Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AZ-120 > test4 > Flashcards

test4 Flashcards

https://freedumps.certqueen.com/?s=az-120 (75 cards)

Start Studying
1
Q

You plan to deploy an SAP landscape that will have virtual machines deployed to multiple Azure regions.

You need to ensure that the virtual machines can communicate across the regions.

What should you configure?

virtual network peering in Azure
local network gateways
Azure Bastion hosts
Azure Relay

A

Correct Answer:
Virtual Network Peering in Azure

Why This Answer Is Correct for AZ-120:
Inter-Region Connectivity: Global VNet Peering connects VNets across Azure regions (e.g., East US to West US), enabling VMs to communicate using private IP addresses over Microsoft’s global backbone. This minimizes latency and ensures security (no public internet).
SAP Landscape Fit: For SAP, inter-region communication might support scenarios like HANA replication (e.g., System Replication across regions) or distributed application servers. Global VNet Peering is a recommended Azure networking solution for such architectures (Azure SAP workload guide).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You plan to migrate an on-premises SAP development system to Azure.

Before the migration, you need to check the usage of the source system hardware, such as CPU, memory, network, etc.

Which transaction should you run from SAP GUI?
SM51
DB01
DB12
ST06

A

Final Answer
Which transaction should you run from SAP GUI?

ST06

Why “ST06” is Correct?
Direct Match: ST06 (OS Monitor) provides comprehensive hardware usage stats (CPU, memory, network), aligning perfectly with the requirement.
Migration Planning: Data from ST06 informs Azure VM sizing (e.g., SAPS calculation) and network design, a critical pre-migration step.
SAP Native: As an SAP GUI transaction, it’s readily available on the on-premises system, requiring no additional tools.
AZ-120 Alignment: Reflects the exam’s focus on using SAP performance tools (like ST06, alongside EarlyWatch) for Azure migration preparation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have an on-premises SAP landscape and a hybrid Azure AD tenant. You plan to enable Azure AD authentication for SAP NetWeaver.

What should you configure first in Azure AD?

a conditional access policy
an Azure AD Application Proxy
a service principal
a user flow

A

Final Answer
c. a service principal

Why a Service Principal Is Correct
Service Principal Overview:
A service principal is an Azure AD identity created for an application or service to authenticate to Azure AD and access resources (e.g., via tokens). It’s the security object that represents an application in Azure AD.
Initial Step for SAP NetWeaver:
To enable Azure AD authentication (e.g., SAML SSO), SAP NetWeaver must be registered as an application in Azure AD. This requires creating an enterprise application (or custom app), which generates a service principal.
Process:
Register SAP NetWeaver as an app in Azure AD (e.g., via “Enterprise Applications” or “App Registrations”).
This creates a service principal, which is assigned an Application ID and configured with SAML metadata (e.g., entity ID, reply URL) to establish trust between Azure AD (IdP) and SAP NetWeaver (SP).
Hybrid Context: In a hybrid setup, the service principal enables Azure AD to authenticate users (synced from on-premises AD) and issue SAML tokens to SAP NetWeaver, leveraging the existing hybrid identity.
Why First: The service principal is foundational—it must exist before configuring SSO details, access policies, or proxies, as it defines the application’s identity in Azure AD.
SAP on Azure: Microsoft’s SAP NetWeaver SSO guides (e.g., “Configure Azure AD SSO for SAP NetWeaver”) start with registering the app, creating a service principal as the initial step.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DRAG DROP

You have an SAP landscape on Azure that contains the virtual machines shown in the following table.
Name Configuration
DB1 Microsoft SQL Server 2017
HANA1 SAP HANA 2.0
WEB01 SAP Web Dispatcher that runs on Windows Server 2019

You need to recommend a recovery solution in the event of an Azure regional outage.

The solution must meet the following requirements:

  • Minimize costs.
  • Minimize data loss.
  • Minimize administrative effort.

What should you recommend for each virtual machine? To answer, drag the appropriate services to the correct virtual machines. Each service may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
Services:
- An AlwaysOn availability group
- An application group
- Azure Backup
- Azure Site Recovery
- HANA system replication
- Geo-zone-redundant storage (GZRS)

Answer Area:
DB1: [__________]
HANA1: [__________]
WEB01: [__________]

A

Answer Area:
DB1: Azure Site Recovery
HANA1: Azure Site Recovery
WEB01: Azure Site Recovery

DB1 (Microsoft SQL Server 2017): Azure Site Recovery
Why Correct:
Regional Outage: ASR replicates the entire VM to another region (e.g., West US), enabling failover.
Costs: Lower than AlwaysOn (no extra SQL licensing or multi-VM setup); pay-per-use replication.
Data Loss: Near-zero RPO with continuous replication.
Effort: Managed service, automated failover, minimal setup (configure replication, recovery plan).
SQL Fit: ASR supports SQL Server VMs without needing AlwaysOn, though AlwaysOn could work (higher cost/effort).
HANA1 (SAP HANA 2.0): Azure Site Recovery
Why Correct:
Regional Outage: ASR replicates the HANA VM to another region, ensuring recovery.
Costs: Cheaper than HANA System Replication (no secondary HANA instance or licensing).
Data Loss: Near-zero RPO, though requires HANA shutdown during final sync for consistency (acceptable for DR).
Effort: Simpler than HANA System Replication (no HANA-specific config); managed by Azure.
HANA Fit: ASR is viable for HANA VMs (Azure SAP guide), though HANA replication is an alternative (higher cost/effort).
WEB01 (SAP Web Dispatcher on Windows Server 2019): Azure Site Recovery
Why Correct:
Regional Outage: ASR replicates the VM to another region, ensuring Web Dispatcher availability.
Costs: Low-cost DR (replication only, no extra infrastructure).
Data Loss: Minimal (stateless nature of Web Dispatcher reduces RPO concerns).
Effort: Automated, minimal setup (replication and failover plan).
Web Dispatcher Fit: Stateless app server; ASR ensures VM recovery without complex configs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You plan to migrate an SAP HANA instance to Azure. You need to gather CPU metrics from the last 24 hours from the instance.

Solution: You query views from SAP HANA Studio.

Does this meet the goal?

Yes
No

A

Final Answer
Does this meet the goal?

Yes

Why “Yes” is Correct?
Goal Alignment: Querying views in HANA Studio directly provides CPU metrics (e.g., utilization %) for the HANA instance, meeting the explicit requirement.
Historical Coverage: HANA’s system views and statistics services retain 24-hour data, accessible via SQL, fulfilling the time frame.
SAP Native: HANA Studio is an SAP-provided tool, ideal for pre-migration analysis, and doesn’t rely on external or Azure-specific solutions at this stage.
AZ-120 Relevance: The exam tests SAP HANA monitoring tools (e.g., Studio, Cockpit) for gathering performance data, and this solution fits that focus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Drag and Drop Question
You have an SAP environment on Azure.
You use Azure Site Recovery to protect an SAP production landscape.
You need to validate whether you can recover the landscape in the event of a failure. The solution must minimize the
impact on the landscape.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to
the answer area and arrange them in the correct order.

Actions

Validate the SAP production landscape
Create a virtual network that has the same subnets as the SAP production landscape
Create a network security group (NSG) that restricts traffic to the primary region
Shut down production virtual machines
Select Test failover from the Recovery Plans blade
Add a public IP address to a management server in the disaster recovery region

Answer Area

A

Final Answer
Answer Area:

Create a virtual network that has the same subnets as the SAP production landscape.
Create a network security group (NSG) that restricts traffic to the primary region.
Select Test failover from the Recovery Plans blade.
Validate the SAP production landscape.

Create a virtual network that has the same subnets as the SAP production landscape
What it does: Sets up a virtual network (VNet) in the DR region (e.g., West US) with subnets mirroring the production landscape (e.g., East US subnets for app, DB).
Why Required: ASR test failover requires a target VNet to host test VMs, ideally matching the production subnet structure to ensure identical networking (e.g., IP ranges, routing) for SAP components.
Impact: Non-disruptive, as it’s a preparatory step in the DR region.
Placement: First, to provide the network foundation for the test failover.
Create a network security group (NSG) that restricts traffic to the primary region
What it does: Configures an NSG to limit traffic for test VMs, preventing them from interacting with production (primary region) or external networks.
Why Required: Ensures test failover VMs are isolated, avoiding accidental interference with production (e.g., SAP app servers contacting live DB). For SAP, this might restrict traffic to DR region subnets or specific test endpoints.
Impact: Non-disruptive, enhances security during testing.
Placement: Second, after VNet creation, to secure the test environment before failover.
Select Test failover from the Recovery Plans blade
What it does: Initiates a test failover in ASR, spinning up temporary VMs in the DR region based on the recovery plan, using the configured VNet and NSG.
Why Required: Core action to simulate DR recovery, testing whether the SAP landscape (e.g., HANA, ASCS, app servers) can start and function in the DR region.
Impact: Minimized, as test failover doesn’t affect production VMs (runs in isolation).
Placement: Third, after network setup, to execute the test.
Validate the SAP production landscape
What it does: Verifies the test failover VMs in the DR region, checking SAP functionality (e.g., HANA replication, app server connectivity, transaction processing).
Why Required: Confirms the recovery meets SAP requirements (e.g., system integrity, performance), completing the validation goal.
Impact: Non-disruptive, as validation occurs on test VMs.
Placement: Last, after failover, to assess the recovered landscape.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Drag and Drop Question
You have an SAP environment on Azure.
You use Azure Recovery Services to back up an SAP application server.
You need to test the restoration process of a file on the server.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions
to the answer area and arrange them in the correct order.

Actions

Download and run the mount disk executable
From Azure Cloud Shell, run the Get-AzBackupItem cmdlet
From Azure Recovery Vault, select File Recovery
Recover the file and unmount the disk
From Azure Cloud Shell, run the Get-AzBackupRecoveryPoint cmdlet

Answer Area

A

Final Answer
Answer Area:

From Azure Recovery Vault, select File Recovery.
Download and run the mount disk executable.
Recover the file and unmount the disk.

Correct Sequence Rationale
Step 1: Select File Recovery – Initiates the process in the Recovery Services vault, selecting the SAP server and recovery point.
Step 2: Download and run mount disk executable – Mounts the backup as a virtual disk to access files.
Step 3: Recover file and unmount disk – Retrieves the file and cleans up, completing the test.
Minimizes Impact: Uses Azure Backup’s non-disruptive file recovery, avoiding full VM restores.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You plan to implement a highly available, three-tier deployment of an SAP NetWeaver landscape on Azure. The landscape will use SUSE Linux Enterprise Server (SLES).

You need to implement the SAP NetWeaver central services (ASCS/SCS) tier.

What should you do? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.
Answer Area

Provision the sapmnt share by using:
A Storage Spaces Direct scale-out file server (SOFS)
Azure NetApp Files
Azure Premium Files

Implement high availability for the Azure virtual machines that host the ASCS/SCS tier by using:
Pacemaker
An SAP NetWeaver Enqueue Replication Server (ERS)
GlusterFS
An NFS cluster

A

Final Answer
Provision the sapmnt share by using: Azure NetApp Files

Implement high availability for the Azure virtual machines that host the ASCS/SCS tier by using: Pacemaker

Why “Azure NetApp Files” is Correct:
NFS Support: Native NFS 4.1, ideal for SLES and sapmnt.
HA and Performance: Built-in HA and low-latency access, critical for ASCS/SCS shared files.
SAP Certification: Preferred by SAP and Microsoft for NetWeaver deployments.

Why “Pacemaker” is Correct:
HA Solution: Manages failover for ASCS/SCS VMs, ensuring the tier remains available (e.g., 99.99% SLA with zones).
SAP/SLES Standard: SAP’s reference architecture for Linux HA uses Pacemaker with ERS and Azure integration (e.g., STONITH for fencing).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You have an SAP on Azure landscape.

You configure SAP Central Services (SCS) to write logs to Windows Event Viewer.

You need to collect the logs in Azure Monitor by using a Data Collection Rule (DCR). The solution must prevent the logs from being sent via the internet.

Which two resources should you configure? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.
a Log Analytics agent
B.
a service endpoint
C.
a user-defined route
D.
a private link scope
E.
a data collection endpoint

A

Final Answer
Which two resources should you configure?

A. a Log Analytics agent
D. a private link scope

Why “Log Analytics agent” and “private link scope” Are Correct?
Log Analytics agent:
Collects Windows Event Viewer logs (SCS events) from the VM, configured via the DCR to filter and send specific logs to Azure Monitor.
Essential for log ingestion, a core requirement.
Private link scope:
Configures a private endpoint for the Log Analytics workspace, ensuring logs are transmitted over Azure’s private network (VNet), meeting the “no internet” requirement.
Critical for SAP production security and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have an SAP production landscape that uses SAP HANA databases on Azure. The HANA database server is a Standard_M32ms Azure virtual machine that has 864 GB of RAM.

The HANA database is 400 GB. You expect the database to grow by 40 percent during the next 12 months.

You resize the HANA database server virtual machine to Standard_m64ms and 1,024 GB of RAM.

You need to recommend additional changes to minimize performance degradation caused by database growth.

What should you recommend for the HANA database server?

A. Configure additional disks.
B. Add a scale out node.
C. Add a secondary network interface.
D. Increase the number of vCPUs.

A

Final Answer
What should you recommend for the HANA database server?

A. Configure additional disks.

Why “Configure additional disks” is Correct?
Addresses Performance Degradation:
Database growth to 560 GB increases storage demands for /hana/data, /hana/log, and /backup, risking I/O bottlenecks if current disks are undersized or lack IOPS.
Additional disks (e.g., Premium SSD P30, Ultra Disk) provide capacity (~840 GB data, ~1,680 GB backup) and performance (e.g., 5,000–20,000 IOPS).
SAP HANA Fit:
HANA’s performance relies on fast disk I/O for persistence and log writes, critical for production workloads.
Microsoft’s HANA on Azure guide recommends scaling storage (e.g., adding disks, using Write Accelerator) for growth, especially on M-series VMs.
RAM Sufficiency: The resize to M64ms (1,024 GB RAM) already addresses memory needs, making storage the next bottleneck.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You have an SAP Cloud Platform subscription and an Azure Active Directory (Azure AD) tenant.
You need to ensure that Azure AD users can access SAP Cloud App by using their Azure AD credentials.
What should you configure?
A. Active Directory Domain Services (AD DS)
B. SAP Cloud Platform Identity Authentication
C. A conditional access policy
D. SAP Cloud Connector

A

Final Answer
What should you configure?
B. SAP Cloud Platform Identity Authentication

Why Correct:
Azure AD Integration: IAS supports SAML-based SSO with Azure AD, enabling users to use their Azure AD credentials for SAP Cloud Platform apps.
SAP Standard: The recommended approach for integrating external IdPs with SAP Cloud Platform, ensuring secure, seamless access.
Configuration Steps:
In Azure AD: Create an enterprise application for SAP Cloud Platform, configure SAML settings (e.g., entity ID, reply URL).
In SAP Cloud Platform IAS: Import Azure AD metadata, map attributes (e.g., user ID), and assign the app.
Scalability: Works for all SAP Cloud Platform apps, supporting Contoso’s user base.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You migrate an SAP environment to Azure.
You need to inspect all the outbound traffic from the SAP application servers to the Internet.
Which two Azure resources should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Azure Traffic Manager
B. Azure Firewall
C. Network Performance Monitor
D. Azure user-defined routes
E. Azure Load Balancer NAT rules
F. a Web Application Firewall (WAF) for Azure Application Gateway

A

Final Answer
Which two Azure resources should you use?
B. Azure Firewall
D. Azure user-defined routes

Why “Azure Firewall” and “Azure user-defined routes” Are Correct?
Azure Firewall:
Provides comprehensive inspection (application and network layers) and logging of outbound traffic from SAP application servers to the Internet, capturing details like URLs, IPs, and ports.
SAP-compatible, commonly used in Azure SAP architectures for security and compliance.
Azure user-defined routes:
Ensures all outbound traffic is routed through Azure Firewall by overriding default Internet routes, enabling centralized inspection without missing any packets.
Critical for enforcing firewall inspection in a VNet architecture.
Combined Solution:
Deploy Azure Firewall in a hub VNet.
Configure UDRs on the SAP app server subnet (spoke VNet) to route 0.0.0.0/0 to the firewall’s private IP.
Firewall inspects and logs traffic, ensuring all outbound connections are monitored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have an SAP landscape on Azure.
You deploy an SAP Web Dispatcher named web1.
You need to confirm that web1 can support 1,500 users.
What should you use?
A. Apache JMeter
B. lometer
C. ABAPMeter
D. FIO

A

Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You deploy an SAP production landscape on Azure virtual machines that run SUSE Linux Enterprise Server (SLES).
You need to generate a report that details performance differences between instances of an SAP AS ABAP system.
What should you use?
A. JMeter
B. Micro Focus LoadRunner
C. SAP UI5 SpeedtestTool
D. ABAPmeter

A

Final Answer
What should you use?
D. ABAPmeter

Why Correct:
Performance Differences: Designed to analyze and report performance across ABAP instances (e.g., different application servers), capturing metrics like work process load, RFC performance, and transaction times.
Report Generation: Produces structured reports (e.g., via SAP GUI) comparing instance performance, ideal for identifying bottlenecks or differences.
SAP Fit: Native to SAP NetWeaver ABAP, integrated with the SAP system, and tailored for ABAP-specific workloads (e.g., ECC, S/4HANA).
Azure Context: Works seamlessly on Azure VMs running SLES, providing insights for optimizing SAP deployment (e.g., VM sizing, load balancing).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You deploy SAP HANA on Azure (Large Instances).
You need to back up the SAP HANA database to Azure.
Solution: Back up directly to disk, copy the backups to an Azure virtual machine, and then copy the backup to an Azure
Storage account
Does this meet the goal?
A. Yes
B. No

A

Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have an Azure tenant and an SAP Cloud Platform tenant.

You need to ensure that users sign in automatically by using their Azure AD accounts when they connect to SAP Cloud Platform.

Which four actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Actions

Configure the SAML settings for the Identifier
and Reply URL.
From the SAP Cloud Platform Identity administration console, configure a corporate identity provider to use the Federation Metadata XML file.
From the Azure Active Directory admin center, configure the SAP Cloud Platform Identity app to use the Federation Metadata XML file.
From the Azure Active Directory admin center, download the Federation Metadata XML file.
From the Azure Active Directory admin center, add the SAP Cloud Platform Identity Authentication enterprise app.

Answer Area

A

Final Answer
Answer Area:

From the Azure Active Directory admin center, add the SAP Cloud Platform Identity Authentication enterprise app.
From the Azure Active Directory admin center, download the Federation Metadata XML file.
From the SAP Cloud Platform Identity administration console, configure a corporate identity provider to use the Federation Metadata XML file.
From the Azure Active Directory admin center, configure the SAP Cloud Platform Identity app to use the Federation Metadata XML file.

From the Azure Active Directory admin center, add the SAP Cloud Platform Identity Authentication enterprise app
What it does: In Azure AD, add the SAP Cloud Platform Identity Authentication application from the Azure AD gallery (or create a non-gallery app) to represent the SAP Cloud Platform IAS.
Why Required: Initiates the SSO configuration by registering SAP Cloud Platform as an enterprise application in Azure AD, enabling SAML setup.
Placement: First, as you need to create the app before configuring or downloading metadata.
From the Azure Active Directory admin center, download the Federation Metadata XML file
What it does: Download the Azure AD Federation Metadata XML file from the SAML Signing Certificate section of the SAP Cloud Platform Identity app in Azure AD. This file contains Azure AD’s IdP details (e.g., entity ID, sign-on URL).
Why Required: Provides SAP Cloud Platform IAS with Azure AD’s metadata to establish trust for SAML SSO.
Placement: Second, after adding the app, as the metadata file is generated for the specific enterprise app.
From the SAP Cloud Platform Identity administration console, configure a corporate identity provider to use the Federation Metadata XML file
What it does: In the SAP Cloud Platform IAS admin console, create a corporate IdP, upload the Azure AD Federation Metadata XML file, and configure SAML settings (e.g., attribute mappings).
Why Required: Configures IAS to trust Azure AD as the IdP, enabling SSO for SAP Cloud Platform apps.
Placement: Third, after downloading the metadata, as IAS needs Azure AD’s details to proceed.
From the Azure Active Directory admin center, configure the SAP Cloud Platform Identity app to use the Federation Metadata XML file
What it does: In Azure AD, configure the SAP Cloud Platform Identity app’s SAML settings by uploading the Federation Metadata XML file from SAP Cloud Platform IAS (obtained from IAS’s metadata endpoint) and setting the Identifier (Entity ID) and Reply URL (ACS URL).
Why Required: Completes the SAML trust by providing Azure AD with IAS’s service provider details, enabling bidirectional authentication.
Placement: Fourth, as it requires IAS metadata (available after configuring the corporate IdP) and finalizes the SSO setup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have an SAP production landscape that uses SAP HANA databases.

You configure a metric alert for the primary HANA server as shown in the following exhibit.

Configure signal logic
Percentage CPU (Platform)
The percentage of allocated compute units that are currently in use by the virtual Mechibels

Answer Area
Statements
HANA Admins will be alerted by email if the server is at 85 percent for one minute, and then lowers to 40 percent.
HANA Admins will be alerted if the server is at 95 percent for 15 minutes.
Amy@contoso.com will be alerted by email if the server CPU cycles between 80 and 90 percent for 15 minutes,

A

Answer Area
Statements:

HANA Admins will be alerted by email if the server is at 85 percent for one minute, and then lowers to 40 percent.
Answer: No
HANA Admins will be alerted if the server is at 95 percent for 15 minutes.
Answer: Yes
Amy@contoso.com will be alerted by email if the server CPU cycles between 80 and 90 percent for 15 minutes.
Answer: No

HANA Admins will be alerted by email if the server is at 85 percent for one minute, and then lowers to 40 percent.
Evaluation:
Threshold: The alert likely triggers at 95% (based on statement 2). A CPU of 85% for one minute doesn’t meet this threshold.
Duration: One minute is too short for a 15-minute evaluation period. Azure Monitor typically aggregates over multiple intervals (e.g., 5 minutes), and the CPU dropping to 40% would lower the average below 95%.
Alert Logic: The alert requires sustained high CPU (e.g., average ≥95% over 15 minutes). A brief spike to 85% followed by 40% won’t trigger it.
Answer: No
The condition (85% for 1 minute, then 40%) doesn’t satisfy the likely threshold (95%) or duration (15 minutes).
HANA Admins will be alerted if the server is at 95 percent for 15 minutes.
Evaluation:
Threshold: Matches the inferred threshold of ≥95% CPU.
Duration: 15 minutes aligns with the evaluation period (e.g., three 5-minute intervals averaging ≥95%).
Action Group: “HANA Admins” are notified via email, as they’re part of the action group.
Alert Logic: If the average CPU is ≥95% for 15 minutes, the alert triggers, sending emails to HANA Admins.
Answer: Yes
The condition meets the threshold and duration, triggering the alert.
Amy@contoso.com will be alerted by email if the server CPU cycles between 80 and 90 percent for 15 minutes.
Evaluation:
Threshold: CPU cycling between 80–90% is below the inferred 95% threshold. The average CPU over 15 minutes would be ≤90%, not triggering the alert.
Duration: 15 minutes matches the evaluation period, but the CPU range is too low.
Action Group: Even if Amy@contoso.com is in the action group, the alert won’t trigger, so no email is sent.
Alert Logic: The alert requires ≥95% average CPU, not 80–90%.
Answer: No
The CPU range (80–90%) doesn’t meet the threshold, so no alert is sent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Hotspot Question
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer Area

Statements

When you deploy two standalone SAP Web Dispatchers to separate clustered virtual machines, you must deploy a load balancer to make the solution highly available
When you deploy Primary Application Server (PAS) and Additional Application Server (AAS) instances on separate virtual machines for SAP NetWeaver, you must deploy an Azure load balancer for high availability
When using an availability group listener for SAP application connectivity to Microsoft SQL Server servers in different Azure regions, you must deploy a load balancer in front of the
disaster recovery SQL Server virtual machine

A

Final Answer
Answer Area:

When you deploy two standalone SAP Web Dispatchers to separate clustered virtual machines, you must deploy a load balancer to make the solution highly available: Yes
When you deploy Primary Application Server (PAS) and Additional Application Server (AAS) instances on separate virtual machines for SAP NetWeaver, you must deploy an Azure load balancer for high availability: No
When using an availability group listener for SAP application connectivity to Microsoft SQL Server servers in different Azure regions, you must deploy a load balancer in front of the disaster recovery SQL Server virtual machine: No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You ate planning an SAP on Azure deployment.

You need to recommend a storage access solution that meets the following requirements;

  • Provides a common file share that will be accessed by virtual machines that run either Red Hat Enterprise Linux (RHEL) or Windows Server 2022.
  • Ensures that each virtual machine uses its native sharing protocol to access the common file share.

Which type of storage should you include in the recommendation?

Options:
A.
a standard storage account file share
B.
Azure NetApp Files in dual protocol mode
C.
a premium storage account file share
D.
Azure NetApp Files in NFSv4.1 mode

A

Final Answer
Which type of storage should you include in the recommendation?

B. Azure NetApp Files in dual protocol mode

Why “Azure NetApp Files in dual protocol mode” is Correct?
Meets Requirements:
Common File Share: A single ANF volume serves both RHEL and Windows VMs, accessible concurrently.
Native Protocols: Supports NFS 4.1 for RHEL and SMB 3.0 for Windows on the same volume, ensuring each VM uses its preferred protocol.
SAP Compatibility:
SAP-certified for NetWeaver and HANA, ideal for critical shares like sapmnt, transport directories, or shared profiles in SAP landscapes.
High performance (low latency, high IOPS) meets SAP’s production requirements.
Azure Fit:
Dual-protocol mode (NFS + SMB) is a unique ANF feature, integrating with Azure AD for identity management, perfect for mixed OS environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

for each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.
Answer Area

Statements

When configuring an Azure virtual machine, the Azure Enhanced Monitoring features are
required to monitor SAP application performance.
To successfully start an Azure virtual machine that contains SAP, you must have Azure
Enhanced Monitoring installed.
If you deploy SAP by using the Azure Resource Manager templates for SAP, Azure Enhanced
Monitoring is installed automatically.

A

Final Answer
Answer Area:

When configuring an Azure virtual machine, the Azure Enhanced Monitoring features are required to monitor SAP application performance: No
To successfully start an Azure virtual machine that contains SAP, you must have Azure Enhanced Monitoring installed: No
If you deploy SAP by using the Azure Resource Manager templates for SAP, Azure Enhanced Monitoring is installed automatically: Yes

Why These Answers Are Correct?
Statement 1 (No):
Azure Enhanced Monitoring enhances SAP monitoring but isn’t required, as SAP-native tools (e.g., CCMS, Solution Manager) or basic Azure Monitor can suffice, per Microsoft’s flexible monitoring options.
Statement 2 (No):
VM and SAP startup are independent of monitoring extensions, ensuring operational functionality without Azure Enhanced Monitoring, aligning with SAP’s architecture.
Statement 3 (Yes):
Microsoft’s SAP ARM templates automate the deployment of Azure Enhanced Monitoring, ensuring production-ready monitoring, a common practice in SAP-on-Azure deployments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

You have an Azure subscription.

You plan to deploy an SAP production landscape on Azure

You need to select a support plan. The solution must meet the following requirements:

  • Respond to critical impact incidents within one hour.
  • Minimize costs.

What should you choose?

Options:
A.
Professional Direct
B.
Standard
C.
Basic
D.
Premier

A

Final Answer
What should you choose?

B. Standard

Why “Standard” is Correct?
Meets Response Time Requirement:
Guarantees a 1-hour initial response for Severity A incidents, aligning with the need for rapid support in an SAP production landscape (e.g., resolving HANA downtime or network issues).
Minimizes Costs:
At $100/month, it’s the cheapest plan offering Severity A support, compared to Professional Direct ($1,000/month) and Premier (≥$1,000/month).
SAP Production Fit:
SAP landscapes (e.g., NetWeaver, HANA) are business-critical, but the Standard plan’s 24/7 support and 1-hour response are adequate for most production scenarios, per Microsoft’s recommendation for minimal critical dependence.
Covers Azure-specific issues (e.g., VM, storage, networking) and provides guidance for SAP integration, sufficient for AZ-120 scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

HOTSPOT

You have an SAP production landscape on Azure that contains the resources shown in the following table.

Name Type
PN0 SAP security identifier (SID)
00 Instance ID
VM1 Virtual machine
RG1 Resource group
You need to stop the SAP services so that you can perform monthly maintenance.

Which command should you run from the Azure Cloud Shell? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Answer Area

“Stopsap name=PN0 nr=00” | out-file .\command.ps1

(First dropdown options):

Stopsap

Sapslscli

runSAP3Class.cmd

sapshtuc.exe

(Second dropdown options): -ResourceGroupName “RG1” -VMName “VM2” -ScriptPath .\command.ps1 -CommandId “RunPowerShellScript”

Invoke-AzVMRunCommand
Invoke-AzResourceAction
Get-Command
Set-AzVMCustomScriptExtension

A

Correct Selections:

First dropdown: Stopsap
Second dropdown: Invoke-AzVMRunCommand

Why “Stopsap” is Correct:
Matches the SAP command to stop services for SID PN0 and instance 00.
Aligns with the script creation (out-file .\command.ps1) for later execution.
SAP Fit: Standard for SAP system administration, per Microsoft’s SAP-on-Azure guidance.

Why “Invoke-AzVMRunCommand” is Correct:
Executes the command.ps1 script on the VM to stop SAP services, matching the command structure.
Azure-native, ideal for Cloud Shell execution, per Microsoft’s SAP-on-Azure practices.
Handles the typo (“VM2” vs. “VM1”) as the command is valid for any VM, assuming VM1 is intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

HOTSPOT

You have two Azure virtual machines that run SUSE Linux Enterprise Server (SLES).
You plan to implement a highly available SAP HANA deployment.
You need to implement a STONITH block device (SBD) for the planned implementation.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer Area

Azure resource:
Azure NetApp Files
An Azure Storage account
An Azure virtual machine
Protocol:
iSCSI
NFS
SMB

A

Final Answer
Azure resource: An Azure Storage account
Protocol: iSCSI

Why These Selections Are Correct?
An Azure Storage account:
Provides the storage backend (e.g., Azure Files, shared disk) for a disk-based SBD, the foundation for creating the shared resource needed for Pacemaker fencing.
Aligns with Microsoft’s guidance for SBD in SAP HANA HA setups on Azure.
iSCSI:
The standard protocol for block-level SBD access, ensuring Pacemaker can use the shared disk for fencing, compatible with SLES and Azure Disks.
Matches SAP’s HA requirements for reliable node isolation.
SAP HANA HA Fit:
SBD ensures cluster integrity by fencing failed nodes, critical for HANA’s high availability (e.g., system replication across VMs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You plan to implement a highly available SAP HANA deployment by using two Azure virtual machines that run SUSE Linux Enterprise Server (SLES).

You need to create an Azure Fence agent STONITH block device (SBD).

What should you do first?

A. Create a storage account.
B. Create a system-assigned managed identity.
C. Create an application registration in Azure Active Directory (Azure AD).
D. Create a user-assigned managed identity.

A

Final Answer
What should you do first?

A. Create a storage account.

Why “Create a storage account” is Correct?
Traditional SBD Assumption:
If the question intends a disk-based SBD (less common but possible), a storage account is the first step to provision a shared disk (e.g., Azure Files NFS for SLES).
Steps: Create storage account → provision Azure Files → configure SBD in Pacemaker.
Counterpoint (Azure Fence Agent):
The Azure Fence Agent is the standard for SAP HANA HA on Azure, not requiring a storage account but needing a managed identity.
However, the question’s “SBD” and option set (storage account prominence) suggest a traditional SBD interpretation.
Final Decision:
Given the options and AZ-120’s focus on practical SAP HA, storage account aligns with creating a disk-based SBD, a plausible first step if the question assumes a shared disk setup (e.g., for SLES compatibility).
If “SBD” means Azure Fence Agent, system-assigned managed identity would be first, but the storage account option better fits the question’s framing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
You have a SUSE Linux Enterprise Server (SLES) duster that runs SAP HANA. You plan to use Azure Monitor for SAP Solutions to collect STONITH block device (SBD) metrics from the cluster. Which provider should you use. and what should you install on each cluster node? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Provider: Hinh-availability cluster (Pacemaker) OS (Linux) Dunpso SAP HANA Install: ha cluster exporter node_ exporter Performance co-pilot
Final Answer Provider: High-availability cluster (Pacemaker) Install: ha_cluster_exporter Why These Selections Are Correct? High-availability cluster (Pacemaker): Correctly targets SBD metrics, as SBD is a Pacemaker fencing mechanism, and the HA cluster provider is designed to monitor cluster components like SBD. Aligns with AMS architecture for SAP HANA HA on SLES, per Microsoft documentation. ha_cluster_exporter: Enables SBD metrics collection by exporting Pacemaker data (including SBD status) to AMS via Prometheus endpoints. Specifically required for SLES clusters, as confirmed by Microsoft Learn. SAP HANA HA Fit: SBD ensures cluster integrity in HANA HA setups (e.g., system replication), and monitoring SBD via AMS prevents split-brain scenarios, critical for production.
26
You are deploying an SAP production landscape on Azure. You deploy virtual machines that have SAP Digital Boardroom and SAP HANA installed. You need to measure network latency between the virtual machines. What should you use? Options: A. SockPerf B. Connection Monitor in Azure Network Watcher C. lometer D. Network Performance Monitor
Final Answer What should you use? B. Connection Monitor in Azure Network Watcher Why “Connection Monitor in Azure Network Watcher” is Correct? Direct Fit: Measures network latency (round-trip time) between VMs hosting SAP Digital Boardroom and SAP HANA, providing precise metrics (e.g., ms) for performance analysis. Azure-Native: Seamlessly integrates with Azure, requiring no external software, ideal for a production SAP landscape. SAP Compatibility: Supports SAP’s latency-sensitive workloads (e.g., HANA queries, Digital Boardroom analytics), ensuring optimal network performance. Ease of Use: Configurable via Azure portal, with monitoring and alerting capabilities, aligning with production requirements. AZ-120 Relevance: Reflects the exam’s focus on Azure Network Watcher tools (e.g., Connection Monitor) for SAP network diagnostics, distinguishing it from generic (SockPerf) or deprecated (NPM) options.
27
You need to implement a deployment of SAP NetWeaver on Azure. The deployment will be hosted on Esv3 virtual machines that run on dedicated hosts. The hosts will be deployed to different availability zones in a single Azure region. The solution must meet the following requirements: * Ensure maximum availability of the dedicated hosts. * Minimize network latency for database writes when the virtual machines run on hosts in different availability zones. What should you use for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer Area Ensure maximum availability of the dedicated hosts: Different proximity placement groups A single availability set Different fault domains Different proximity placement groups Minimize network latency for database writes when the virtual machines run on hosts in different availability zones: Accelerated Networking ExpressRoute Direct Write Accelerator
Final Answer Ensure maximum availability of the dedicated hosts: Different fault domains Minimize network latency for database writes when the virtual machines run on hosts in different availability zones: Write Accelerator Why “Different fault domains” is Correct: Aligns with the zone-based deployment, as each zone is a separate fault domain, ensuring maximum host availability (99.99% SLA with zones). SAP NetWeaver HA benefits from zone separation, reducing risk of simultaneous host failures. AZ-120 Relevance: Fault domains are key to Azure HA, especially for SAP’s critical workloads. Why “Write Accelerator” is Correct: Directly reduces disk write latency for database operations, critical for SAP HANA or other databases in NetWeaver across zones. Mitigates the impact of inter-zone distance on synchronous writes (e.g., HANA system replication). AZ-120 Relevance: Write Accelerator is a standard SAP-on-Azure feature for database performance, often tested.
28
Once the migrate completes, to which size should you set the ExpressRoute circuit to the New York office to meet the business goals and technical requirements? Options: A. 500 Mbps B. 1,000 Mbps C. 2,000 Mbps D. 5,000 Mbps
Final Answer Once the migration completes, to which size should you set the ExpressRoute circuit to the New York office to meet the business goals and technical requirements? C. 2,000 Mbps Why “2,000 Mbps” is Correct? Meets Technical Requirement: Supports the 3 Gbps burst with potential burst tolerance (ExpressRoute circuits can handle short-term peaks above nominal capacity, depending on the provider’s network). Covers the 1 Gbps migration need and post-migration average traffic, which is likely lower than the burst. Aligns with Business Goal: Minimizes costs by selecting the smallest standard circuit size (2 Gbps) that can reasonably handle the 3 Gbps peak, avoiding the more expensive 5 Gbps option. SAP Context: SAP workloads (e.g., ECC, HANA) often have bursty traffic (e.g., during backups, reporting). A 2 Gbps circuit is practical for a company like Contoso (15,000 employees, single office focus), as sustained 3 Gbps is unlikely. ExpressRoute Fit: Standard size (2,000 Mbps) aligns with Azure’s offerings, ensuring SAP-supported connectivity for the New York office.
29
HOTSPOT - Before putting the SAP environment on Azure into production, which command should you run to ensure that the virtual machine disks meet the business requirements? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Answer Area -resourcegroupname "SAPProduction" | Where {$ _. Sku.Name -ne " dropdown1: Get-AzDisk Get-AzVM Get-AzVMlmage dropdown2: Standard_LRS Premium_LRS Standard_RAGRS StandardsSSD_LRS
Correct Selections: dropdown1: Get-AzDisk dropdown2: Premium_LRS 🔹 dropdown1: Which command retrieves disks in a resource group? Get-AzDisk ✅ → Correct. This command retrieves all managed disks in a resource group, which allows you to check disk SKUs and validate their types. Get-AzVM → Retrieves VM metadata, not disk-level storage SKUs directly. Get-AzVMImage → Retrieves images for creating VMs, not relevant for checking existing disk types. ✅ Correct: Get-AzDisk 🔹 dropdown2: Which storage type is recommended for SAP workloads? Premium_LRS ✅ → SAP production workloads require Premium SSDs (Premium_LRS) for high performance and IOPS. Standard_LRS → Basic HDD, not suitable for SAP production. Standard_RAGRS → Geo-redundant storage, not used for VM disks. StandardSSD_LRS → Better than HDD but not suitable for high-performance SAP production. ✅ Correct: Premium_LRS
30
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You deploy SAP HANA on Azure (Large Instances). You need to back up the SAP HANA database to Azure. Solution: Back up directly to disk, copy the backups to an Azure virtual machine, and then copy the backup to an Azure Storage account. Does this meet the goal? A. Yes B. No
Final Answer Does this meet the goal? A. Yes Why “Yes” is Correct? Meets the Goal: The solution results in HANA backups stored in Azure Storage, fulfilling the requirement to “back up to Azure.” Technical Viability: Each step leverages supported technologies (HANA backup, Azure networking, Blob Storage). AZ-120 Relevance: The exam tests functional solutions for SAP HANA backups, even if suboptimal. This method, while indirect, achieves the goal and is consistent with Azure’s capabilities for HANA Large Instances. Case Study Alignment: No specific backup requirements (e.g., retention, restore time) conflict with this solution, and the focus on Azure storage aligns with Contoso’s migration to Azure.
31
You have an SAP production landscape in Azure. Users access the landscape from the internet by using Azure Application Gateway. You need to analyze the network traffic of the landscape by using Azure Network Watcher traffic analytics. What should you configure? A. network security group (NSG) flow logs B. Diagnostic settings in Application Gateway C. Network Manager D. Connection Monitor
A. network security group (NSG) flow logs Why “network security group (NSG) flow logs” is Correct? Enables Traffic Analytics: NSG flow logs are the required input for Azure Network Watcher traffic analytics, capturing IP traffic details across the SAP landscape (e.g., internet to Application Gateway, Application Gateway to VMs, VM-to-VM). Processed in a Log Analytics workspace to generate visualizations (e.g., traffic flows, top talkers), meeting the analysis goal. SAP Landscape Fit: Covers external user traffic (via Application Gateway) and internal SAP traffic (e.g., app servers to HANA database), critical for production monitoring. Identifies performance issues, security threats, or network bottlenecks in the SAP environment. Application Gateway Context: While Application Gateway handles user access, NSG flow logs capture network-level traffic for the entire landscape (VMs, subnets), aligning with the “landscape” scope.
32
You have an Azure virtual machine named VM1 that hosts an SAP application server. You need to implement snoozing for VM1. The solution must meet the following requirements: * Minimize compute costs for VM1. * Gracefully terminate the SAP application. What should you do? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Answer Area On VM1, run: sapcontrol.exe shutdown.exe stopsap.exe From Azure Cloud Shell, run: az vm deallocate az vm stop az vm wait
On VM1, run: sapcontrol.exe From Azure Cloud Shell, run: az vm deallocate Why These Selections Are Correct? stopsap.exe (On VM1): Gracefully terminates the SAP application server, ensuring all processes (e.g., work processes, enqueue) are stopped cleanly, preventing data issues. SAP-standard command for application shutdown, executed by the SAP admin on Windows. az vm deallocate (From Azure Cloud Shell): Deallocates VM1, releasing compute resources to eliminate compute charges, implementing the “snoozing” concept. Ensures cost minimization, critical for production SAP environments.
33
You have an SAP production landscape on-premises and an SAP development landscape on Azure. You deploy a network virtual appliance to act as a firewall between the Azure subnet and the on-premises network. Solution: You configure a user-defined route table. Does this meet the goal? A. No B. Yes
Correct Answer: B. Yes Why Correct? Meets the Goal: NVA as Firewall: The NVA requires traffic to flow through it to apply firewall rules. A UDR table configured on the Azure subnet hosting the SAP development landscape directs traffic to the NVA’s private IP, ensuring it can inspect and control communication with the on-premises SAP production landscape. Hybrid SAP Connectivity: The UDR enables secure, controlled traffic flow between the Azure-based SAP development environment and the on-premises SAP production environment, meeting the firewall requirement.
34
You have an Azure subscription named Sub! that contains a Microsoft Sentinel workspace named Workspace1. You have an SAP RISE managed workload that is integrated with Sub1. You need to implement the Microsoft Sentinel solution for SAP applications in Workspace1. The solution must meet the following requirements: * Generate an incident based on transaction codes when a sensitive SAP transaction is executed by an unauthorized user. * When an incident is generated, send a notification to a designated Microsoft Teams channel. * Minimize administrative effort. What should you include in the solution? To answer, select the appropriate options in the answer are a. NOTE: Each correct selection is worth one point. Answer Area To specify which transaction codes to track: A bookmark A threat intelligence indicator A watchlist To response to unauthorized transactions: A livestream A workbook An automation rule
To specify which transaction codes to track: A watchlist To response to unauthorized transactions: An automation rule Why “watchlist” is Correct: Directly supports tracking sensitive transaction codes by storing them in a reusable, centralized table. Used in Sentinel’s SAP solution to configure analytics rules (e.g., SAP - Sensitive Transaction Execution template) to generate incidents for unauthorized access. Minimizes administrative effort with pre-built watchlists and templates, editable without deep KQL knowledge. Why “automation rule” is Correct: Enables automated Teams notifications by invoking a playbook when an incident is generated, meeting the response requirement. Leverages Sentinel’s SAP playbooks (e.g., Lock user from Teams) for out-of-the-box integration with Teams, reducing configuration effort. Minimizes administrative effort with template-based rules and playbooks, deployable from the Sentinel portal or GitHub
35
You have an Azure subscription. You plan to deploy an SAP landscape that will store /sapmnt on an NFS Azure file share. You need to recommend a backup solution for /sapmnt. The solution must meet the following requirements: * Provide recoverability if the file share is deleted. * Minimize administrative effort. What should you include in the recommendation? A. AzCopy B. Azure Backup C. fpsync D. snapshots
Final Answer What should you include in the recommendation? D. snapshots Why “snapshots” is Correct? Recoverability: Snapshots create point-in-time copies of the /sapmnt file share, stored securely in the storage account. Persist after share deletion, allowing restoration of the entire share or specific files (e.g., /sapmnt//profile). Example CLI Restore: az storage share restore --name sapmnt --snapshot . Minimize Administrative Effort: Native to Azure Files, requiring minimal setup (enable via portal/CLI). Automated scheduling via simple scripts (e.g., Azure Automation) or Azure Backup’s snapshot feature (without full vault overhead). Management and recovery are intuitive, using the Azure portal or CLI, reducing operational complexity compared to Azure Backup (vaults, policies) or AzCopy (scripting).
36
You have two Azure virtual machines that host a Microsoft SQL Server 2019 failover cluster instance (FCI) named FCI1. FCI1 hosts the database tier of an SAP NetWeaver system. The application tier connects to FCI1 by using a virtual network name (VNN) of fci1.contoso.com. Name resolution is provided by an Azure Private DNS zone. On FCI1, you implement a distributed network name (DNN) of FCI1DNN and verify that you can connect to fci1dnn.contoso.com. You need to ensure that the application tier can use the DNN when connecting to FCI1. What should you do first? A. From SQL Server Configuration Manager on FCI1, create an alias in the SQL Server Native Client Configuration. B. In the private DNS zone, create an A record. C. From SQL Server Configuration Manager on FCI1, enable shared memory for the SQL Server Native Client Configuration. D. In the private DNS zone, create a CNAME record.
Answer What should you do first? Correct Answer: D. In the private DNS zone, create a CNAME record. Why “In the private DNS zone, create a CNAME record” is Correct? Addresses the Goal: Enables the SAP application tier to use the DNN (fci1dnn.contoso.com) by aliasing the existing VNN (fci1.contoso.com) to it, preserving SAP connection strings. Ensures DNS resolution via the Azure Private DNS zone, critical for VNet-wide connectivity. First Step: The verified fci1dnn.contoso.com indicates DNN DNS is functional (e.g., A records for node IPs or WSFC-managed). The CNAME record bridges the gap, redirecting fci1.contoso.com to fci1dnn.contoso.com, allowing immediate use by the application tier. SAP NetWeaver Fit: Maintains compatibility with SAP’s database connectivity (e.g., via ODBC/JDBC drivers), avoiding reconfiguration of SAP profiles or connection strings. Supports SQL Server FCI failover, as DNN handles node redirection.
37
You have an Azure subscription that contains a virtual machine named VM1. VM1 runs SUSE Linux Enterprise Server (SLES) and hosts an SAP workload. You deploy Azure Monitor for SAP solutions. You need to configure the Linux OS provider. The solution must ensure that you can collect monitoring data by using the Prometheus endpoint on VM1. Which firewall port should you open on VM1? A. 22 B. 80 C. 443 D. 9100
Final Answer Which firewall port should you open on VM1? D. 9100 Why “9100” is Correct? Meets the Requirement: Port 9100 is the default for the Prometheus Node Exporter, used by the Linux OS provider to expose VM1’s OS metrics (e.g., CPU, memory, disk I/O) in Prometheus format. Opening this port allows Azure Monitor for SAP Solutions to scrape the endpoint (e.g., http://VM1:9100/metrics), enabling data collection. SAP Workload Fit: Ensures comprehensive monitoring of the SLES-based SAP workload, capturing OS-level metrics critical for SAP performance (e.g., resource contention affecting NetWeaver or HANA). Minimal Configuration: Requires only opening port 9100 in the VM’s firewall (e.g., firewalld) and NSG, with Node Exporter already exposing metrics by default.
38
DRAG DROP - You have an Azure virtual machine named VM1 that runs SUSE Linux Enterprise Server (SLES) and hosts an SAP NetWeaver application server. You need to install the Azure VM extension for SAP solutions on VM1. Which three actions should you perform in sequence? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order. Actions Answer Area From Azure Cloud Shell, run az extension add. From Azure Cloud Shell, run az vm aem set. On VM1, restart the SAP Host Agent. On VM1, run curl http://127.0.0.1:11812/azure4sap/metrics. From Azure Cloud Shell, run az login.
Final Answer Answer Area: From Azure Cloud Shell, run az login. From Azure Cloud Shell, run az extension add. From Azure Cloud Shell, run az vm aem set. Why This Sequence is Correct? Meets the Goal: Installs the Azure VM extension for SAP solutions on VM1, enabling Azure Enhanced Monitoring for the SAP NetWeaver application server. The sequence (az login → az extension add → az vm aem set) follows the logical order of authentication, CLI preparation, and extension deployment. SAP Fit: The extension collects SAP-specific metrics (e.g., work processes, RFC performance) and OS metrics from VM1, integrating with Azure Monitor for SAP Solutions. Standard for SLES-based SAP systems, per Microsoft’s SAP-on-Azure documentation.
39
You have an SAP NetWeaver deployment hosted on Azure virtual machines that run SUSE Linux Enterprise Server (SLES) and are configured as a Pacemaker cluster. You need to monitor the deployment by using Azure Monitor for SAP Solutions. What should you install first on the cluster nodes? A. ha_duster_provider B. Performance Co-Pilot C. PMProxy D. pcp-pmda-hacluster
Answer What should you install first on the cluster nodes? Correct Answer: B. Performance Co-Pilot Why Correct: Role in Monitoring: PCP is the foundational component for collecting Pacemaker cluster metrics in Azure Monitor for SAP Solutions. It provides a framework for performance metric agents (PMDAs) to expose metrics, including cluster-specific metrics for Pacemaker. Integration with Azure Monitor: The High Availability Cluster Provider in Azure Monitor for SAP Solutions uses PCP to collect cluster metrics (e.g., via the pcp-pmda-hacluster agent). PCP exposes metrics in a Prometheus-compatible format, scraped by Azure Monitor. Installation on SLES: Available in SLES repositories (e.g., zypper install pcp). Installs core PCP components (e.g., pmcd, the PCP daemon) required for subsequent agents like pcp-pmda-hacluster. Sequence: PCP is the first component to install, as it’s a prerequisite for cluster-specific PMDAs (e.g., pcp-pmda-hacluster) and other monitoring agents. Without PCP, cluster metrics cannot be collected or exposed.
40
You have an SAP on Azure production landscape that is hosted on Standard M-series virtual machines. You plan to expand the storage on the virtual machines. Which type of disk can be expanded without causing downtime? A. Standard SSD B. Premium SSD v2 C. Premium SSD v1 D. Ultra
Standard SSD
41
You have a Hyper-V generation 2 virtual machine image that was prepared by running sysprep.exe. You plan to use the image as part of an SAP application server deployment on Azure. You need to ensure that you can deploy the image as an Azure virtual machine. What should you do first? A. Convert the virtual disk to a dynamically expanding disk. B. Use Azure Storage Explorer to upload the VHDX file to a storage account. C. Convert the VHDX disk image to a VHD disk image. D. Run azcopy to upload the VHDX file to a managed disk
Final Answer What should you do first? C. Convert the VHDX disk image to a VHD disk image. Why “Convert the VHDX disk image to a VHD disk image” is Correct? Meets the Requirement: Azure requires VM disk images to be in VHD format (page blobs) for deployment as managed disks or VMs. Converting VHDX to VHD resolves the format incompatibility, enabling subsequent steps (upload, VM creation). First Step: Conversion is the initial action, as VHDX is unusable in Azure. Without this step, uploading or deploying the image will fail. Performed locally using PowerShell (Convert-VHD) or tools like qemu-img, before any Azure interaction. SAP Application Server Fit: Ensures the sysprepped image (generalized for SAP NetWeaver or S/4HANA) is Azure-compatible, supporting deployment as an SAP application server VM. Compatible with Windows or Linux (e.g., SLES), common for SAP workloads.
42
You have an SAP environment on Azure. Your on premises network uses a 1 Gbps ExpressRoute circuit to connect to Azure. Private peering is enabled on the circuit. The default route (0.0.0.0/0) from the on-premises network is advertised. Whenever backups are copied to Azure Blob storage, the ExpressRoute circuit is saturated. You need to resolve the issue without modifying the ExpressRoute circuit. The solution must minimize administrative effort. What should you do? A. Change the backup solution to use a third-party software that can write to the Blob storage. B. Create a user-defined route that redirects traffic to the Blob storage. C. Create an application security group. D. Enable virtual network service endpoints.
Answer What should you do? Correct Answer: D. Enable virtual network service endpoints. Why “Enable virtual network service endpoints” is Correct? Resolves the Issue: Service endpoints redirect Blob storage traffic (e.g., backup writes to *.blob.core.windows.net) from the VNet to Azure’s backbone, bypassing the ExpressRoute circuit and its 0.0.0.0/0 default route. Frees up ExpressRoute bandwidth for SAP traffic (e.g., application server to HANA, on-premises to Azure). No ExpressRoute Modification: Works with the existing private peering and default route, meeting the constraint. Minimizes Administrative Effort: Simple setup: Enable Microsoft.Storage endpoint on the subnet via portal/CLI (e.g., 5-minute task). No ongoing maintenance, unlike UDRs (which require IP range updates). No changes to backup tools, SAP configurations, or ExpressRoute settings.
43
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an SAP production landscape on-premises and an SAP development landscape on Azure. You deploy a network virtual appliance to act as a firewall between the Azure subnets and the on-premises network. You need to ensure that all traffic is routed through the network virtual appliance. Solution: You configure route filters for Microsoft peering. Does this meet the goal? A. Yes B. No
Final Answer Does this meet the goal? B. No Why “No” is Correct? Does Not Meet the Goal: Route filters for Microsoft peering are irrelevant to routing traffic through an NVA, as they manage ExpressRoute service prefixes, not VNet-to-NVA or VNet-to-on-premises traffic. The NVA requires UDRs to intercept traffic, which route filters cannot provide. SAP Fit: SAP hybrid connectivity (Azure development to on-premises production) relies on private peering or VPN, not Microsoft peering, making route filters inapplicable. The NVA firewall is critical for SAP security, and UDRs are the standard Azure solution.
44
HOTSPOT You have an Azure subscription. You plan to deploy an SAP landscape. You need to configure an NFS cluster that will host the storage for the landscape. The solution must ensure that the cluster is available if an Azure datacentre fails. How should you configure the cluster? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer Area Virtual machine resiliency: Deploy to an availability set Deploy to an availability zone. Deploy to a proximity placement group. Network resiliency: Azure Traffic Manager Azure Basic Load Balancer Azure Standard Load Balancer Azure Application Gateway Standard Disk type: Managed premium disk Unmanaged premium disk Unmanaged standard disk
Final Answer Answer Area: Virtual machine resiliency: Deploy to an availability zone. Network resiliency: Azure Standard Load Balancer Disk type: Managed premium disk Why These Selections Are Correct? Virtual Machine Resiliency: Deploy to an availability zone Meets Datacenter Failure Requirement: Places NFS cluster VMs in separate zones (e.g., Zone 1, Zone 2), ensuring at least one node survives a datacenter failure. SAP Fit: Pacemaker manages failover across zones, maintaining NFS share availability for SAP application servers. Example: VM1 (Zone 1) and VM2 (Zone 2) run NFS with DRBD replication; if Zone 1 fails, VM2 takes over. **Network Res Network Resiliency: Azure Standard Load Balancer Meets Datacenter Failure Requirement: Zone-redundant VIP ensures NFS clients (e.g., SAP VMs) can access the NFS share even if one zone fails. SAP Fit: Integrates with Pacemaker for VIP failover, critical for SAP storage access. Example: Standard Load Balancer routes NFS traffic (port 2049) to the active node, with health probes detecting failover. Disk Type: Managed premium disk Meets Performance Requirement: Premium SSD (v1) provides low latency and high IOPS for NFS storage, suitable for SAP production. HA Fit: DRBD replicates data across nodes, and managed disks simplify management (snapshots, encryption). Example: Managed premium disks store /sapmnt data, replicated between VM1 and VM2. Combined Solution: Architecture: NFS cluster with VMs in different zones, a zone-redundant Standard Load Balancer, and managed premium disks with DRBD. Outcome: The NFS cluster remains available during a datacenter failure, ensuring SAP storage (/sapmnt, /hana/shared) is accessible.
45
You have an Azure subscription that contains an Azure Monitor for SAP solutions resource and a virtual machine named VM1. VM1 runs SUSE Enterprise Linux (SLES) and hosts an SAP NetWeaver application server. You need to monitor the CPU, memory, and network usage of VM1 by using the Azure Monitor for SAP solutions resource. What should you do first? A. On VM1, install the Prometheus node exporter. B. From the Azure portal, add the Azure Monitor for SAP solutions NetWeaver provider. C. From the Azure portal, add the Azure Monitor for SAP solutions OS (Linux) provider. D. On VM1, install the Telegraf agent.
Answer What should you do first? Correct Answer: A. On VM1, install the Prometheus node exporter. Why “On VM1, install the Prometheus node exporter” is Correct? Meets the Requirement: The Prometheus Node Exporter exposes CPU, memory, and network usage metrics (e.g., node_cpu_seconds_total, node_memory_MemAvailable_bytes, node_network_bytes_transmitted) on VM1, enabling the OS (Linux) Provider to scrape them. Required for the Azure Monitor for SAP Solutions resource to monitor VM1’s OS performance. First Step: The Node Exporter must be installed on VM1 before configuring the OS (Linux) Provider, as it provides the Prometheus endpoint (port 9100) for metric collection. Without this step, Azure Monitor cannot collect the required metrics. SAP NetWeaver Fit: Ensures the SLES-based SAP NetWeaver application server’s OS performance is monitored, critical for identifying resource bottlenecks (e.g., high CPU affecting work processes). SAP-certified for SLES, per Microsoft’s Azure Monitor for SAP Solutions documentation.
46
You have an SAP Cloud Platform subscription and an Azure Active Directory (Azure AD) tenant. You need to ensure that Azure AD users can access SAP Cloud App by using their Azure AD credentials. What should you configure? A. Active Directory Domain Services (AD DS) B. SAP Cloud Platform Identity Authentication C. A conditional access policy D. SAP Cloud Connector
Answer What should you configure? Correct Answer: B. SAP Cloud Platform Identity Authentication Why “SAP Cloud Platform Identity Authentication” is Correct? Meets the Requirement: Configures SAP Identity Authentication Service (IAS) to integrate SCP with Azure AD, allowing Azure AD users to access SCP applications using their Azure AD credentials via SSO. IAS acts as the bridge, delegating authentication to Azure AD using SAML 2.0. SAP Cloud Platform Fit: IAS is the standard SAP service for managing authentication in SCP (BTP) applications, supporting external IdPs like Azure AD. Enables seamless user access to SAP cloud apps (e.g., SuccessFactors, custom SCP apps) with enterprise credentials. Azure AD Integration: Leverages Azure AD’s SAML SSO capabilities, requiring configuration in both IAS (trust Azure AD) and Azure AD (register SCP app). No need for on-premises AD DS or complex connectors, simplifying setup.
47
You have an on-premises SAP NetWeaver application server and SAP HANA database deployment. You plan to migrate the on-premises deployment to Azure. You provision new Azure virtual machines to host the application server and database roles. You need to initiate SAP Database Migration Option (DMO) with System Move. On which server should you start Software Update Manager (SUM)? A. the virtual machine that will host the application server B. the virtual machine that will host the database C. the on-premises database server D. the on-premises application server
Final Answer On which server should you start Software Update Manager (SUM)? D. The on-premises application server Why “The on-premises application server” is Correct? Meets the Requirement: Starting SUM on the on-premises application server initiates the DMO with System Move process, exporting the SAP NetWeaver application and HANA database for migration to Azure. The application server hosts the SAP environment (kernel, profiles, SUM), making it the control point for DMO. First Step: SUM must run on the source system (on-premises) to prepare and export the system data, before any Azure VM involvement. The on-premises application server is the standard SAP host for SUM in DMO scenarios. SAP Fit: Aligns with SAP’s DMO methodology, where the application server (e.g., NetWeaver PAS) manages system-wide migration tasks. Supports heterogeneous migrations (e.g., to Azure’s OS or infrastructure), common in SAP-to-Azure scenarios.
48
You plan to deploy an SAP production landscape on Azure. You need to minimize latency between SAP HANA database servers and SAP NetWeaver servers. What should you implement? A. Azure Private Link B. a virtual machine scale set C. a proximity placement group D. an Availability Set
Answer What should you implement? Correct Answer: C. a proximity placement group
49
You plan to deploy an SAP production landscape on Azure. You need to recommend a solution to minimize latency between the application servers and the SAP HANA database server. What should you include in the recommendation? A. Deploy the virtual machines to a proximity placement group. B. Route all traffic between the virtual machines through an Azure Standard Load Balancer. C. Route all traffic between the virtual machines through load-balanced network virtual appliances (NVAs). D. Deploy the virtual machines to the same subnet.
A. Deploy the virtual machines to a proximity placement group.
50
You are designing an SAP on Azure production landscape. The landscape must ensure service availability in the event of an Azure datacenter failure. What should you include in the design? A. a proximity placement group B. an availability zone c. an availability set b. a fusion group
Correct Answer: B. An availability zone Why Correct? Meets Requirements: Service availability during datacenter failure: Availability zones distribute the SAP landscape across physically separate datacenters within the same Azure region. If one datacenter (zone) fails, VMs and services in another zone continue to operate, ensuring the SAP landscape remains available. SAP on Azure: SAP production landscapes often require high availability, and availability zones are a recommended design pattern for achieving this in Azure. For example: SAP HANA databases can use HANA system replication (synchronous or asynchronous) across zones. SAP application servers can be load-balanced across zones using Azure Standard Load Balancer. This setup ensures the entire landscape (database, application, and web tiers) remains operational.
51
You deploy an SAP environment on Azure. You need to monitor the performance of the SAP NetWeaver environment by using Azure Extension for SAP. What should you do first? A. From the Azure portal, enable the Azure Network Watcher Agent B. From Azure CLI, install the Linux Diagnostic Extension C. From the Azure portal, enable the Custom Script Extension D. From Azure CLI, run the az vm aem set command
D. From Azure CLI, run the az vm aem set command
52
You plan to deploy an SAP production landscape on Azure. You need to minimize latency between SAP HANA database servers and SAP NetWeaver servers. What should you implement? A. Azure Private Link B. a virtual machine scale set c.- an Availability Set D. a proximity placement group
Correct Answer: D. A proximity placement group Why Correct? Latency Minimization: A Proximity Placement Group ensures that the SAP HANA database servers and SAP NetWeaver servers are physically colocated within the Azure data center, reducing network latency between them. This is critical for SAP production workloads where database-application communication must be fast and efficient. SAP on Azure Best Practice: Microsoft’s SAP on Azure documentation (e.g., for SAP HANA and NetWeaver deployments) recommends using PPGs to optimize performance by minimizing latency between the database and application tiers, especially in production environments. Alignment with Goal: Unlike the other options, PPG directly addresses the requirement to minimize latency, making it the most suitable choice for this scenario.
53
You have an Azure subscription that contains an SAP landscape. The landscape uses Azure AD user authentication. You need to configure single sign-on (SSO) authentication for SAP HANA and SAP Cloud Platform. The solution must support conditional access policies. What should you configure? A. Azure AD ldentity Protection B. LDAP c. Windows Authentication d. SAP Cloud Platform Identity Authentication
Correct Answer: D. SAP Cloud Platform Identity Authentication Why Correct? Meets Requirements: Azure AD User Authentication: IAS integrates with Azure AD as the corporate identity provider via SAML 2.0. Users authenticate with Azure AD credentials, and IAS facilitates SSO to SAP applications. SSO for SAP HANA and SAP Cloud Platform: SAP HANA: Supports SAML authentication, which IAS provides by acting as an IdP, trusting Azure AD for user authentication. SAP Cloud Platform: Natively uses IAS for authentication, and SSO is enabled when IAS federates with Azure AD. Conditional Access Policies: Azure AD enforces conditional access during the authentication process (e.g., requiring MFA or compliant devices), and IAS honors the SAML assertion from Azure AD, ensuring policies are applied.
54
You have an existing SAP landscape on Azure. All SAP virtual machines are on the same virtual network. The SAP application servers, SAP management servers, and SAP database servers are each on their own subnet. You need to ensure that only the application and management servers can access the subnet to which the database servers connect. What should you configure? A. Azure AD service principals B. network security groups (NSGs) c. Azure Application Gateway and firewall rules D. Azure Key Vault secrets
B. Network security groups (NSGs)
55
You plan to deploy an SAP landscape on Azure that will use SAP HANA on Azure (Large instances). You need to ensure that outbound frame from the application tier can flow only to the database tier. What should you use? A. Azure Firewall B. network security groups (NSGs) c. network virtual appliances (NVAs) D. application security groups
Correct Answer: B. Network Security Groups (NSGs) Why Correct? Direct Traffic Control: NSGs allow you to define outbound security rules on the application tier VMs’ subnet or network interfaces, restricting traffic to only the SAP HANA Large Instances’ IP range (database tier). For example: Rule 1: Allow outbound traffic from application tier subnet to HANA Large Instances IP range (e.g., port 30015 for HANA). Rule 2: Deny all other outbound traffic (default deny-all applies if no higher-priority allow rule exists). SAP on Azure Best Practice: Microsoft’s SAP on Azure documentation recommends NSGs for network segmentation and traffic control in SAP landscapes, including those with HANA Large Instances. NSGs are the standard, lightweight method to enforce tier-specific traffic rules. Efficiency and Cost: NSGs are a native Azure feature, requiring no additional deployment or licensing costs, unlike Azure Firewall or NVAs, making them ideal for this straightforward requirement.
56
Your on-premises network is connected to an SAP HANA deployment in the East US Azure region. The deployment uses the Standard SKU of an ExpressRoute gateway. You need to implement ExpressRoute FastPath. The solution must meet the following requirements: * Hybrid connectivity must be maintained if a single datacenter fails in the East US region. * Hybnd connectivity costs must be minimized. Which ExpressRoute gateway SKU should you use? AErGwIAz BHigh Performance CUltra Performance DErGw3Az
Ultra Performance
57
You are deploying an SAP production landscape on Azure. You deploy virtual machines that have SAP Digital Boardroom and SAP HANA installed. You need to measure network latency between the virtual machines. What should you use? A. Connection Monitor in Azure Network B. Network Performance Monitor c. Lometer D. SockPerf
A. Connection Monitor in Azure Network Why This Is Correct: Connection Monitor provides real-time latency measurements (e.g., RTT in milliseconds) between the VMs running SAP Digital Boardroom and SAP HANA, helping ensure optimal performance in the SAP production landscape. It requires enabling Network Watcher in the region (if not already enabled), then configuring a Connection Monitor instance to monitor traffic between the specific VMs, all manageable via the Azure portal or CLI. This tool is tailored for Azure environments, making it the most efficient and supported option for an SAP deployment on Azure, unlike external or non-network-focused alternatives.
58
You have 100 Azure virtual machines that host SAP workloads and have the SAP Host Agent and the SAP Adaptive Extensions installed. You plan to deallocate the virtual machines during non-business hours. You need to change the managed disk type of the virtual machines when they are deallocated. The solution must minimize administrative effort. What should you use? A. Azure Functions B. SAP Information Lifecycle Management (ILM} C. SAP Landscape Management (LaMa} d. Azure Automation
Correct Answer: D. Azure Automation Why Correct? Meets Requirements: Change disk type when deallocated: Azure Automation runbooks can use PowerShell cmdlets (e.g., Get-AzVM to check VM state, Update-AzDisk to change disk type) to modify managed disk types when VMs are deallocated. Minimize administrative effort: Once the runbook is created and scheduled (e.g., to run during non-business hours or triggered by deallocation events), it automates the process for all 100 VMs without manual intervention. The graphical runbook editor and built-in scheduling reduce ongoing effort. SAP workloads: While SAP-specific tools (e.g., SAP Host Agent) are installed, the task is an Azure infrastructure operation (disk type change), not an SAP application-level task, making Azure Automation a natural fit.
59
You have an Azure subscription that contains 10 virtual machines. You plan to deploy an SAP landscape on Azure that will run SAP HANA. You need to ensure that the virtual machines meet the performance requirements of HANA. What should you use? A. SAP Quick Sizer B. Azure Advisor c. ABAP Profiler D. SAP HANA Hardware and Cloud Measurement Tool (HCMT}
D. SAP HANA Hardware and Cloud Measurement Tool (HCMT) Why This Is Correct: HCMT runs standardized tests (e.g., memory bandwidth, disk IOPS, latency) on the Azure VMs to ensure they meet SAP HANA’s performance thresholds, such as those required for certified VM types (e.g., M128s, E96as_v4). For an SAP landscape with 10 VMs, HCMT can be executed on each VM hosting HANA components to validate their suitability, ensuring the deployment meets production-grade performance requirements. This step is critical before deploying SAP HANA to avoid performance bottlenecks, aligning with SAP’s certification process and Azure’s supported configurations.
60
You plan to deploy a highly available SAP HANA deployment on Azure that will be hosted on a Pacemaker cluster. You need to configure the security principal of the Azure fence agent for the cluster. The solution must minimize administrative effort. What should you use? A. a system-assigned managed identity B. Azure shared disks C. a user-assigned managed identity D. a service principal
Correct Answer: A. A system-assigned managed identity Why Correct? Minimizes Administrative Effort: A system-assigned managed identity is automatically created and managed by Azure when enabled on a VM. No separate resource creation or credential management (e.g., passwords, certificates) is needed, unlike service principals or user-assigned identities. Configuration is simple: enable the identity on each cluster VM and assign it the required permissions (e.g., Contributor role) via Azure Role-Based Access Control (RBAC).
61
You have an Azure subscription. You plan to deploy a virtual machine named VML that will have the following configurations: .Data disk size: 4 TB .Generation: Generation 2 .Data disk type: Ultra disk . Data disk encryption type: Double encryption VMl will host the SAP global transport directory in a volume on the data disk. You need to ensure that you can replicate VMl by using Azure Site Recovery. Which configuration should you change A. data disk type B. data disk encryption type c. data disk size D. generation
Correct Answer: A. Data disk type Why Correct? Meets Requirements: ASR Replication: Ultra Disks are not supported by Azure Site Recovery due to their design for single-zone, ultra-high-performance use without replication capabilities. Changing the disk type to a supported type like Premium SSD enables ASR replication while maintaining sufficient performance for the SAP global transport directory. SAP Global Transport Directory: This directory requires reliable, high-performance storage. Premium SSD (e.g., P50 with 4 TB) offers up to 7,500 IOPS and 250 MB/s throughput, adequate for most SAP transport workloads, though not as high as Ultra Disk (up to 160,000 IOPS). The trade-off is necessary for DR support.
62
You have an Azure subscription. You deploy Active Directory domain controllers to Azure virtual machines. You plan to deploy Azure far SAP workloads. You plan to segregate the domain controllers from the SAP systems by using different virtual networks. You need to recommend a solution to connect the virtual networks. The solution must minimize costs. What should you recommend A. virtual network peering B. ExpressRoute C. a site-to-site VPN D. user-defined routing
A. Virtual network peering
63
You plan to deploy an SAP environment on Azure. You plan to store all SAP connection strings securely in Azure Key Vault without storing credentials on the Azure virtual machines that host SAP. What should you configure to allow the virtual machines to access the key vault? A. a Managed Service ldentity (MSI) B. the Custom Script Extension c. role-based access control (RBAC) D. Azure Active Directory (Azure AD) Privilege Identity Manager (PIM)
Correct Answer: A. A Managed Service Identity (MSI)
64
You plan to deploy SAP application servers that run Windows Server 2016. You need to use PowerShell Desired State Configuration (DSC) to configure the SAP application server once the servers are deployed. Which Azure virtual machine extension should you install on the servers? A. the Azure virtual machine extension B. the Azure Enhanced Monitoring Extension for SAP c. the Azure DSC VM Extension D. the Azure Chef extension
Correct Answer: C. The Azure DSC VM Extension Why Correct? Meets Requirements: PowerShell DSC Configuration: The Azure DSC VM Extension is specifically designed to apply PowerShell DSC configurations to Azure VMs. It installs the necessary DSC components on Windows Server 2016 and executes DSC scripts to configure the SAP application servers post-deployment. SAP Application Servers: DSC can enforce configurations like installing Windows roles (e.g., IIS for SAP GUI), setting registry keys, or preparing the environment for SAP NetWeaver, aligning with SAP workload needs.
65
You have a two-node SAP HANA cluster that is hosted on Azure virtual machines. Each cluster nade uses Azure NetApp Files to store database files. The nodes replicate synchronously by using HANA system replication. You need to implement a backup solution far the HANA databases. The solution must meet the fallowing requirements: .Be cluster aware. .Support the use of snapshots. .Ensure that backups are application consistent. What should you include in the solution? A. the Az.NetAppFiles PowerShell module B. the azure_hana_backup command c. Microsoft Azure Backup Server (MABS) D. AzAcSnap
D. AzAcSnap Why This Is Correct: For a two-node SAP HANA cluster with synchronous HANA System Replication on Azure VMs using ANF, AzAcSnap coordinates with HANA to quiesce the database, takes an ANF snapshot, and ensures the backup reflects the replicated state across nodes. Example usage: azacsnap -c backup --volume --database HANA triggers an application-consistent snapshot. It leverages ANF’s snapshot technology for speed and efficiency while meeting all specified requirements, making it the optimal solution for this SAP HANA deployment on Azure.
66
You have an Azure subscription that contains a Recovery Services vault named RSVI anda virtual machine named VML. VML runs SUSE Enterprise Linux (SLES) and hosts an SAP HANA instance. You need to configure a HANA Backint-based backup of the HANA databases. You register VMl with RSV1. What should you do next? A. From RSV1, select the items to back up. B. On VML, install the Azure Backup Plugin far HANA. c. On VML, run the preregistration script. D. On VML, stop the HANA instance.
Correct Answer: B. On VM1, install the Azure Backup Plugin for HANA Why Correct? Enables Backint Integration: The Azure Backup Plugin for HANA installs the Backint library and configures SAP HANA to use Azure Backup as the backup target. This is the critical step to enable HANA Backint-based backups to RSV1. Next Logical Step: After registering VM1 with RSV1 (which sets up the VM for Azure Backup), installing the HANA-specific plugin on VM1 is the immediate next action. Without it, Azure Backup cannot interact with the HANA database. Post-installation steps (e.g., running the preregistration script, selecting items in RSV1) depend on the plugin being present. SAP on Azure Best Practice: Microsoft’s documentation for SAP HANA backups on Azure specifies installing the Azure Backup Plugin for HANA on the VM as a foundational step after VM registration, aligning with the Backint certification process.
67
You have an Azure subscription. The subscription contains a Recovery Services vault named vault1 and a virtual machine named HANA1 that hosts an SAP HANA database. You need to back up the SAP HANA database to vault1. What should you do first? A. From HANA1, run the sp_iqrebuildindexforbp SAP HANA command. B. Configure a replication policy. c. From HANA1, run the SAP HANA backup configuration script. d. Configure a system-assigned managed identity.
Correct Answer: C. From HANA1, run the SAP HANA backup configuration script Why Correct? Meets Requirements: Back up SAP HANA to vault1: Azure Backup uses the Backint interface to back up SAP HANA databases to a Recovery Services vault. The first step is to configure the HANA VM (HANA1) to integrate with vault1 by running the Azure-provided backup configuration script. Process: Download the vault credentials from vault1 in the Azure portal. Run the script (e.g., msawb-plugin-config.sh on Linux) on HANA1 with the credentials to install the Azure Backup plugin and configure Backint. Register HANA1 with vault1, enabling subsequent backup policy configuration and backup execution.
68
You plan to migrate an SAP environment to Azure. You need to create a design to facilitate end-user access to SAP applications over the Internet, while restricting user access to the virtual machines of the SAP application servers. What should you include in the design? A. Deploy an internal Azure Standard Load Balancer for incoming connections B. Configure a public IP address for each SAP application server C. Configure point-to-site VPN connections for each user D. Use an SAP Web Dispatcher to route all incoming HTTP connections
Correct Answer: D. Use an SAP Web Dispatcher to route all incoming HTTP connections Why SAP Web Dispatcher Is Correct: Meets Internet Access Requirement: SAP Web Dispatcher acts as a reverse proxy, exposing SAP applications (e.g., Fiori, NetWeaver) to end users over the Internet via HTTP/HTTPS. It can be deployed in Azure with a public IP or behind an Azure Application Gateway/Load Balancer for scalability and security. Restricts VM Access: By routing traffic through the Web Dispatcher, users interact only with the application layer, not the underlying VMs. The SAP application servers can be placed in a private subnet with NSGs to block direct access (e.g., RDP, SSH, or SAP GUI ports), ensuring security. AZ-120 Alignment: The exam emphasizes SAP-specific components and Azure best practices for secure application access. SAP Web Dispatcher is a standard SAP solution for web-based access in cloud deployments, making it the most appropriate choice. Scalability and Security: Web Dispatcher supports load balancing, SSL termination, and routing, aligning with SAP on Azure architectures (e.g., hub-and-spoke VNet designs).
69
You have an Azure subscription that contains two virtual machines configured as a Pacemaker cluster. The cluster hosts a highly available SAP HANA deployment. Which command should you use to configure the failover behavior of the Pacemaker cluster? A. az B. crm C. btp D. hana-cli
Correct Answer: B. crm Why It’s Correct: crm: The crm command is the primary tool for managing Pacemaker clusters on Linux, used to configure failover behavior for SAP HANA HA deployments. It allows defining resources (e.g., HANA instance), constraints (e.g., primary/secondary node preference), and failover policies (e.g., automatic failover via crm configure). In Azure, SAP HANA HA setups (e.g., HANA system replication with Pacemaker) rely on crm to ensure the cluster correctly handles failovers, per Microsoft’s SAP HANA HA guides.
70
You have an SAP production landscape that uses SAP HANA databases on Azure. The HANA database server is a Standard_M32ms Azure virtual machine that has 864 GB of RAM. The HANA database is 400 GB. You expect the database to grow by 40 percent during the next 12 months. You resize the HANA database server virtual machine to Standard_m64ms and 1,024 GB of RAM. You need to recommend additional changes to minimize performance degradation caused by database growth. What should you recommend for the HANA database server? A. Configure additional disks. B. Add a scale out node. C. Add a secondary network interface. D. Increase the number of vCPUs.
Final Answer Recommendation: A. Configure additional disks
71
You have an existing SAP landscape on Azure. All SAP virtual machines are on the same virtual network. The SAP application servers, SAP management servers, and SAP database servers are each on their own subnet. You need to ensure that only the application and management servers can access the subnet to which the database servers connect. What should you configure? A. Azure AD service principals B. Azure Key Vault secrets C. network security groups (NSGs) D. Azure Application Gateway and firewall rules
Final Answer: C. Network security groups (NSGs) Why NSGs Are Correct: Purpose: NSGs provide fine-grained control over network traffic by defining rules based on source/destination IP addresses, ports, and protocols. To meet the requirement: Apply an NSG to the database servers’ subnet. Configure rules like: Allow: Inbound traffic from application servers’ subnet (e.g., 10.0.1.0/24) to database subnet (e.g., 10.0.3.0/24) on relevant ports (e.g., 1433 for SQL Server). Allow: Inbound traffic from management servers’ subnet (e.g., 10.0.2.0/24) to database subnet on the same ports. Deny: All other inbound traffic (implicitly or explicitly). This ensures only the application and management servers can access the database subnet.
72
You have an SAP landscape on Azure that contains the virtual machines shown in the following table. Name Role Azure Availability Zone in East US SAPAPP1 Application Server Zone 1 SAPAPP2 Application Server Zone 2 You need to ensure that the Application Server role is available if a single Azure datacenter fails. What should you include in the solution? A. Azure Basic Load Balancer B. Azure Load Balancer Standard C. Azure Virtual WAN D. Azure Application Gateway v1
Correct Answer: B. Azure Load Balancer Standard Why It’s Correct: Azure Load Balancer Standard: Provides zone-redundant load balancing across Availability Zones in East US, ensuring the Application Server role (SAPAPP1 and SAPAPP2) remains available if one zone (datacenter) fails. Distributes TCP traffic (e.g., SAP GUI ports) to healthy VMs, automatically rerouting to SAPAPP2 if Zone 1 fails, or vice versa. SAP on Azure best practices recommend Standard Load Balancer for application server HA, as it supports the required resilience and protocol (Layer 4).
73
You have an Azure virtual machine named VM1 that runs SUSE Linux Enterprise Server (SLES). You need to deploy Azure Monitor for SAP Solutions to VM1. The solution must support gathering CPU and memory metrics. What should you install on VM1? A. the SAPControl web service B. Node Exporter C. Performance co-pilot D. the Log Analytics agent
B. Node Exporter
74
You have an SAP NetWeaver deployment hosted on Azure virtual machines that run SUSE Linux Enterprise Server (SLES) and are configured as a Pacemaker cluster. You need to monitor the deployment by using Azure Monitor for SAP Solutions. What should you install first on the cluster nodes? A. performance co-pilot B. PMProxy C. ha_cluster_provider D. pcp-pmda-hacluster
C. ha_cluster_provider
75
HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Answer Area Statements Azure AD Connect is required to sign into Linux virtual machines hosted in Azure. An SAP application server that runs on a Linux virtual machine in Azure must be joined to Active Directory. Before you can sign into an SAP application server that runs on a Linux virtual machine in Azure, you must create a Managed Service Identity (MSI).
Correct Answers: Statement 1: No (Azure AD Connect is not required to sign into Linux VMs.) Statement 2: Yes (An SAP application server on a Linux VM typically must be joined to Active Directory.) Statement 3: No (A Managed Service Identity is not required to sign into an SAP application server.)

AZ-120 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions