QUESTION: 25

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.
Which solution win meet this requirement?

Modify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block
Add a rule in the security group of the EC2 instances to deny access from the IP address block
Create a policy in AWS identity and Access Management (1AM) to deny access from the IP address block
Configure the firewall m the operating system of the EC2 instances to deny access from the IP address block

Answer(s): A

Reveal Solution Next Question

QUESTION: 26

A company has deployed SAP workloads on AWS The AWS Data Provider for SAP is installed on the Amazon EC2 instance where the SAP application is running An SAP solutions architect has attached an IAM role to the EC2 instance with the following policy.

“Version” : “2012-10-17”,
“Statement”: {
{
“Sid”: “AWSDataProvider1”,
“Effect”: “Allow”,
“Action”:
“EC2: DescribeInstances”,
“EC2: DescribeVolumes”
},
“Rescurce”: “ “ “

} ,
{
“Sid” : “AWSDataProvider2”,
“Effect”: Allow”,
“Action”: “s3:GetObject”,
“Rescurce”: {
“arn:aws:s3:::aws-sap-data-provider/config.properties”

}
}
}
}

The AWS Data Provider for SAP is not returning any metrics to the SAP application. Which change should the SAP solutions architect make to the 1AM permissions to resolve this issued.

Add the cloudwatch ListMetrics action to the policy statement with Sid AWSDataProvider1.
Add the cloudwatch GetMetricStatrstics action to the policy statement with Sid AWSDataProvider1
Add the cloudwatch GetMetricStream action (o the policy statement with Sid AWSDataProvider
Add the cloudwatch DescribeAlarmsForMetric action to the policy statement with Sid AWSDataProvider

Answer(s): B

Reveal Solution Next Question

QUESTION: 27

A company wants to deploy an SAP HANA database on AWS by using AWS Launch Wizard for SAP An SAP solutions architect needs to run a custom post-deployment script on the Amazon EC2 instance that Launch Wizard provisions. Which actions can the SAP solutions architect take to provide the post-deployment script m the Launch Wizard console? (Select TWO.)

Provide the FTP URL of the script
Provide the HTTPS URL of the script on a web server
Provide the Amazon S3 URL of the script
Write the script inline
Upload the script

Answer(s): C,E

Reveal Solution Next Question

QUESTION: 28

A company is planning to move its on-premises SAP HANA database to AWS. The company needs to migrate this environment to AWS as quickly as possible An SAP solutions architect will use AWS Launch Wizard for SAP to deploy this SAP HANA workload.
Which combination of steps should the SAP solutions architect follow to start the deployment of this workload on AWS? (Select THREE.)

Download the SAP HANA software
Download the AWS CloudFormation template for the SAP HANA deployment
Download and extract the SAP HANA software upload the SAP HANA software to an FTP server that Launch Wizard can access
Upload the unextracted SAP HANA software to an Amazon S3 destination bucket Follow the S3 file path syntax for the software in accordance with Launch Wizard recommendations
Bring the operating system AMI by using the Bring. Your Own Image (BYOI) model or purchase the subscription for the operating system AMI from AWS Marketplace
Create the SAP file system by using Amazon Elastic Block Store (Amazon EBS) before the deployment

Answer(s): A,D,E

Reveal Solution Next Question

Free AWS Certified SAP on AWS - Specialty PAS-C01 Exam Braindumps (page: 8)

QUESTION: 25

QUESTION: 26

QUESTION: 27

QUESTION: 28

AWS Certified SAP on AWS - Specialty PAS-C01 Discussions & Posts