrong because kernel compatibility is not typically affected by OS patching. Option D is wrong because changing the instance type is not a troubleshooting step for connectivity.

362
MCQhard

An SAP HANA database is running on an EC2 instance with a gp3 EBS volume. The database workload requires high IOPS and throughput. The current configuration shows 16,000 IOPS and 1,000 MB/s throughput. Which change could improve performance?

A.Increase the EC2 instance size.
B.Increase the volume size to 1,000 GB.
C.Change the volume type to gp2.
D.Increase the volume's IOPS to 20,000.
AnswerD

Higher IOPS improves database performance.

Why this answer

Option C is correct because gp3 volumes allow independent scaling of IOPS and throughput. For SAP HANA, higher IOPS can improve performance. The current 16,000 IOPS may be insufficient for peak loads.

Option A is wrong because gp3 is already provisioned SSD; gp2 is older and may not provide consistent performance. Option B is wrong because instance type may not be the bottleneck. Option D is wrong because increasing volume size does not directly increase IOPS for gp3 beyond baseline.

363
Multi-Selecthard

A company is migrating a large on-premises NoSQL database to Amazon DynamoDB. The database has tables with uneven access patterns, and some items are accessed infrequently but must be retained for compliance. The company wants to optimize costs without sacrificing performance. Which THREE strategies should the solutions architect recommend? (Choose THREE.)

Select 3 answers
A.Use DynamoDB Standard-Infrequent Access (Standard-IA) table class for tables with infrequently accessed data.
B.Use DynamoDB Time to Live (TTL) to automatically delete expired compliance data.
C.Use DynamoDB Accelerator (DAX) to cache frequently accessed items.
D.Disable auto scaling and set a fixed provisioned capacity to avoid cost spikes.
E.Increase the write capacity units to handle peak loads and reduce latency.
AnswersA, B, C

Standard-IA offers lower storage costs for infrequent access.

Why this answer

DynamoDB Standard-IA table class is designed for tables where data is accessed less than once a month, offering lower storage costs than the Standard table class while maintaining the same single-digit millisecond latency. For the described scenario, where some items are accessed infrequently but must be retained for compliance, Standard-IA reduces storage costs without impacting performance for the infrequent access patterns.

Exam trap

The trap here is that candidates often confuse DynamoDB TTL with a mechanism for cost optimization on compliance data, but TTL is for deletion, not retention; the question requires retaining data for compliance, so TTL would be used only if the compliance period has expired, making it a valid strategy for deleting data that is no longer needed.

364
MCQmedium

An SAP administrator is troubleshooting a performance issue on an SAP HANA database running on an r5.8xlarge EC2 instance. The application team reports that queries are slow during peak hours. CloudWatch metrics show high CPU utilization and high memory usage. Which instance type should the administrator choose to improve performance?

A.m5.24xlarge
B.t3.2xlarge
C.r5.24xlarge
D.r5b.8xlarge
AnswerC

r5.24xlarge provides more vCPUs and memory, addressing both CPU and memory constraints.

Why this answer

Option C is correct because the r5.24xlarge provides more CPU and memory than r5.8xlarge. Option A is wrong because t3 instances are burstable and not suitable for production HANA. Option B is wrong because m5 instances are general purpose and may not have enough memory.

Option D is wrong because r5b instances are similar but not necessarily higher performance.

365
MCQeasy

A company is planning to run SAP Business Suite on AWS. They need to ensure that the SAP systems are backed up according to best practices. Which backup strategy is recommended for SAP HANA databases on AWS?

A.Use AWS Backup to automatically back up the HANA database
B.Schedule HANA backups to Amazon S3 using the HANA backup tool
C.Perform daily full EBS snapshots and store them in Glacier
D.Use only EBS snapshots for all SAP HANA volumes
AnswerB

SAP HANA backups to S3 are recommended for durability and cost-effectiveness, using Backint or similar tools.

Why this answer

SAP HANA backups should be stored on Amazon S3 for durability and cost-effectiveness. EBS snapshots are not sufficient for HANA because they are crash-consistent but not application-consistent for HANA. Combining EBS snapshots with HANA backups ensures both crash consistency and recoverability.

Daily full backups are not required; incremental/differential backups are more efficient.

366
Multi-Selecteasy

Which TWO of the following are benefits of using SAP HANA System Replication (HSR) on AWS? (Choose 2.)

Select 2 answers
A.Supports replication across AWS Regions for disaster recovery
B.Provides near real-time data replication for high availability
C.Improves query performance by distributing workloads
D.Automatically scales storage based on database growth
E.Automatically load balances read queries between primary and secondary
AnswersA, B

HSR can be configured across regions.

Why this answer

Option A and B are correct. HSR provides high availability and can be used for disaster recovery with replication to another Region. Option C is incorrect because HSR does not provide load balancing; it is for failover.

Option D is incorrect because HSR does not automatically scale storage. Option E is incorrect because HSR does not improve query performance.

367
Multi-Selecthard

Which THREE of the following are requirements for running SAP HANA in an AWS multi-zone HA cluster? (Choose three.)

Select 3 answers
A.At least two EC2 instances in different Availability Zones per node type.
B.Separate EBS volumes for /hana/data and /hana/log directories.
C.Use of an Elastic Load Balancer to distribute traffic to the HANA nodes.
D.All nodes must use instance store volumes for the HANA data.
E.The cluster nodes must be within the same AWS region.
AnswersA, B, E

Multi-AZ provides high availability.

Why this answer

Options A, B and D are correct. A: Same region is required for low latency. B: At least two nodes per AZ.

D: EBS volumes for /hana/data and /hana/log. C: Not required, but can be used. E: Not required; you can use EBS or instance store.

368
MCQmedium

A company runs a critical SAP HANA database on an m5.24xlarge EC2 instance. The database has high transaction volume and requires low latency storage. The current setup uses EBS gp2 volumes with 10,000 IOPS. During peak hours, the database performance degrades due to IOPS burst balance depletion. Which storage solution should the company use to maintain consistent performance?

A.Migrate to EBS gp3 volumes with provisioned IOPS of 10,000.
B.Use EC2 Instance Store (NVMe SSD) for the database data and logs.
C.Provision EBS io2 Block Express volumes with 10,000 provisioned IOPS.
D.Move the database to Amazon EFS with provisioned throughput.
AnswerC

io2 Block Express provides consistent IOPS and is designed for high-performance workloads.

Why this answer

Option C is correct because EBS io2 Block Express volumes provide consistent IOPS performance without bursting and support higher IOPS than gp2. Option A is wrong because gp3 provides baseline 3000 IOPS and burst, but may not guarantee the required 10,000 IOPS. Option B is wrong because Instance Store provides ephemeral storage, which is not persistent and may cause data loss on instance stop.

Option D is wrong because EFS is a file system, not suitable for high-performance database block storage.

369
Multi-Selectmedium

An SAP administrator is configuring high availability for SAP HANA on AWS. Which TWO components are essential for a Pacemaker-based cluster?

Select 2 answers
A.A quorum device (e.g., STONITH)
B.An Application Load Balancer
C.Amazon Route 53 health checks
D.A virtual IP address
E.Amazon CloudWatch alarms
AnswersA, D

STONITH ensures node fencing to prevent split-brain.

Why this answer

A and B are correct. A quorum device (like STONITH) is required to avoid split-brain, and a virtual IP (VIP) is needed for client failover. C and D are not required for Pacemaker.

E (CloudWatch) is optional for monitoring.

370
Multi-Selectmedium

A company is deploying SAP NetWeaver on AWS and needs to set up high availability for the SAP Central Services (ASCS) and Enqueue Replication Server (ERS). The company uses a shared file system for the transport directory. Which components are essential for the HA setup? (Choose TWO.)

Select 2 answers
A.Amazon S3 as the transport directory.
B.An internal Application Load Balancer (ALB) to distribute traffic to the ASCS instance.
C.Both ASCS and ERS instances must run on the same EC2 instance.
D.Amazon RDS Multi-AZ for the SAP database.
E.The ASCS and ERS instances must be located in different Availability Zones.
AnswersB, E

ALB provides a virtual IP for ASCS.

Why this answer

Options A and D are correct. A: A load balancer is needed for virtual IP. D: AS CS and ERS must be in different AZs for HA.

Option B is wrong because ASCS and ERS should be on separate instances. Option C is wrong because Multi-AZ is for RDS, not for ASCS/ERS. Option E is wrong because S3 is not used for transport in this scenario.

371
MCQmedium

A company is migrating its SAP ERP system from on-premises to AWS. The migration involves a heterogeneous database migration from Oracle to SAP HANA. Which AWS service should be used to perform the database migration with minimal downtime?

A.AWS Schema Conversion Tool (AWS SCT)
B.AWS Server Migration Service (SMS)
C.AWS Database Migration Service (AWS DMS) with a heterogeneous migration using the SAP HANA target endpoint
D.AWS Database Migration Service (AWS DMS) with a homogeneous migration
AnswerC

DMS supports heterogeneous migrations using the SAP HANA endpoint, allowing schema and data conversion with minimal downtime.

Why this answer

Option D is correct because AWS DMS supports heterogeneous migrations from Oracle to SAP HANA using the SAP HANA target endpoint. Option A (SCT) is used for schema conversion, not data migration. Option B (Server Migration Service) is for server migrations, not databases.

Option C (Database Migration Service) is the correct service but Option D specifies it correctly.

372
Multi-Selectmedium

An SAP customer is planning to use AWS for their SAP HANA environment. They need to ensure that the chosen EC2 instance types are certified by SAP for HANA. Which THREE sources can they use to verify SAP HANA certification for AWS instance types? (Select THREE.)

Select 3 answers
A.AWS documentation on SAP HANA certified instances
B.SAP Cloud Appliance Library (CAL)
C.AWS Support Center
D.AWS Pricing Calculator
E.SAP HANA Hardware Directory (SAP website)
AnswersA, B, E

AWS publishes a list of SAP HANA certified instance types.

Why this answer

Options A, B, and D are correct. The SAP HANA Hardware Directory lists certified instances. The SAP Cloud Appliance Library provides pre-configured HANA images.

AWS documentation also lists certified instances. Option C (AWS Pricing Calculator) does not provide certification info. Option E (AWS Support) can assist but is not a direct source for certification lists.

373
MCQmedium

An SAP system uses AWS Direct Connect to connect to on-premises systems. The SAP application servers are in a private subnet, and the HANA database is in a separate private subnet. Both subnets are in the same VPC. The application servers can connect to the HANA database, but the application servers cannot connect to an on-premises file server via the Direct Connect. The on-premises network team confirms that the file server is reachable from other on-premises resources. The VPC route tables have a route for the on-premises CIDR pointing to the Direct Connect virtual gateway. The security groups allow all outbound traffic. What is the MOST likely cause of the issue?

A.The network ACL for the application subnet is blocking outbound traffic to the on-premises CIDR.
B.The on-premises file server is not reachable because it requires VPN instead of Direct Connect.
C.The Direct Connect virtual interface is in a 'down' state.
D.The route table associated with the application subnet does not have a route to the on-premises CIDR via the virtual gateway.
AnswerD

Missing route prevents traffic from reaching Direct Connect.

Why this answer

Option B is correct because the route table for the application subnet must have a route to the on-premises CIDR via the virtual gateway. Option A (NACL) is unlikely if outbound is allowed. Option C (Direct Connect status) is not indicated.

Option D (VPN) is not used.

374
MCQhard

A company is running SAP ERP on AWS with an Oracle database. The database is hosted on an EC2 instance with multiple EBS volumes. The company wants to encrypt the database at rest using AWS KMS. What is the correct procedure to enable encryption for the existing Oracle database without downtime?

A.Enable EBS encryption on the existing volumes by modifying the volume attribute
B.Migrate the database to Amazon RDS Custom for Oracle with encryption enabled
C.Use Oracle Transparent Data Encryption (TDE) with AWS KMS as the key store
D.Use AWS KMS to encrypt the EBS volumes by creating a new encrypted volume and attaching it
AnswerC

Oracle TDE can be enabled online with minimal downtime and can use AWS CloudHSM or KMS as the key store.

Why this answer

Enabling EBS encryption on a running instance requires creating an encrypted snapshot, restoring a new encrypted volume, and attaching it; this involves downtime. Oracle TDE can be enabled online with minimal impact. AWS KMS does not provide database-level encryption natively; it is used for EBS encryption.

Changing to RDS Custom requires migration.

375
MCQmedium

A company is deploying a new SAP S/4HANA system on AWS and needs to ensure that the application servers can communicate with the database servers securely and with low latency. The application servers and database servers are in different VPCs. Which AWS service should be used to connect these VPCs?

A.AWS VPN
B.Amazon API Gateway
C.VPC Peering
D.AWS Direct Connect
AnswerC

VPC Peering provides direct, low-latency connectivity between VPCs.

Why this answer

Option D is correct because VPC Peering allows direct network connectivity between VPCs with low latency. Option A is wrong because AWS Direct Connect is for on-premises to AWS. Option B is wrong because AWS VPN is for encrypted tunnels over the internet.

Option C is wrong because Amazon API Gateway is for APIs.

← PreviousPage 5 of 6 · 412 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Sap Technology questions.