AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 23

A company that has SAP workloads on premises plans to migrate an SAP environment to AWS. The company is new to AWS and has no prior setup. The company has the following requirements:
The application server and database server must be placed in isolated network configurations.
SAP systems must be accessible to the on-premises end users over the internet.
The cost of communications between the application server and the database server must be minimized.
Which combination of steps should an SAP solutions architect take to meet these requirements? (Choose two.)

Answer options

• A. Configure a Network Load Balancer for incoming connections from end users.
• B. Set up an AWS Site-to-Site VPN connection between the company’s on-premises network and AWS.
• C. Separate the application server and the database server by using different VPCs.
• D. Separate the application server and the database server by using different subnets and network security groups within the same VPC.
• E. Set up an AWS Direct Connect connection with a private VIF between the company’s on-premises network and AWS.

Correct answer: B, D

Explanation

Option B is correct as setting up an AWS Site-to-Site VPN connection ensures secure communication between the on-premises network and AWS. Option D is also correct because using different subnets and network security groups within the same VPC allows for isolation while minimizing communication costs. Options A, C, and E do not meet the requirements effectively; for instance, a Network Load Balancer does not address the isolation needs, and using separate VPCs could increase costs and complexity.