AWS Certified SAP on AWS – Specialty (PAS-C01) — Question 53

An SAP specialist is building an SAP environment. The SAP environment contains Amazon EC2 instances that run in a private subnet in a VPC. The VPC includes a NAT gateway.
The SAP specialist is setting up IBM Db2 high availability disaster recovery for the SAP cluster. After configuration of overlay IP address routing, traffic is not routing to the database EC2 instances.
What should the SAP specialist do to resolve this issue?

Answer options

• A. Open a security group for SAP ports to allow traffic on port 443.
• B. Create route table entries to allow traffic from the database EC2 instances to the NAT gateway.
• C. Turn off the source/destination check for the database EC2 instances.
• D. Create an IAM role that has permission to access network traffic. Associate the role with the database EC2 instances.

Correct answer: C

Explanation

The correct answer is C because disabling the source/destination check allows the EC2 instances to send and receive traffic that is not directly addressed to their private IP addresses, which is essential for overlay IP routing. The other options do not address the routing problem caused by the source/destination check, as they focus on security group adjustments or NAT gateway configurations that are not relevant to the specific issue at hand.