AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 33

A company has an SAP environment that runs on AWS. The company wants to enhance security by restricting Amazon EC2 Instance Metadata Service (IMDS) to IMDSv2 only. The company’s current configuration option supports both IMDSv1 and IMDSv2. The security enhancement must not create an SAP outage.
What should the company do before it applies the security enhancement on EC2 instances that are running the SAP environment?

Answer options

• A. Ensure that the SAP kernel versions are 7.45 or later.
• B. Ensure that the EC2 instances are Nitro based.
• C. Ensure that the AWS Data Provider for SAP is installed on each EC2 instance.
• D. Stop the EC2 instances.

Correct answer: B

Explanation

The correct answer is B because Nitro-based EC2 instances support IMDSv2, ensuring compatibility with the security enhancement. Options A and C are not directly relevant to the IMDS version compatibility, and option D is unnecessary since the update can be applied without stopping the instances.