[2023年10月27日] 問題集お試しセットPAS-C01テストエンジン問題集には67問あります [Q27-Q51]

[2023年10月27日] 問題集お試しセットPAS-C01テストエンジントレーニング問題集には67問あります

Amazon PAS-C01問題集で100%カバー率リアル試験問題

質問 # 27
A company is moving to the AWS Cloud gradually. The company has multiple SAP landscapes on VMware The company already has sandbox development and QA systems on AWS The company's production system is still running on premises. The company has 2 months to cut over the entre landscape to the AWS Cloud The company has adopted a hybrid architecture for the next 2 months and needs to synchronize its shared file systems between the landscapes These shared file systems include trans directory mounts, /software directory mounts, and third-party integration mounts in the on-premises landscape the company has NFS mounts between the servers On the AWS infrastructure side the company is using Amazon Elastic File System (Amazon EFS) to share the common files An SAP solutions architect needs to design a solution to schedule transfer of these shared files bidirectional four times each day. The data transfer must be encrypted Which solution will meet these requirements?

• A. Order an AWS Snowcone device Use the Snowcone device to transfer data between the on-premises servers and AWS
• B. Set up a separate AWS Direct Connect connection for synchronization between the on-premises servers and AWS
• C. Install an AWS DataSync agent on the on-premises VMware platform Use the DataSync endpoint to synchronize between the on-premises NFS server and Amazon EFS on AWS
• D. Write an rsync script Schedule the script through cron for four times each day in the on-premises VMware servers to transfer the data from on premises to AWS

正解：C

解説：
Explanation
AWS DataSync can be used to schedule and automate the transfer of data between on-premises NFS servers and Amazon EFS on AWS.
It also allows data to be encrypted during transfer, which meets the requirement for encryption.

質問 # 28
A company wants 10 migrate its SAP ERP landscape to AWS The company will use a highly available distributed deployment for the new architecture Clients will access SAP systems from a local data center through an AWS Site-to-Site VPN connection that is already in place An SAP solutions architect needs to design the network access to the SAP production environment Which configuration approaches will meet these requirements? (Select TWO.)

• A. For the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
• B. For the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create an Application Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance.
• C. For the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create an AWS Transit Gateway Attach me VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
• D. For the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
• E. For the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer, and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

正解：C、E

解説：
Explanation
AWS Transit Gateway provides a central hub for the traffic between different VPCs, on-premises data centers, and AWS services. By attaching the VPN connection to the Transit Gateway, the solutions architect can route the communication between the local data center and the production VPC. Additionally, By configuring an overlay IP address within the production VPC, the solutions architect can create a static route on the production VPC to route the traffic to the ASCS instance.
An Application Load Balancer can also provide high availability to the ASCS instance by distributing the traffic to the instance. Additionally, by configuring an overlay IP address outside the production VPC, the solutions architect can create

質問 # 29
A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.
Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.
What must the company do on AWS to meet these requirements?

• A. Add an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
• B. Add an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic
• C. Add an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic
• D. Add an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

正解：A

解説：
FQDN filtering can be achieved only through Firewall https://aws.amazon.com/blogs/security/use-aws-network-firewall-to-filter-outbound-https-traffic-from-applications-hosted-on-amazon-eks/

質問 # 30
A company is running its SAP workload on AWS The company's security team has implemented the following requirements
* All Amazon EC2 instances for SAP must be SAP certified instance types
- Encryption must be enabled for all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes
* AWS CloudTrail must be activated
* SAP system parameters must be compliant with business rules
* Detailed monitoring must be enabled for all instances
The company wants to develop an automated process to review the systems for compliance with the security team's requirements. The process also must provide notification about any deviation from these standards Which solution will meet these requirements?

• A. Use AWS AppConfig to model configuration data in an AWS Systems Manager Automation runbook Schedule this Systems Manager Automation runbook to monitor for compliance with all the requirements integrate AWS AppConfig with Amazon CloudWatch for notification purposes
• B. Use AWS Config managed rules to monitor for compliance with the requirements except for the SAP system parameters Create AWS Config custom rules to validate the SAP system parameters Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Sen/ice (Amazon SNS) for email notification when a resource is flagged as noncompliant
• C. Use AWS Config managed rules to monitor for compliance with all the requirements Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
• D. Use AWS Trusted Advisor to monitor for compliance with all the requirements Use Trusted Advisor preferences for email notification when a resource is flagged as noncompliant

正解：B

解説：
https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-i/ https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-ii/

質問 # 31
A company is planning to migrate its on-premises SAP ERP Central Component (SAP ECC) system on SAP HANA to AWS Each month the system experiences two peaks in usage. The first peak is on the 21st day of the month when the company runs payroll. The second peak is on the last day of the month when the company processes and exports credit data Both peak workloads are of high importance and cannot be rescheduled The current SAP ECC system has six application servers an of a similar size. During normal operation outside of peak usage four application servers would suffice Which purchasing option will meet the company's requirements MOST cost-effectively on AWS?

• A. Four Reserved Instances and two On-Demand Instances
• B. Six On-Demand Instances
• C. Four Reserved Instances and two Spot Instances
• D. Six Reserved Instances

正解：A

解説：
D is correct because using four Reserved Instances and two On-Demand Instances provides the most cost-effective purchasing option for the company. Reserved Instances offer lower prices than On-Demand Instances for the four application servers that are needed for normal operation. On-Demand Instances offer flexibility and scalability for the two additional application servers that are needed only during peak usage. Spot Instances are not suitable for high-importance workloads that cannot be rescheduled as they can be interrupted at any time. Reference: https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/cost-optimization.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/amazon-ec2.html

質問 # 32
A data analysis company has two SAP landscapes that consist of sandbox development QA, pre-production and production servers. One landscape is on Windows and the other landscape is on Red Hat Enterprise Linux.
The servers reside in a room m a building that other tenants share.
An SAP solutions architect proposes to migrate the SAP applications to AWS The SAP solutions architect wants to move the production backups to AWS and wants to make the backups highly available to restore >n case of unavailability of an on-premises server.
Which solution will meet these requirements MOST cost-effectively?

• A. Take a backup of the production servers Implement an AWS Storage Gateway Volume Gateway Create file shares by using the Storage Gateway Volume Gateway Copy the backup files to the file shares through NFS and 9MB.
• B. Take a backup of the production servers Send those backups to tape drives implement an AWS Storage Gateway Tape Gateway Send the backups to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) through the S3 console Move the backups immediately to S3 Glacier Deep Archive
• C. Implement a third-party tool to take images of the SAP application servers and database server Take regular snapshots at 1-hour intervals send the snapshots to Amazon S3 Glacier directly through the S3 Glacier console Store the same images in different S3 buckets in different AWS Regions
• D. Take a backup of the production servers Implement an Amazon S3 File Gateway Create file shares by using the S3 File Gateway Copy the backup files lo the file shares through NFS and SMB Map backup files directly to Amazon S3 Configure an S3 Lifecycle policy to send the backup files to S3 Glacier based on the company's data retention policy

正解：C

質問 # 33
A company is using SAP NetWeaver with Java on AWS The company has updated its generation of Amazon EC2 instances to the most recent generation of EC2 instances When the company tries to start SAP the startup fails The log indicates that the SAP license expired Of is not valid.
What is the reason for this issue?

• A. The SAP Java Virtual Machine (SAP JVM) is not compatible with the new instance type
• B. The instance's hypervisor changed from Xen to Nitro
• C. An EC2 generation change is not supported for SAP Java-based systems
• D. The instance ID changed as part of the EC2 generation change

正解：D

解説：
Explanation
The most likely reason for the SAP startup failure is that the SAP license has expired or is not valid. This could be due to the instance ID changing as part of the EC2 generation change, as the instance's hypervisor changed from Xen to Nitro, or because the SAP Java Virtual Machine (SAP JVM) is not compatible with the new instance type. An EC2 generation change is not supported for SAP Java-based systems and therefore should be avoided.

質問 # 34
A company is planning to migrate its on-premises SAP application to AWS. The application runs on VMware vSphere The SAP ERP Central Component (SAP ECC) server runs on an IBM Db2 database that is 2 TB m size The company wants to migrate the database to SAP HANA Which migration strategy will meet these requirements'?

• A. Use AWS Application Migration Service (CloudEndure Migration)
• B. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move
• C. Use AWS Database Migration Service (AWS DMS)
• D. Use AWS Server Migration Service (AWS SMS)

正解：B

解説：
The company can meet its requirements by adding an outbound rule to the network ACL of the subnet that contains the SAP PO system. This rule should allow the FQDN of the payroll SaaS provider and deny all other outbound traffic. This would restrict all outbound traffic to the payroll SaaS provider and ensure compliance with corporate security guidelines. AWS WAF web ACL is not appropriate for this use case as it's mainly used to protect web applications and does not provide the level of granularity required for this use case. AWS Network Firewall firewall is not appropriate for this use case as it's mainly used to protect VPCs from unwanted inbound traffic and does not provide the level of granularity required for this use case.
https://docs.aws.amazon.com/sap/latest/sap-hana/migrating-hana-tools.html

質問 # 35
A company wants 10 run SAP HANA on AWS m the eu-centrai-1 Region. The company must make the SAP HANA system highly available by using SAP HANA system replication in addition the company must create a disaster recovery (DR) solution that uses SAP HANA system replication in the eu-west-1 Region As prerequisites the company has confirmed that inter-AZ latency is less than 1 ms and that Inter-Region latency is greater than 1 ms.
Which solutions will meet these requirements? (Select TWO.)

• A. Install the tier 1 primary system and the tier 2 secondary system in eu-central-1 Configure the tier 1 system in Availability Zone 1 Configure the tier 2 system m Availability Zone 2 Configure SAP HANA system replication between tier 1 and tier 2 by using SYNC replication mode Install the OR her 3 secondary system n eu-west-1 by using ASYNC replication mode.
• B. Install the tier 1 primary system and the tier 2 secondary system in eu-central-1 Configure the tier 1 system m Availability Zone 1 Configure the tier 2 system m Availability Zone 2 Configure SAP HANA system replication between tier 1 and tier 2 by using SYNCMEM replication mode Install the DR tier 3 secondary system in eu-west-1 by using ASYNC replication mode
• C. install the tier 1 primary system in eu-central-1 install the tier 2 secondary system and the DR tier 3 secondary system m eu-west-1 Configure the tier 2 system in Availability Zone 1 Configure the tier 3 system in Availability Zone 2 Configure SAP HANA system replication between all tiers by using ASYNC replication mode
• D. Install the tier 1 primary system and the tier 2 secondary system in eu-central-1 Configure the tier 1 system m Availability Zone 1 Configure the tier 2 system m Availability Zone 2 Configure SAP HANA system replication between tier 1 and tier 2 by using ASYNC replication mode install the OR tier 3 secondary system m eu-west-1 by using SYNC replication mode.
• E. Install the tier 1 primary system and the tier 2 secondary system in eu-central-1 Configure the tier 1 system in Availability Zone 1 Configure the tier 2 system in Availability Zone 2 Configure SAP HANA system replication between tier 1 and tier 2 by using SYNC replication mode Install the OR tier 3 secondary system n eu-west-1 Store daily backups from tier 1 m an Amazon S3 bucket m eu-central-1 Use S3 Cross-Region Replication to copy the daily backups to eu-west-i where they can be restored if needed

正解：A、B

解説：
https://docs.aws.amazon.com/sap/latest/sap-hana/hana-ops-patterns-multi.html https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-aws-infrastructure-operating-system-setup-and-hana-installation.html

質問 # 36
A company is using a multi-account strategy for SAP HANA and SAP BW 4HANA instances across development QA and production systems m the same AWS Region Each system is hosted m its own VPC The company needs to establish cross-VPC communication between the SAP systems.
The company might add more SAP systems m the future. The company must create connectivity across the SAP systems and hundreds of AWS accounts. The solution must maximize scalability and reliability.
Which solution will meet these requirements?

• A. Create a transit VPC that uses the hub-and-spoke model set up routing to use the transit VPC for communication between the SAP systems
• B. Create a VPC link for each SAP system Use the VPC links to connect the SAP systems
• C. Set up VPC peering between the accounts Configure routing in each VPC to use the VPC peering links
• D. Create an AWS Transit Gateway in a central networking account Attach the transit gateway to the AWS accounts Set up routing and a network ACL to establish communication

正解：D

質問 # 37
A company is planning to migrate its on-premises SAP application to AWS. The application runs on VMware vSphere The SAP ERP Central Component (SAP ECC) server runs on an IBM Db2 database that is 2 TB m size The company wants to migrate the database to SAP HANA Which migration strategy will meet these requirements'?

• A. Use AWS Application Migration Service (CloudEndure Migration)
• B. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move
• C. Use AWS Database Migration Service (AWS DMS)
• D. Use AWS Server Migration Service (AWS SMS)

正解：B

解説：
Explanation
The company can meet its requirements by adding an outbound rule to the network ACL of the subnet that contains the SAP PO system. This rule should allow the FQDN of the payroll SaaS provider and deny all other outbound traffic. This would restrict all outbound traffic to the payroll SaaS provider and ensure compliance with corporate security guidelines. AWS WAF web ACL is not appropriate for this use case as it's mainly used to protect web applications and does not provide the level of granularity required for this use case. AWS Network Firewall firewall is not appropriate for this use case as it's mainly used to protect VPCs from unwanted inbound traffic and does not provide the level of granularity required for this use case.

質問 # 38
A company is planning to migrate its on-premises SAP application to AWS. The application runs on VMware vSphere The SAP ERP Central Component (SAP ECC) server runs on an IBM Db2 database that is 2 TB m size The company wants to migrate the database to SAP HANA Which migration strategy will meet these requirements'?

• A. Use AWS Application Migration Service (CloudEndure Migration)
• B. Use SAP Software Update Manager (SUM) Database Migration Option (DMO) with System Move
• C. Use AWS Database Migration Service (AWS DMS)
• D. Use AWS Server Migration Service (AWS SMS)

正解：B

質問 # 39
A company is planning to move all its SAP applications to Amazon EC2 instances in a VPC Recently the company signed a multiyear contract with a payroll software-as-a-service (SaaS) provider integration with the payroll SaaS solution is available only through public web APIs.
Corporate security guidelines state that all outbound traffic must be validated against an allow list. The payroll SaaS provider provides only fully qualified domain name (FQDN) addresses and no IP addresses or IP address ranges Currently, an on-premises firewall appliance filters FQDNs. The company needs to connect an SAP Process Orchestration (SAP PO) system to the payroll SaaS provider.
What must the company do on AWS to meet these requirements?

• A. Add an AWS Network Firewall firewall to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider
• B. Add an outbound rule to the network ACL of the subnet that contains the SAP PO system to allow the FQDN of the payroll SaaS provider and deny all other outbound traffic
• C. Add an outbound rule to the security group of the SAP PO system to allow the FODN of the payroll SaaS provider and deny all other outbound traffic
• D. Add an AWS WAF web ACL to the VPC Add an outbound rule to allow the SAP PO system to connect to the FQDN of the payroll SaaS provider

正解：A

質問 # 40
A company is running an SAP HANA database on AWS. The company wants to manage historical infrequently accessed warm data for a native SAP HANA use case An SAP solutions architect needs to recommend a solution that can provide online data storage m extended store available for queries and updates.
The solution must be an integrated component of the SAP HANA database and must allow the storage of up to five limes more data in the warm tier than in the not tier Which solution will meet these requirements?

• A. Use Amazon Data lifecycle Manager (Amazon DLM) with SAP Data Hub to move data in and out of the SAP HANA database to Amazon S3
• B. Use SAP HANA dynamic tiering as an optional add-on to the SAP HANA database
• C. Use Amazon Data Lifecycle Manager (Amazon DLM) with SAP HANA spark controller so that SAP HANA can access the data through the Spark SQL SDA adapter
• D. Use an SAP HANA extension node

正解：B

解説：
Explanation
This is a feature of the SAP HANA database that allows for the management of historical, infrequently accessed data and provides an integrated solution for data storage in the warm tier. It allows for the storage of up to five times more data in the warm tier than in the hot tier, and it allows for online data storage that is available for queries and updates.

質問 # 41
A company runs its SAP ERP 6 0 EHP 8 system on SAP HANAon AWS The system is deployed on an r4 I6xlarge Amazon EC2 instance with default tenancy. The company needs to migrate the SAP HANA database to an x2gd/.6xiarge High Memory instance After an operations engineer changes the instance type and starts the instance the AWS Management Console shows a failed instance status check What is the cause of this problem?

• A. The operations engineer missed the network configuration step during the post-migration activities
• B. The operations engineer did not install Elastic Network Adapter (ENA) drivers before changing the instance type
• C. The operations engineer missed the Amazon CloudWatch configuration step during the post-migration activities.
• D. The operations engineer did not create a new AMI from the original instance and did not launch a new instance with dedicated tenancy from the AMI

正解：D

質問 # 42
A company has an SAP Business One system that runs on SUSE Linux Enterprise Server 12 SP3. The company wants to migrate the system to AWS An SAP solutions architect selects a homogeneous migration strategy that uses AWS Application Migration Service (CloudEndure Migration) After the server migration process is finished the SAP solutions architect launches an Amazon EC2 test instance from the R5 instance family. After a few minutes the EC2 console reports that the test instance has failed an instance status check Network connections to the instance are refused How can the SAP solutions architect solve this problem?

• A. Reboot the instance to initiate instance migration to another host
• B. Request an instance limit increase for the AWS Region where the test instance is being launched
• C. Create a ticket for AWS Support that documents the test server instance ID Wait for AWS to update the host of the R5 instance
• D. Install the missing drivers on the source system Wait for the completion of migration synchronization Launch the test instance again

正解：C

質問 # 43
A company is planning to deploy a new SAP NetWeaverABAP system on AWS with an Oracle database that runs on an Amazon EC2 instance. The EC2 instance uses a Linux-based operating system. The company needs a database storage solution that provides flexibility to adjust the IOPS regardless of the allocated storage size.
Which solution will meet these requirements MOST cost-effectively?

• A. Amazon Elastic File System (Amazon EFS) Standard-Infrequent Access (Standard-IA) storage class
• B. Amazon FSx for Windows File Server
• C. Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volumes
• D. General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volumes

正解：B

質問 # 44
A company that has SAP workloads on premises plans to migrate an SAP environment to AWS. The company is new to AWS and has no poor setup. The company has the following requirements
- The application server and database server must be placed in isolated network configurations
* SAP systems must be accessible to the on-premises end users over the internet
* The cost of communications between the application server and the database server must be minimized Which combination of steps should an SAP solutions architect take to meet these requirements? (Select TWO.)

• A. Separate the application server and the database server by using different VPCs
• B. Separate the application server and the database server by using different subnets and network security groups within the same VPC
• C. Set up an AWS Direct Connect connection with a private VIF between the company's on-premises network and AWS
• D. Set up an AWS Site-to-Site VPN connection between the company's on-premises network and AWS
• E. Configure a Network Load Balancer for incoming connections from end users

正解：B、D

解説：
B is correct because AWS Site-to-Site VPN allows the company to securely connect their on-premises network to AWS over the internet. D is correct because separating the application server and the database server by using different subnets and network security groups within the same VPC provides network isolation and minimizes the cost of communication between them. Reference: https://docs.aws.amazon.com/vpn/latest/s2svpn/VPC_VPN.html https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/networking.html

質問 # 45
A global retail company is running its SAP landscape on AWS Recently the company made changes to its SAP Web Dispatcher architecture The company added an additional SAP Web Dispatcher for high availability with an Application Load Balancer (ALB) to balance the load between the two SAP Web Dispatchers When users try to access SAP through the ALB the system is reachable However the SAP backend system is showing an error message An investigation reveals that the issue is related to SAP session handling and distribution of requests . The company confirmed that the system was working as expected with one SAP Web Dispatcher. The company replicated the configuration of that SAP Web Dispatcher to the new SAP Web Dispatcher How can the company resolve the error?

• A. Maintain persistence by using session cookies Enable session stickiness (session affinity) on the ALB
• B. Turn on host-based routing on the ALB to route traffic between the SAP Web Dispatchers
• C. Turn on URL-based routing on the ALB to route traffic to the application based on URL
• D. Maintain persistence by using session cookies Enable session stickiness (session affinity) on the SAP Web Dispatchers by setting the wdisp/HTTP/esid_support parameter to True

正解：D

解説：
Explanation
The error message being displayed is related to SAP session handling and distribution of requests. By using session cookies, the company can maintain persistence of the user's session across requests. By enabling session stickiness on the SAP Web Dispatchers by setting the wdisp/HTTP/esid_support parameter to True, the company can ensure that requests from the same user are always routed to the same SAP Web Dispatcher.
This would resolve the error message that the company is seeing and ensure that the backend system is working as expected with the new SAP Web Dispatcher configuration.

質問 # 46
A company that has SAP workloads on premises plans to migrate an SAP environment to AWS. The company is new to AWS and has no poor setup. The company has the following requirements
- The application server and database server must be placed in isolated network configurations
* SAP systems must be accessible to the on-premises end users over the internet
* The cost of communications between the application server and the database server must be minimized Which combination of steps should an SAP solutions architect take to meet these requirements? (Select TWO.)

• A. Separate the application server and the database server by using different subnets and network security groups within the same VPC
• B. Set up an AWS Direct Connect connection with a private VIF between the company's on-premises network and AWS
• C. Separate the application server and the database server by using different VPCs
• D. Set up an AWS Site-to-Site VPN connection between the company's on-premises network and AWS
• E. Configure a Network Load Balancer for incoming connections from end users

正解：A、C

質問 # 47
A company is running an SAP HANA database on AWS The company is running AWS Backint Agent for SAP HANA(AWS Backint agent) on an Amazon EC2 instance AWS Back agent is configured to back up to an Amazon S3 bucket The backups are failing with an Access Denied error m the AWS Backint agent log file.
What should an SAP basis administrator do to resolve this error?

• A. Assign the correct Region ID for the S3BucketAwsRegion parameter in AWS Backint agent for the SAP HANA configuration file
• B. Assign an IAM role to an EC2 instance Attach a policy to the IAM role to grant access to the target S3 bucket
• C. Assign the value for the Enable Tagging parameter in AWS Backint agent for the SAP HANA configuration file
• D. Assign execute permissions at the operating system level for the AWS Backint agent binary and for AWS Backint agent

正解：B

解説：
Explanation
The error message "AccessDenied" usually indicates that the AWS Backint agent does not have the necessary permissions to access the target S3 bucket. To resolve this error, an SAP basis administrator should assign an IAM role to the EC2 instance that is running the AWS Backint agent. Then, the administrator should attach a policy to the IAM role that grants the necessary permissions to access the target S3 bucket. This will allow the AWS Backint agent to access the S3 bucket and complete the backups successfully.

質問 # 48
An SAP basis architect is configuring high availability for a critical SAP system on AWS. The SAP basis architect is using an overlay IP address to route traffic to the subnets across multiple Availability Zones within an AWS Region for the system's SAP HANA database.
What should the SAP basis architect do to route the traffic to the Amazon EC2 instance of the active SAP HANA database?

• A. Edit the inbound and outbound rules in the security group of the EC2 instance that runs SAP HANA Allow traffic for SAP HANA specific ports from the overlay IP address
• B. Edit the route in the route table of the VPC that includes the EC2 instance that runs SAP HANA Specify the overlay IP address as the destination Specify the private IP address of the EC2 instance as the target
• C. Edit the route in the route table of the VPC that includes the EC2 instance that runs SAP HANA Specify the overlay IP address as the destination Specify the elastic network interface of the EC2 instance as the target
• D. Edit the network ACL of the subnet that includes the EC2 instance that runs SAP HANA Allow traffic for SAP HANA specific ports from the overlay IP address

正解：C

質問 # 49
A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement finance sales and human resources An SAP solutions architect has started designing this new landscape and the AWS account structures The company wants to use automation as much as possible The company also wants to secure the environment implement federated access to accounts centralize logging and establish cross-account security audits in addition the company's management team needs to receive a top-level summary of policies that are applied to the AWS accounts.
What should the SAP solutions architect do to meet these requirements?

• A. Implement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into each account Use the CodePipeline deployment dashboard to check the applied policies in the accounts
• B. Use AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use an Amazon CloudWatch dashboard to check the applied policies in the accounts
• C. Apply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts
• D. Use an AWS Elastic Beanstalk blue green deployment to create 1AM policies and apply them to multiple accounts together Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

正解：C

解説：
AWS Control Tower is a service that automates the set up of a secure, compliant, multi-account AWS environment. It helps to establish guardrails and automate the deployment of security policies to multiple accounts in a centralized and consistent manner. By using AWS Control Tower, the SAP solutions architect can establish guardrails across all accounts, set up federated access, centralize logging, and establish cross-account security audits. The integrated dashboard in AWS Control Tower allows the management team to receive a top-level summary of policies that are applied to the AWS accounts. This will help the company to meet their requirements of using automation as much as possible, securing the environment and implementing federated access to accounts, centralizing logging and establishing cross-account security audits.

質問 # 50
An SAP technology consultant needs to scale up a primary application server (PAS) instance The PAS currently runs on a c5a.xlarge Amazon EC2 instance The SAP technology consultant needs to change the instance type to c5a 2xlarge How can the SAP technology consultant meet this requirement?

• A. Stop the complete SAP system Terminate the EC2 instance Use the AWS Management Console or the AWS CLI to change the instance type Start the EC2 instance Start the complete SAP system
• B. Stop the complete SAP system Stop the EC2 instance Use the AWS Management Console or the AWS CLI to change the instance type Start the EC2 instance Start the complete SAP system
• C. While SAP is running use the AWS Management Console or the AWS CLI to change the instance type without stopping the EC2 instance
• D. While SAP is running log in to the EC2 instance. Run the following AWS CLI command: aws ec2 modify-instance-attribute -instance-id <INSTANCEID>

正解：B

解説：
--instance-type "{\"Value\": |"c5a.2xlarge1\"}".
Explanation:
A is correct because stopping the complete SAP system and the EC2 instance is required to change the instance type to a larger size. Using the AWS Management Console or the AWS CLI to change the instance type is the easiest and fastest way to do so. Starting the EC2 instance and the complete SAP system will resume the normal operation. The other options are not correct or feasible for scaling up the PAS instance. Reference: https://docs.aws.amazon.com/whitepapers/latest/sap-on-aws-technical-deployment-guide/amazon-ec2.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html

質問 # 51
......

実際にあるPAS-C01問題集PDFで100%合格率保証付きます：https://www.jpntest.com/shiken/PAS-C01-mondaishu

リアルなPAS-C01問題集でAmazon問題集PDF：https://drive.google.com/open?id=1ju7c26gucXt6u4RU2I7HbLjXQnLYC61B