Amazon Exam PAS-C01 Topic 1 Question 25 Discussion

Actual exam question for Amazon's PAS-C01 exam

Question #: 25
Topic #: 1

A financial services company is implementing SAP core banking on AWS. The company must not allow any system information to traverse the public internet. The company needs to implement secure monitoring of its SAP ERP Central Component (SAP ECO system to check for performance issues and faults in its application. The solution must maximize security and must be supported by SAP and AWS.

How should be company integrate AWS metrics with its SAP system to meet these requirements?

ASet up SAP Solution Manager to call Amazon CoudWatch and Amazon EC2 endpoints with REST-based calls to populate SAPOSCOL details Use SAP transaction ST06N to monitor CPU and memory utilization on each EC2 instance

BInstall the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Allow access to the Amazon CloudWatch and EC2 endpoints through a NAT gateway Create an IAM policy that allows the ec2 Describeinstances action the cloudwatch.GetMetricStatistics action and the ec2 DescribeVolumes action for all EC2 resources.

CInstall the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows the ec2 Describe instances action the cloudwatch GetMemcStatistics action and the ec2 DescribeVolumes action for all EC2 resources.

Dinstall the AWS data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows all actions for all EC2 resources.

Show Suggested Answer

Suggested Answer: C

VPC endpoints to ensure that traffic to and from the CloudWatch and EC2 services stays within the VPC. Additionally, an IAM policy is created to grant access to only the necessary actions, such as DescribeInstances and GetMetricStatistics, for all EC2 resources. This approach will provide secure monitoring of the SAP system while maximizing security and ensuring support from both SAP and AWS.

https://docs.aws.amazon.com/sap/latest/general/data-provider-req.html#vpc-endpoints

by Dalene at Dec 25, 2023, 04:45 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Denny

9 days ago

Hold up, are we sure we can't just call the endpoints directly? I mean, that would be the simplest solution, right? *laughs* Oh wait, no public internet access. Duh, my bad.

upvoted 0 times

...

Kati

10 days ago

Hmm, I'm leaning towards option C. Creating VPC endpoints for CloudWatch and EC2 seems like the most secure way to go, and the IAM policy looks reasonable too.

upvoted 0 times

...

Juliann

11 days ago

Agreed, C looks like the winner here. I like how it keeps everything isolated within the VPC and limits the IAM permissions to just what's needed. Gotta love that security-first approach!

upvoted 0 times

...

Norah

12 days ago

Haha, Michael, you almost had me there for a second! But yeah, no public internet is a pretty big deal-breaker. I think Emily's got the right idea with option C.

upvoted 0 times

...