Amazon Exam PAS-C01 Topic 3 Question 58 Discussion

Actual exam question for Amazon's PAS-C01 exam

Question #: 58
Topic #: 3

A company wants 10 migrate its SAP ERP landscape to AWS The company will use a highly available distributed deployment for the new architecture Clients will access SAP systems from a local data center through an AWS Site-to-Site VPN connection that is already in place An SAP solutions architect needs to design the network access to the SAP production environment

Which configuration approaches will meet these requirements? (Select TWO.)

AFor the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create an AWS Transit Gateway Attach me VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

BFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

CFor the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

DFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create a Network Load Balancer, and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

EFor the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create a target group that points to the overlay IP address Create an Application Load Balancer and register the target group Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance.

Show Suggested Answer

Suggested Answer: B, D

Option B is correct because it uses AWS Direct Connect gateway with multiple Direct Connect connections that use a link aggregation group (LAG) between the on-premises data center and AWS. This provides high availability and redundancy for the network connection, as well as increased bandwidth and lower latency. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option D is correct because it uses two redundant AWS Site-to-Site VPN connections for connectivity between the on-premises data center and AWS. This provides a backup connection in case one of the VPN connections fails. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option A is incorrect because it uses an overlay IP address that is within the production VPC CIDR range for the ASCS instance, which is not recommended by SAP for high availability. It also uses only one AWS Direct Connect connection, which does not provide redundancy or load balancing for the network connection.

Option C is incorrect because it uses Amazon Elastic File System (Amazon EFS) file system storage between the on-premises data center and AWS, which is not a network configuration for data transfer. It also uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance.

Option E is incorrect because it uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance. It also uses a target group that points to the overlay IP address, which is not necessary for the network access to the ASCS instance.

https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-configuration-steps-for-network-load-balancer.html

https://blogs.sap.com/2021/07/26/step-by-step-how-to-cluster-sap-ascs-and-ers-on-windows-in-aws-using-wsfc-with-sios-datakeeper/

https://access.redhat.com/articles/3916511

by Rosalyn at Jun 14, 2025, 04:59 PM

Limited Time Offer

25%

1 months ago

Hmm, this question seems to cover a lot of AWS networking concepts. I'm going to need to think this through carefully.

upvoted 0 times

Timothy

10 days ago

B) For the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

upvoted 0 times

...

Martha

16 days ago

A) For the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create an AWS Transit Gateway Attach me VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance

upvoted 0 times

...