Most Recent Amazon PAS-C01 Exam Questions & Answers

Prepare for the Amazon AWS Certified: SAP on AWS - Specialty exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Amazon PAS-C01 exam and achieve success.

The questions for PAS-C01 were last updated on Dec 20, 2024.

Viewing page 1 out of 13 pages.
Viewing questions 1-5 out of 65 questions

Get All 65 Questions & Answers

Question No. 1

A financial services company is implementing SAP core banking on AWS. The company must not allow any system information to traverse the public internet. The company needs to implement secure monitoring of its SAP ERP Central Component (SAP ECO system to check for performance issues and faults in its application. The solution must maximize security and must be supported by SAP and AWS.

How should be company integrate AWS metrics with its SAP system to meet these requirements?

ASet up SAP Solution Manager to call Amazon CoudWatch and Amazon EC2 endpoints with REST-based calls to populate SAPOSCOL details Use SAP transaction ST06N to monitor CPU and memory utilization on each EC2 instance

BInstall the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Allow access to the Amazon CloudWatch and EC2 endpoints through a NAT gateway Create an IAM policy that allows the ec2 Describeinstances action the cloudwatch.GetMetricStatistics action and the ec2 DescribeVolumes action for all EC2 resources.

CInstall the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows the ec2 Describe instances action the cloudwatch GetMemcStatistics action and the ec2 DescribeVolumes action for all EC2 resources.

Dinstall the AWS data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows all actions for all EC2 resources.

Show Answer

Correct Answer: C

VPC endpoints to ensure that traffic to and from the CloudWatch and EC2 services stays within the VPC. Additionally, an IAM policy is created to grant access to only the necessary actions, such as DescribeInstances and GetMetricStatistics, for all EC2 resources. This approach will provide secure monitoring of the SAP system while maximizing security and ensuring support from both SAP and AWS.

https://docs.aws.amazon.com/sap/latest/general/data-provider-req.html#vpc-endpoints

Question No. 2

A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.

Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.

What must the company do on AWS to meet these requirements?

AAdd an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic

BAdd an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic

CAdd an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

DAdd an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

Show Answer

Correct Answer: D

FQDN filtering can be achieved only through Firewall https://aws.amazon.com/blogs/security/use-aws-network-firewall-to-filter-outbound-https-traffic-from-applications-hosted-on-amazon-eks/

Question No. 3

A company is running its SAP workloads on premises and needs to migrate the workloads to AWS All the workloads are running on SUSE Linux Enterprise Server and Oracle Database. The company's landscape consists of SAP ERP Central Component {SAP ECC). SAP Business Warehouse (SAP BW), and SAP NetWeaver systems. The company has a dedicated AWS Direct Connect connection between its on-premises environment and AWS The company needs to migrate the systems to AWS with the least possible downtime

Which migration solution will meet these requirements?

AUse SAP Software Provisioning Manager to perform an export of the systems Copy the export to Amazon S3 Use SAP Software Provisioning Manager to perform an import of the systems to SUSE Linux Enterprise Server and Oracle Database on AWS

BUse SAP Software Provisioning Manager to perform parallel export import of the systems to migrate the systems to SUSE Linux Enterprise Server and Oracle Database on AWS

CUse SAP Software Provisioning Manager to perform parallel export/import of the systems to migrate the systems to Oracle Enterprise Linux and Oracle Database on AWS

DUse SAP Software Provisioning Manager to perform an export of the systems Copy the export to Amazon S3 Use SAP Software Provisioning Manager to perform an import of the systems to Oracle Enterprise Linux and Oracle Database on AWS.

Show Answer

Correct Answer: C

It is mandatory to have Oracle Enterprise Linux(OEL) as the operating system for running Oracle database for SAP. https://launchpad.support.sap.com/#/notes/1656250

Question No. 4

An SAP basis architect is configuring high availability for a critical SAP system on AWS. The SAP basis architect is using an overlay IP address to route traffic to the subnets across multiple Availability Zones within an AWS Region for the system's SAP HANA database.

What should the SAP basis architect do to route the traffic to the Amazon EC2 instance of the active SAP HANA database?

AEdit the route in the route table of the VPC that includes the EC2 instance that runs SAP HANA Specify the overlay IP address as the destination Specify the private IP address of the EC2 instance as the target

BEdit the inbound and outbound rules in the security group of the EC2 instance that runs SAP HANA Allow traffic for SAP HANA specific ports from the overlay IP address

CEdit the network ACL of the subnet that includes the EC2 instance that runs SAP HANA Allow traffic for SAP HANA specific ports from the overlay IP address

DEdit the route in the route table of the VPC that includes the EC2 instance that runs SAP HANA Specify the overlay IP address as the destination Specify the elastic network interface of the EC2 instance as the target

Show Answer

Correct Answer: D

https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration-prerequisites.html

Question No. 5

A company has an SAP environment that runs on AWS. The company wants to enhance security by restricting Amazon EC2 Instance Metadata Service (IMDS) to IMDSv2 only. The company's current configuration option supports both iMDSvi and iM0Sv2. The security enhancement must not create an SAP outage.

What should the company do before it applies the security enhancement on EC2 instances that are running the SAP environment?

AEnsure that the SAP kernel versions are 7.45 or later

BEnsure that the EC2 instances are Nitro based

CEnsure that the AWS Data Provider for SAP is installed on each EC2 instance

DStop the EC2 instances

Show Answer

Correct Answer: A

A is correct because ensuring that the SAP kernel versions are 7.45 or later is required to support IMDSv2 only. SAP kernel versions below 7.45 do not support IMDSv2 and will fail to start if IMDSv1 is disabled. The other options are not relevant for the security enhancement and may create an SAP outage. Reference: https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/security.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

Unlock All Questions for Amazon PAS-C01 Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 65 Questions & Answers