Planning and Administering Microsoft Azure for SAP Workloads v1.0 (AZ-120)

Page:    1 / 6   
Total 95 questions

HOTSPOT -
You are integrating SAP HANA and Azure Active Directory (Azure AD).
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Explanation:

Box 1: Yes -
To configure Azure AD single sign-on with SAP HANA, perform the following steps:
1. In the Azure portal, on the SAP HANA application integration page, select Single sign-on.
2. On the Select a Single sign-on method dialog, select SAML/WS-Fed mode to enable single sign-on.



Box 2: No -

Box 3: No -
Key security considerations for deploying SAP on Azure
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saphana-tutorial

HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Explanation:

Box 1: Yes -
The SAP Azure Enhanced Monitoring Extension builds on top of the Azure Diagnostic extension, which stores its data in an Azure Storage account that you specify.

Box 2: Yes -
The Set-AzVMAEMExtension cmdlet updates the configuration of a virtual machine to enable or update the support for monitoring for SAP systems that are installed on the virtual machine. The cmdlet installs the Azure Enhanced Monitoring (AEM) extension that collects the performance data and makes it discoverable for the SAP system.
The -OSType specifies the OS. Either Windows or Linux.

Box 3: Yes -
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/diagnostics-extension-overview https://docs.microsoft.com/en-us/powershell/module/az.compute/set-azvmaemextension

DRAG DROP -
You deploy an SAP environment on Azure.
You need to grant an SAP administrator read-only access to the Azure subscription. The SAP administrator must be prevented from viewing network information.
How should you configure the role-based access control (RBAC) role definition? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:




Answer :

Explanation:
Box 1: "*/read"
"*/read" allows you to view everything in the subscription.
You need to grant an SAP administrator read-only access to the Azure subscription
Box 2: "Microsoft.Network/*/read"
The SAP administrator must be prevented from viewing network information.

You plan to migrate an SAP environment to Azure.
You need to design an Azure network infrastructure to meet the following requirements:
✑ Prevent end users from accessing the database servers.
✑ Isolate the application servers from the database servers.
✑ Ensure that end users can access the SAP systems over the Internet.
✑ Minimize the costs associated to the communications between the application servers and database servers.
Which two actions should you include in the solution? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. In the same Azure virtual network, segregate the SAP application servers and database servers by using different subnets and network security groups.
  • B. Segregate the SAP application servers and database servers by using different Azure virtual networks.
  • C. Create a site-to-site VPN between the on-premises network and Azure.
  • D. Configure an internal Azure Standard Load Balancer for incoming connections.
  • E. Configure Azure Traffic Manager to route incoming connections.


Answer : AC

You are deploying SAP Fiori to an SAP environment on Azure.
You are configuring SAML 2.0 for an SAP Fiori instance named FPP that uses client 100 to authenticate to an Azure Active Directory (Azure AD) tenant.
Which provider named should you use to ensure that the Azure AD tenant recognizes the SAP Fiori instance?

  • A. https://FPP
  • B. ldap://FPP
  • C. https://FPP100
  • D. ldap://FPP-100


Answer : C

Explanation:
By default, the provider name is in the format <sid><client>. Azure AD expects the name in the format <protocol>://<name>. We recommend that you maintain the provider name as https://<sid><client> so you can configure multiple SAP Fiori ABAP engines in Azure AD.
Example:


Reference:
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sap-fiori-tutorial

You have an SAP environment on Azure.
Your on-premises network connects to Azure by using a site-to-site VPN connection.
You need to alert technical support if the network bandwidth usage between the on-premises network and Azure exceeds 900 Mbps for 10 minutes.
What should you use?

  • A. NIPING
  • B. Azure Extension for SAP
  • C. Azure Network Watcher
  • D. Azure Monitor


Answer : D

Explanation:
You set up alerts on Azure VPN Gateway metrics. Azure Monitor provides the ability to set up alerts for Azure resources. You can set up alerts for virtual network gateways of the "VPN" type.
Metric: AverageBandwidth: Average combined bandwidth utilization of all site-to-site connections on the gateway.
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/vpn-gateway/vpn-gateway-howto-setup-alerts-virtual-network-gateway-metric

DRAG DROP -
You have an SAP environment on Azure.
You are designing a training landscape that will be used 10 times a year.
You need to recommend a solution to create the training landscape. The solution must meet the following requirements:
✑ Minimize the effort to build the training landscape.
✑ Minimize costs.
In which order should you recommend the actions be performed for the first training session? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:




Answer :

Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/planning-guide

You plan to deploy an SAP environment on Azure.
During a bandwidth assessment, you identify that connectivity between Azure and an on-premises datacenter requires up to 5 Gbps.
You need to identify which connectivity method you must implement to meet the bandwidth requirement. The solution must minimize costs.
Which connectivity method should you identify?

  • A. an ExpressRoute connection
  • B. an Azure site-to-site VPN that is route-based
  • C. an Azure site-to-site VPN that is policy-based
  • D. Global VNet peering


Answer : B

Explanation:
Azure site-to-site VPN is cheaper.
Incorrect Answers:
A: ExpressRoute could be quite expensive.
C: Policy-based gateways use static routing, and only work with site-to-site connections.
References:
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/vpn

You plan to migrate an SAP environment to Azure.
You need to create a design to facilitate end-user access to SAP applications over the Internet, while restricting user access to the virtual machines of the SAP application servers.
What should you include in the design?

  • A. Configure a public IP address for each SAP application server
  • B. Deploy an internal Azure Standard Load Balancer for incoming connections
  • C. Use an SAP Web Dispatcher to route all incoming connections
  • D. Configure point-to-site VPN connections for each user


Answer : C

Explanation:
1. A public internet user can reach the SAP Web-Dispatcher over port 443
2. The SAP Web-Dispatcher can reach the SAP Application server over port 443
3. The App Subnet accepts traffic on port 443 from 10.0.0.0/24
4. The SAP Application server sends traffic on port 30015 to the SAP DB server
5. The DB subnet accepts traffic on port 30015 from 10.0.1.0/24.
6. Public Internet Access is blocked on both App Subnet and DB Subnet.


References:
https://azure.microsoft.com/en-in/blog/sap-on-azure-architecture-designing-for-security/

You have an SAP Cloud Platform subscription and an Azure Active Directory (Azure AD) tenant.
You need to ensure that Azure AD users can access SAP Cloud App by using their Azure AD credentials.
What should you configure?

  • A. Active Directory Domain Services (AD DS)
  • B. SAP Cloud Platform Identity Authentication
  • C. A conditional access policy
  • D. SAP Cloud Connector


Answer : B

Explanation:
When you integrate SAP Cloud Platform Identity Authentication with Azure AD, you can:
✑ Control in Azure AD who has access to SAP Cloud Platform Identity Authentication.
✑ Enable your users to be automatically signed-in to SAP Cloud Platform Identity Authentication with their Azure AD accounts.
✑ Manage your accounts in one central location - the Azure portal.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial

You migrate an SAP environment to Azure.
You need to inspect all the outbound traffic from the SAP application servers to the Internet.
Which two Azure resources should you use? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Azure Traffic Manager
  • B. Azure Firewall
  • C. Network Performance Monitor
  • D. Azure user-defined routes
  • E. Azure Load Balancer NAT rules
  • F. a Web Application Firewall (WAF) for Azure Application Gateway


Answer : AF

Case Study -
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.

To start the case study -
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.

Overview -
Litware, Inc. is an international manufacturing company that has 3,000 employees.
Litware has two main offices. The offices are located in Miami, FL, and Madrid, Spain.

Existing Environment -

Infrastructure -
Litware currently uses a third-party provider to host a datacenter in Miami and a disaster recovery datacenter in Chicago, IL.
The network contains an Active Directory domain named litware.com. Litware has two third-party applications hosted in Azure.
Litware already implemented a site-to-site VPN connection between the on-premises network and Azure.

SAP Environment -
Litware currently runs the following SAP products:
Enhancement Pack6 for SAP ERP Central Component 6.0 (SAP ECC 6.0)


SAP Extended Warehouse Management (SAP EWM)
SAP Supply Chain Management (SAP SCM)
SAP NetWeaver Process Integration (PI)
SAP Business Warehouse (SAP BW)
SAP Solution Manager
All servers run on the Windows Server platform. All databases use Microsoft SQL Server. Currently, you have 20 production servers.
You have 30 non-production servers including five testing servers, five development servers, five quality assurance (QA) servers, and 15 pre-production servers.
Currently, all SAP applications are in the litware.com domain.

Problem Statements -
The current version of SAP ECC has a transaction that, when run in batches overnight, takes eight hours to complete. You confirm that upgrading to SAP
Business Suite on HANA will improve performance because of code changes and the SAP HANA database platform.
Litware is dissatisfied with the performance of its current hosted infrastructure vendor. Litware experienced several hardware failures and the vendor struggled to adequately support its 24/7 business operations.

Requirements -

Business Goals -
Litware identifies the following business goals:
Increase the performance of SAP ECC applications by moving to SAP HANA. All other SAP databases will remain on SQL Server.
Move away from the current infrastructure vendor to increase the stability and availability of the SAP services.
Use the new Environment, Health and Safety (EH&S) in Recipe Management function.
Ensure that any migration activities can be completed within a 16-hour period during a weekend.

Planned Changes -
Litware identifies the following planned changes:
Migrate SAP to Azure.
Upgrade and migrate SAP ECC to SAP Business Suite on HANA Enhancement Pack 8.

Technical Requirements -
Litware identifies the following technical requirements:
Implement automated backups.
Support load testing of both SAP GUI and Fiori applications.
Identify opportunities to reduce costs during the migration.
Continue to use the litware.com domain for all SAP landscapes.
Ensure that all SAP applications and databases are highly available.
Establish an automated monitoring solution to avoid unplanned outages.
Remove all SAP components from the on-premises network once the migration is complete.
Minimize the purchase of additional SAP licenses. SAP HANA licenses were already purchased.
Ensure that SAP can provide technical support for all the SAP landscapes deployed to Azure.

What should you use to perform load testing as part of the migration plan?

  • A. JMeter
  • B. SAP LoadRunner by Micro Focus
  • C. Azure Application Insights
  • D. Azure Monitor


Answer : B

Explanation:
Scenario: Upgrade and migrate SAP ECC to SAP Business Suite on HANA Enhancement Pack 8.
With the SAP LoadRunner application by Micro Focus, you can accelerate testing and development, reduce slowdowns and expenses, and gain a better understanding of performance issues. Validate software performance, virtualize your network, simulate workloads, benchmark production system performance, and optimize your deployment of SAP HANA software
References:
https://www.sap.com/products/loadrunner.html

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy SAP HANA on Azure (Large Instances).
You need to back up the SAP HANA database to Azure.
Solution: You use a third-party tool that uses backint to back up the SAP HANA database to Azure storage.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Reference:
https://docs.microsoft.com/en-us/azure/backup/sap-hana-db-about https://docs.microsoft.com/en-us/azure/backup/backup-azure-sap-hana-database#configure-backup

DRAG DROP -
You have an SAP environment on Azure.
You use Azure Site Recovery to protect an SAP production landscape.
You need to validate whether you can recover the landscape in the event of a failure. The solution must minimize the impact on the landscape.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:




Answer :

Explanation:
Step 1: Create a virtual network...
We recommended that for test failover, you choose a network that's isolated from the production recovery site network specific in the Compute and Network settings for each VM. By default, when you create an Azure virtual network, it is isolated from other networks. The test network should mimic your production network:
The test network should have same number of subnets as your production network. Subnets should have the same names.
The test network should use the same IP address range.
Step 2: Add a public IP address...
Because Site Recovery does not replicate the cloud witness, we recommend that you deploy the cloud witness in the disaster recovery region.
Step 3: Shut down production virtual machines
Make sure that the primary VM is shut down when you run the test failover. Otherwise there will be two VMs with the same identity, running in the same network at the same time. This can lead to unexpected consequences.
Step 4: Select Test failover from the Recovery Plans blade
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-test-failover-to-azure

You recently migrated an SAP HANA environment to Azure.
You plan to back up SAP HANA databases to disk on the virtual machines, and then move the backup files to Azure Blob storage for retention.
Which command should you run to move the backups to the Blob storage?

  • A. robocopy
  • B. backint
  • C. azcopy
  • D. scp


Answer : C

Explanation:
To store directories and files on Azure storage, one could use CLI or PowerShell. There is also a ready-to-use utility, AzCopy, for copying data to Azure storage.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/sap-hana-backup-file-level

Page:    1 / 6   
Total 95 questions