Amazon PAS-C01 Exam Practice Test Instant Access

Question 1

A company runs its SAP ERP 6 0 EHP 8 system on SAP HANAon AWS The system is deployed on an r4 I6xlarge Amazon EC2 instance with default tenancy. The company needs to migrate the SAP HANA database to an x2gd/.6xiarge High Memory instance After an operations engineer changes the instance type and starts the instance the AWS Management Console shows a failed instance status check

What is the cause of this problem?

AThe operations engineer missed the network configuration step during the post-migration activities

BThe operations engineer missed the Amazon CloudWatch configuration step during the post-migration activities.

CThe operations engineer did not install Elastic Network Adapter (ENA) drivers before changing the instance type

DThe operations engineer did not create a new AMI from the original instance and did not launch a new instance with dedicated tenancy from the AMI

Answer : C

The Elastic Network Adapter (ENA) is a software-based network interface that provides high-performance network connectivity and is required for instances with higher network performance requirements. If the ENA drivers are not installed before changing the instance type, the instance will not be able to communicate with the network, resulting in a failed instance status check.

C is correct because installing Elastic Network Adapter (ENA) drivers before changing the instance type is required to support High Memory instances. ENA drivers provide enhanced networking capabilities for EC2 instances. The other options are not relevant or necessary for migrating SAP HANA database to a High Memory instance. Reference: https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/amazon-ec2.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

Question 2

A company wants to migrate its SAP S/4HANA software from on premises to AWS in a few weeks An SAP solutions architect plans to use AWS Launch Wizard for SAP to automate me SAP deployment on AWS

Which combination of steps must the SAP solutions architect take to use Launch Wizard to meet these requirements? (Select TWO.)

ADownload the SAP software files from the SAP Support Portal Upload the SAP software files to Amazon S3 Provide the S3 bucket path as an input to Launch Wizard

BProvide the SAP S-user ID and password as inputs to Launch Wizard to download the software automatically.

CFormat the S3 Tile path syntax according to the Launch Wizard deployment recommendation

DUse an AWS CloudFormation template for the automated deployment of the SAP landscape

EProvision Amazon EC2 instances Tag the instances to install SAP S'4HANA on them

Answer : A, C

A is correct because downloading the SAP software files from the SAP Support Portal and uploading them to Amazon S3 is required to provide Launch Wizard with access to the software files. C is correct because formatting the S3 file path syntax according to Launch Wizard deployment recommendation is required to ensure that Launch Wizard can locate and download the software files correctly. The other options are not correct or necessary for using Launch Wizard to deploy SAP S/4HANA software on AWS. Reference: https://docs.aws.amazon.com/launchwizard/latest/userguide/deploy-s4hana-software-files.html https://docs.aws.amazon.com/launchwizard/latest/userguide/deploy-s4hana-software-files-formatting.html

Question 3

A company wants to migrate its SAP landscape from on premises to AWS

What are the MINIMUM requirements that the company must meet to ensure full support of SAP on AWS? (Select THREE.)

AEnable detailed monitoring for Amazon CloudWatch on each instance in the landscape

BDeploy the infrastructure by using SAP Cloud Appliance Library

CInstall configure and run the AWS Data Provider for SAP on each instance m the landscape

DProtect all production instances by using Amazon EC2 automatic recovery

EDeploy the infrastructure for the SAP landscape by using AWS Launch Wizard for SAP

FDeploy the SAP landscape on an AWS account that has either an AWS Business Support plan or an AWS Enterprise Support plan

Answer : C, D, F

C is correct because installing, configuring and running the AWS Data Provider for SAP on each instance in the landscape is required to provide specific performance metrics that are needed by SAP support. D is correct because protecting all production instances by using Amazon EC2 automatic recovery is required to ensure high availability and fault tolerance for SAP systems. F is correct because deploying the SAP landscape on an AWS account that has either an AWS Business Support plan or an AWS Enterprise Support plan is required to ensure full support of SAP on AWS. The other options are not relevant or necessary for ensuring full support of SAP on AWS. Reference: https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/high-availability.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/support.html

Question 4

A company is migrating its SAP workloads to AWS The company's IT team installs a highly available SAP S.4HANA system that uses the SAP HANA system replication cluster package on SUSE Linux Enterprise Server. The IT team deploys the system by using cluster nodes m different Availability Zones within the same AWS Region.

After the initial launch of the SAP application the application is accessible However after failover the IT team cannot access the application even though the system is up and running on the secondary node After investigation an SAP solutions architect discovers that the virtual IP address has not been used correctly

Which combination of steps should the SAP solutions architect take to resolve this problem? (Select TWO.)

AUse an overlay IP address as a secondary IP address with the primary node of the cluster

BChoose an overlay IP address within the VPC CiDR block that corresponds with the secondary node of the cluster

CUse an overlay IP address as a virtual IP address

DChoose an overlay IP address within the VPC CIDR block that corresponds with the primary node of the cluster

EChoose an overlay IP address outside the VPC CiDR block that hosts the application and the database

Answer : C, E

Question 5

A company is running its SAP applications on Oracle Database Oracle Database is hosted on physical servers that are running SUSE Linux Enterprise Server Because of compliance requirements the company cannot install any additional software on its on premises database servers. The company needs to migrate the SAP landscape to AWS and must continue to use Oracle Database.

Which migration solution should the company use to meet these requirements?

AAWS Server Migration Service (AWS SMS)

BAWS Application Migration Service (CloudEndure Migration)

CSAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move

DOracle Database replication with Oracle Data Guard

Answer : D

This option would allow the company to continue using Oracle Database while also meeting their compliance requirements, as they would not need to install any additional software on their on-premises servers. They can use Oracle Data Guard to replicate their existing Oracle Database to an instance running on AWS, providing a way to migrate their SAP landscape to AWS while still using the same database.

Question 6

A company has deployed SAP workloads on AWS The AWS Data Provider for SAP is installed on the Amazon EC2 instance where the SAP application is running An SAP solutions architect has attached an IAM role to the EC2 instance with the following policy.

The AWS Data Provider for SAP is not returning any metrics to the SAP application. Which change should the SAP solutions architect make to the 1AM permissions to resolve this issued.

AAdd the cloudwatch ListMetrics action to the policy statement with Sid AWSDataProvider1.

BAdd the cloudwatch GetMetricStatrstics action to the policy statement with Sid AWSDataProvider1

CAdd the cloudwatch GetMetricStream action (o the policy statement with Sid AWSDataProvider

DAdd the cloudwatch DescribeAlarmsForMetric action to the policy statement with Sid AWSDataProvider

Answer : B

The AWS Data Provider for SAP requires the ability to access metrics data in order to return metrics to the SAP application. The IAM policy statement with Sid 'AWSDataProvider1' currently does not have the necessary permissions to access metrics data. The SAP solutions architect should add the cloudwatch:GetMetricStatistics action to the policy statement with Sid 'AWSDataProvider1' to grant the necessary permissions for the Data Provider to access metrics data.

The other actions such as 'EC2:DescribeInstances' and 'EC2:DescribeVolumes' are not related to CloudWatch metrics and only provide the ability to describe EC2 instances and volumes. Actions such as 's3:GetObject' are not related to CloudWatch metrics, it's used to get an object from an S3 bucket. Actions such as 'cloudwatch:ListMetrics' and 'cloudwatch:DescribeAlarmsForMetric' would not be necessary for the AWS Data Provider for SAP to return metrics to the SAP application and it's not related to the problem described.

https://docs.aws.amazon.com/sap/latest/general/data-provider-troubleshooting.html

Question 7

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.

Which solution win meet this requirement?

AModify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block

BAdd a rule in the security group of the EC2 instances to deny access from the IP address block

CCreate a policy in AWS identity and Access Management (1AM) to deny access from the IP address block

DConfigure the firewall m the operating system of the EC2 instances to deny access from the IP address block

Answer : A

The company can meet its requirement by modifying the network access control lists (ACLs) that are associated with all public subnets in the VPC to deny access from the offending IP address block. This would deny access to the VPC from all the IP addresses that are attempting port scans, and would be effective for the next 24 hours.

Security groups are associated with individual instances, it would be more time-consuming to update all instances security groups and it's not scalable. AWS Identity and Access Management (IAM) is mainly used to manage user access to AWS resources and it's not appropriate for this use case. Configuring the firewall on the operating system of the EC2 instances would be less effective as it does not provide a centralized and scalable solution for managing access control across all subnets in the VPC.

Top of Form

Amazon PAS-C01 AWS Certified: SAP on AWS - Specialty Exam Practice Test