A company decides to deploy SAP non-production systems on AWS by using the standard insta…

Question

A company decides to deploy SAP non-production systems on AWS by using the standard installation model in a single Availability Zone. The company will use Amazon Elastic File System (Amazon EFS) to host SAP file systems such as /sapmnt and /usr/sap/trans. The company launches the required Amazon EC2 instances to host these systems. However, the company cannot mount the EFS file systems to the respective EC2 instances. An SAP engineer needs to adjust the security groups that are assigned to the EC2 instances and EFS file systems to allow traffic between the EC2 instances and the EFS file systems. Which combination of steps should the SAP engineer take to meet these requirements? (Choose two.)

Accepted Answer

Correct answer: A, E. A. Configure the security groups that are associated with the EFS file systems to allow inbound access for the TCP protocol on the NFS port (TCP 2049) from all EC2 instances where the file systems are mounted. — E. Configure the security groups that are associated with the EC2 instances to allow outbound access to the EFS file systems on the NFS port (TCP 2049). — Option A is correct because it enables the necessary inbound access on the NFS port (TCP 2049) for the EFS file systems from the EC2 instances, allowing them to connect. Option E is also correct as it allows outbound access from the EC2 instances to the EFS file systems on the same port. The other options do not correctly configure the security groups to facilitate the required communication between the EC2 instances and the EFS file systems.

AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 115

Answer options

Correct answer: A, E

Explanation