Which application allows a role developer to perform the mass maintenance of menu options from selected SAP Fiori Title Catalogs? PRGN_PRINT_AGR_MENU PRGN_COMPARE_ROLE_MENU PRGN_CREATE_FIORI_FRONTENDROLE PRGN_CREATE_FIORI_BACKENDROLES.
Which of the following technical capabilities does SAP Code Vulnerability Analysis provide? Note: There are 2 correct answer to this question. Static and Dynamic Application Security Testing Deprovisioning of problematic ABAP code Direct integration with Root Cause Analysis Capture of manual and automated check execution.
Which of the transaction allows a user to change the authorization values of multiple roles at same time? PFCGROLEDIST SUPC PFCGMASSVAL PFCG.
Which transaction codes are relevant to enable SNC between ABAP system? Note: There are 3 correct answer to this question. RZ10 SNCO STRUST PFCG SU01.
What is the equivalent of the AS ABAP user type System in the AS JAVA UME security policy? Internal Service User J2EE User Default User Technical User.
Which of the following describe SAP Fiori Tile Target Mapping? Note: There are 2 correct answer to this question. It represents visual part of tile It defines the target application which is launched. It is define within an SAP Tile Group It is part of the SAP Fiori Launchpad configuration.
When building a PFCG role for SAP Fiori access on an embedded front-end server configuration, which of the following item should be provided?
Note: There are 3 correct answer to this question. SAP Favorites Catalog for the Start Authorization UI access to the Apps Start Authorizations for 0 Data Services WAPA Business Server Pages.
Which of the following Correctly describe the SAP Security Optimization Service (SOS) Offering? There are 3 correct answer to this question. Onsite Service: Performed by Specialist Remote Service : Part of CQC service offering Self Service : All Completely Automated checks in all SAP system Onsite Service: Available with additional Cost Self Service: Perform by experienced service engineers.
You want to turn off the SAP menu on Easy Access Menu Screen. What administrative function do you need in Authorization Object S_USER_ADM ? PRGN_CUST USR_CUST USR_CUST_S SSM_CUST.
Where is the application log information (SLG1) saved? In the Database In the location specified by the rsau/local/file parameter In the Directory specified by DIR_LOGGING parameter In the Directory specified by DIR_TRANS parameter.
Which of the following core principle of GDPR? Note: There are 3 correct answer to this question. Data Quality Lawfulness, Fairness and Transparency Data Archiving Data Minimization Storage limitation.
In SAP NetWeaver AS Java, the User Management Engine (UME) supports which of the following data sources for storing user data?
Note: There are 3 correct answer to this question. Java system database Directory/usr/sap ABAP-based sap system UDDI provider LDAP Directory.
Which of the following transaction allows you to define role assignments for OData Services that are available on multiple back-end systems?
Note: There are 2 correct answer to this question. /IWFND/MAINT_SERVICE /IWFND/GW_SYS_ALIAS /IWFND/GW_CLIENT /UI2/GW_MAINT_SRV.
Which of the following actions are correctly describes the usage of Front Channel Single Sign-On based on (SAML) 2.0?
Note: There are 2 correct answer to this question. The identity provider queries the user for authentication credentials The identity provider presents the requested resource to the user The identity provider returns the user to service providers with an authentication request The service provider queries the user for authentication credentials.
Which is the frequency of SAP Patch Day? Monthly Yearly Weekly Quarterly.
In SAP S/4Hana Cloud authorization objects are grouped in to which item? Groups Privileges Single technical roles. Business Roles.
Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad? S_TCODE S_START S_SERVICE S_PERSONAS.
The DBMS tab in transaction SU01 allows you to manage database privilege assignments for which of the following scenarios?
Note: There are 2 correct answer to this question. When users need to use reporting authorizations on SAP BW When a user needs to run applications that access database directly When users need 1:1 user mapping to map analytical privileges of database to the virtual analysis of authorization on SAP BW When a user needs to execute CDS Views.
Your system is configured to prohibit a user from logging on multiple times to the system with the same User ID in violation of your SAP licensing agreement. However, certain users need to be exempt from this limitation. Which instance parameter can you configure to allow small group of user to bypass the limitations of multiple logins? login/disable_multi_rfc_login login/disable_multi_gui_lgoin Login/server_logon_restriction Login/multi_login_users.
If the OData back-end service is located on a remote back-end users need which authorization object to perform the RFC call on the back-end system? Note: There are 2 correct answer to this question. S_START S_SERVICE S_RFCACL S_RFC.
What are the main features of SAP Enterprise Threat Detection (ETD)? Note: There are 3 correct answer to this question. Forensic investigations Monitoring of GDPR Compliance Segregation of Duty Analysis Monitoring of security events Realtime Alerts.
Which of the following accurately describe a Composite Role? Note: There are 2 correct answer to this question. Authorization are maintained on Single Role level Menus cannot be adjusted as required Transaction cannot be deleted from the menu with authorizations retained User assignment is maintained at the Composite Role level.
In the case of missing OData authorizations, why is it not recommended to maintained S_SERVICE manually within an SAP Fiori Authorization Role? Note: There are 2 correct answer to this question. The SRV_NAME Value of the S_SERVICE authorization object is the hash value of an OData service The SRV_NAME Value of the S_SERVICE authorization object is the name of an OData service Both front-end and back-end entries are generating the same S_SERVICE authorization object with different authorization values Both front-end and back-end entries are generating the same S_SERVICE authorization object with same authorization values.
Which of the following are prerequisites for using transaction PFCG? Note: There are 2 correct answer to this question. Fill Initial values for customer tables using transaction SU25 Maintain parameter auth/no_check_in_some_cases = Y Generate Standard Role SAP_NEW using transaction SU25 Maintain the Check Indicators for Critical Authorization objects.
Which of the following allows you to improve the quality of your enterprise data assets with consistent data validation rules, data profiling and metadata management? SAP Information Steward SAP Process Control SAP Information LifeCycle Management SAP Data Services.
Which of the following SUIM report can you use to determine if a user has segregation of duty violation? Note: There are 2 correct answer to this question. User Level Access Risk Analysis User with Critical Authorizations User Comparision User by Complex Search.
Which values are permitted for the S_BTCH_JOB authorization object? Note: There are 3 correct answer to this question. SHOW
RELE 01 (Create) 02 (Change) DELE.
Which of the following table contains transport request object list and table entry keys? Note: There are 2 correct answer to this question. E071 E070 E070L E071K.
Which of the following are SAP UI5 Fiori application types? Note: There are 2 correct answer to this question. Legacy Transactional Analytical Web Dynpro.
How can you enforce an additional transaction start authorization check for custom transaction? Without additional custom development it is not possible to add another check during transaction start. Maintain the SU24 entry for the custom transaction and adding the desired authorization object, setting the Check Indicator to "Check" and setting Proposal to Yes. For each role containing the custom transaction, add the desired authorization object manually in transaction PFCG, maintained the field values and then generate the profile. Using Transaction SE93 , update the custom transaction definition by specifying the desired authorization object and maintaining the desired field values.
Which of the following user types are precluded from logging in to system directly? Note: There are 3 correct answer to this question. Service System Communication Reference Dialog.
Which of the following transaction allow you to customize or configure SAP Fiori Catalogs and Groups? Note: There are 2 correct answer to this question. /UI2/FLPD_CUST /UI2/FLPCM_CUT /UI2/FLPD_CONF /UI2/FLPCM_CONF.
Which of the following functionalities are supported by SAP Information Lifecycle Management (ILM)? Note: There are 3 correct answer to this question. Data Archiving Data Destruction Data Logging Data retention Alert Notification.
Which of the following are used in SAP Enterprise Threat Detection ( ETD) architecture? Note: There are 2 correct answer to this question. SAP HANA Smart Data Streaming SAP IQ Forensic Lab SAP ASE.
Which of the following are the examples of personal data under the GDPR? Note: There are 3 correct answer to this question. IP Address Email Address GPS data from Cellular phone Age Group Aggregated statistics on the use of a product.
SAP Cloud Identity and Access Governance consists of which of the following software services? Note: There are 3 correct answer Access Request Role Design Emergency Access Management User Access Certification Access Analyst.
Which of the following actions are required to ensure complete logging of table data changes? Note: There are 3 correct answer to this question. The security log must be activated using transaction SM19 Client change option must be set to Automatic Recording of changes Instance profile parameter rec/client must be maintained for client Log Data changes must be enable at the table level in transaction SE13 Parameter RECCLIENT must be maintained in transaction STMS.
Which of the following parameter must be configured to capture log data in the Security Audit log? rec/client rsau/enable rdisp/TRACE dirjogging.
Which of the following accurately describes the role/profile SAP_NEW? Note: There are 2 correct answer to this question. The SAP_NEW must be generated in accordance with the system environment using the report REGENERATE_SAP_NEW The profile SAP_NEW provides authorizations to all new objects and objects change by release The role SAP_NEW does not guarantee backward capability for all scenarios Organizational levels to be maintained in profile SAP_NEW.
You are responsible for determining the reason why you need personal data and how this data is processed or stored. What key role do you play under GDPR in relation to personal data? Data Steward Data Controller Data Subject Data Processor.
Which archiving object can you use for archiving change documents related to changes with authorizations assigned to user? US_PROF US_AUTH US_PASS USJJSER.
Which of the following phases in SAP AUDIT MANAGEMENT auditing process? Note: There are 3 correct answer to this question. Mitigation Review Engagement Planning Remediation Analysis Communication Results Monitoring Progress.
Which of the following describes an Authorization Object Class? It defines a logical grouping of authorization objects It defines authorizations for different authorization objects It defines a group of 1 to 10 authorization field together It defines smallest unit against which an authorization check can be run.
Which ABAP transaction codes are relevant for SNC parameter configuration? Note: There are 2 correct answer to this question. SNCWIZARD STRUST SNCCONFIG SNCO.
Which of the following illustrate the simplification of users and role maintenance on SAP Cloud? Note: There are 2 correct answer to this question Business roles are automatically provisioned Business users have business roles Templates are provided for role derivation Read and write access can be restricted.
You want to limit an authorization administrator so that they can only assign certain authorizations. Which authorization object should you use? S_USER_VAL S_USER_ADM S_USER_AGR S_USER_TCD.
Which UCON phase blocks the access to RFC Function Modules without an assigned Communication Assembly? Configuration Logging Activation Evaluation.
Which of the following are system security threats? Note: There are 3 correct answer to this question. Authority Violation Nonrepudiation Code Injection System Penetration Availability.
Which TADIR Service Object type includes business functional authorization objects used within the OData execution? IWSG IWSC OSOD IWSV.
Which CDS- related repository object types are provided with ABAP CDS? Note: There are 3 correct answer to this question. SQL View Data Definition Metadata Extensions CDS View Entity Access Control.
Which transaction code allows you to configure the SAP System Audit Log? SM20 SM19 SM18 SUIM.
Which of the following accurately describe Solution Manager Functionality? Note: There are 3 correct answer to this question. SAP SOS self-service is a convenient entry point to introduce security monitoring. A system recommendation provide a worklist of potentially relevant security notes. Configuration validation can check if security policies were applied. SAP EWA provides the most comprehensive security check. Configuration validation helps to standardize and harmonize security related configuration items for ABAP systems only.
Which of the following describe the behavior of a reference user when assigned to a user master record? 2 correct answer to this question. The reference user roles are directly assigned to the user master record. The roles of the reference user are always hidden. The roles of the reference user can be shown. The user master record references the role and authorizations assigned to the reference user.
During maintenance of role you notice that the status text for an authorization object indicates status "Changed New" What does this status text mean? The authorization object was used to create a new authorization because the value contained in SU24 differ from the SAP standard contained in SU25 The authorization object must be maintained again This authorization object has been flagged as critical object The authorization object was used to create a new authorization because the initial configuration of the role change a default value maintained in SU24.
Which of the following objects allows you to restrict which users can distribute a role to another system using an RFC destination? S_USER_AGR S_USER_SYS S_USER_AUT S_USER_STA.
Which of the following conditions apply when merging authorizations for the same object? Note: There are 2 correct answer to this question. Changed authorizations can be merged with manual authorizations, even if the activation status is different Changed authorizations can be merged with manual authorizations, as long as the activation status is the same Both activation status and maintenance status of the authorizations match Both activation status and maintenance status of the authorizations do not match.
Which of the following app-specific types of entities do users need to use SAP Fiori apps? Note: There are 2 correct answer to this question. Master Data UI Authorizations Parameters.
A PFCG role can be linked to an SAP Organizational Management structure by which object types? There are 3 correct answer to this question.
Job Person Organizational Unit Task Position.
Which authorization is required to modify authorization data of derived roles? S_USER_AGR S_USER_SYS S_USER_AUT S_USER_VAL.
When you are troubleshooting an application start issue, what does the Search Startable Application in Roles report help you determine?
Note: There are 2 correct answer to this question If the PFCG roles contains all the start authorizations required for the application If the PFCG menu contains SAP Fiori Tile Group If there is an application start lock If the PFCG roles assigned to end user.
How can you protect a system when you do not want the user assignments for a role to be transported? Restrict access to the user assignment tab in PFCG in the target system Restrict import of users in table PRGN_CUST in the target system Restrict import of users in table PRGN_CUST in the development system Restrict access to the user assignment tab in PFCG in the Development system.
What content can be shared between SAP Access Control and SAP Cloud Identity and Access Governance products? There are 3 correct answ Mitigations Process Hirarchy Mitigation Control Risk Library Emergency Access.
What is the purpose of securing sensitive business data? Note: There are 3 correct answer to this question. Reduction of training Cost Protection of Intellectual property Correctness of Data Disruption of software deployment Protection Image.
What information can be provided by an Audit Class? Note: There are 3 correct answer to this question. Dialog Logon RFC/CPIC Logon Transaction Start User Roles User Authorizations.
Which of the following items are addressed by Configuration Validation? Note: There are 3 correct answer to this question. Database Parameters Critical Roles Failed Transport Software Packages RFC Logins.
Which of the following actions correctly describes the usage of Back Channel Single Sign-On based on (SAML) 2.0? The service provider get the authentication request from the identity provider over a SOAP channel. The service provider queries the user for authentication credentials. The identity provider get the authentication response from the service provider over a SOAP channel. The service provider redirects the user to an identity provider and includes a SAML artifact referring to authentication request.
Your company uses derived roles. During maintenance of the Plant Manager imparting role, you add a new transaction to the Menu tab which introduces a new organizational level that will be unique for each of your 150 plants. How will the new organization level be maintained in the derived roles? Automatically using the Copy Data button during maintenance of the imparting role All at once using transaction PFCGMASSVAL Automatically after generating the profiles of the imparting role and adjusting the derived roles Manually by maintaining each derived role individually.
Which feature is available in the CommonCryptoLib Scenario provided by SAP Security Library? Hardware Security Model (HSM) SPNEGO/ABAP SSL/TLS Secure Store and Forward(SSF).
Which of the following authorization objects are used to secure the execution of External Commands when a defining a background job step? Note: There are 2 correct answer to this question. S_LOG_COM S_PROGRAM S_BTCH_EXT S_RZL_ADM.
Where you can enable Read Access Logging tools? SICF SPRO SWI5 SUIM.
Which of the following features are provided by the SAP Fiori Launchpad content Manager? Note: There are 3 correct answer to this question. Activate 0 Data Services Create and Configure Groups Create and Configure Catalogs Display the issue with SAP Fiori Launchpad Content Display role assignments for Catalogs.
The report "Search for Application in Role Menu" can be called via which of the following options? Note: There are 2 correct answer Transaction SUIM (menu node "Roles") Transaction RSUSR_ROLE_MENU Transaction RSUSR_START_APPL Transaction SUIM, (Menu node " Change Documents").
What is the main purpose of SAP Access Control, as an enterprise software solution? Manage corporate social media presence Secure authentication for cloud and on-premise Identify security risk and document compliance Deployment of encryption services.
Which of the following defines "Phishing"? Overloading an application with request Acquiring sensitive information by masquerading as trustworthy entity Modifying an IP address of the source of the TCP/IP packet Pretending to be another user.
Which configuration options apply to the usage of VCLIENT in the parameter icm /server_port_<xx>? Note: There are 3 correct answer
VCLIENT default value is 0 VCLIENT value must be specified if SSL configuration is defined by SSLCONFIG VCLIENT default value is 1 VCLIENT = 0, which notifies the SSL server that no SSL client verification is needed VCLIENT = 1 the server asks the client to transfer a certificate.
You want to adjust check indicator values for certain authorization object delivered by SAP. In which of the following tables should your adjustments be recorded? USOBX_C USOBT_C USOBHASH USOBX.
Which of the various protocols can be used to establish secure communication? Note: There are 3 correct answer to this question. From Secure Login Server to LDAP Server : HTTPS (SSL) From Secure Login Server to SAP Netweaver : RFC (SNC) From Business Explorer to SAP Netweaver : DIAG/RFC (SNC), HTTPS (SSL) From Secure Login Client to Secure Login Server: DIAG/RFC (SNC), HTTPS, RADIUS From SAP GUI to SAP Netweaver : DIAG/RFC (SNC).
What is the purpose of SAP Notes listed by SAP Solution Manager System Recommendations? Note: There are 2 correct answer to this question To recommend SAP Hot News Notes (priority 1 and 2) To recommend Legal Change Notes related to SAP innovations To recommend Performance Notes to improve system response To recommend SAP security Notes for evaluation.
Which of the following checks performed for SAProuter by the SAP security optimization service (SOS)? Note: There are 3 correct answe Secure Network Communication Check Saprouttab Check User Management Check Operating System Access Check Password Check.
You are Configuring authorizations to secure access to table data using transaction SM31 and you encounter authorization object S_TABU_DIS and field DICBERCLS. How can this field be use to secure access? It allows you to specify access to tables associated with a specific authorization group It allows you specify access to specific client-dependent table It allows you specify access to a specific client independent table It allows you specify access to tables reference by a specific program group.
|
