Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Microsoft
  3. AZ-120

Microsoft AZ-120 Exam (page: 10)
Microsoft Planning and Administering Azure for SAP Workloads
Updated on: 25-Dec-2025

Viewing Page 10 of 53
AZ-120 PDF 412 Questions

You have a Hyper-V virtual machine named VM1 that runs Windows Server 2019.

You plan to deploy 10 Azure virtual machines based on VM1. The virtual machines will host instances of SAP NetWeaver.

You need to create an image of VM1 for the deployment.

What should you do first?

  1. Run the Sysprep utility.
  2. Join VM1 to an Active Directory Domain Services (AD DS) domain.

  3. Configure Azure Site Recovery.
  4. Upload the VHDX of VM1 to an Azure Storage account.

Answer(s): C

Explanation:

Need to migrate the Hyper-V virtual machine into Azure.
For migrating Hyper-V VMs, the Migration and modernization tool installs software providers (Azure Site Recovery provider and Recovery Services agent) on Hyper-V hosts or cluster nodes.



You have an Azure subscription that contains a Windows-based SAP deployment.

You plan to register the SAP deployment with Azure Center for SAP solutions.

You need to verify that SAP system-level prerequisites are met.

Which command should you run?

  1. saposcol
  2. sapacext
  3. saphostexec
  4. hostexecstart

Answer(s): D

Explanation:

Register an existing SAP system with Azure Center for SAP solutions with PowerShell Prerequisites for Registering a system include:
Make sure the sapstartsrv process is running on all SAP instances and for SAP hostctrl agent on all the VMs in the SAP system.
-> To start hostctrl sapstartsrv use this command for Linux VMs: 'hostexecstart -start' To start instance sapstartsrv use the command: 'sapcontrol -nr 'instanceNr' -function StartService S0S' To check status of hostctrl sapstartsrv use this command for Windows VMs: C:\Program Files\SAP\hostctrl \exe\saphostexec status



HOTSPOT (Drag and Drop is not supported)

You have an on-premises SAP landscape that contains an SAP HANA database.

You plan to migrate the SAP landscape to Azure.

You need to recommend a migration tool that meets the following requirements:

Minimizes downtime during the migration


Migrates the HANA database servers to Azure virtual machines


Which tool should you use to migrate SAP Central Services (SCS) and HANA? To answer, select the

appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Hot Area:

  1. See Explanation for the Answer.

Answer(s): A

Explanation:



Box 1: Azure Migrate
SAP Central Services (SCS)

Azure Migrate provides a simplified migration, modernization, and optimization service for Azure. All pre- migration steps such as discovery, assessments, and right-sizing of on-premises resources are included for infrastructure, data, and applications. Azure Migrate's extensible framework allows for integration of third-party tools, thus expanding the scope of supported use-cases

Box 2: S/4HANA Migration Cockpit
HANA

The SAP S/4HANA Migration Cockpit is a tool developed by SAP and successor to LSMW for data migration to SAP S/4HANA. It is currently the only tool for migration to the cloud.

Incorrect:
* Azure Database Migration Service
Is for SQL Server datbases.

* HANA Cockpit
The SAP HANA cockpit provides aggregate, system and database administration features, for example, database monitoring, user management, and data backup. Administrators can use the SAP HANA cockpit to start and stop services, to monitor the system, to configure system settings, and to manage users and authorizations.



You are designing an authentication solution for SAP Business Technology Platform (BTP) software as a service (SaaS) applications.

The solution will use trust configurations towards SAP Cloud Identity Services - Identity Authentication Service (IAS) and Microsoft Entra ID.

You plan to use Microsoft Entra ID to manage all identities.

Which protocol should you recommend to communicate between SAP BTP and Microsoft Entra ID?

  1. WS-Federation
  2. WS-Trust
  3. SAML 2.0
  4. OpenID Connect (OIDC)

Answer(s): C

Explanation:

Microsoft Entra single sign-on (SSO) integration with SAP Cloud Identity Services SAP Cloud Identity Services application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. T Configure Microsoft Entra SSO
Follow these steps to enable Microsoft Entra SSO.
1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
2. Browse to Identity > Applications > Enterprise applications > SAP Cloud Identity Services > Single sign-on.
3. On the Select a single sign-on method page, select SAML.
4. On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.



5. Etc.



DRAG DROP (Drag and Drop is not supported)

You have a Microsoft Entra tenant named contoso.com.

You plan to use SAP Cloud Identity Services.

You need to integrate single sign-on (SSO) and SAP Cloud Identity Services.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place:

  1. See Explanation for the Answer.

Answer(s): A

Explanation:



Step 1: From the Microsoft Entra admin center, create and configure an enterprise application Currently, SAP Cloud Identity Services acts as a Proxy Identity Provider to SAP applications. Microsoft Entra ID in turn acts as the leading Identity Provider in this setup.

The following diagram illustrates this relationship:



With this setup, your SAP Cloud Identity Services tenant is configured as a trusted application in Microsoft Entra ID.

Adding SAP Cloud Identity Services from the gallery

To configure the integration of SAP Cloud Identity Services into Microsoft Entra ID, you need to add SAP Cloud Identity Services from the gallery to your list of managed SaaS apps.

1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
2. Browse to Identity > Applications > Enterprise applications > New application.
3. In the Add from the gallery section, type SAP Cloud Identity Services in the search box.
4. Select SAP Cloud Identity Services from results panel and then add the app. Wait a few seconds while the app is added to your tenant.

Step 2: From SAP Cloud Identity Services, create a new corporate identity provider and upload the metadata XML file.

Step 3: From the Microsoft Entra admin center, download the metadata XML file.

Step 4: From the Microsoft Entra admin center, configure custom security attributes for the enterprise application.

SAP Cloud Identity Services application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.



In addition to above, SAP Cloud Identity Services application expects few more attributes to be passed back in SAML response, which are shown below. These attributes are also pre populated but you can review them as per your requirements.



Incorrect:
* From SAP Cloud Identity Services, download the Identity Authentication Service (IAS) metadata file and upload the file to enterprise application.



You have a Microsoft Entra tenant named contoso.com.

You are designing an authentication and authorization solution for SAP Business Technology Platform (BTP) software as a service (SaaS) applications.

SAP BTP subaccounts trust the SAP Cloud Identity Services - Identity Authentication Service (IAS) tenant of your company.

You plan to establish a trust between the IAS tenant and contoso.com.

You need to ensure that authorization decisions in the SAP BTP applications are based exclusively on claims issued by contoso.com.

What should you do?

  1. From IAS, enable the Use Identity Authentication user store option.
  2. From SAP BTP, enable the use of default attributes.
  3. From SAP BTP, disable the use of default attributes.
  4. From IAS, disable the Use Identity Authentication user store option.

Answer(s): A

Explanation:

Using Microsoft Entra ID to secure access to SAP platforms and applications Use Federated Authentication in SAP Business Technology Platform and SAP SaaS applications through SAP Identity Authentication Service
When using federation, you can choose to define the trust configuration at the BTP Subaccount level. In that case, you must repeat the configuration for each other Subaccount you're using. By using IAS as an intermediate trust configuration, you benefit from centralized configuration across multiple Subaccounts and you can use IAS features such as risk-based authentication and centralized enrichment of assertion attributes. * To safeguard the user experience, these advanced security features should only be enforced at a single location. This could either be IAS or when keeping Microsoft Entra ID as the single authoritative user store (as is the premise of this paper), this would centrally be handled by Microsoft Entra Conditional Access Management. *



You have an Azure subscription.

You plan to use an automated method to deploy single instances of SAP S/4HANA. The solution must minimize complexity and administrative effort.

What should you use?

  1. Azure Center for SAP solutions
  2. an SAP migration framework
  3. SAP on Azure Deployment Automation Framework
  4. SAP on Azure landing zone accelerator

Answer(s): A

Explanation:

You can deploy S/4HANA infrastructure with Azure Center for SAP solutions.
Deployment types
There are three deployment options that you can select for your infrastructure, depending on your use case.
* Distributed with High Availability (HA) creates distributed HA architecture.
* Distributed creates distributed non-HA architecture.
*-> Single Server creates architecture with a single server. This option is available for non-production environments only.



You have an SAP production landscape in Azure. The landscape is hosted on 50 virtual machines that run SUSE Enterprise Linux (SLES). The virtual machines are billed by using pay-as-you-go rates.

You need to minimize operating system costs for the virtual machines.

What should you use?

  1. capacity reservations
  2. Azure Hybrid Benefit
  3. reserved instances
  4. spot pricing

Answer(s): B

Explanation:

Incorrect:
* Azure Hybrid Benefit
Azure Hybrid Benefit is a licensing offer that helps you migrate and save to Azure. To apply this benefit, you must be paying for either:
* Windows Server or SQL Server core licenses with Software Assurance or a subscription to these products.
*-> An active Linux subscription, including Red Hat Enterprise Linux or SUSE Linux Enterprise Server running in Azure.
By using Azure Hybrid Benefit, you can achieve cost savings, modernize and maintain a flexible hybrid environment while optimizing business applications. Explore savings with the Azure Hybrid Benefit Savings Calculator.
Enterprise and other direct customers can now simplify their SQL Server license management experience and optimize Azure SQL costs across entire Azure subscriptions or their overall billing account by using centrally managed Azure Hybrid Benefit for SQL Server.



Viewing Page 10 of 53



Share your comments for Microsoft AZ-120 exam with other users:

patricks 10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
Anonymous