Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam PAS-C01 Topic 5 Question 23 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 23
Topic #: 5
[All PAS-C01 Questions]

A financial services company is implementing SAP core banking on AWS. The company must not allow any system information to traverse the public internet. The company needs to implement secure monitoring of its SAP ERP Central Component (SAP ECO system to check for performance issues and faults in its application. The solution must maximize security and must be supported by SAP and AWS.

How should be company integrate AWS metrics with its SAP system to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

VPC endpoints to ensure that traffic to and from the CloudWatch and EC2 services stays within the VPC. Additionally, an IAM policy is created to grant access to only the necessary actions, such as DescribeInstances and GetMetricStatistics, for all EC2 resources. This approach will provide secure monitoring of the SAP system while maximizing security and ensuring support from both SAP and AWS.

https://docs.aws.amazon.com/sap/latest/general/data-provider-req.html#vpc-endpoints


Contribute your Thoughts:

Lavonne
8 months ago
Alright, let's break this down. Option B uses a NAT gateway, which could expose us to the public internet a bit. That's a no-go. Option D is way too permissive with the IAM policy. So yeah, C is the clear winner here. Secure and supported by SAP and AWS? Sign me up!
upvoted 0 times
...
Lizbeth
8 months ago
Haha, imagine if we just gave the IAM policy full access to everything? That would be like leaving the keys in the ignition of a Ferrari - not a good idea! I'm with you guys, option C is the way to go.
upvoted 0 times
Ramonita
8 months ago
D) install the AWS data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows all actions for all EC2 resources.
upvoted 0 times
...
Vincenza
8 months ago
C) Install the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Create VPC endpoints for Amazon CloudWatch and Amazon EC2 Allow access through these endpoints Create an IAM policy that allows the ec2 Describe instances action, the cloudwatch GetMetricStatistics action, and the ec2 DescribeVolumes action for all EC2 resources.
upvoted 0 times
...
Rolland
8 months ago
B) Install the AWS Data Provider for SAP on the Amazon EC2 instances that host SAP Allow access to the Amazon CloudWatch and EC2 endpoints through a NAT gateway Create an IAM policy that allows the ec2 Describeinstances action, the cloudwatch.GetMetricStatistics action, and the ec2 DescribeVolumes action for all EC2 resources.
upvoted 0 times
...
Arlette
8 months ago
A) Set up SAP Solution Manager to call Amazon CloudWatch and Amazon EC2 endpoints with REST-based calls to populate SAPOSCOL details Use SAP transaction ST06N to monitor CPU and memory utilization on each EC2 instance
upvoted 0 times
...
...
Aliza
8 months ago
Yeah, I agree. Option C looks like the way to go. Creating those VPC endpoints and limiting the IAM permissions to just what's needed is a smart move. Gotta keep those bad guys out, you know?
upvoted 0 times
...
Ardella
8 months ago
Whoa, this question is no joke! We need to make sure our SAP system is secure and monitored properly. I'm leaning towards option C - it seems like the most robust solution that keeps everything within the VPC and minimizes internet exposure.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77