100% Pass Guarantee with Amazon PAS-C01 Dumps!

A company is starting a new project to implement an SAP landscape with multiple accounts that belong to multiple teams in the us-east-2 Region. These teams include procurement finance sales and human resources An SAP solutions architect has started designing this new landscape and the AWS account structures

The company wants to use automation as much as possible The company also wants to secure the environment implement federated access to accounts centralize logging and establish cross-account security audits in addition the company's management team needs to receive a top-level summary of policies that are applied to the AWS accounts.

What should the SAP solutions architect do to meet these requirements?

A. Use AWS CloudFormation StackSets to apply SCPs to multiple accounts in multiple Regions. Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

B. Use an AWS Elastic Beanstalk blue green deployment to create 1AM policies and apply them to multiple accounts together Use an Amazon CloudWatch dashboard to check the applied policies in the accounts

C. Implement guardrails by using AWS CodeDeploy and AWS CodePipeline to deploy SCPs into each account Use the CodePipeline deployment dashboard to check the applied policies in the accounts

D. Apply SCPs through AWS Control Tower Use the AWS Control Tower integrated dashboard to check the applied policies in the accounts

A company has deployed a highly available SAP NetWeaver system on SAP HANA into a VPC The system is distributed across multiple Availability Zones within a single AWS Region SAP NetWeaver is running on SUSE Linux Enterprise Server for SAP SUSE Linux Enterprise High Availability Extension is configured to protect SAP ASCS and ERS instances and uses the overlay IP address concept The SAP shared dies sapmnt and . usrsap. trans are hosted on an Amazon Elastic File System (Amazon EFS) tile system

The company needs a solution that uses already-existing private connectivity to the VPC. The SAP NetWeaver system must be accessible through the SAP GUI client tool.

Which solutions will meet these requirements? (Select TWO)

A. Deploy an Application Load Balancer Configure the overlay IP address as a target

B. Deploy a Network Load Balancer Configure the overlay IP address as a target

C. Use an Amazon Route 53 private zone Create an A record that has the overlay IP address as a target

D. Use AWS Transit Gateway Configure the overlay IP address as a static route in the transit gateway route table Specify the VPC as a target

E. Use a NAT gateway Configure the overlay IP address as a target

A company hosts multiple SAP applications on Amazon EC2 instances in a VPC While monitoring the environment the company notices that multiple port scans are attempting to connect to SAP portals inside the VPC. These port scans are originating from the same IP address block. The company must deny access to the VPC from all the offending IP addresses for the next 24 hours.

Which solution win meet this requirement?

A. Modify network ACLs that are associated with all public subnets in the VPC to deny access from the IP address block

B. Add a rule in the security group of the EC2 instances to deny access from the IP address block

C. Create a policy in AWS identity and Access Management (1AM) to deny access from the IP address block

D. Configure the firewall m the operating system of the EC2 instances to deny access from the IP address block