ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SAP on AWS - Specialty PAS-C01 All Questions

View all questions & answers for the AWS Certified SAP on AWS - Specialty PAS-C01 exam
Go to Exam

Exam AWS Certified SAP on AWS - Specialty PAS-C01 topic 1 question 59 discussion

Exam question from Amazon's AWS Certified SAP on AWS - Specialty PAS-C01
Question #: 59
Topic #: 1
[All AWS Certified SAP on AWS - Specialty PAS-C01 Questions]

An SAP specialist is building an SAP environment. The SAP environment contains Amazon EC2 instances that run in a private subnet in a VPC. The VPC includes a NAT gateway.
The SAP specialist is setting up IBM Db2 high availability disaster recovery for the SAP cluster. After configuration of overlay IP address routing, traffic is not routing to the database EC2 instances.
What should the SAP specialist do to resolve this issue?

  • A. Open a security group for SAP ports to allow traffic on port 443.
  • B. Create route table entries to allow traffic from the database EC2 instances to the NAT gateway.
  • C. Turn off the source/destination check for the database EC2 instances.
  • D. Create an IAM role that has permission to access network traffic. Associate the role with the database EC2 instances.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Grillppl at Feb. 7, 2023, 11:56 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kaishin0527
Highly Voted 1 year, 9 months ago
Selected Answer: C
C: When you use an overlay IP address for a cluster, AWS doesn't recognize that IP address as belonging to the EC2 instances in your cluster. By default, AWS only allows an instance to send and receive traffic with the IP address assigned to its network interface. For routing to work properly with an overlay IP address, you need to disable the source/destination check on the EC2 instances in the cluster.
upvoted 5 times
...
tsangckl
Most Recent 1 year, 1 month ago
Selected Answer: C
for certain cases like the one described here, where the EC2 instances are being used for routing purposes (such as in a NAT scenario or with IBM Db2 high availability disaster recovery), this check needs to be disabled. This allows the EC2 instances to handle traffic that isn’t specifically destined for the instance itself, which seems to be the requirement in this scenario. Therefore, turning off the source/destination check on the database EC2 instances should allow the traffic to be routed correctly.
upvoted 1 times
...
[Removed]
1 year, 10 months ago
Selected Answer: B
Option B is correct because creating route table entries to allow traffic from the database EC2 instances to the NAT gateway will resolve the issue of traffic not routing to the database EC2 instances. The NAT gateway is used to enable instances in a private subnet to connect to the internet or other AWS services but prevent the internet from initiating connections with the instances. Option C is incorrect because turning off the source/destination check for the database EC2 instances will not resolve the issue of traffic not routing to the database EC2 instances. The source/destination check is enabled by default on all Amazon EC2 instances. This feature must be disabled for instances that are used as NAT instances, and the DB instance is not being used as a NAT instance.
upvoted 1 times
[Removed]
1 year, 10 months ago
Edit, C is correct actually https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck
upvoted 2 times
...
...
blanco750
2 years, 2 months ago
Selected Answer: C
C is correct
upvoted 2 times
...
Azure1971
2 years, 2 months ago
Answer is C Disable the source/destination check Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. For cluster instances, source/destination check must be disabled on both EC2 instances which are supposed to receive traffic from the Overlay IP address. You can use the AWS CLI or AWS Management Console to disable source/destination check. For details, see the ec2 modify-instance-attribute documentation. https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration-prerequisites.html
upvoted 4 times
...
schalke04
2 years, 3 months ago
Selected Answer: C
C is correct
upvoted 3 times
...
ohcn
2 years, 3 months ago
I think C
upvoted 3 times
...
schalke04
2 years, 3 months ago
Selected Answer: B
B: makes sense
upvoted 1 times
...
Grillppl
2 years, 3 months ago
I think C https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration-prerequisites.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago