Amazon PAS-C01 Exam Practice Test Instant Access

Question 1

A company has deployed SAP workloads on AWS The AWS Data Provider for SAP is installed on the Amazon EC2 instance where the SAP application is running An SAP solutions architect has attached an IAM role to the EC2 instance with the following policy.

The AWS Data Provider for SAP is not returning any metrics to the SAP application. Which change should the SAP solutions architect make to the 1AM permissions to resolve this issued.

AAdd the cloudwatch ListMetrics action to the policy statement with Sid AWSDataProvider1.

BAdd the cloudwatch GetMetricStatrstics action to the policy statement with Sid AWSDataProvider1

CAdd the cloudwatch GetMetricStream action (o the policy statement with Sid AWSDataProvider

DAdd the cloudwatch DescribeAlarmsForMetric action to the policy statement with Sid AWSDataProvider

Answer : B

The AWS Data Provider for SAP requires the ability to access metrics data in order to return metrics to the SAP application. The IAM policy statement with Sid 'AWSDataProvider1' currently does not have the necessary permissions to access metrics data. The SAP solutions architect should add the cloudwatch:GetMetricStatistics action to the policy statement with Sid 'AWSDataProvider1' to grant the necessary permissions for the Data Provider to access metrics data.

The other actions such as 'EC2:DescribeInstances' and 'EC2:DescribeVolumes' are not related to CloudWatch metrics and only provide the ability to describe EC2 instances and volumes. Actions such as 's3:GetObject' are not related to CloudWatch metrics, it's used to get an object from an S3 bucket. Actions such as 'cloudwatch:ListMetrics' and 'cloudwatch:DescribeAlarmsForMetric' would not be necessary for the AWS Data Provider for SAP to return metrics to the SAP application and it's not related to the problem described.

https://docs.aws.amazon.com/sap/latest/general/data-provider-troubleshooting.html

Question 2

A company's basis administrator is planning to deploy SAP on AWS m Linux. The basis administrator must set up the proper storage to store SAP HANA data and log volumes. Which storage options should the basis administrator choose to meet these requirements? (Select TWO.)

AAmazon Elastic Block Store (Amazon EBS) Throughput Optimized HDD (st1)

BAmazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io1, k>2)

CAmazon S3

DAmazon Elastic File System (Amazon EFS)

EAmazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2 gp3)

Answer : B, E

Amazon Elastic Block Store (EBS) Provisioned IOPS SSD (io1) provides high IOPS, low latency, and high throughput, making it ideal for use as a storage option for SAP HANA data and log volumes. It is designed for I/O-intensive workloads and is recommended for SAP HANA. Amazon Elastic Block Store (EBS) General Purpose SSD (gp2, gp3) is also a good choice for SAP HANA data and log storage, it provides a balance of performance and cost, with a low latency and high throughput. Amazon S3 is an object storage service and not suitable for storing the SAP HANA data and log volumes. Amazon Elastic File System (Amazon EFS) is a file storage service, it's not a good fit for block-based storage workloads like SAP HANA. https://docs.aws.amazon.com/sap/latest/sap-hana/hana-ops-storage-config.html

Question 3

A company is running its SAP workloads on premises and needs to migrate the workloads to AWS All the workloads are running on SUSE Linux Enterprise Server and Oracle Database. The company's landscape consists of SAP ERP Central Component {SAP ECC). SAP Business Warehouse (SAP BW), and SAP NetWeaver systems. The company has a dedicated AWS Direct Connect connection between its on-premises environment and AWS The company needs to migrate the systems to AWS with the least possible downtime

Which migration solution will meet these requirements?

AUse SAP Software Provisioning Manager to perform an export of the systems Copy the export to Amazon S3 Use SAP Software Provisioning Manager to perform an import of the systems to SUSE Linux Enterprise Server and Oracle Database on AWS

BUse SAP Software Provisioning Manager to perform parallel export import of the systems to migrate the systems to SUSE Linux Enterprise Server and Oracle Database on AWS

CUse SAP Software Provisioning Manager to perform parallel export/import of the systems to migrate the systems to Oracle Enterprise Linux and Oracle Database on AWS

DUse SAP Software Provisioning Manager to perform an export of the systems Copy the export to Amazon S3 Use SAP Software Provisioning Manager to perform an import of the systems to Oracle Enterprise Linux and Oracle Database on AWS.

Answer : C

It is mandatory to have Oracle Enterprise Linux(OEL) as the operating system for running Oracle database for SAP. https://launchpad.support.sap.com/#/notes/1656250

Question 4

A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement finance sales and human resources An SAP solutions architect has started designing this new landscape and the AWS account structures

The company wants to use automation as much as possible The company also wants to secure the environment implement federated access to accounts centralize logging and establish cross-account security audits in addition the company's management team needs to receive a top-level summary of policies that are applied to the AWS accounts.

What should the SAP solutions architect do to meet these requirements?

AUse AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

BUse an AWS Elastic Beanstalk blue green deployment to create 1AM policies and apply them to multiple accounts together Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

CImplement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into each account Use the CodePipeline deployment dashboard to check the applied policies in the accounts

DApply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts

Answer : D

AWS Control Tower is a service that automates the set up of a secure, compliant, multi-account AWS environment. It helps to establish guardrails and automate the deployment of security policies to multiple accounts in a centralized and consistent manner. By using AWS Control Tower, the SAP solutions architect can establish guardrails across all accounts, set up federated access, centralize logging, and establish cross-account security audits. The integrated dashboard in AWS Control Tower allows the management team to receive a top-level summary of policies that are applied to the AWS accounts. This will help the company to meet their requirements of using automation as much as possible, securing the environment and implementing federated access to accounts, centralizing logging and establishing cross-account security audits.

Question 5

A company is running an SAP HANA database on AWS The company is running AWS Backint Agent for SAP HANA(AWS Backint agent) on an Amazon EC2 instance AWS Back agent is configured to back up to an Amazon S3 bucket The backups are failing with an Access Denied error m the AWS Backint agent log file.

What should an SAP basis administrator do to resolve this error?

AAssign execute permissions at the operating system level for the AWS Backint agent binary and for AWS Backint agent

BAssign an IAM role to an EC2 instance Attach a policy to the IAM role to grant access to the target S3 bucket

CAssign the correct Region ID for the S3BucketAwsRegion parameter in AWS Backint agent for the SAP HANA configuration file

DAssign the value for the Enable Tagging parameter in AWS Backint agent for the SAP HANA configuration file

Answer : B

The error message 'AccessDenied' usually indicates that the AWS Backint agent does not have the necessary permissions to access the target S3 bucket. To resolve this error, an SAP basis administrator should assign an IAM role to the EC2 instance that is running the AWS Backint agent. Then, the administrator should attach a policy to the IAM role that grants the necessary permissions to access the target S3 bucket. This will allow the AWS Backint agent to access the S3 bucket and complete the backups successfully.

Question 6

A company wants 10 migrate its SAP ERP landscape to AWS The company will use a highly available distributed deployment for the new architecture Clients will access SAP systems from a local data center through an AWS Site-to-Site VPN connection that is already in place An SAP solutions architect needs to design the network access to the SAP production environment

Which configuration approaches will meet these requirements? (Select TWO.)

AFor the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create an AWS Transit Gateway Attach me VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

BFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

CFor the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

DFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer, and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

EFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create an Application Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance.

Answer : B, D

Option B is correct because it uses AWS Direct Connect gateway with multiple Direct Connect connections that use a link aggregation group (LAG) between the on-premises data center and AWS. This provides high availability and redundancy for the network connection, as well as increased bandwidth and lower latency. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option D is correct because it uses two redundant AWS Site-to-Site VPN connections for connectivity between the on-premises data center and AWS. This provides a backup connection in case one of the VPN connections fails. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option A is incorrect because it uses an overlay IP address that is within the production VPC CIDR range for the ASCS instance, which is not recommended by SAP for high availability. It also uses only one AWS Direct Connect connection, which does not provide redundancy or load balancing for the network connection.

Option C is incorrect because it uses Amazon Elastic File System (Amazon EFS) file system storage between the on-premises data center and AWS, which is not a network configuration for data transfer. It also uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance.

Option E is incorrect because it uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance. It also uses a target group that points to the overlay IP address, which is not necessary for the network access to the ASCS instance.

https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-configuration-steps-for-network-load-balancer.html

https://blogs.sap.com/2021/07/26/step-by-step-how-to-cluster-sap-ascs-and-ers-on-windows-in-aws-using-wsfc-with-sios-datakeeper/

https://access.redhat.com/articles/3916511

Question 7

A company needs to migrate its critical SAP workloads from an on-premises data center to AWS The company has a few source production databases that are 10 TB or more in size The company wants to minimize the downtime for this migration

As part of the proof of concept the company used a low-speed high-latency connection between its data center and AWS During the actual migration the company wants to maintain a consistent connection that delivers high bandwidth and low latency. The company also wants to add a layer of connectivity resiliency. The backup connectivity does not need to be as fast as the primary connectivity

An SAP solutions architect needs to determine the optimal network configuration for data transfer. The solution must transfer the data with minimum latency

Which configuration will meet these requirements?

ASet up one AWS Direct Connect connection for connectivity between the on-premises data center and AWS Add an AWS Site-to-Site VPN connection as a backup to the Direct Connect connection

BSet up an AWS Direct Connect gateway with multiple Direct Connect connections that use a link aggregation group (LAG) between the on-premises data center and AWS

CSet up Amazon Elastic fie System (Amazon EPS) file system storage between the on-premises data center and AWS Configure a cron job to copy the data into this EFS mount Access the data in the EFS file system from the target environment

DSet up two redundant AWS Site-to-Site VPN connections for connectivity between the on-premises data center and AWS

Answer : A

Amazon PAS-C01 AWS Certified: SAP on AWS - Specialty Exam Practice Test