Master Amazon PAS-C01 Exam with Reliable Practice Questions
Upgrade to Premium
A company has deployed a highly available SAP NetWeaver system on SAP HANA into a VPC The system is distributed across multiple Availability Zones within a single AWS Region SAP NetWeaver is running on SUSE Linux Enterprise Server for SAP SUSE Linux Enterprise High Availability Extension is configured to protect SAP ASCS and ERS instances and uses the overlay IP address concept The SAP shared dies sapmnt and . usrsap. trans are hosted on an Amazon Elastic File System (Amazon EFS) tile system
The company needs a solution that uses already-existing private connectivity to the VPC. The SAP NetWeaver system must be accessible through the SAP GUI client tool.
Which solutions will meet these requirements? (Select TWO)
Correct : B, C
Option B is correct because it uses a Network Load Balancer to enable network access to the overlay IP address for the SAP NetWeaver system. A Network Load Balancer supports TCP protocol and can route traffic to targets using IP addresses. It also provides high availability and scalability for the network connection.
Option C is correct because it uses Amazon Route 53 private zone to create an A record that has the overlay IP address as a target. This allows the SAP GUI client tool to resolve the overlay IP address to the SAP NetWeaver system. It also uses the existing private connectivity to the VPC without requiring any additional components or configuration.
Option A is incorrect because it uses an Application Load Balancer, which does not support TCP protocol for the SAP NetWeaver system. It also uses an overlay IP address as a target, which is not necessary for the network access to the SAP NetWeaver system.
Option D is incorrect because it uses AWS Transit Gateway, which is not a network configuration for data transfer. It also uses an overlay IP address as a static route in the transit gateway route table, which may cause routing conflicts or errors with the existing private connectivity to the VPC.
Option E is incorrect because it uses a NAT gateway, which is not a network configuration for data transfer. It also uses an overlay IP address as a target, which may cause routing conflicts or errors with the existing private connectivity to the VPC.
https://docs.aws.amazon.com/sap/latest/sap-hana/sap-ha-overlay-ip.html
https://docs.aws.amazon.com/sap/latest/sap-netweaver/cluster-configuration-prereqs-sap-netweaver-ha.html
https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-overlay-ip-routing-using-aws-transit-gateway.html
Start a Discussions
A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.
Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.
What must the company do on AWS to meet these requirements?
Start a Discussions
A company is planning to migrate its on-premises SAP application to AWS. The application runs on VMware vSphere The SAP ERP Central Component (SAP ECC) server runs on an IBM Db2 database that is 2 TB m size The company wants to migrate the database to SAP HANA
Which migration strategy will meet these requirements'?
Correct : B
The company can meet its requirements by adding an outbound rule to the network ACL of the subnet that contains the SAP PO system. This rule should allow the FQDN of the payroll SaaS provider and deny all other outbound traffic. This would restrict all outbound traffic to the payroll SaaS provider and ensure compliance with corporate security guidelines. AWS WAF web ACL is not appropriate for this use case as it's mainly used to protect web applications and does not provide the level of granularity required for this use case. AWS Network Firewall firewall is not appropriate for this use case as it's mainly used to protect VPCs from unwanted inbound traffic and does not provide the level of granularity required for this use case.
https://docs.aws.amazon.com/sap/latest/sap-hana/migrating-hana-tools.html
Start a Discussions
A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.
Which solution win meet this requirement?
Correct : A
The company can meet its requirement by modifying the network access control lists (ACLs) that are associated with all public subnets in the VPC to deny access from the offending IP address block. This would deny access to the VPC from all the IP addresses that are attempting port scans, and would be effective for the next 24 hours.
Security groups are associated with individual instances, it would be more time-consuming to update all instances security groups and it's not scalable. AWS Identity and Access Management (IAM) is mainly used to manage user access to AWS resources and it's not appropriate for this use case. Configuring the firewall on the operating system of the EC2 instances would be less effective as it does not provide a centralized and scalable solution for managing access control across all subnets in the VPC.
Top of Form
Start a Discussions
A company runs its SAP ERP 6 0 EHP 8 system on SAP HANAon AWS The system is deployed on an r4 I6xlarge Amazon EC2 instance with default tenancy. The company needs to migrate the SAP HANA database to an x2gd/.6xiarge High Memory instance After an operations engineer changes the instance type and starts the instance the AWS Management Console shows a failed instance status check
What is the cause of this problem?
Correct : C
The Elastic Network Adapter (ENA) is a software-based network interface that provides high-performance network connectivity and is required for instances with higher network performance requirements. If the ENA drivers are not installed before changing the instance type, the instance will not be able to communicate with the network, resulting in a failed instance status check.
Start a Discussions