The latest AWS Certified SAP on AWS – Specialty PAS-C01 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified SAP on AWS – Specialty PAS-C01 exam and earn AWS Certified SAP on AWS – Specialty PAS-C01 certification.
Table of Contents
- Question 61
- Exam Question
- Correct Answer
- Explanation
- Question 62
- Exam Question
- Correct Answer
- Question 63
- Exam Question
- Correct Answer
- Explanation
- Question 64
- Exam Question
- Correct Answer
- Explanation
- Question 65
- Exam Question
- Correct Answer
- Question 66
- Exam Question
- Correct Answer
- Question 67
- Exam Question
- Correct Answer
- Question 68
- Exam Question
- Correct Answer
- Question 69
- Exam Question
- Correct Answer
- Question 70
- Exam Question
- Correct Answer
Question 61
Exam Question
A data analysis company has two SAP landscapes that consist of sandbox development QA, pre-production and production servers. One landscape is on Windows and the other landscape is on Red Hat Enterprise Linux. The servers reside in a room m a building that other tenants share.
An SAP solutions architect proposes to migrate the SAP applications to AWS The SAP solutions architect wants to move the production backups to AWS and wants to make the backups highly available to restore >n case of unavailability of an on-premises server.
Which solution will meet these requirements MOST cost-effectively?
A. Take a backup of the production servers Send those backups to tape drives implement an AWS Storage Gateway Tape Gateway Send the backups to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) through the S3 console Move the backups immediately to S3 Glacier Deep Archive
B. Implement a third-party tool to take images of the SAP application servers and database server Take regular snapshots at 1-hour intervals send the snapshots to Amazon S3 Glacier directly through the S3 Glacier console Store the same images in different S3 buckets in different AWS Regions
C. Take a backup of the production servers Implement an Amazon S3 File Gateway Create file shares by using the S3 File Gateway Copy the backup files lo the file shares through NFS and SMB Map backup files directly to Amazon S3 Configure an S3 Lifecycle policy to send the backup files to S3 Glacier based on the company’s data retention policy
D. Take a backup of the production servers Implement an AWS Storage Gateway Volume Gateway Create file shares by using the Storage Gateway Volume Gateway Copy the backup files to the file shares through NFS and 9MB.
Correct Answer
C. Take a backup of the production servers Implement an Amazon S3 File Gateway Create file shares by using the S3 File Gateway Copy the backup files lo the file shares through NFS and SMB Map backup files directly to Amazon S3 Configure an S3 Lifecycle policy to send the backup files to S3 Glacier based on the company’s data retention policy
Explanation
Take a backup of the production servers, Implement an Amazon S3 File Gateway, Create file shares by using the S3 File Gateway, Copy the backup files to the file shares through NFS and SMB, Map backup files directly to Amazon S3 and Configure an S3 Lifecycle policy to send the backup files to S3 Glacier based on the company’s data retention policy. This option is cost-effective because it avoids the need for third-party tools, tape drives and storage gateways, and reduces the amount of time and resources needed for the migration process. Additionally, the S3 lifecycle policy allows you to automate the storage and archiving process and ensure that your data is stored in the most cost-effective way.
Question 62
Exam Question
A company has deployed SAP workloads on AWS The AWS Data Provider for SAP is installed on the Amazon EC2 instance where the SAP application is running An SAP solutions architect has attached an IAM role to the EC2 instance with the following policy.
{
“Version” : “2012-10-17”,
“Statement”: [
{
“Sid”: “AWSDataProvider1”,
“Effect”: “Allow”,
“Action”: [
“EC2: DescribeInstances”,
“EC2: DescribeVolumes”
],
“Resource”: “ *”
} ,
{
“Sid” : “AWSDataProvider2”,
“Effect”: “Allow”,
“Action”: “s3:GetObject”,
“Resource”: [
“arn:aws:s3:::aws-sap-data-provider/config.properties”
]
}
]
}
The AWS Data Provider for SAP is not returning any metrics to the SAP application. Which change should the SAP solutions architect make to the 1AM permissions to resolve this issued.
A. Add the cloudwatch ListMetrics action to the policy statement with Sid AWSDataProvider1.
B. Add the cloudwatch GetMetricStatrstics action to the policy statement with Sid AWSDataProvider1
C. Add the cloudwatch GetMetricStream action (o the policy statement with Sid AWSDataProvider
D. Add the cloudwatch DescribeAlarmsForMetric action to the policy statement with Sid AWSDataProvider
Correct Answer
A. Add the cloudwatch ListMetrics action to the policy statement with Sid AWSDataProvider1.
Question 63
Exam Question
A global enterprise is running SAP ERP Central Component (SAP ECC) workloads on Oracle in an on- premises environment. The enterprise plans to migrate to SAP S 4HANA on AWS. The enterprise recently acquired two other companies One of the acquired companies is running SAP ECC on Oracle as its ERP system The other acquired company is running an ERP system that is not from SAP The enterprise wants to consolidate the three ERP systems into one ERP system on SAP S 4HANA on AWS Not all the data from the acquired companies needs to be migrated to the final ERP system The enterprise needs to complete this migration with a solution that minimizes cost and maximizes operational efficiency.
Which solution will meet these requirements?
A. Perform a lift-and-shift migration of all the systems to AWS Migrate the ERP system that is not from SAP to SAP ECC Convert all three systems to SAP S/4HANA by using SAP Software Update Manager (SUM) Database Migration Option (DMO) Consolidate all three SAP S4HANA systems into a final SAP &4HANAsystem Decommission the other systems
B. Perform a lift-and-shift migration of an the systems to AWS Migrate the enterprise’s initial system to SAP HANA, and then perform a conversion to SAP S/4HANA Consolidate the two systems from the acquired companies with this SAP S4HANA system by using the Selective Data Transition approach with SAP Data Management and Landscape Transformation (DMLT)
C. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move to re-architect the enterprise initial system to SAP S’4HANA and to change the platform to AWS Consolidate the two systems from the acquired companies with this SAP S 4HANA system by using the Selective Data Transition approach with SAP Data Management and Landscape Transformation (DMLT)
D. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move to re-architect all the systems to SAP S/4HANA and to change the platform to AWS Consolidate all three SAP S-4HANA systems two a final SAP S/4HANA system Decommission the other systems
Correct Answer
C. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move to re-architect the enterprise initial system to SAP S’4HANA and to change the platform to AWS Consolidate the two systems from the acquired companies with this SAP S 4HANA system by using the Selective Data Transition approach with SAP Data Management and Landscape Transformation (DMLT)
Explanation
By using the selective data transition approach with DMLT, the enterprise would only need to migrate the data that is needed to the final ERP system, reducing the cost and effort required for the migration. Additionally, re-architecting the enterprise’s initial system to SAP S/4HANA and changing the platform to AWS would allow the enterprise to take advantage of the scalability and cost savings of the cloud, while still consolidating all three ERP systems into a single SAP S/4HANA system.
Question 64
Exam Question
A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.
Which solution win meet this requirement?
A. Modify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block
B. Add a rule in the security group of the EC2 instances to deny access from the IP address block
C. Create a policy in AWS identity and Access Management (1AM) to deny access from the IP address block
D. Configure the firewall m the operating system of the EC2 instances to deny access from the IP address block
Correct Answer
C. Create a policy in AWS identity and Access Management (1AM) to deny access from the IP address block
Explanation
The company can meet its requirement by modifying the network access control lists (ACLs) that are associated with all public subnets in the VPC to deny access from the offending IP address block. This would deny access to the VPC from all the IP addresses that are attempting port scans, and would be effective for the next 24 hours.
Security groups are associated with individual instances, it would be more time-consuming to update all instances security groups and it’s not scalable. AWS Identity and Access Management (IAM) is mainly used to manage user access to AWS resources and it’s not appropriate for this use case. Configuring the firewall on the operating system of the EC2 instances would be less effective as it does not provide a centralized and scalable solution for managing access control across all subnets in the VPC.
Question 65
Exam Question
An SAP solutions architect needs to design a three-system SAP landscape that consists of a development system, a quality system, and a production system. The systems will run on Amazon EC2 instances. The development system and the quality system will run for 8 hours during weekdays.
The production system will run 24 hours a day, 7 days a week. The size of the production system will increase significantly during the next year. The SAP solutions architect must create a design to ensure that production capacity is always available.
Which combination of EC2 instance purchasing options will meet these requirements MOST cost-effectively? (Select TWO.)
A. On-Demand Instances for the development system and the quality system
B. Spot Instances for the development system and the quality system
C. Spot Instances for the production system
D. EC2 Instance Savings Plan with On-Demand Capacity Reservations for the production system
E. On-Demand Instances for the production system
Correct Answer
A. On-Demand Instances for the development system and the quality system
D. EC2 Instance Savings Plan with On-Demand Capacity Reservations for the production system
Question 66
Exam Question
A company is planning to migrate its on-premises SAP application to AWS. The application runs on VMware vSphere The SAP ERP Central Component (SAP ECC) server runs on an IBM Db2 database that is 2 TB m size The company wants to migrate the database to SAP HANA.
Which migration strategy will meet these requirements?
A. Use AWS Application Migration Service (CloudEndure Migration)
B. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move
C. Use AWS Server Migration Service (AWS SMS)
D. Use AWS Database Migration Service (AWS DMS)
Correct Answer
A. Use AWS Application Migration Service (CloudEndure Migration)
Question 67
Exam Question
A global retail company wants to move its SAP application to AWS. Currently, the company’s SAProuter is in the DMZ in the company’s own data center. The company wants to keep a similar architecture in the AWS Cloud.
What is the MOST secure solution that meets these requirements?
A. Launch the instance that the SAProuter software is installed on into a public subnet of the VPC. Assign the instance an Elastic IP address. Use the Secure Network Communications (SNC) type of internet connection. Create a specific security group for the SAProuter instance. Include rules to allow the required inbound and outbound access to the SAP support network.
B. Launch the instance that the SAProuter software is installed on into a private subnet of the VPC. Assign the instance an Elastic IP address. Do not allow any inbound or outbound access to the SAP support network over the internet.
C. Launch the instance that the SAProuter software is installed on into a public subnet of the VPC. Assign the instance an Elastic IP address. Use an unencrypted internet connection. Create a specific security group for the SAProuter instance. Include rules to allow all inbound and outbound access to the SAP support network.
D. Launch the instance that the SAProuter software is installed on into a public subnet of the VPC. Assign the instance an Elastic IP address. Use the Secure Network Communications (SNC) type of internet connection. Create a specific security group for the SAProuter instance. Include rules to block all inbound and outbound access to the SAP support network.
Correct Answer
A. Launch the instance that the SAProuter software is installed on into a public subnet of the VPC. Assign the instance an Elastic IP address. Use the Secure Network Communications (SNC) type of internet connection. Create a specific security group for the SAProuter instance. Include rules to allow the required inbound and outbound access to the SAP support network.
Question 68
Exam Question
A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.
Corporate security guidelines state that all outbound traffic must be validated against an allow list.
The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.
What must the company do on AWS to meet these requirements?
A. Add an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic
B. Add an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic
C. Add an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
D. Add an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
Correct Answer
D. Add an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
Question 69
Exam Question
A company has been using a third-party backup tool that uses backint for data protection of SAP HANA on AWS. Because of cost and the effort that is required to maintain the dedicated backup server, the company is considering the use of AWS Backint Agent for SAP HANA. The SAP HANA system uses General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volumes for the SAP HANA data volumes and log volumes.
Backup files are stored in an Amazon S3 bucket. An SAP solutions architect is setting up a proof-of-concept deployment for this new environment and needs to improve the speed of the database backup and restore procedures.
Which solutions will meet these requirements? (Select TWO.)
A. Increase the S3 bucket size. Ensure that access to the S3 bucket comes from an Amazon EC2 instance in the same AWS Region.
B. Adjust the number of parallel backup channels by increasing the value of the parallel_data_backup_backint_channels SAP HANA parameter.
C. Use S3 Transfer Acceleration to configure transfer of backup files.
D. Check how much storage throughput is available to the SAP HANA EBS data volumes (/hana/data). Modify the SAP HANA EBS data volumes to a Provisioned IOPS SSD volume type, and try the backup again.
E. Enable deduplication for the backup files.
Correct Answer
B. Adjust the number of parallel backup channels by increasing the value of the parallel_data_backup_backint_channels SAP HANA parameter.
D. Check how much storage throughput is available to the SAP HANA EBS data volumes (/hana/data). Modify the SAP HANA EBS data volumes to a Provisioned IOPS SSD volume type, and try the backup again.
Question 70
Exam Question
A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement finance sales and human resources An SAP solutions architect has started designing this new landscape and the AWS account structures The company wants to use automation as much as possible The company also wants to secure the environment implement federated access to accounts centralize logging and establish cross-account security audits in addition the company’s management team needs to receive a top-level summary of policies that are applied to the AWS accounts.
What should the SAP solutions architect do to meet these requirements?
A. Use AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use an Amazon CloudWatch dashboard to check the applied policies in the accounts
B. Use an AWS Elastic Beanstalk blue green deployment to create 1AM policies and apply them to multiple accounts together Use an Amazon CloudWatch dashboard to check the applied policies in the accounts
C. Implement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into each account Use the CodePipeline deployment dashboard to check the applied policies in the accounts
D. Apply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts
Correct Answer
D. Apply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts