Drag and drop the steps to troubleshoot an SAP HANA database connection failure from an SAP application in AWS into the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
PAS-C01 · topic practice
Practise AWS Certified SAP on AWS Specialty PAS-C01 Troubleshooting practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.
Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.
What the exam tests
Troubleshooting questions test whether you can apply the concept in context, not just recognise a definition.
How the topic appears in realistic exam-style scenarios.
Which detail in the question changes the correct answer.
How to eliminate plausible but wrong options.
How to connect the question back to the wider exam objective.
Watch out for
Practice set
11 questions · select your answer, then reveal the explanation
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Trap 1: CloudFrontFullAccess
This policy is for CloudFront distributions, not S3 bucket operations.
Trap 2: AdministratorAccess
Overly permissive and not a best practice.
Trap 3: AmazonS3ReadOnlyAccess
This policy only allows read access, not write.
CloudFrontFullAccess
Why wrong: This policy is for CloudFront distributions, not S3 bucket operations.
AdministratorAccess
Why wrong: Overly permissive and not a best practice.
AmazonS3ReadOnlyAccess
Why wrong: This policy only allows read access, not write.
A custom policy allowing s3:PutObject and s3:ListBucket on the target bucket.
These are the minimum permissions needed to upload files to S3.
Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/CrossAccountRole"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/logs/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
```Trap 1: The S3 bucket has versioning enabled, which requires additional…
Versioning does not affect the ability to upload objects; the condition is the issue.
Trap 2: The resource ARN in the bucket policy is incorrect; it should be…
The resource ARN with logs/* is valid and restricts to the logs/ prefix.
Trap 3: The bucket policy does not grant the s3:PutObject permission to the…
The policy explicitly allows s3:PutObject for the specified role.
The IAM role does not specify the x-amz-acl header with value bucket-owner-full-control in its PutObject request.
The bucket policy condition requires this header; without it, the request is denied.
The S3 bucket has versioning enabled, which requires additional permissions.
Why wrong: Versioning does not affect the ability to upload objects; the condition is the issue.
The resource ARN in the bucket policy is incorrect; it should be arn:aws:s3:::my-bucket/*.
Why wrong: The resource ARN with logs/* is valid and restricts to the logs/ prefix.
The bucket policy does not grant the s3:PutObject permission to the IAM role.
Why wrong: The policy explicitly allows s3:PutObject for the specified role.
Trap 1: The volume /dev/sdf has DeleteOnTermination set to false, which…
False is the correct setting to prevent data loss.
Trap 2: The device names /dev/sdf and /dev/sdg are reserved for NVMe…
These device names are valid for EBS.
Trap 3: The volumes are attached to a running instance, which prevents…
Snapshots can be taken of attached volumes.
The volume /dev/sdf has DeleteOnTermination set to false, which will cause data persistence issues.
Why wrong: False is the correct setting to prevent data loss.
The device names /dev/sdf and /dev/sdg are reserved for NVMe instance storage and should not be used for EBS.
Why wrong: These device names are valid for EBS.
The volumes are attached to a running instance, which prevents snapshot creation.
Why wrong: Snapshots can be taken of attached volumes.
The volumes are not tagged, so AWS Backup may not automatically include them in backup plans.
AWS Backup typically uses tags to identify resources.
Trap 1: Amazon S3 server access logs
S3 access logs record requests to S3, but not all AWS API calls.
Trap 2: Amazon CloudWatch Logs
CloudWatch Logs stores application logs, not API calls.
Trap 3: AWS Config
Config tracks configuration changes, not API calls.
Amazon S3 server access logs
Why wrong: S3 access logs record requests to S3, but not all AWS API calls.
Amazon CloudWatch Logs
Why wrong: CloudWatch Logs stores application logs, not API calls.
AWS Config
Why wrong: Config tracks configuration changes, not API calls.
AWS CloudTrail
CloudTrail provides a record of API calls for governance and auditing.
Refer to the exhibit.
{
"Rules": [
{
"SourceSecurityGroupId": "sg-12345",
"IpProtocol": "tcp",
"FromPort": 3300,
"ToPort": 3300
}
]
}Trap 1: The source should be the IP address range of the application…
Using security group is correct.
Trap 2: The rule uses the wrong protocol; it should be UDP.
SAP HANA uses TCP.
Trap 3: The outbound rule on the application server security group is…
Outbound rules are typically allow-all by default.
The source should be the IP address range of the application servers.
Why wrong: Using security group is correct.
The rule uses the wrong protocol; it should be UDP.
Why wrong: SAP HANA uses TCP.
The outbound rule on the application server security group is missing.
Why wrong: Outbound rules are typically allow-all by default.
The port number is incorrect for SAP HANA.
SAP HANA uses port 3<instance_number>15, not 3300.
Trap 1: The instance is using EBS-optimized with insufficient bandwidth
EBS optimization does not affect CPU credits.
Trap 2: The SAP application is using too much memory
Memory usage doesn't deplete CPU credits.
Trap 3: The instance has a high network throughput causing CPU overhead
Network throughput does not directly deplete CPU credits.
The instance is using EBS-optimized with insufficient bandwidth
Why wrong: EBS optimization does not affect CPU credits.
The SAP application is using too much memory
Why wrong: Memory usage doesn't deplete CPU credits.
The instance has a high network throughput causing CPU overhead
Why wrong: Network throughput does not directly deplete CPU credits.
The instance is a burstable performance instance (e.g., T3) not an r5
Burstable instances earn CPU credits; r5 instances do not have CPU credits.
Trap 1: Increase the frequency of EBS snapshots to offload I/O.
Snapshots do not offload I/O; they add overhead.
Trap 2: Upgrade to a larger EC2 instance type with more CPU and memory.
Larger instance type does not directly improve disk I/O.
Trap 3: Disable the HANA delta merge operation to reduce I/O load.
Delta merge helps maintain performance; disabling it increases fragmentation.
Increase the frequency of EBS snapshots to offload I/O.
Why wrong: Snapshots do not offload I/O; they add overhead.
Change the EBS volume type from gp2 to gp3 with higher IOPS and throughput.
gp3 provides better performance and is cost-effective.
Upgrade to a larger EC2 instance type with more CPU and memory.
Why wrong: Larger instance type does not directly improve disk I/O.
Disable the HANA delta merge operation to reduce I/O load.
Why wrong: Delta merge helps maintain performance; disabling it increases fragmentation.
Trap 1: AWS CloudTrail
CloudTrail records API activity, not OS-level process metrics.
Trap 2: AWS Systems Manager Inventory
Inventory collects installed software and configuration, not real-time resource usage.
Trap 3: AWS Compute Optimizer
Compute Optimizer analyzes utilization patterns over time to recommend instance types, not per-process metrics.
AWS CloudTrail
Why wrong: CloudTrail records API activity, not OS-level process metrics.
Amazon CloudWatch agent with the 'procstat' plugin
The CloudWatch agent can collect per-process CPU, memory, and disk metrics and publish them as custom CloudWatch metrics.
AWS Systems Manager Inventory
Why wrong: Inventory collects installed software and configuration, not real-time resource usage.
AWS Compute Optimizer
Why wrong: Compute Optimizer analyzes utilization patterns over time to recommend instance types, not per-process metrics.
Trap 1: Change the EBS volume to instance store.
Instance store is ephemeral and not for persistent data.
Trap 2: Move the EC2 instance to a larger instance family.
Instance size increase may not address disk I/O bottleneck.
Trap 3: Increase the number of vCPUs on the EC2 instance.
CPU is underutilized; more vCPUs won't help.
Increase the IOPS of the EBS gp2 volume or switch to io1.
Higher IOPS improves disk throughput, reducing I/O wait.
Change the EBS volume to instance store.
Why wrong: Instance store is ephemeral and not for persistent data.
Move the EC2 instance to a larger instance family.
Why wrong: Instance size increase may not address disk I/O bottleneck.
Increase the number of vCPUs on the EC2 instance.
Why wrong: CPU is underutilized; more vCPUs won't help.
Trap 1: aws ec2 describe-subnets
This shows subnets but not instance-specific network details.
Trap 2: aws ec2 describe-network-interfaces
This shows network interfaces but not specifically for the instance.
Trap 3: aws ec2 describe-security-groups
This shows all security groups, not specifically attached to the instance.
aws ec2 describe-subnets
Why wrong: This shows subnets but not instance-specific network details.
aws ec2 describe-network-interfaces
Why wrong: This shows network interfaces but not specifically for the instance.
aws ec2 describe-security-groups
Why wrong: This shows all security groups, not specifically attached to the instance.
aws ec2 describe-instances --instance-ids i-0abcd1234efgh5678 --query 'Reservations[0].Instances[0].NetworkInterfaces'
This query returns network interface details including public IP, security groups, etc.
Free account
Create a free account to save your results and see which topics improve across sessions.
Focused Troubleshooting sessions
Every question in these sessions is drawn from the Troubleshooting domain — nothing else.
Related practice questions
Move into related areas when this topic feels solid.
Practise PAS-C01 questions linked to Design of SAP Workloads on AWS.
Practise PAS-C01 questions linked to Technology.
Practise PAS-C01 questions linked to Migration.
Practise PAS-C01 questions linked to Operations and Maintenance.
Practise PAS-C01 questions linked to PAS-C01 fundamentals.
Practise PAS-C01 questions linked to PAS-C01 scenario.
Practise PAS-C01 questions linked to PAS-C01 troubleshooting.
A free account saves results across sessions and highlights which topics need work.
Sign up free