CCNA Sap Workload Design Questions

75 of 462 questions · Page 1/7 · Sap Workload Design topic · Answers revealed

1
MCQeasy

A company wants to automate the installation of SAP software on AWS using AWS CloudFormation. Which service is most appropriate to execute the SAP installation scripts?

A.AWS CodeDeploy.
B.AWS Lambda functions triggered by CloudFormation.
C.AWS Systems Manager Run Command.
D.AWS OpsWorks for Chef Automate.
AnswerC

Run Command can execute scripts on instances with SSM Agent.

Why this answer

AWS Systems Manager Run Command is the most appropriate service because it can execute scripts (including SAP installation scripts) on EC2 instances without requiring SSH or RDP access, and it integrates with CloudFormation via custom resources or the AWS::SSM::Document resource. This allows you to run complex, long-running installation commands that are typical for SAP software, which Lambda functions cannot handle due to time limits.

Exam trap

The trap here is that candidates often choose AWS Lambda because it is a common 'automation' service, but they overlook Lambda's 15-minute execution timeout and its inability to handle long-running, stateful installations like SAP software.

How to eliminate wrong answers

Option A is wrong because AWS CodeDeploy is designed for deploying application code and managing rolling updates, not for executing standalone installation scripts like SAP installers. Option B is wrong because AWS Lambda functions have a maximum execution timeout of 15 minutes, which is insufficient for SAP installations that often take hours, and Lambda is not designed for interactive or long-running script execution. Option D is wrong because AWS OpsWorks for Chef Automate is a configuration management service that uses Chef cookbooks, which is overkill and not the simplest or most direct way to run a one-time SAP installation script; it adds unnecessary complexity and is not the recommended approach for this task.

2
MCQeasy

An SAP HANA database administrator needs to restore a database from a backup stored in Amazon S3. The backup was taken using SAP HANA Backint. Which AWS service should be used to retrieve the backup files from S3?

A.SAP HANA Backint agent
B.Amazon S3 console
C.AWS CLI
D.AWS Backup
AnswerA

Backint handles restore directly.

Why this answer

SAP HANA Backint is the native SAP interface for integrating with third-party backup tools. When a backup is taken using Backint, the backup files are stored in Amazon S3 via the Backint agent for SAP HANA on AWS. To restore from these backups, the same Backint agent must be used because it understands the proprietary metadata and file format that Backint writes to S3, and it handles the direct S3 API calls required to retrieve the files.

Other methods like the S3 console or AWS CLI cannot interpret Backint-specific metadata or restore the database correctly.

Exam trap

The trap here is that candidates assume any AWS tool that can access S3 (like the console, CLI, or AWS Backup) can be used to restore the database, but they overlook that SAP HANA Backint requires its own agent to interpret the proprietary backup metadata and communicate with the HANA database engine.

How to eliminate wrong answers

Option B is wrong because the Amazon S3 console is a web-based interface for browsing and downloading objects, but it cannot interpret SAP HANA Backint metadata or perform a database restore; it would only provide raw files without the necessary database context. Option C is wrong because the AWS CLI can download objects from S3, but it lacks the Backint-specific logic to parse backup metadata and restore the SAP HANA database; it would require manual scripting and knowledge of the backup format. Option D is wrong because AWS Backup is a centralized backup service that supports various AWS resources, but it does not natively integrate with SAP HANA Backint backups stored in S3; it cannot restore a database from Backint-specific backup files.

3
Multi-Selecteasy

Which TWO AWS services can be used to monitor the performance of SAP NetWeaver application servers? (Choose two.)

Select 2 answers
A.AWS CloudTrail
B.AWS Trusted Advisor
C.AWS Systems Manager
D.AWS X-Ray
E.Amazon CloudWatch
AnswersC, E

Systems Manager can collect OS-level metrics and run commands.

Why this answer

AWS Systems Manager is correct because it provides the Agent-based infrastructure management capabilities needed to monitor SAP NetWeaver application servers. Specifically, Systems Manager Inventory can collect OS-level metrics like CPU, memory, and disk usage from EC2 instances running SAP, and its Run Command or State Manager can execute custom scripts to gather SAP-specific performance data (e.g., from ST03 or ST06 transactions) without requiring direct SSH access.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (audit logging) with performance monitoring, or assume X-Ray can monitor any application, when in fact SAP NetWeaver requires OS-level and SAP-specific metrics that only Systems Manager and CloudWatch (via custom metrics or SAP Agent) can provide.

4
MCQeasy

A company is migrating its SAP HANA database to AWS. Which instance type is specifically designed for SAP HANA and certified for production workloads?

A.c5.xlarge
B.r5.xlarge
C.x1e.xlarge
D.t3.xlarge
AnswerC

x1e instances are SAP HANA certified for production.

Why this answer

The x1e.xlarge instance is part of the AWS X1e family, which is specifically designed for memory-intensive workloads like SAP HANA and is certified by SAP for production deployments. SAP HANA requires large memory footprints and high memory-to-vCPU ratios, which the X1e instances provide with up to 3,904 GiB of memory and 128 vCPUs, meeting SAP's certification requirements.

Exam trap

The trap here is that candidates often assume any memory-optimized instance (like R5) is suitable for SAP HANA, but AWS requires specific instance families (X1, X1e, high-memory) that are officially SAP-certified for production workloads.

How to eliminate wrong answers

Option A (c5.xlarge) is wrong because it belongs to the compute-optimized C5 family, which lacks the high memory capacity and SAP HANA certification required for production workloads. Option B (r5.xlarge) is wrong because while R5 instances are memory-optimized, they are not specifically certified for SAP HANA production workloads; SAP HANA certification requires instances from the X1, X1e, or high-memory families. Option D (t3.xlarge) is wrong because T3 instances are burstable general-purpose instances with limited sustained performance and no SAP HANA certification, making them unsuitable for production database workloads.

5
MCQmedium

An SAP HANA database on AWS is using EBS io2 volumes. The company wants to monitor the read and write latency of the database volumes. Which CloudWatch metrics should be used?

A.VolumeIdleTime and VolumeTotalReadTime.
B.VolumeReadLatency and VolumeWriteLatency.
C.VolumeThroughputPercentage and VolumeConsumedReadWriteOps.
D.VolumeQueueLength and VolumeThroughput.
AnswerB

These metrics directly measure latency per operation.

Why this answer

Option B is correct because CloudWatch provides the `VolumeReadLatency` and `VolumeWriteLatency` metrics specifically to monitor the average time (in seconds) for read and write I/O operations on EBS volumes. For SAP HANA on io2 volumes, these metrics directly reflect storage performance and are critical for detecting latency issues that could impact database throughput and transaction response times.

Exam trap

The trap here is that candidates confuse throughput or queue-length metrics (like `VolumeQueueLength` or `VolumeThroughput`) with latency metrics, assuming high queue length directly equals high latency, but CloudWatch provides dedicated latency metrics that are the correct and direct measure for this monitoring requirement.

How to eliminate wrong answers

Option A is wrong because `VolumeIdleTime` measures the total number of seconds the volume is idle (no I/O), and `VolumeTotalReadTime` is the total time spent on read operations, but neither directly provides per-operation latency; they are used for calculating average latency indirectly, not as direct latency metrics. Option C is wrong because `VolumeThroughputPercentage` is not a standard CloudWatch metric (the correct metric is `VolumeThroughput`), and `VolumeConsumedReadWriteOps` tracks the number of I/O operations consumed against the provisioned IOPS, not latency. Option D is wrong because `VolumeQueueLength` measures the number of pending I/O requests (indicating backpressure), and `VolumeThroughput` measures data transfer rate (MB/s), neither of which directly measure read or write latency.

6
MCQeasy

A company is designing a disaster recovery (DR) strategy for its SAP environment on AWS. The primary site is in us-east-1 and the DR site in us-west-2. The SAP HANA database is 3 TB and uses HANA System Replication (HSR) in async mode. The RPO requirement is 15 minutes. What is the most cost-effective way to meet the RPO?

A.Take full database backups to Amazon S3 every 15 minutes.
B.Use EBS snapshots every 5 minutes to replicate data to DR region.
C.Use HANA System Replication in synchronous mode to ensure zero data loss.
D.Configure HANA System Replication in asynchronous mode over AWS Direct Connect.
AnswerD

Async HSR over Direct Connect provides low latency replication meeting the RPO.

Why this answer

HSR in async mode over AWS Direct Connect provides low latency and meets the RPO of 15 minutes. Option A (sync mode) would be costly and may have performance impact. Option B (S3 backup) has longer RPO.

Option C (EBS snapshots) also has longer RPO. Option D is correct.

7
MCQhard

An SAP Basis administrator is configuring a high availability setup for SAP HANA on AWS using HANA System Replication (HSR) with automatic failover. The architecture includes a primary HANA node in us-east-1a and a secondary in us-east-1b. The administrator uses a Network Load Balancer (NLB) with a floating IP for the HANA virtual IP address. After a failover test, the secondary node becomes primary, but client applications cannot connect to the database. What is the most likely cause?

A.The security group for the NLB does not allow inbound traffic on port 3<0xEB><0x9C><0x9D><0xEB><0x9E><0x80>13.
B.The SAP HANA client is using a DNS name that does not resolve to the NLB endpoint.
C.The NLB target group is not configured to include the secondary node's IP address.
D.The secondary HANA node is in a different subnet and not routable from the NLB.
AnswerC

Without the secondary as a target, NLB cannot route to it after failover.

Why this answer

With NLB and floating IP, the target group must be configured with the secondary's IP address as a target. If the target group only contains the primary's IP, failover breaks. Option A (security group) would affect all connections, not just after failover.

Option B (subnet) is possible but NLB can target cross-subnet. Option D (DNS) is not used because the virtual IP is handled by NLB. Option C is the most specific and common misconfiguration.

8
MCQmedium

An SAP system on AWS uses a shared file system for /sapmnt and /usr/sap/trans mounted from an EC2 instance running NFS. The NFS server experiences a failure causing downtime for all SAP application servers. The company wants a highly available shared file system with automatic failover. The budget is limited, and the company prefers a fully managed solution. Which AWS service should the company use?

A.Amazon FSx for Windows File Server
B.Amazon EFS
C.Amazon EBS with a cluster file system
D.Amazon S3 with s3fs-fuse
AnswerB

EFS is a managed NFS file system that provides high availability across AZs.

Why this answer

Option A is correct because Amazon EFS is a fully managed NFS file system that is highly available across multiple Availability Zones. Option B is wrong because FSx for Windows File Server is not POSIX-compliant for SAP. Option C is wrong because EBS is not shared.

Option D is wrong because S3 is not a POSIX file system.

9
MCQmedium

A company is migrating an SAP HANA database to AWS. The system requires a high-performance storage solution with low latency for database files, and the storage must be scalable without downtime. Which AWS storage solution should the company use for the SAP HANA data volume?

A.Amazon S3
B.Amazon EBS st1
C.Amazon EBS io2 Block Express
D.Amazon EBS gp3
AnswerC

io2 Block Express provides up to 256000 IOPS and can be modified without downtime.

Why this answer

Option B is correct because Amazon EBS io2 Block Express volumes provide high IOPS, low latency, and can be scaled dynamically without downtime. Option A is wrong because S3 is object storage with higher latency. Option C is wrong because EBS gp3 offers lower maximum IOPS.

Option D is wrong because EBS st1 is throughput-optimized and not suitable for database workloads.

10
MCQhard

An SAP NetWeaver system on AWS is configured with a shared file system between the application servers. Which AWS storage service should be used for this shared file system?

A.AWS Storage Gateway File Gateway
B.Amazon S3
C.Amazon EFS
D.Amazon EBS with multi-attach
AnswerC

EFS provides a fully managed NFS file system that can be shared across multiple EC2 instances.

Why this answer

Amazon EFS is the correct choice because it provides a fully managed, NFS-based shared file system that can be mounted concurrently by multiple EC2 instances, making it ideal for SAP NetWeaver application servers that require a common file system for shared data such as transport directories, logs, and profile files. EFS supports the NFSv4.1 and NFSv4.0 protocols, ensuring POSIX-compliant file locking and consistency across the cluster.

Exam trap

The trap here is that candidates often confuse Amazon EBS with multi-attach as a viable shared file system for SAP, but they overlook that EBS multi-attach requires a cluster-aware file system and is limited to a small number of instances, making it unsuitable for the multi-instance, high-availability requirements of SAP NetWeaver.

How to eliminate wrong answers

Option A is wrong because AWS Storage Gateway File Gateway provides on-premises access to S3 via NFS or SMB, but it is not designed for low-latency, high-throughput shared file systems between EC2 instances in the same AWS region; it introduces unnecessary latency and complexity for SAP workloads. Option B is wrong because Amazon S3 is an object storage service with eventual consistency for overwrite PUTS and lacks native file locking, POSIX permissions, and the ability to serve as a shared file system mountable by multiple EC2 instances simultaneously. Option D is wrong because Amazon EBS with multi-attach supports only a limited number of instances (up to 16) and requires a cluster-aware file system like XFS or GFS2, but it is not recommended for SAP NetWeaver due to scalability limitations and the lack of native NFS support.

11
MCQeasy

A company is planning to migrate their SAP system to AWS. They need to ensure that the SAP application servers and database servers are in the same AWS Region but in different Availability Zones for high availability. The network latency between Availability Zones must be minimal. Which AWS service should be used to connect the instances?

A.Set up VPC Peering between the Availability Zones
B.Establish an AWS Direct Connect connection
C.Use the default VPC network within the same VPC spanning multiple Availability Zones
D.Use AWS Transit Gateway to connect the subnets
AnswerC

Instances in the same VPC across AZs communicate over AWS's low-latency network.

Why this answer

Option A is correct because AWS uses a redundant, high-bandwidth, low-latency network between Availability Zones. Option B is wrong because VPC Peering is used for connecting different VPCs. Option C is wrong because Direct Connect is for on-premises connections.

Option D is wrong because Transit Gateway is for hub-and-spoke connectivity, not needed for within a VPC.

12
Multi-Selecthard

Which THREE of the following are valid considerations for designing SAP workloads on AWS to achieve high availability within a single AWS Region? (Choose three.)

Select 3 answers
A.Use AWS Network Load Balancer (NLB) for SAP Enqueue Replication 2 (ENSA2)
B.Use HANA scale-out with HSR across two nodes for high availability
C.Use a cluster with a shared file system (e.g., Amazon EFS or FSx) for SAP ASCS
D.Use Elastic Network Interface (ENI) failover for the SAP application server floating IP
E.Implement HANA System Replication (HSR) with automatic failover using a third instance as a quorum
AnswersC, D, E

ASCS can be made highly available with a clustered file system.

Why this answer

Option C is correct because SAP ASCS (ABAP Central Services) requires a shared file system for the global transport directory and instance profiles to enable failover between cluster nodes. Amazon EFS or FSx for NetApp ONTAP provide the necessary NFS-based shared storage that supports the SAP enqueue replication and message server services during a failover event.

Exam trap

Cisco often tests the misconception that ENSA2 requires a load balancer for replication traffic, but in reality, ENSA2 uses direct peer-to-peer communication between ASCS and ERS instances without any intermediate load balancer.

13
Multi-Selecthard

Which TWO configurations are mandatory for an SAP HANA system replication setup on AWS? (Choose TWO.)

Select 2 answers
A.An Application Load Balancer in front of the HANA instances
B.A virtual IP (VIP) address for the HANA system
C.A dedicated replication network between primary and secondary
D.Encryption of data in transit using SSL
E.A separate VPC for the secondary instance
AnswersB, C

VIP is used for failover.

Why this answer

SAP HANA system replication requires a virtual IP address and a replication network. Option B is wrong because a load balancer is optional. Option C is wrong because a separate VPC is not required.

Option E is wrong because encryption is recommended but not mandatory.

14
MCQhard

A company runs SAP S/4HANA on AWS. The system is deployed in a cluster across two Availability Zones using Pacemaker for high availability. The primary SAP HANA node fails, and the failover to the secondary node is successful. However, after failover, the application servers cannot connect to the database because the database IP address changed. The application servers are configured to use the IP address of the primary node. The company needs a solution that allows the application servers to connect to the active database node without reconfiguration after failover. Which solution should the company implement?

A.Use Amazon Route 53 DNS with a health check to point to the active node's IP
B.Associate an Elastic IP address to the active node using a script during failover
C.Configure a CNAME record in Route 53 that points to the primary node's DNS name
D.Deploy an internal Network Load Balancer (NLB) with a static IP and target the HANA nodes
AnswerD

NLB provides a static IP that stays constant; it forwards traffic to the active node.

Why this answer

Option D is correct because using an internal Network Load Balancer (NLB) with a static IP address for the database virtual IP allows application servers to connect to the NLB, which forwards traffic to the active node. Option A is wrong because Elastic IPs are not automatically reassigned. Option B is wrong because Route 53 health checks have DNS TTL delays.

Option C is wrong because a CNAME record still has TTL issues.

15
MCQmedium

A company is migrating its SAP ERP system to AWS. The system requires high availability across two Availability Zones. Which AWS service should be used to manage the virtual IP address for the SAP Central Services (ASCS/ERS) cluster?

A.Elastic IP address
B.Network Load Balancer
C.AWS Global Accelerator
D.Amazon Route 53
AnswerD

Route 53 with failover routing and health checks can manage VIP for SAP clusters.

Why this answer

Amazon Route 53 is used to manage the virtual IP address for the SAP Central Services (ASCS/ERS) cluster by leveraging DNS-based failover. In a multi-AZ SAP cluster, Route 53 health checks monitor the active node and automatically update the DNS record to point to the healthy node's IP address, enabling clients to connect to the virtual hostname without relying on a floating IP. This approach is recommended by AWS for SAP deployments because it avoids the need for a shared IP across Availability Zones, which is not natively supported in AWS.

Exam trap

The trap here is that candidates often confuse the need for a virtual IP with a load balancer (NLB) or a static IP (Elastic IP), but AWS does not support floating IPs across Availability Zones, so Route 53's DNS-based failover is the correct and recommended service for managing the SAP ASCS/ERS virtual IP in a multi-AZ cluster.

How to eliminate wrong answers

Option A is wrong because Elastic IP addresses are static public IPv4 addresses that cannot be moved between instances across Availability Zones without manual intervention, and they do not support automatic failover required for SAP ASCS/ERS clustering. Option B is wrong because a Network Load Balancer operates at Layer 4 and distributes traffic to multiple targets, but it cannot serve as a virtual IP for the SAP cluster's active/passive model where only one node is active at a time; NLB is typically used for SAP application tier load balancing, not for the ASCS/ERS virtual IP. Option C is wrong because AWS Global Accelerator provides static IP addresses for global traffic routing and performance optimization, but it is designed for internet-facing applications and does not manage virtual IP failover within a single region's Availability Zones for SAP cluster services.

16
MCQmedium

A company is designing an SAP S/4HANA deployment on AWS with high availability. They want to use a shared file system for the SAP transport directory. Which AWS service should they use for this shared file system?

A.Amazon EFS
B.Amazon FSx for Windows File Server
C.Amazon EBS with multi-attach enabled
D.Amazon S3
AnswerA

EFS provides a scalable NFS file system that can be shared across multiple AZs.

Why this answer

Option C is correct. Amazon EFS provides a shared NFS file system that can be mounted across multiple EC2 instances in different Availability Zones. Option A is wrong because EBS volumes can only be attached to one instance at a time.

Option B is wrong because S3 is object storage, not a file system. Option D is wrong because FSx for Windows File Server is for SMB, not typically for SAP transport.

17
MCQeasy

A company is planning to run SAP HANA on AWS. What is the recommended practice for sizing the EC2 instance for SAP HANA?

A.Select an instance type from the SAP HANA certified list on AWS
B.Choose an instance with the highest network bandwidth
C.Choose an instance with the highest vCPU count
D.Choose an instance with the most memory available
AnswerA

Only certified instances are supported for SAP HANA production.

Why this answer

SAP HANA requires that the instance be certified for SAP HANA on AWS. Option A is wrong because memory is just one factor. Option B is wrong because vCPU count is not the primary criterion.

Option D is wrong because network bandwidth is secondary.

18
Multi-Selecteasy

A company is designing an SAP S/4HANA deployment on AWS. They want to ensure high availability for the central services (ASCS and ERS) across two Availability Zones. Which TWO of the following are required components for a typical SAP high availability setup on AWS? (Choose TWO.)

Select 2 answers
A.Amazon RDS Multi-AZ deployment for the SAP HANA database.
B.AWS Network Load Balancer to route traffic to the ASCS and ERS instances.
C.Amazon EFS file system mounted on both instances for shared /sapmnt.
D.AWS Transit Gateway to connect the two Availability Zones.
E.AWS Global Accelerator to provide static anycast IP addresses.
AnswersB, C

NLB is used for SAP HA to manage virtual IPs and health checks.

Why this answer

The AWS Network Load Balancer (NLB) is required to distribute traffic to the ASCS and ERS instances across two Availability Zones. It uses health checks to detect failures and reroute traffic to the healthy instance, ensuring that the SAP central services remain available even if one AZ fails. The NLB operates at Layer 4, preserving the source IP and supporting the necessary SAP protocols like the Message Server and Enqueue Replication.

Exam trap

The trap here is that candidates often confuse the need for a shared file system (like EFS) with a database replication mechanism, but the question specifically asks for components required for central services (ASCS/ERS) HA, not the database layer.

19
MCQhard

A company is running SAP S/4HANA on AWS with a scale-out HANA configuration. The system is experiencing performance degradation during peak hours. Monitoring shows high network throughput on the HANA nodes. Which EC2 instance family is best suited to mitigate this?

A.x2iedn instances with high network bandwidth.
B.c5 instances with placement groups.
C.r5 instances with enhanced networking.
D.m5 instances with EBS optimization.
AnswerA

x2iedn is specifically designed for SAP HANA with high network performance.

Why this answer

The x2iedn instances are specifically designed for SAP HANA scale-out configurations, offering high memory per vCPU and dedicated high network bandwidth via the Elastic Network Adapter (ENA). In a scale-out HANA setup, nodes communicate intensively over the network for data synchronization and shared storage access, so high network throughput directly mitigates the performance degradation during peak hours.

Exam trap

The trap here is that candidates may assume any memory-optimized instance (like r5) is sufficient for SAP HANA, overlooking the specific network throughput and SAP certification requirements for scale-out configurations that only x2iedn instances meet.

How to eliminate wrong answers

Option B is wrong because c5 instances are compute-optimized and lack the large memory footprint required for SAP HANA, making them unsuitable for scale-out HANA workloads. Option C is wrong because r5 instances, while memory-optimized, do not provide the dedicated high network bandwidth and SAP certification for HANA scale-out that x2iedn instances offer. Option D is wrong because m5 instances are general-purpose and not optimized for the memory-intensive and high-throughput network demands of SAP HANA scale-out, and EBS optimization alone does not address inter-node network throughput.

20
MCQhard

An SAP Basis team is designing a high-availability architecture for SAP NetWeaver on AWS. They plan to use a shared file system for the transport directory and SAP profiles across multiple availability zones. Which AWS storage service should they use?

A.Amazon EBS with multi-attach
B.Amazon FSx for Windows File Server
C.Amazon EFS
D.Amazon S3
AnswerC

EFS provides a shared NFS file system across AZs.

Why this answer

Amazon EFS (Elastic File System) is the correct choice because it provides a fully managed, NFS-based shared file system that is accessible from multiple EC2 instances across different Availability Zones. For SAP NetWeaver, the transport directory and SAP profiles must be concurrently accessible from all application servers in a high-availability setup, and EFS supports the required POSIX permissions and locking semantics needed by SAP.

Exam trap

The trap here is that candidates often confuse Amazon EBS Multi-Attach (option A) as a viable cross-AZ solution, but it is strictly single-AZ, making it incompatible with the multi-AZ high-availability requirement for SAP NetWeaver.

How to eliminate wrong answers

Option A is wrong because Amazon EBS with multi-attach is limited to a single Availability Zone and supports only up to 16 Nitro-based instances, making it unsuitable for cross-AZ SAP high-availability architectures. Option B is wrong because Amazon FSx for Windows File Server uses SMB protocol, which is not natively supported by SAP NetWeaver on Linux (the typical OS for SAP on AWS) and would require additional translation layers. Option D is wrong because Amazon S3 is an object storage service that does not provide a POSIX-compliant file system interface or support the file locking and concurrent access patterns required by SAP transport and profile directories.

21
MCQhard

An SAP Basis administrator is troubleshooting a slow-performing SAP ERP system on AWS. The system uses Amazon EBS volumes with Provisioned IOPS (PIOPS) for database storage. Which metric in Amazon CloudWatch would best indicate whether the EBS volume is experiencing a performance bottleneck?

A.VolumeIdleTime
B.VolumeReadOps
C.VolumeQueueLength
D.VolumeThroughputPercentage
AnswerC

A high queue length indicates pending I/O requests, suggesting a bottleneck.

Why this answer

VolumeQueueLength measures the number of pending I/O requests waiting to be serviced by the EBS volume. A sustained high queue length (e.g., consistently above 1 per optimized IOPS) indicates that the volume is saturated and cannot keep up with the workload, which directly causes performance bottlenecks for SAP ERP database operations. This metric is the most direct indicator of a bottleneck because it reflects backpressure from the storage subsystem.

Exam trap

The trap here is that candidates confuse high I/O operations (VolumeReadOps) with a bottleneck, but a high read count alone does not indicate queuing or saturation—only VolumeQueueLength reveals whether the volume is struggling to keep up with the demand.

How to eliminate wrong answers

Option A is wrong because VolumeIdleTime measures the percentage of time the volume has no pending I/O operations; a low idle time indicates activity, not a bottleneck, and a high idle time would suggest the volume is underutilized. Option B is wrong because VolumeReadOps simply counts read operations per minute; a high value indicates heavy read activity but does not by itself indicate a bottleneck—the volume could be handling those reads efficiently. Option D is wrong because VolumeThroughputPercentage is not a standard CloudWatch metric for EBS; the correct throughput-related metric is VolumeThroughput (bytes per second), and even that does not directly indicate queuing or saturation.

22
MCQhard

Refer to the exhibit. An SAP administrator runs the AWS CLI command and receives the output shown. The SAP application server (instance i-0abcd1234) is in 'running' state, but the SAP application is not reachable. The security group allows inbound traffic on port 3200. What is the MOST likely cause of the issue?

A.The network ACL for the subnet is blocking outbound traffic.
B.The instance is in a stopped state.
C.The security group inbound rule for port 3200 is not applied to the instance.
D.The operating system firewall on the instance is blocking port 3200.
AnswerD

OS firewall can block traffic even if security group allows it.

Why this answer

Option D is correct because the instance is in 'running' state and the security group allows inbound traffic on port 3200, yet the SAP application is unreachable. This indicates a host-level firewall (e.g., iptables, firewalld, or Windows Firewall) on the SAP application server is blocking inbound connections to port 3200, which operates independently of AWS security groups and network ACLs.

Exam trap

The trap here is that candidates often assume security group rules are the sole determinant of traffic flow, forgetting that the OS firewall on the instance can independently block traffic even when AWS-level permissions are correctly configured.

How to eliminate wrong answers

Option A is wrong because network ACLs are stateless and affect traffic at the subnet level, but the security group already allows inbound traffic on port 3200, and the instance is running; outbound traffic blocking would not prevent inbound connections to the instance. Option B is wrong because the AWS CLI output explicitly shows the instance is in 'running' state, not 'stopped'. Option C is wrong because the question states the security group allows inbound traffic on port 3200, and the security group is associated with the instance; if it were not applied, the instance would still be reachable via other rules or default deny, but the issue is specific to port 3200 being blocked at the OS level.

23
Multi-Selectmedium

Which THREE of the following are valid disaster recovery strategies for SAP on AWS? (Choose 3)

Select 3 answers
A.Maintain a cold standby environment in another Region
B.AWS RDS Multi-AZ deployment for SAP HANA
C.SAP backup to Amazon S3 with cross-region replication
D.Cross-region Amazon EBS snapshot copy and restore
E.SAP HANA System Replication across AWS Regions
AnswersC, D, E

Ensures backup availability in another region.

Why this answer

Options A, D, and E are correct. A: HANA System Replication provides near-sync replication to another region. D: EBS Snapshots to another region enable restore.

E: SAP Backup to S3 with cross-region replication ensures offsite backup. B is wrong because Multi-AZ for RDS is not applicable to HANA. C is wrong because cold standbys are not recommended; saves cost but recovery time is long.

24
Multi-Selecthard

A company is designing a disaster recovery solution for SAP HANA on AWS using HANA System Replication. The primary site is in us-east-1 and the DR site is in us-west-2. Which TWO components are required to enable replication across Regions? (Choose two.)

Select 2 answers
A.AWS Site-to-Site VPN or AWS Direct Connect between the two Regions
B.VPC peering between the two VPCs
C.Automated EBS snapshots of /hana/data and /hana/log volumes in us-east-1, copied to us-west-2
D.AWS Global Accelerator
E.Amazon S3 Transfer Acceleration
AnswersA, C

Provides network connectivity.

Why this answer

Option B and Option D are correct: A VPN or Direct Connect (B) provides network connectivity, and EBS snapshots (D) can be used to replicate data if synchronous replication is not feasible. Option A is wrong because S3 Transfer Acceleration is not needed. Option C is wrong because VPC peering does not work across Regions (use Transit Gateway or VPN).

Option E is wrong because AWS Global Accelerator improves latency but is not required.

25
MCQmedium

An SAP administrator needs to migrate an on-premises SAP HANA system to AWS. The total size of the HANA data and log volumes is 5 TB. The administrator wants to minimize downtime and use the fastest possible initial data transfer method. Which approach should they use?

A.Use Amazon S3 Transfer Acceleration to upload the data over the internet
B.Use AWS Snowball Edge to physically ship the data
C.Use AWS Direct Connect to transfer the data over a dedicated network connection
D.Use VPC Peering to connect on-premises to AWS and copy data
AnswerB

Snowball Edge can transfer 5 TB quickly and securely, minimizing downtime.

Why this answer

AWS Snowball Edge provides a physical data transfer device that can be shipped to the on-premises site, loaded with the 5 TB of SAP HANA data and log volumes, and then shipped back to AWS for ingestion into an S3 bucket. This approach offers the fastest initial transfer for large datasets (multi-TB) over a WAN, as it bypasses network bandwidth limitations entirely, minimizing downtime compared to internet-based or dedicated network transfers.

Exam trap

The trap here is that candidates often choose Direct Connect (Option C) assuming a dedicated network is always fastest, but for large initial bulk transfers (multi-TB), physical shipping via Snowball Edge is faster because it avoids network bandwidth constraints and transfer time, which is a key concept tested in the PAS-C01 exam for minimizing downtime during SAP HANA migrations.

How to eliminate wrong answers

Option A is wrong because Amazon S3 Transfer Acceleration still relies on internet connectivity and is limited by available bandwidth; for 5 TB, it would take significantly longer than a physical shipment, especially with typical on-premises upload speeds. Option C is wrong because AWS Direct Connect provides a dedicated network connection but is still constrained by the provisioned bandwidth (e.g., 1 Gbps or 10 Gbps); transferring 5 TB over even a 10 Gbps link would take over an hour, and setup latency plus potential throttling make it slower than a physical shipment for initial bulk transfer. Option D is wrong because VPC Peering is a networking feature for connecting VPCs within AWS, not for on-premises to AWS connectivity; it cannot be used to transfer data from on-premises to AWS, and even if combined with a VPN, it would still be network-bound and slower than Snowball Edge.

26
MCQeasy

An SAP system uses Amazon EFS for shared file storage for transport directories. The system is deployed across multiple Availability Zones. Which EFS performance mode is most suitable for this workload?

A.Max I/O performance mode.
B.Provisioned Throughput mode.
C.General Purpose performance mode.
D.Bursting Throughput mode.
AnswerC

General Purpose provides low latency for file operations.

Why this answer

General Purpose performance mode is the most suitable for SAP transport directories because it provides the lowest latency for file operations, which is critical for the frequent, small I/O operations typical of SAP transport processes. Max I/O mode, while offering higher throughput for large sequential I/O, introduces higher latency that can degrade SAP performance. General Purpose mode is the default and recommended mode for most EFS workloads, including SAP shared file systems.

Exam trap

The trap here is that candidates confuse performance modes (General Purpose vs. Max I/O) with throughput models (Bursting vs. Provisioned), leading them to select a throughput option like Provisioned or Bursting when the question explicitly asks for the most suitable performance mode for a latency-sensitive SAP workload.

How to eliminate wrong answers

Option A is wrong because Max I/O performance mode is designed for highly parallel, large-file workloads (e.g., big data, media processing) and has higher latency per operation, which is unsuitable for the latency-sensitive, small-file I/O patterns of SAP transport directories. Option B is wrong because Provisioned Throughput mode is a throughput setting, not a performance mode; it can be applied to either General Purpose or Max I/O modes to set a baseline throughput independent of file system size, but it does not define the latency or concurrency characteristics needed for this workload. Option D is wrong because Bursting Throughput mode is also a throughput model (not a performance mode) that allows throughput to burst based on accumulated credits; while it can be used with General Purpose mode, it is not a performance mode choice and does not address the latency requirements of SAP transport directories.

27
MCQhard

An organization is deploying a large SAP HANA system on AWS. They need to ensure that the EBS volumes for the /hana/data and /hana/log directories are configured with optimal performance and resilience. Which configuration should they use?

A.Use io2 Block Express volumes with /hana/data on a RAID 1 set and /hana/log on a RAID 0 set
B.Use a single large gp3 EBS volume for both /hana/data and /hana/log
C.Use io2 Block Express volumes with /hana/data on a RAID 0 set and /hana/log on a RAID 1 set
D.Use io2 Block Express volumes with /hana/data on one volume and /hana/log on another, no RAID
AnswerC

RAID 0 for data performance, RAID 1 for log resilience.

Why this answer

SAP HANA on AWS requires /hana/data and /hana/log to be on separate EBS volumes. Using io2 Block Express volumes with RAID 0 for data and RAID 1 for log is recommended. Option A is wrong because gp3 may not provide enough IOPS.

Option B is wrong because /hana/log should be on separate volumes from /hana/data. Option D is wrong because /hana/data should use RAID 0 for performance.

28
MCQhard

An architect is designing a storage solution for an SAP Business Warehouse (BW) system on AWS. The system requires high throughput for data extraction and transformation. The existing on-premises system uses SAN storage with 10,000 IOPS. Which Amazon EBS volume type should the architect choose to meet or exceed this performance at the lowest cost?

A.sc1 with 10,000 IOPS
B.io1 with 10,000 Provisioned IOPS
C.gp3 with 10,000 IOPS and 500 MB/s throughput
D.st1 with 10,000 IOPS
AnswerC

gp3 can achieve 10,000 IOPS at lower cost than io1, and throughput is adequate.

Why this answer

Amazon EBS gp3 volumes can provision up to 16,000 IOPS and 1,000 MB/s throughput independently, making them suitable for SAP BW workloads requiring 10,000 IOPS. gp3 offers a lower cost than io1 because it includes a baseline performance (3,000 IOPS and 125 MB/s) and only charges for additional provisioned IOPS and throughput, whereas io1 charges for every provisioned IOPS. This makes gp3 the most cost-effective choice to meet or exceed the required 10,000 IOPS and 500 MB/s throughput.

Exam trap

The trap here is that candidates may assume io1 is the only option for guaranteed IOPS due to its 'Provisioned IOPS' branding, overlooking gp3's ability to provision IOPS independently at a lower cost, or they may incorrectly think HDD-based volumes (sc1, st1) can achieve high IOPS values.

How to eliminate wrong answers

Option A is wrong because sc1 (Cold HDD) is a throughput-optimized volume designed for infrequently accessed data, with a maximum IOPS of 250 per volume and cannot achieve 10,000 IOPS. Option B is wrong because io1 (Provisioned IOPS SSD) can provide 10,000 IOPS but at a higher cost than gp3, as io1 charges for every provisioned IOPS regardless of usage, making it less cost-effective for this requirement. Option D is wrong because st1 (Throughput Optimized HDD) is designed for large, sequential workloads with a maximum IOPS of 500 per volume and cannot sustain 10,000 IOPS.

29
Multi-Selectmedium

A company is planning to deploy SAP S/4HANA on AWS with high availability. Which TWO actions should be taken to achieve high availability for the SAP Central Services (ASCS/ERS) instance?

Select 2 answers
A.Deploy ASCS and ERS in the same Availability Zone.
B.Run both ASCS and ERS on the same EC2 instance.
C.Place ASCS and ERS in the same subnet.
D.Deploy ASCS and ERS in different Availability Zones.
E.Use a cluster placement group for ASCS and ERS instances.
AnswersD, E

Provides AZ-level redundancy.

Why this answer

Option D is correct because deploying ASCS and ERS in different Availability Zones (AZs) ensures that if one AZ fails, the SAP Central Services can fail over to the other AZ, maintaining high availability. This aligns with AWS best practices for SAP HANA HA, which typically uses a Pacemaker cluster across AZs with fencing and STONITH to handle failover. Option E is correct because a cluster placement group provides low-latency, high-bandwidth connectivity between the ASCS and ERS instances, which is critical for the synchronous replication and heartbeat communication required for a reliable HA cluster.

Exam trap

The trap here is that candidates often confuse high availability with fault tolerance, assuming that same-AZ deployment (Option A) or same-subnet placement (Option C) is sufficient, when in fact SAP HA on AWS requires cross-AZ separation and a cluster placement group to meet the strict latency and fencing requirements.

30
MCQhard

A company runs SAP ERP Central Component (ECC) on AWS with an Oracle database. The system is deployed on a single EC2 instance with EBS volumes. The company has scheduled a maintenance window for applying Oracle patches. The database administrator (DBA) will apply the patches during the maintenance window, which requires the database to be shut down. The DBA wants to minimize downtime and ensure that if the patching fails, the system can be rolled back quickly. The current setup includes daily EBS snapshots of the data volume, but these are taken at midnight. What should the DBA do to minimize downtime and ensure a quick rollback?

A.Create a snapshot of the EBS data volume immediately before applying the patches. If the patching fails, restore the volume from the snapshot.
B.Use AWS Database Migration Service (DMS) to create a replica of the database before patching. If patching fails, redirect traffic to the replica.
C.Create an AMI of the entire EC2 instance before the maintenance window. If patching fails, launch a new instance from the AMI.
D.Stop the EC2 instance, create a snapshot of the data volume, then apply the patches. If patching fails, restore from the snapshot.
AnswerA

A snapshot provides a quick rollback point without additional downtime.

Why this answer

Option A is correct because creating a snapshot of the EBS data volume immediately before applying the patches captures a point-in-time, crash-consistent state of the Oracle database. Since the database will be shut down during the maintenance window, this snapshot provides a reliable restore point. If patching fails, the DBA can quickly restore the volume from this snapshot, minimizing downtime by avoiding the need to restore from the older midnight snapshot, which would lose an entire day's worth of transactions.

Exam trap

The trap here is that candidates may overthink the solution and choose a more complex option like DMS or AMI, not realizing that a simple EBS snapshot taken immediately before patching provides the fastest and most cost-effective rollback for a single-instance SAP ECC with Oracle, as it avoids the overhead of instance recreation or replication setup.

How to eliminate wrong answers

Option B is wrong because AWS Database Migration Service (DMS) is designed for ongoing replication or one-time migrations between heterogeneous or homogeneous databases, not for creating a quick, rollback-ready replica of a running Oracle database for patching. DMS requires setup time, incurs additional costs, and does not provide a simple, immediate rollback mechanism for a single-instance SAP ECC system. Option C is wrong because creating an AMI of the entire EC2 instance captures the OS, application, and data volumes, but it is a heavier, slower operation compared to a data volume snapshot.

Restoring from an AMI would require launching a new instance, reconfiguring networking, and reattaching volumes, leading to significantly longer downtime than a simple volume restore. Option D is wrong because stopping the EC2 instance before creating the snapshot adds unnecessary downtime; the database must be shut down for patching anyway, but the snapshot can be taken while the instance is running (with the database shut down) or even with a brief quiesce, making the stop step redundant and increasing total downtime.

31
MCQmedium

An SAP administrator wants to ensure that the SAP application server can communicate with the HANA database using the private IP address within the same VPC. What configuration is necessary?

A.Attach an Internet Gateway to the VPC.
B.Set up a NAT Gateway for the database subnet.
C.Establish a VPN connection to the on-premises network.
D.Configure a security group rule allowing traffic on the HANA database port from the application server's security group.
AnswerD

Security groups control traffic within VPC.

Why this answer

Option D is correct because within the same VPC, AWS resources can communicate using private IP addresses without internet or VPN connectivity. The key requirement is that the security group attached to the HANA database must allow inbound traffic on the HANA database port (typically 3<span+>15<span+>17 or 3<span+>00<span+>15 for HANA) from the security group associated with the SAP application server. This ensures that only traffic originating from the application server is permitted, maintaining security while enabling private IP communication.

Exam trap

The trap here is that candidates often confuse the need for external connectivity (internet or VPN) with internal VPC communication, mistakenly thinking that a NAT Gateway or Internet Gateway is required for any traffic between subnets, when in fact AWS VPCs natively route private IP traffic within the same VPC using the VPC router and security groups for access control.

How to eliminate wrong answers

Option A is wrong because an Internet Gateway is used to enable communication between a VPC and the internet, not for private IP communication within the same VPC; attaching an IGW would expose the resources unnecessarily and does not facilitate internal routing. Option B is wrong because a NAT Gateway is used to allow instances in a private subnet to initiate outbound traffic to the internet (e.g., for updates) while preventing inbound internet traffic; it is not required for internal VPC communication between application and database servers. Option C is wrong because a VPN connection is used to connect an on-premises network to the AWS VPC, not for communication between two AWS resources already within the same VPC; it adds unnecessary complexity and latency.

32
MCQeasy

A company runs SAP S/4HANA on AWS with a single-instance deployment. The database is hosted on an r5.8xlarge instance with 5000 provisioned IOPS EBS volumes. Recently, the system experienced a performance degradation during peak hours. CloudWatch metrics show that the EBS volume read latency is consistently above 10 ms, and the queue length is frequently peaking at 20. The instance is in the same Availability Zone as the EBS volumes. What should the administrator do to resolve the performance issue?

A.Move the instance to a different Availability Zone to reduce network latency.
B.Increase the provisioned IOPS on the EBS volumes to 10000.
C.Move the database to an instance with instance store volumes for better performance.
D.Migrate the EBS volumes to gp3 volume type with baseline performance.
AnswerB

Higher IOPS reduces latency and queue depth, improving performance.

Why this answer

The correct answer is B. The CloudWatch metrics show high read latency (>10 ms) and a queue length peaking at 20, which indicates that the EBS volume is throttling due to insufficient IOPS for the workload. Increasing provisioned IOPS from 5000 to 10000 directly addresses the bottleneck by allowing more I/O operations per second, reducing queue depth and latency.

Since the instance and volumes are in the same Availability Zone, network latency is not a factor, and instance store volumes are ephemeral and unsuitable for persistent SAP HANA data.

Exam trap

The trap here is that candidates may assume high latency is due to network distance (Option A) or that gp3 volumes always provide better performance (Option D), but the key metric is queue length, which directly points to IOPS exhaustion on the provisioned IOPS volume.

How to eliminate wrong answers

Option A is wrong because moving the instance to a different Availability Zone would increase network latency between the instance and the EBS volumes, worsening the performance issue, not resolving it. Option C is wrong because instance store volumes are ephemeral (data is lost on stop/termination) and do not provide the durability or snapshot capabilities required for SAP HANA database persistence; they are also not available on all instance types. Option D is wrong because gp3 volumes have a baseline of 3000 IOPS regardless of size, which is lower than the current 5000 IOPS, and while they can be provisioned with additional IOPS, the default baseline performance would degrade the workload further; the immediate fix is to increase IOPS on the existing io1/io2 volumes.

33
MCQeasy

An SAP system on AWS needs to send alerts when the CPU utilization of the application server exceeds 90% for more than 5 minutes. Which AWS service should be used to set up this monitoring?

A.AWS Config
B.Amazon Inspector
C.AWS CloudTrail
D.Amazon CloudWatch
AnswerD

CloudWatch monitors metrics and can trigger alarms.

Why this answer

Amazon CloudWatch is the correct service because it can monitor CPU utilization metrics for EC2 instances and trigger alarms based on thresholds. You can configure a CloudWatch alarm to evaluate the CPUUtilization metric over a 5-minute period and send notifications via Amazon SNS when the 90% threshold is breached.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (API logging) with CloudWatch (metrics and alarms), or think AWS Config can monitor performance metrics because it tracks configuration changes.

How to eliminate wrong answers

Option A is wrong because AWS Config is used for resource inventory, configuration history, and compliance auditing, not for real-time metric monitoring or alerting. Option B is wrong because Amazon Inspector is a vulnerability assessment service that scans for software vulnerabilities and unintended network exposure, not for tracking CPU utilization metrics. Option C is wrong because AWS CloudTrail records API activity and governance events, not performance metrics like CPU utilization.

34
Multi-Selecthard

An organization has an SAP S/4HANA system running on AWS. The system uses a multi-node HANA scale-out configuration. The company wants to implement a disaster recovery solution with an RPO of less than 1 hour and an RTO of less than 2 hours. The DR site is in a different AWS Region. Which THREE components should be included in the DR plan?

Select 3 answers
A.Cross-region Amazon Machine Image (AMI) copies for the SAP application servers.
B.AWS Global Accelerator to route traffic to the closest Region.
C.Amazon Route 53 DNS failover routing policy to redirect traffic to the DR Region in case of failure.
D.SAP HANA System Replication from the primary to the DR region using asynchronous replication.
E.Daily EBS snapshots of all volumes copied to the DR Region.
AnswersA, C, D

Pre-copied AMIs allow quick instance launch in DR.

Why this answer

Option A is correct because AMI copies can be automated to replicate SAP application server configurations across regions, enabling rapid recovery of stateless application servers within the RTO. Since SAP application servers are stateless and can be recreated from AMIs, cross-region AMI copies provide a fast and reliable method to restore the application tier in the DR region without relying on storage-level replication.

Exam trap

The trap here is that candidates often assume daily EBS snapshots are sufficient for DR, but they fail to meet the strict RPO of less than 1 hour because snapshots are not continuous replication, and the restore time from snapshots can easily exceed the 2-hour RTO for large SAP HANA volumes.

35
Multi-Selecthard

A company runs SAP Business Suite on AWS and wants to implement a disaster recovery solution using a pilot light approach. Which THREE components should be pre-provisioned in the DR region to reduce recovery time?

Select 3 answers
A.An Amazon RDS for SAP HANA instance
B.Running EC2 instances for all SAP components
C.Pre-allocated Elastic IP addresses
D.Custom AMIs for SAP application servers
E.Pre-provisioned EBS volumes with HANA data replicated via log shipping
AnswersC, D, E

Elastic IPs can be quickly associated to recovered instances.

Why this answer

Options A, B, and D are correct. Pre-provisioning EBS volumes (A), AMIs (B), and Elastic IPs (D) helps reduce RTO. Option C is wrong because EC2 instances should not be running to avoid costs.

Option E is wrong because Amazon RDS for SAP HANA is not used; HANA runs on EC2.

36
Multi-Selecteasy

A company is deploying SAP S/4HANA on AWS and needs to ensure high availability for the database layer. Which TWO actions should the company take?

Select 2 answers
A.Store HANA backups in Amazon S3 Standard-IA
B.Configure SAP HANA System Replication across two Availability Zones
C.Use Amazon EFS as the data volume for HANA
D.Provision Amazon EBS io2 Block Express volumes for HANA data
E.Enable EC2 Auto Scaling for the HANA instance
AnswersB, D

HANA System Replication provides synchronous replication for HA.

Why this answer

Options A and C are correct. HANA System Replication across AZs (A) and using EBS io2 volumes (C) are key for HA. Option B is wrong because EFS is not used for database data.

Option D is wrong because Auto Scaling is not for HANA. Option E is wrong because S3 Standard-IA is for backups, not primary storage.

37
MCQmedium

A company runs SAP NetWeaver on AWS and notices that the application server is experiencing high CPU utilization during peak hours. They need to scale out the SAP application tier. What is the best approach?

A.Use AWS Global Accelerator to distribute traffic
B.Increase the instance size of the existing application server
C.Manually launch additional EC2 instances and configure them as application servers
D.Use an Auto Scaling group to automatically launch additional application servers and register them with the SAP application load balancer
AnswerD

Auto Scaling enables dynamic scaling and load distribution.

Why this answer

Adding more SAP application servers (ASCS) behind an Application Load Balancer distributes load and provides HA. Option A is wrong because vertical scaling is limited. Option B is wrong because ASG alone does not register with SAP load balancer.

Option C is wrong because launching manually is not automated.

38
MCQhard

A company is designing a multi-tier SAP architecture on AWS. They want to separate the SAP application tier and database tier into different subnets for security. Which AWS networking component should they use to connect the tiers?

A.AWS Direct Connect
B.VPC peering connection
C.AWS Site-to-Site VPN
D.AWS Transit Gateway
AnswerB

VPC peering connects VPCs, allowing communication between tiers.

Why this answer

Option B is correct because VPC peering connection allows direct network connectivity between two VPCs using private IPv4 or IPv6 addresses, enabling the SAP application tier and database tier to communicate securely across different subnets without traversing the public internet. This is a common pattern for multi-tier SAP architectures on AWS where each tier resides in its own VPC for isolation, and VPC peering provides low-latency, high-bandwidth connectivity ideal for SAP's performance requirements.

Exam trap

The trap here is that candidates may choose AWS Transit Gateway because they think it is required for any multi-VPC connectivity, but the question specifically asks for connecting only two tiers (two VPCs), where VPC peering is simpler, cheaper, and sufficient—Transit Gateway is only needed when connecting three or more VPCs or when transitive routing is required.

How to eliminate wrong answers

Option A is wrong because AWS Direct Connect is a dedicated physical network connection from on-premises to AWS, not a mechanism to connect two VPCs or subnets within AWS; it would be used for hybrid connectivity, not inter-tier communication. Option C is wrong because AWS Site-to-Site VPN is also designed for hybrid connectivity between on-premises networks and AWS, not for connecting VPCs or subnets within the same AWS region; it introduces unnecessary latency and complexity for intra-AWS traffic. Option D is wrong because AWS Transit Gateway is a hub-and-spoke network transit service for connecting multiple VPCs and on-premises networks, which is overkill for a simple two-tier connection; VPC peering is simpler and more cost-effective for this specific use case.

39
MCQhard

An SAP system uses a shared file system via Amazon FSx for Windows File Server. The system administrators report that file locks are not being released properly, causing application errors. What is the most likely cause and solution?

A.Increase the throughput capacity of the FSx file system.
B.Enable the file lock duration feature on the FSx file system to automatically release stale locks.
C.The file system is using NFSv3 protocol; switch to NFSv4.
D.The file system is using Amazon S3 as the backing store; migrate to EFS.
AnswerB

FSx for Windows supports file lock duration to release locks automatically.

Why this answer

Option C is correct because stale file locks can be released by enabling automatic file lock duration or using the FSx file lock command. Option A is wrong because S3 does not support file locking. Option B is wrong because EFS supports NFSv4 locks but this is Windows.

Option D is wrong because increasing throughput does not address lock issues.

40
MCQmedium

An organization is migrating its SAP ECC system to AWS. The system currently uses a physical IBM Db2 database. The company wants to minimize licensing costs and management overhead after migration. The SAP system will be deployed on Amazon EC2. Which database option should the company choose?

A.Migrate to SAP ASE (Sybase) on EC2.
B.Continue using IBM Db2 on EC2 to avoid migration complexity.
C.Migrate to SAP HANA on EC2 to gain in-memory benefits.
D.Migrate to Oracle Database on Amazon RDS.
AnswerA

SAP ASE is supported and often lower cost.

Why this answer

SAP ASE (Sybase) is the recommended database for SAP workloads on AWS when minimizing licensing costs and management overhead is a priority. Unlike IBM Db2 or Oracle, SAP ASE has lower licensing fees and is fully supported by SAP for production use on EC2. It also avoids the complexity and higher cost of migrating to SAP HANA, which is unnecessary for an existing SAP ECC system that does not require in-memory capabilities.

Exam trap

The trap here is that candidates may assume SAP HANA is always the best choice for SAP workloads due to its in-memory performance benefits, but for existing ECC systems, the higher licensing cost and complexity outweigh the advantages, making SAP ASE the more practical option.

How to eliminate wrong answers

Option B is wrong because continuing with IBM Db2 on EC2 incurs high licensing costs and management overhead, contradicting the goal of minimizing both. Option C is wrong because migrating to SAP HANA on EC2 introduces significant licensing expense and operational complexity, and the in-memory benefits are not required for a standard SAP ECC system. Option D is wrong because Oracle Database on Amazon RDS is not a supported database platform for SAP workloads; SAP only supports specific databases like SAP ASE, IBM Db2, SAP HANA, and Oracle on EC2, not on RDS.

41
MCQeasy

A company is deploying an SAP BusinessObjects (BO) platform on AWS. To ensure high availability of the BO servers, which AWS service should be used to distribute incoming traffic across multiple BO instances in different Availability Zones?

B.Application Load Balancer
C.Amazon Route 53
D.Classic Load Balancer
AnswerB

ALB distributes incoming HTTP/HTTPS traffic across multiple instances.

Why this answer

The Application Load Balancer (ALB) operates at Layer 7 and can distribute HTTP/HTTPS traffic across multiple SAP BusinessObjects instances in different Availability Zones, providing high availability and health-check-based routing. ALB supports path-based routing and SSL termination, which are essential for modern web applications like SAP BO. It is the correct choice because it is designed for HTTP/HTTPS traffic and can balance load across instances in multiple AZs.

Exam trap

The trap here is that candidates often confuse DNS-based routing (Route 53) with load balancing, but Route 53 does not provide real-time health-check-based traffic distribution across instances in the same way an ALB does.

How to eliminate wrong answers

Option A is wrong because a NAT Gateway is used to enable outbound internet access for instances in private subnets, not to distribute incoming traffic across multiple instances. Option C is wrong because Amazon Route 53 is a DNS service that can route traffic to endpoints but does not perform load balancing at the application layer; it lacks health-check-based traffic distribution across multiple instances in real time. Option D is wrong because the Classic Load Balancer operates at Layer 4 and does not support advanced Layer 7 features like path-based routing or host-based routing, which are often required for SAP BusinessObjects deployments.

42
MCQeasy

A company is running SAP NetWeaver on AWS. The SAP application server instances need to be distributed across multiple Availability Zones for high availability. Which AWS feature should be used to ensure low-latency connectivity between these instances?

A.Network ACL
B.Placement Group (cluster)
C.Internet Gateway
D.VPC Peering
AnswerB

Cluster placement group provides low-latency network.

Why this answer

Option C is correct because placing EC2 instances in the same placement group (cluster placement group) ensures low-latency network connectivity between them, which is beneficial for SAP application servers. Option A is incorrect because an Internet Gateway is for internet access, not internal connectivity. Option B is incorrect because a Network ACL controls traffic at the subnet level, not connectivity.

Option D is incorrect because VPC Peering connects different VPCs, not within the same VPC.

43
Multi-Selecteasy

Which TWO actions are recommended for securing an SAP system on AWS? (Choose TWO.)

Select 2 answers
A.Enable encryption at rest for EBS volumes and RDS instances
B.Disable AWS CloudTrail to reduce logging overhead
C.Use security groups to restrict network access to SAP application ports
D.Place all SAP servers in a public subnet for easier management
E.Use the default VPC security group for all SAP instances
AnswersA, C

Encryption at rest protects data.

Why this answer

Using security groups to control traffic and enabling encryption at rest are key security measures. Option B is wrong because public subnets are not recommended. Option D is wrong because disabling CloudTrail reduces visibility.

Option E is wrong because default VPC security groups are too permissive.

44
MCQhard

An SAP administrator runs the AWS CLI command shown in the exhibit for an EC2 instance used as an SAP HANA database server. The server has two EBS volumes attached: a root volume (/dev/xvda) and a data volume (/dev/sdf). Based on the output, what will happen when the instance is terminated?

A.The instance cannot be terminated because DeleteOnTermination is set inconsistently.
B.Both volumes will be deleted.
C.The root volume will be deleted, and the data volume will persist.
D.Both volumes will persist.
AnswerC

The root volume is deleted, the data volume persists.

Why this answer

Option C is correct because the root volume has DeleteOnTermination set to true, so it will be deleted. The data volume has DeleteOnTermination set to false, so it will persist. Option A is wrong because the data volume is not deleted.

Option B is wrong because the root volume is deleted. Option D is wrong because both volumes are affected differently.

45
MCQeasy

During a SAP migration to AWS, the team needs to ensure that the SAP license is compliant. Which of the following is a requirement for running SAP production systems on AWS?

A.The EC2 instance must be SAP-certified and the number of SAPS must be licensed.
B.The company must use AWS Enterprise Support.
C.The company must notify SAP of the migration to AWS.
D.The company must use a specific AWS region.
AnswerA

SAP certification and proper licensing are mandatory.

Why this answer

AWS requires that for running SAP production systems, the EC2 instance must be SAP-certified (listed in the SAP Certified and Supported Hardware Directory) and the customer must have licensed the appropriate number of SAP Application Performance Standard (SAPS) units for the instance type. This ensures the infrastructure meets SAP's performance and support requirements, and that the license covers the compute capacity used.

Exam trap

The trap here is that candidates may confuse operational best practices (like using Enterprise Support or notifying SAP) with mandatory licensing requirements, or assume that AWS region choice affects SAP licensing compliance.

How to eliminate wrong answers

Option B is wrong because AWS Enterprise Support is not a requirement for running SAP production systems on AWS; it is an optional support plan, and customers can run SAP workloads with Basic or Developer support as long as they meet licensing and certification requirements. Option C is wrong because there is no requirement to notify SAP of a migration to AWS; SAP licensing is based on the customer's existing agreements and the SAPS capacity of the instance, not on migration notification. Option D is wrong because SAP production systems can run in any AWS region that supports the required EC2 instance types and services; there is no region-specific mandate for SAP licensing compliance.

46
Multi-Selecthard

A company runs SAP HANA on AWS. The system is experiencing high CPU utilization during peak hours. Which TWO actions should the administrator take to address this? (Choose two.)

Select 2 answers
A.Disable HANA columnar compression to reduce CPU overhead.
B.Increase the size of the /hana/data EBS volumes.
C.Reduce the network throughput of the EC2 instance.
D.Right-size the EC2 instance to a larger type with more vCPUs.
E.Configure HANA workload management to limit resource-intensive queries.
AnswersD, E

Provides more CPU capacity.

Why this answer

Option B and Option D are correct because right-sizing the instance (B) and implementing HANA workload management (D) directly address CPU utilization. Option A is wrong because disabling compression increases CPU for decompression. Option C is wrong because increasing EBS volume size does not affect CPU.

Option E is wrong because reducing network throughput may impact performance.

47
MCQhard

A company runs SAP S/4HANA on AWS with a production system in us-east-1 and a disaster recovery (DR) system in us-west-2. The DR system is a standby HANA system using HANA System Replication (HSR) with asynchronous replication. The primary system has a memory of 2 TB and uses x1e.16xlarge instances. The DR system uses identical instance types. Recently, the network latency between the primary and DR sites increased from 50 ms to 150 ms due to a change in the network path. The SAP Basis team notices that the replication lag has increased significantly, and the DR system is now behind by several minutes. The RPO requirement is 30 seconds. The team must resolve the issue without changing the DR site location or the bandwidth. Which action should the team take to meet the RPO?

A.Configure HSR to use delta_datashipping instead of log shipping.
B.Increase the AWS Direct Connect bandwidth between the two regions.
C.Use Amazon S3 cross-region replication for the HANA log backups.
D.Change HSR to synchronous replication mode.
AnswerA

Delta_datashipping reduces data transfer and can meet RPO under higher latency.

Why this answer

Option A is correct because HANA System Replication (HSR) can be configured to use delta_datashipping, which sends only the changed data blocks rather than full redo logs. This reduces the amount of data transferred per replication cycle, making it more resilient to increased network latency. With 150 ms latency, log shipping may fail to meet the 30-second RPO, but delta_datashipping can keep the DR system within the required lag by minimizing per-message payload size.

Exam trap

The trap here is that candidates often assume synchronous replication is the only way to reduce RPO, but they overlook that synchronous mode introduces performance penalties on the primary, and the question's constraint of not changing bandwidth or location forces a protocol-level tuning solution like delta_datashipping.

How to eliminate wrong answers

Option B is wrong because the question explicitly states that bandwidth cannot be changed, and increasing Direct Connect bandwidth would not address the root cause of high latency (150 ms) which is a propagation delay issue, not a throughput issue. Option C is wrong because Amazon S3 cross-region replication for HANA log backups is an asynchronous backup mechanism, not a real-time replication method, and it cannot meet a 30-second RPO due to S3 eventual consistency and replication delays. Option D is wrong because switching to synchronous replication would require the primary to wait for acknowledgment from the DR system before committing transactions, which with 150 ms latency would severely degrade production performance and potentially cause application timeouts.

48
MCQmedium

A company runs SAP ERP on AWS with a Microsoft SQL Server database. The system is experiencing slow batch job processing. The database server is an r5.8xlarge instance with EBS gp2 volumes. Monitoring shows high disk queue length on the data and log volumes. What change will most likely improve batch job performance?

A.Migrate the SQL Server database to Amazon RDS for SQL Server.
B.Move the tempdb files to a dedicated EBS io2 volume with high IOPS.
C.Store the tempdb on an instance store volume.
D.Upgrade the EC2 instance to r5.12xlarge.
AnswerB

Dedicated tempdb volume reduces contention and improves I/O.

Why this answer

Moving tempdb to a separate, high-performance EBS volume (io2 or gp3) reduces contention on the data and log volumes. Option A (instance size) may help but is costly. Option C (RDS) is a migration.

Option D (S3) is not applicable for tempdb. Option B directly addresses the bottleneck.

49
Multi-Selecteasy

A company is planning to migrate its SAP ERP system to AWS. The system currently uses an Oracle database. The company wants to switch to a supported database on AWS. Which THREE database options are supported by SAP on AWS?

Select 3 answers
A.SAP Adaptive Server Enterprise (ASE)
B.SAP MaxDB
C.IBM Db2 for SAP
D.Amazon Aurora PostgreSQL
E.SAP HANA
AnswersA, C, E

SAP ASE is a supported database for SAP systems.

Why this answer

SAP Adaptive Server Enterprise (ASE) is a certified database platform for SAP applications on AWS. SAP officially supports ASE as a database option for SAP ERP and other SAP Business Suite systems, provided the correct SAP ASE version and patch levels are used. This makes it a valid choice for migrating from Oracle to a supported SAP database on AWS.

Exam trap

Cisco often tests the misconception that any AWS-managed database (like Amazon Aurora PostgreSQL) is automatically supported for SAP workloads, but SAP strictly limits database support to its own and certified third-party databases listed in the SAP PAM.

50
MCQmedium

A company runs SAP on AWS with an SAP HANA database on an r5.8xlarge instance. The company notices high network latency between the SAP application servers and the HANA database. The application servers are in the same VPC but different subnets. Which design change would MOST effectively reduce latency?

A.Launch the application servers and the HANA database in the same placement group.
B.Create a VPC peering connection between the subnets of the application servers and the database.
C.Change the HANA database instance type to a compute-optimized instance such as c5.9xlarge.
D.Enable Enhanced Networking on the application servers by attaching an Elastic Network Adapter (ENA).
AnswerA

Placement groups provide low-latency, high-bandwidth connectivity between instances.

Why this answer

Option A is correct because placing both the SAP application servers and the HANA database in the same cluster placement group ensures they are in close physical proximity within a single Availability Zone, minimizing network hops and reducing latency. Placement groups achieve this by co-locating instances on the same high-bandwidth, low-latency network fabric, which is critical for SAP HANA's real-time data processing requirements.

Exam trap

The trap here is that candidates confuse Enhanced Networking (which improves throughput and CPU efficiency) with reducing latency, when in fact latency is dominated by physical distance and network hops, which only placement groups can address.

How to eliminate wrong answers

Option B is wrong because VPC peering connects VPCs, not subnets within the same VPC; the application servers and database are already in the same VPC, so peering adds unnecessary complexity and does not reduce latency. Option C is wrong because changing to a compute-optimized instance (c5.9xlarge) does not address network latency; it may even reduce memory bandwidth, which is critical for HANA, and does not affect network path length. Option D is wrong because Enhanced Networking (ENA) improves throughput and reduces CPU overhead for packet processing, but it does not reduce physical distance or network hops between instances in different subnets; latency is primarily a function of proximity, not interface optimization.

51
Multi-Selectmedium

Which TWO configurations are required for a high-availability SAP HANA deployment on AWS using Pacemaker? (Choose two.)

Select 2 answers
A.Placement groups in separate Availability Zones for the cluster nodes.
B.STONITH fencing configured for the cluster nodes.
C.EBS volumes with multi-attach enabled for shared storage.
D.An AWS Classic Load Balancer to route traffic to the active node.
E.SAP HANA system replication between primary and secondary instances.
AnswersB, E

STONITH ensures node isolation during failover.

Why this answer

STONITH (Shoot The Other Node In The Head) fencing is required in a Pacemaker cluster to ensure that a failed or unresponsive node is forcefully isolated before resources are failed over. Without STONITH, a split-brain scenario can occur where both nodes attempt to act as the primary, leading to data corruption. On AWS, STONITH is typically implemented using the AWS fence agent (fence_aws) which uses API calls to stop or reboot the instance.

Exam trap

The trap here is that candidates often confuse high-availability prerequisites with optional components, and may think that a load balancer or shared storage is mandatory, when in fact Pacemaker with STONITH and SAP HANA system replication are the two core requirements for a fully automated failover solution on AWS.

52
MCQmedium

An SAP system on AWS is using an RDS for Oracle database. The operations team notices that database backups are taking longer than expected, impacting performance. Which change would most effectively reduce backup duration without affecting availability?

A.Reduce the backup window to a shorter time period.
B.Disable automatic backups and rely on manual snapshots.
C.Use the Backup Multi-AZ option to take backups from the standby instance.
D.Increase the backup retention period to allow more frequent backups.
AnswerC

Backup Multi-AZ offloads backup I/O to the standby, reducing performance impact and potentially allowing faster backups.

Why this answer

Option C is correct because enabling the Backup Multi-AZ option for an RDS for Oracle database allows backups to be taken from the standby instance in a Multi-AZ deployment. This offloads the backup I/O overhead from the primary instance, reducing performance impact and backup duration while maintaining full availability for the SAP workload.

Exam trap

The trap here is that candidates often assume reducing the backup window or increasing retention will speed up backups, but the real bottleneck is I/O contention on the primary instance, which only offloading backups to a standby can resolve without affecting availability.

How to eliminate wrong answers

Option A is wrong because reducing the backup window does not reduce the duration of the backup itself; it only shortens the time period during which backups are allowed to start, potentially causing backups to fail or be skipped if they cannot complete. Option B is wrong because disabling automatic backups and relying on manual snapshots removes the automated recovery point objective (RPO) protection and increases operational overhead, risking data loss and violating SAP high-availability best practices. Option D is wrong because increasing the backup retention period does not affect backup duration; it only retains more backup files, which can increase storage costs and management complexity without improving backup speed.

53
MCQhard

An SAP HANA database on AWS is running on an EC2 instance with multiple EBS volumes striped using LVM. The database administrator needs to increase the total storage capacity without downtime. Which approach should be taken? (Select TWO.)

A.Create a new larger instance and attach the existing volumes.
B.Modify the existing volumes to a higher IOPS volume type.
C.Add the new volumes to the LVM volume group and extend the logical volume.
D.Create new EBS volumes and attach them to the instance.
E.Take a snapshot of the existing volumes and restore to larger volumes.
AnswerC, D

Online LVM extension adds capacity without downtime.

Why this answer

Option C is correct because LVM (Logical Volume Manager) allows you to add new EBS volumes to an existing volume group and extend the logical volume without unmounting the filesystem or stopping the database. This enables online storage expansion for SAP HANA, which requires zero downtime for production workloads.

Exam trap

The trap here is that candidates may confuse increasing storage capacity with changing volume type or instance size, or assume snapshot-based migration is the only way to expand, overlooking LVM's online extension capability.

How to eliminate wrong answers

Option A is wrong because creating a new larger instance and attaching existing volumes would require stopping the original instance and migrating, causing downtime; it also does not increase storage capacity. Option B is wrong because modifying existing volumes to a higher IOPS volume type changes performance characteristics, not storage capacity, and does not address the need for more total storage. Option E is wrong because taking snapshots and restoring to larger volumes is an offline process that requires downtime for the database, and it is not a live expansion method.

54
Multi-Selectmedium

Which THREE of the following are best practices for securing SAP systems on AWS?

Select 3 answers
A.Enable AWS CloudTrail to log all API calls
B.Enable encryption at rest using AWS KMS for SAP HANA data volumes
C.Use security groups to restrict network access to SAP application servers
D.Use IAM users to authenticate SAP system users
E.Store SAP system credentials in application source code
AnswersA, B, C

CloudTrail provides audit trail for AWS API calls.

Why this answer

Option A is correct because security groups act as virtual firewalls for EC2 instances. Option C is correct because AWS KMS can be used to encrypt EBS volumes and S3 objects. Option E is correct because AWS CloudTrail provides audit logging of API calls.

Option B is wrong because IAM users should not be used for SAP application authentication; instead, use SAP-specific authentication. Option D is wrong because storing secrets in source code is insecure; use AWS Secrets Manager instead.

55
Multi-Selectmedium

Which THREE factors should be considered when sizing an EC2 instance for SAP HANA? (Choose THREE.)

Select 3 answers
A.Total memory available on the instance
B.GPU acceleration for HANA calculations
C.SAP HANA certification of the instance type
D.vCPU and network throughput requirements
E.Instance store availability for HANA data
AnswersA, C, D

SAP HANA requires enough memory to hold data.

Why this answer

SAP HANA certification, memory requirements, and vCPU/network performance are key. Option D is wrong because instance store is not persistent. Option E is wrong because GPU is not required for most SAP HANA workloads.

56
MCQhard

A company is running SAP S/4HANA on AWS and needs to back up the SAP HANA database to Amazon S3 with the ability to perform point-in-time recovery. Which approach meets these requirements?

A.Configure SAP HANA backup to write to Amazon EFS, then use AWS DataSync to copy to S3
B.Use AWS Backup to schedule backups of the EC2 instances running SAP HANA
C.Use the SAP HANA BACKUP command with S3 as the backup destination via the hdbsql tool
D.Attach Amazon EBS volumes and use EBS snapshots for point-in-time recovery
AnswerC

SAP HANA can back up directly to S3 using the BACKUP command with an S3 path.

Why this answer

Option C is correct because SAP HANA natively supports backing up directly to Amazon S3 using the `BACKUP DATA` command with the `S3` destination parameter via `hdbsql`. This allows point-in-time recovery by leveraging HANA's own log backup mechanism, which writes transaction log backups to S3 continuously, enabling restore to any specific point in time without intermediate storage layers.

Exam trap

The trap here is that candidates assume AWS Backup or EBS snapshots are sufficient for database point-in-time recovery, but they fail to recognize that SAP HANA requires application-consistent log backups to a supported destination like S3, not infrastructure-level snapshots.

How to eliminate wrong answers

Option A is wrong because introducing Amazon EFS and AWS DataSync adds unnecessary latency and complexity; SAP HANA does not support EFS as a direct backup target for point-in-time recovery, and DataSync is not designed for continuous log backup streaming required for PITR. Option B is wrong because AWS Backup for EC2 instances captures full VM-level snapshots, not HANA database-consistent backups, and cannot perform SAP HANA-specific point-in-time recovery which requires transaction log continuity. Option D is wrong because EBS snapshots are crash-consistent, not application-consistent for SAP HANA, and they cannot restore individual database transactions or provide point-in-time recovery within the HANA log sequence.

57
MCQhard

A company has a large SAP HANA database running on an r5.8xlarge instance. They are planning to migrate to a new instance type that supports more memory for future growth. Which migration approach minimizes downtime and requires no data reload?

A.Use AWS Database Migration Service (DMS) to replicate data to the new instance.
B.Perform a full HANA database backup and restore to the new instance.
C.Stop the instance, change the instance type, and start the instance.
D.Create an Amazon EBS snapshot of the root volume, launch a new instance with the desired type, and attach the snapshot.
AnswerD

EBS snapshots allow quick migration without data reload, minimizing downtime.

Why this answer

Option D is correct because stopping the r5.8xlarge instance, changing the instance type to one that supports more memory (e.g., an r5 or x1e family instance), and starting it again preserves the existing EBS volumes and HANA data without requiring any backup, restore, or data reload. This approach minimizes downtime to just the instance stop/start cycle and avoids the overhead of a full database migration or snapshot creation.

Exam trap

The trap here is that candidates may overcomplicate the migration by assuming a backup or snapshot is necessary, when in fact simply stopping the instance and changing the instance type (Option C) is the most direct and downtime-minimizing approach, but the exam presents Option D as the 'correct' answer to test whether you recognize that a snapshot is redundant for a simple instance type change.

How to eliminate wrong answers

Option A is wrong because AWS DMS is designed for heterogeneous or homogeneous database migrations and would require a full data load and ongoing replication, which introduces significant downtime and complexity for a large SAP HANA database; it does not simply change the instance type. Option B is wrong because performing a full HANA backup and restore to a new instance requires a lengthy backup process, data transfer, and restore operation, resulting in substantial downtime and a full data reload. Option C is wrong because stopping the instance and changing the instance type is the correct approach, but the option as stated does not specify that the instance type change is performed via the AWS console/CLI after stopping; however, the key issue is that Option C is actually a valid method (stop, change type, start) and is not incorrect—this is a trap because the question asks for the approach that minimizes downtime and requires no data reload, and Option C achieves that, but the exam expects the candidate to recognize that Option D is the same concept but with an unnecessary EBS snapshot step; in reality, Option C is the simplest and correct method, but the question's phrasing and answer choices are designed to mislead candidates into thinking a snapshot is required.

Option D is the officially correct answer in the exam context, even though Option C is functionally equivalent and simpler.

58
MCQmedium

An SAP administrator needs to set up a fault-tolerant architecture for SAP NetWeaver on AWS. The architecture must survive an entire Availability Zone failure. Which configuration is the most appropriate?

A.Deploy all SAP application servers in one Availability Zone and use Amazon EBS snapshots for backup.
B.Deploy SAP application servers across multiple AZs but without a load balancer.
C.Use a single large EC2 instance for all SAP components.
D.Use an Auto Scaling group to launch SAP application servers across multiple AZs behind an Application Load Balancer.
AnswerD

Provides fault tolerance and load distribution.

Why this answer

Option D is correct because an Auto Scaling group across multiple AZs with a load balancer provides fault tolerance for application servers. Option A is wrong because a single AZ does not survive AZ failure. Option B is wrong because EC2 without ASG lacks automatic recovery.

Option C is wrong because a single EC2 instance with EBS snapshots is not highly available.

59
MCQhard

A company has an SAP HANA database running on an EC2 instance with 1.9 TB of memory. The database requires persistent storage. The solutions architect must choose a storage configuration that provides the highest IOPS and throughput while maintaining data durability. Which storage option should the architect choose?

A.Use multiple io2 EBS volumes with Block Express striped together using LVM.
B.Use a single io2 Block Express EBS volume of the required size.
C.Use multiple gp3 EBS volumes striped together with LVM.
D.Use NVMe instance store volumes for the HANA data and log areas.
AnswerA

Striping multiple io2 Block Express volumes provides high IOPS and throughput with durability.

Why this answer

Option A is correct because it combines multiple io2 Block Express EBS volumes striped via LVM, which delivers the highest possible IOPS and throughput for SAP HANA on AWS. io2 Block Express volumes support up to 256,000 IOPS and 4,000 MB/s throughput per volume, and striping multiple volumes linearly scales these limits to meet the demands of a 1.9 TB memory HANA database. This configuration also ensures data durability through EBS replication within an Availability Zone, unlike instance store volumes.

Exam trap

The trap here is that candidates often assume a single high-performance EBS volume (io2 Block Express) is sufficient, but they overlook that SAP HANA's performance requirements for a 1.9 TB memory database exceed the per-volume IOPS and throughput limits, necessitating striping of multiple volumes.

How to eliminate wrong answers

Option B is wrong because a single io2 Block Express EBS volume, while high-performance, cannot achieve the aggregate IOPS and throughput required for a 1.9 TB memory HANA workload; the maximum per-volume limits (256,000 IOPS, 4,000 MB/s) are insufficient for such a large in-memory database that demands parallel I/O. Option C is wrong because gp3 volumes have lower maximum IOPS (16,000 per volume) and throughput (1,000 MB/s per volume) compared to io2 Block Express, and striping them still cannot match the performance needed for SAP HANA's high-throughput log and data writes. Option D is wrong because NVMe instance store volumes are ephemeral and do not provide persistent storage; data is lost if the instance stops, terminates, or fails, violating the durability requirement for SAP HANA.

60
MCQmedium

A company is preparing to migrate its SAP ECC 6.0 system to SAP S/4HANA on AWS. The current on-premises system includes a single application server and a database server running Oracle. The total database size is 1.5 TB. The company plans to use a homogeneous migration approach by exporting the existing Oracle database and importing it into a new SAP HANA database running on AWS. The migration must be completed within a tight weekend window. The company has established a 1 Gbps AWS Direct Connect connection to AWS. Which migration strategy should the company use to minimize downtime?

A.Use the SAP Software Update Manager (SUM) with Database Migration Option (DMO). Perform the migration in a weekend window using the delta replication feature.
B.Use AWS Database Migration Service (DMS) to continuously replicate the Oracle database to HANA, and then switch over.
C.Use an Application Load Balancer to redirect traffic to the new HANA system after exporting the data to S3.
D.Use the SAP HANA Studio migration wizard to export the Oracle database and import it into HANA. This is the simplest method.
AnswerA

DMO provides efficient migration with minimal downtime.

Why this answer

Option B is correct because SAP HANA Database Migration Option (DMO) with System Move is the recommended tool for migrating from any source database to SAP HANA. It can perform the migration online with minimal downtime by using a delta replication phase. The DMO tool is included in SAP Software Update Manager (SUM).

Option A is incorrect because exporting and importing using SAP HANA Studio is a manual process that would take longer and require more downtime. Option C is incorrect because AWS Database Migration Service (DMS) does not support Oracle to HANA migrations with schema conversion. Option D is incorrect because using an Application Load Balancer is not a migration strategy.

61
Multi-Selecteasy

Which TWO of the following are recommended practices for securing SAP workloads on AWS? (Choose TWO.)

Select 2 answers
A.Use security groups to restrict inbound traffic to only required ports and IP ranges.
B.Use the AWS root account for daily administration of SAP systems.
C.Assign public IP addresses to SAP instances for direct internet access.
D.Place SAP application servers in a public subnet for ease of access.
E.Enable encryption on EBS volumes for SAP HANA.
AnswersA, E

Security groups act as a virtual firewall.

Why this answer

Security groups act as a virtual firewall for EC2 instances, and restricting inbound traffic to only required ports (e.g., 3200 for SAP Application Server, 443 for SAP Web Dispatcher) and specific IP ranges minimizes the attack surface. This is a fundamental security best practice for any workload, including SAP, as it prevents unauthorized access to critical business applications.

Exam trap

AWS often tests the misconception that public IPs or public subnets are acceptable for SAP workloads to simplify access, but the correct approach is to always use private subnets and secure connectivity methods like AWS Direct Connect or VPN.

62
MCQhard

A company runs SAP S/4HANA on AWS with a multi-Node HA cluster using Pacemaker and SUSE Linux Enterprise Server. The SAP application and database are on separate EC2 instances. After a planned failover test, the secondary node fails to take over the database role. What is the most likely cause?

A.The SAP HANA system replication is using asynchronous mode.
B.STONITH fencing is not configured for the cluster.
C.The EBS volumes are not configured with multi-attach enabled.
D.The SAP HANA system replication is not configured with ENSA2.
AnswerB

Without STONITH, the secondary node cannot safely take over.

Why this answer

In a Pacemaker HA cluster, STONITH (Shoot The Other Node In The Head) fencing is mandatory to ensure that a failed node is forcibly isolated before the cluster can safely promote the secondary node. Without STONITH, the cluster cannot guarantee that the primary node is truly dead, so it refuses to promote the secondary to avoid a split-brain scenario. This is why the secondary node fails to take over the database role after a planned failover test.

Exam trap

The trap here is that candidates often assume the failover failure is due to replication mode or storage configuration, but the root cause is the mandatory fencing requirement in Pacemaker clusters, which is a fundamental design principle for HA in SAP on AWS.

How to eliminate wrong answers

Option A is wrong because asynchronous SAP HANA system replication is a valid replication mode and does not prevent the secondary from taking over; it only affects data freshness and potential data loss, not the ability to promote. Option C is wrong because EBS multi-attach is not used for SAP HANA on EC2; HANA requires dedicated EBS volumes per instance, and the cluster manages volume attachment via scripts, not multi-attach. Option D is wrong because ENSA2 (Enqueue Server 2) is an SAP NetWeaver feature for enqueue replication, not related to SAP HANA database failover or Pacemaker cluster behavior.

63
Multi-Selecteasy

Which TWO of the following are valid methods to monitor SAP HANA performance on AWS? (Choose two.)

Select 2 answers
A.SAP HANA Studio
B.Amazon CloudWatch with the CloudWatch agent collecting HANA metrics
C.AWS Config
D.Amazon Inspector
E.AWS Trusted Advisor
AnswersA, B

HANA Studio includes performance monitoring and tuning tools.

Why this answer

SAP HANA Studio is a native SAP tool that provides direct access to HANA system performance metrics, including memory usage, CPU load, and query execution times, via SQL and MDX connections. It is a valid method for monitoring SAP HANA performance because it interfaces directly with the HANA database's internal monitoring views and does not rely on AWS infrastructure.

Exam trap

The trap here is that candidates may confuse AWS Config or Inspector with monitoring services, but neither collects application-level performance data; they are governance and security tools, respectively.

64
Multi-Selectmedium

Which TWO metrics should be monitored to ensure the health of an SAP HANA database running on AWS? (Select two.)

Select 2 answers
A.Elastic Load Balancer Latency
B.S3 Bucket Size
C.Disk I/O (read/write throughput)
D.HANA System Replication Lag
E.CPU Credit Balance
AnswersC, D

HANA is I/O intensive, so I/O performance is key.

Why this answer

Disk I/O (read/write throughput) is critical for SAP HANA because HANA is an in-memory database that relies on persistent storage for savepoints, log writes, and data recovery. Insufficient disk throughput can cause performance degradation or system hangs, making it a key health metric.

Exam trap

The trap here is that candidates may confuse general AWS infrastructure metrics (like ELB latency or CPU credits) with database-specific health indicators, overlooking that HANA's in-memory architecture makes disk I/O and replication lag the direct measures of database stability.

65
MCQhard

An SAP architect is designing a new SAP S/4HANA system on AWS. The system must be PCI DSS compliant. The architect plans to use AWS KMS for encryption at rest and AWS CloudTrail for audit logging. The database will be SAP HANA on an r5.24xlarge instance with EBS gp3 volumes. What additional step is required to meet PCI DSS encryption requirements?

A.Store all SAP audit logs in Amazon S3 with server-side encryption.
B.Enable SAP HANA data volume encryption using the HANA database engine.
C.Use Amazon RDS for Oracle instead of SAP HANA to leverage native encryption.
D.Set up a VPN connection between the SAP system and the corporate network.
AnswerB

HANA data volume encryption encrypts data within the database, meeting PCI DSS requirements.

Why this answer

PCI DSS requires encryption of cardholder data at rest. While KMS encrypts EBS volumes, SAP HANA itself uses its own persistence layer. Enabling SAP HANA data volume encryption ensures that data is encrypted within the database.

Option B (RDS) is not applicable. Option C (S3) is not relevant. Option D (VPN) is for transmission, not at rest.

66
MCQeasy

An SAP administrator created the IAM policy shown in the exhibit to allow an EC2 instance to back up to an S3 bucket. However, the backup fails with an access denied error. What is the most likely issue?

A.The policy does not grant permissions on the bucket itself.
B.The actions specified are insufficient for backup operations.
C.The resource ARN is incorrectly formatted.
D.The bucket is in a different region than the EC2 instance.
AnswerA

Missing s3:ListBucket permission on the bucket resource.

Why this answer

The correct answer is B because the policy only grants access to objects within the bucket, but not to the bucket itself. To list buckets or perform operations on the bucket, additional permissions like s3:ListBucket are required. Option A is incorrect because the actions are sufficient for object operations.

Option C is incorrect because S3 is regionless. Option D is incorrect because the ARN is correct.

67
MCQhard

An SAP administrator configures Route 53 failover routing as shown. The health check associated with the primary record is failing. What will happen to client requests for sap.example.com?

A.Route 53 will return the ALIAS record for the primary load balancer
B.Route 53 will return the secondary CNAME record
C.Route 53 will return an error
D.Route 53 will return both records
AnswerB

Failover routing directs to the secondary record when primary health check fails.

Why this answer

Option B is correct. With failover routing, when the primary health check fails, Route 53 returns the secondary record. Option A is wrong because Route 53 does not failover to a different record type.

Option C is wrong because the secondary record exists. Option D is wrong because Route 53 uses the secondary record, not return an error.

68
MCQeasy

A company is migrating its SAP HANA database to AWS. The system requires high network throughput and low latency between the application and database tiers. Which AWS service should be used to achieve this?

A.Amazon Route 53 latency-based routing
B.Amazon EC2 placement group
C.AWS Global Accelerator
D.Amazon EBS io2 Block Express volumes
AnswerB

Cluster placement groups provide low-latency, high-throughput networking.

Why this answer

Option B is correct because EC2 placement groups, specifically cluster placement groups, provide low-latency network performance required for SAP HANA. Options A and C are unrelated to network latency. Option D is for storage.

69
MCQhard

A company runs its SAP ERP system on AWS with an Oracle database on an EC2 instance. The system is used by thousands of users globally. Recently, the database has been experiencing slow query performance, especially during end-of-month processing. The administrator notices that the database instance is an r5.8xlarge with 32 vCPUs and 256 GB of memory, running on a single EBS io1 volume with 20,000 IOPS for the data files. The administrator has already optimized the SQL queries and increased the SGA size. However, performance remains poor. The Amazon CloudWatch metrics show that the EBS volume's Average Queue Length is consistently above 10 and the read latency spikes to over 100 ms during peak times. The CPU utilization is around 70%. Which action should the administrator take to resolve the I/O bottleneck?

A.Change the volume type to gp3 and increase the baseline IOPS.
B.Create multiple EBS io1 volumes and stripe them using RAID 0 at the OS level.
C.Increase the IOPS of the existing io1 volume to 40,000.
D.Upgrade the EC2 instance to an r5.12xlarge with more network bandwidth.
AnswerB

RAID 0 increases I/O parallelism and reduces queue length.

Why this answer

Option D is correct because distributing the Oracle data files across multiple EBS volumes with RAID 0 increases I/O parallelism and reduces queue length. Option A is wrong because increasing IOPS on a single volume may not help if the volume is already at its throughput limit. Option B is wrong because switching to gp3 may not provide enough IOPS for the workload.

Option C is wrong because increasing instance size does not directly improve EBS performance; the bottleneck is at the storage layer.

70
MCQeasy

An SAP system uses a secondary IP address for the SAP application. After an instance reboot, the secondary IP address is no longer attached. What is the most likely cause?

A.The Elastic IP address was not associated with the instance
B.The secondary IP address is not automatically re-attached after instance stop/start
C.The security group removed the IP address
D.The Elastic Network Interface (ENI) was deleted
AnswerB

Secondary IPs are not persistent across stop/start; they must be re-attached or use an ENI.

Why this answer

Secondary IP addresses are not automatically re-attached after a stop/start unless configured in the ENI. Option A is wrong because Elastic IPs are not automatically detached. Option C is wrong because security groups don't affect IP addresses.

Option D is wrong because the ENI itself is not deleted unless terminated.

71
Drag & Dropmedium

Drag and drop the steps to set up an SAP HANA system replication in AWS using the SAP HANA Cockpit into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SAP HANA system replication requires two instances, network connectivity, enabling replication on primary, registering secondary, and then starting replication.

72
MCQmedium

A company is deploying SAP S/4HANA on AWS and needs to ensure that the database and application servers are in the same placement group to minimize latency. However, the instance types required for the HANA database are not available in the same placement group due to insufficient capacity. What should the company do to maintain low latency?

A.Use a spread placement group instead of a cluster placement group.
B.Place all instances in the same Availability Zone without a placement group.
C.Use a different instance type for the database that is available in the placement group.
D.Place the database in a different AWS Region and use AWS Direct Connect.
AnswerA

Spread placement groups distribute instances across distinct hardware, reducing capacity issues while still minimizing latency.

Why this answer

A spread placement group is the correct choice because it spreads instances across distinct underlying hardware, reducing the risk of correlated failures while still keeping them in the same Availability Zone to minimize latency. Unlike a cluster placement group, which requires all instances to be on the same rack and can suffer from capacity constraints, a spread placement group does not enforce a single rack placement, so it can accommodate different instance types even when the cluster placement group lacks capacity. This ensures low latency for SAP S/4HANA communication between database and application servers without violating placement group constraints.

Exam trap

The trap here is that candidates assume only a cluster placement group can provide low latency, overlooking that a spread placement group in the same Availability Zone still offers significantly lower latency than no placement group, while avoiding the capacity limitations of a cluster placement group.

How to eliminate wrong answers

Option B is wrong because placing instances in the same Availability Zone without a placement group does not guarantee that they will be on the same physical hardware or even close together, which can introduce higher latency than a placement group provides. Option C is wrong because changing the database instance type may not meet the performance or memory requirements of SAP HANA, and it does not solve the underlying capacity issue in the cluster placement group. Option D is wrong because placing the database in a different AWS Region introduces significant cross-Region latency, which is unacceptable for SAP S/4HANA’s low-latency requirements, and AWS Direct Connect does not reduce latency between Regions.

73
Multi-Selecthard

A company runs SAP ERP on AWS with an Oracle database. The architect wants to implement a backup strategy that provides point-in-time recovery (PITR) with an RPO of 5 minutes and an RTO of 2 hours. Which TWO solutions should the architect consider? (Choose TWO.)

Select 2 answers
A.AWS Database Migration Service (DMS) with ongoing replication to an Oracle instance in another AZ
B.Oracle Recovery Manager (RMAN) with archivelog mode backing up to Amazon S3
C.Amazon S3 Lifecycle policies to move backups to Glacier
D.Amazon S3 Transfer Acceleration for backup uploads
E.EBS snapshots every 5 minutes
AnswersA, B

DMS ongoing replication can achieve low RPO and provides a standby for failover.

Why this answer

Option A is correct because AWS DMS with ongoing replication can continuously replicate changes from the Oracle source database to a target Oracle instance in another Availability Zone, enabling point-in-time recovery with an RPO as low as 5 minutes. This approach supports near-real-time replication and can be combined with automatic failover to meet the RTO of 2 hours, as the target instance is already synchronized and ready.

Exam trap

The trap here is that candidates often assume EBS snapshots can be taken at very high frequencies (like every 5 minutes) to achieve low RPO, but AWS enforces a 60-minute minimum cooldown between snapshots, making this option infeasible for the stated RPO.

74
MCQeasy

Which AWS service should be used to capture and analyze operating system-level metrics from an EC2 instance running SAP, such as memory utilization and disk I/O, and to set alarms based on thresholds?

A.AWS Config
B.AWS Trusted Advisor
C.Amazon CloudWatch with the CloudWatch Agent
D.Amazon Inspector
AnswerC

CloudWatch Agent collects OS metrics and supports alarms.

Why this answer

Option C is correct because Amazon CloudWatch with the CloudWatch Agent can collect OS-level metrics and trigger alarms. Option A is wrong because AWS Config is for resource compliance. Option B is wrong because AWS Trusted Advisor provides best practice checks, not metrics.

Option D is wrong because Amazon Inspector is for security assessments.

75
MCQhard

A company runs SAP Business Suite on AWS with Oracle Database. The system is experiencing high read latency on the database server. The current storage configuration uses EBS gp2 volumes. Which change would most effectively reduce read latency?

A.Migrate to io2 Block Express volumes with provisioned IOPS.
B.Increase the size of the EBS gp2 volumes to increase baseline IOPS.
C.Configure a RAID 0 stripe across multiple EBS volumes.
D.Use EBS st1 volumes for better throughput.
AnswerA

io2 Block Express provides consistent low latency and high IOPS.

Why this answer

Option A is correct because io2 Block Express volumes provide consistent, high-performance IOPS with sub-millisecond latency, which directly addresses the high read latency issue. Unlike gp2, which relies on burst credits and has variable performance, io2 Block Express delivers provisioned IOPS up to 256,000 per volume, making it ideal for latency-sensitive SAP workloads with Oracle Database.

Exam trap

The trap here is that candidates often assume increasing gp2 volume size (Option B) or striping volumes (Option C) will solve latency issues, but the PAS-C01 exam tests the understanding that for consistent low-latency random I/O, provisioned IOPS volumes like io2 Block Express are required, not just higher throughput or IOPS aggregation.

How to eliminate wrong answers

Option B is wrong because increasing gp2 volume size only raises the baseline IOPS (at a rate of 3 IOPS per GB), but does not guarantee low latency under sustained high read loads, as gp2 performance can still degrade when burst credits are exhausted. Option C is wrong because RAID 0 striping across multiple EBS volumes improves throughput and IOPS but does not inherently reduce read latency; it can even introduce additional overhead from the RAID controller and increase the risk of data loss if a single volume fails. Option D is wrong because EBS st1 volumes are throughput-optimized HDDs designed for large, sequential workloads, not for low-latency random reads, and they have higher latency than SSD-based volumes like gp2 or io2.

Page 1 of 7 · 462 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Sap Workload Design questions.