Amazon PAS-C01 Exam Practice Test Instant Access

Question 1

A global retail company is running its SAP landscape on AWS Recently the company made changes to its SAP Web Dispatcher architecture The company added an additional SAP Web Dispatcher for high availability with an Application Load Balancer (ALB) to balance the load between the two SAP Web Dispatchers

When users try to access SAP through the ALB the system is reachable However the SAP backend system is showing an error message An investigation reveals that the issue is related to SAP session handling and distribution of requests . The company confirmed that the system was working as expected with one SAP Web Dispatcher. The company replicated the configuration of that SAP Web Dispatcher to the new SAP Web Dispatcher

How can the company resolve the error?

AMaintain persistence by using session cookies Enable session stickiness (session affinity) on the SAP Web Dispatchers by setting the wdisp/HTTP/esid_support parameter to True

BMaintain persistence by using session cookies Enable session stickiness (session affinity) on the ALB

CTurn on host-based routing on the ALB to route traffic between the SAP Web Dispatchers

DTurn on URL-based routing on the ALB to route traffic to the application based on URL

Answer : A

The error message being displayed is related to SAP session handling and distribution of requests. By using session cookies, the company can maintain persistence of the user's session across requests. By enabling session stickiness on the SAP Web Dispatchers by setting the wdisp/HTTP/esid_support parameter to True, the company can ensure that requests from the same user are always routed to the same SAP Web Dispatcher. This would resolve the error message that the company is seeing and ensure that the backend system is working as expected with the new SAP Web Dispatcher configuration.

Question 2

A company is running SAP on anyDB at a remote location that has slow and inconsistent internet connectivity. The company wants to migrate its system to AWS and wants to convert its database to SAP HANA during this process Because of the inconsistent internet connection the company has not established connectivity between the remote location and the company's VPC in the AWS Cloud.

How should the company perform this migration?

AMigrate by using SAP HANA system replication over the internet connection Specify a public IP address on the target system

BMigrate by using SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move Use an AWS Snowball Edge Storage Optimized device to transfer the SAP export files to AWS

CMigrate by using SAP HANA system replication with initialization through backup and restore Use an AWS Snowball Edge Storage Optimized device to transfer the SAP export files to AWS

DMigrate by using SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move Use Amazon Elastic File System (Amazon EPS) to transfer the SAP export files to AWS

Answer : B

Snowball Edge allows for offline data transfer, which is suitable for cases where there is slow and inconsistent internet connectivity. The data can be transferred to the Snowball Edge device, shipped to the AWS region, and then imported into the new SAP HANA system in the VPC. This is a suitable option for migrating large amounts of data from a remote location to AWS.

https://docs.aws.amazon.com/sap/latest/sap-hana/migrating-hana-tools.html#migrating-hana-snowball

Question 3

A company is implementing SAP HANA on AWS According 10 the company's security policy SAP backups must be encrypted Only authorized team members can have the ability to decrypt the SAP backups

What is the MOST operationally efficient solution that meets these requirements?

AConfigure AWS Backint Agent for SAP HANA to create SAP backups in an Amazon S3 bucket After a backup is created encrypt the backup by using client-side encryption Share the encryption key with authorized team members only

BConfigure AWS Backint Agent for SAP HANA to use AWS Key Management Service (AWS KMS) for SAP backups Create a key policy to grant decryption permission to authorized team members only

CConfigure AWS Storage Gateway to transfer SAP backups from a file system to an Amazon S3 bucket Use an S3 bucket policy to grant decryption permission to authorized team members only

DConfigure AWS Backint Agent for SAP HANA to use AWS Key Management Service (AWS KMS) for SAP backups Grant object ACL decryption permission to authorized team members only

Answer : B

This is the most operationally efficient solution that meets the company's security policy requirements. AWS KMS is a service that enables you to create and manage encryption keys that are used to encrypt and decrypt data. By configuring AWS Backup Agent for SAP HANA to use AWS KMS for SAP backups, the company can ensure that the backups are encrypted at rest and that only authorized team members have the ability to decrypt them. The key policy allows the company to define which team members are authorized to access the key, so that it can be used to decrypt the backup. This approach is operationally efficient because it does not require the company to manually encrypt and decrypt backups, and it enables the company to manage access to the encryption key through IAM policies, without the need for sharing encryption keys.

Question 4

A company has moved an of its SAP workloads to AWS During peak business hours end users are reporting performance issues because work processes are going into PRIV mode on an SAP S/4HANA system An SAP support engineer indicates that SAP cannot provide support for this issue because some specific performance metrics are not available.

Which combination of actions must the company perform to comply with SAP support requirements? (Select THREE.)

ABuy an SAP license from AWS Ensure that the SAP license is installed

BSelect only an AWS Migration Acceleration Program (MAP) certified managed service provider (MSP)

CEnable detailed monitoring for Amazon CloudWatch on each Amazon EC2 instance where SAP workloads are running

DInstall configure and run the AWS Data Provider for SAP on each Amazon EC2 instance where SAP workloads are running

Eintegrate AWS Systems Manager with SAP Solution Manager to provide alerts about SAP parameter configuration drift

FEnable SAP enhanced monitoring through a SAPOSCOL enhanced function

Answer : C, D, F

https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/sap-monitoring.html

Question 5

A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement finance sales and human resources An SAP solutions architect has started designing this new landscape and the AWS account structures

The company wants to use automation as much as possible The company also wants to secure the environment implement federated access to accounts centralize logging and establish cross-account security audits in addition the company's management team needs to receive a top-level summary of policies that are applied to the AWS accounts.

What should the SAP solutions architect do to meet these requirements?

AUse AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

BUse an AWS Elastic Beanstalk blue green deployment to create 1AM policies and apply them to multiple accounts together Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

CImplement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into each account Use the CodePipeline deployment dashboard to check the applied policies in the accounts

DApply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts

Answer : D

AWS Control Tower is a service that automates the set up of a secure, compliant, multi-account AWS environment. It helps to establish guardrails and automate the deployment of security policies to multiple accounts in a centralized and consistent manner. By using AWS Control Tower, the SAP solutions architect can establish guardrails across all accounts, set up federated access, centralize logging, and establish cross-account security audits. The integrated dashboard in AWS Control Tower allows the management team to receive a top-level summary of policies that are applied to the AWS accounts. This will help the company to meet their requirements of using automation as much as possible, securing the environment and implementing federated access to accounts, centralizing logging and establishing cross-account security audits.

Question 6

A company is running an SAP HANA database on AWS The company is running AWS Backint Agent for SAP HANA(AWS Backint agent) on an Amazon EC2 instance AWS Back agent is configured to back up to an Amazon S3 bucket The backups are failing with an Access Denied error m the AWS Backint agent log file.

What should an SAP basis administrator do to resolve this error?

AAssign execute permissions at the operating system level for the AWS Backint agent binary and for AWS Backint agent

BAssign an IAM role to an EC2 instance Attach a policy to the IAM role to grant access to the target S3 bucket

CAssign the correct Region ID for the S3BucketAwsRegion parameter in AWS Backint agent for the SAP HANA configuration file

DAssign the value for the Enable Tagging parameter in AWS Backint agent for the SAP HANA configuration file

Answer : B

The error message 'AccessDenied' usually indicates that the AWS Backint agent does not have the necessary permissions to access the target S3 bucket. To resolve this error, an SAP basis administrator should assign an IAM role to the EC2 instance that is running the AWS Backint agent. Then, the administrator should attach a policy to the IAM role that grants the necessary permissions to access the target S3 bucket. This will allow the AWS Backint agent to access the S3 bucket and complete the backups successfully.

Question 7

An SAP solutions architect is using AWS Systems Manager Distributor to install the AWS Data Provider for SAP on production SAP application servers and SAP HANA database servers The SAP application servers and the SAP HANA database servers are running on Red Hat Enterprise Linux.

The SAP solutions architect chooses instances manually m Systems Manager Distributor and schedules installation. The installation fails with an access and authorization error related to Amazon CloudWatch and Amazon EC2 instances. There is no error related to AWS connectivity.

What should the SAP solutions architect do to resolve the error?

AInstall the CloudWatch agent on the servers before installing the AWS Data Provider tor SAP

BDownload the AWS Data Provider for SAP installation package from AWS Marketplace Use an operating system super user to install the agent manually or through a script

CCreate an IAM role Attach the appropriate policy to the role Attach the role to the appropriate EC2 instances

DWait until Systems Manager Agent is fully installed and ready to use on the EC2 instances Use Systems Manager Patch Manager to perform the installation

Answer : C

It's likely that the instances currently lack the necessary permissions to interact with CloudWatch and EC2. By creating an IAM role with the appropriate permissions and attaching it to the instances, the SAP solutions architect can grant the necessary permissions to the instances to complete the installation.

https://docs.aws.amazon.com/sap/latest/general/data-provider-troubleshooting.html

Amazon AWS Certified: SAP on AWS - Specialty PAS-C01 Exam Practice Test