Security

Question 1

What information can be provided by an Audit Class? Note: There are 3 correct Answers to this question.

Answer 1

A. Transaction Start

B. Dialog Logon

D. RFC/CPIC Logon

Question 2

Which of the following accurately describe Solution Manager functionality? Note: There are 3 correct Answers to this question.

Answer 2

A. SAP SOS self-service is a convenient entry point to introduce security monitoring.

D. SAP EWA provides the most comprehensive security check.

E. System recommendations provide a worklist of potentially relevant security notes.

Question 3

What is the purpose of SAP Notes listed by SAP Solution Manager System Recommendations? Note:
There are 2 correct Answers to this question.

Answer 3

A. To recommend Performance Notes to improve system response

D. To recommend SAP Security Notes for evaluation

Question 4

In the case of missing OData authorizations, why is it not recommended to maintained S_SERVICE manually within an SAP Fiori Authorization Role?
Note: There are 2 correct answer to this question.

Answer 4

B. Both front-end and back-end entries are generating the same S_SERVICE authorization object with different authorization values

D. The SRV_NAME Value of the S_SERVICE authorization object is the hash value of an OData service

Question 5

You want to adjust check indicator values for certain authorization object delivered by SAP. In which of the following tables should your adjustments be recorded?

Answer 5

A. USOBX_C

Question 6

If the OData back-end service is located on a remote back-end users need which authorization object to perform the RFC call on the back-end system?
Note: There are 2 correct answer to this question.

Answer 6

A. S_RFC

C. S_RFCACL

Question 7

Which of the following describe the behavior of a reference user when assigned to a user master record? Note: There are 2 correct Answers to this question.

Answer 7

B. The roles of the reference user can be shown.

C. The user master record references the roles and authorizations assigned to the reference user.

Question 8

How can you enforce an additional transaction start authorization check for custom transaction?

Answer 8

C. Maintain the SU24 entry for the custom transaction and adding the desired authorization object, setting the Check Indicator to “Check” and setting Proposal to Yes.

Question 9

Which of the various protocols can be used to establish secure communication? Note: There are 3 correct answer to this question.

Answer 9

A. From Secure Login Server to SAP Netweaver : RFC (SNC)

D. From SAP GUI to SAP Netweaver : DIAG/RFC (SNC)

E. From Secure Login Server to LDAP Server : HTTPS (SSL)

Question 10

Which of the following actions are correctly describes the usage of Front Channel Single Sign-On based on (SAML) 2.0?
Note: There are 2 correct answer to this question.

Answer 10

B. The identity provider returns the user to service providers with an authentication request

D. The identity provider queries the user for authentication credentials

Question 11

When you are troubleshooting an application start issue, what does the Search for Startable Applications in Roles report help you determine? Note: There are 2 correct Answers to this question.

Answer 11

A. If the PFCG roles contain all of the start authorizations required for the application

C. If there is an application start lock

Question 12

Which of the following authorization objects are used to secure the execution of External Commands when a defining a background job step?
Note: There are 2 correct answer to this question.

Answer 12

A. S_PROGRAM

C. S_LOG_COM

Question 13

Which of the following actions are required to ensure complete logging of table data changes? Note:
There are 3 correct Answers to this question.

Answer 13

A. Instance profile parameter rec/client must be maintained for client.

B. Parameter RECCLIENT must be maintained in transaction STMS.

C. Log data changes must be enabled at the table level in transaction SE13.

Question 14

Which of the following allows you to improve the quality of your enterprise data assets with consistent data validation rules, data profiling and metadata management?

Answer 14

C. SAP Data Services

Question 15

Which UCON phase blocks the access to RFC Function Modules without an assigned Communication Assembly?

Answer 15

C. Evaluation

Question 16

Which of the following user types are precluded from logging onto the system directly? Note: There are
3 correct Answers to this question.

Answer 16

A. System

D. Communication

E. Reference

Question 17

Which ABAP transaction codes are relevant for SNC parameter configuration? Note: There are 2 correct answer to this question.

Answer 17

A. SNCCONFIG

B. SNCWIZARD

Question 18

Which of the following transactions allow you to define role assignments for OData Services that are available on multiple back-end systems? Note: There are 2 correct Answers to this question.

Answer 18

A. /UI2/GW_MAINT_SRV

D. /IWFND/MAINT_SERVICE

Question 19

Which authorization object is required to modify authorization data of derived roles?

Answer 19

A. S_USER_VAL

Question 20

Which of the following parameter must be configured to capture log data in the Security Audit log?

Answer 20

C. rsau/enable

Question 21

Your system is configured to prohibit a user from logging on multiple times to the system with the same User ID in violation of your SAP licensing agreement. However, certain users need to be exempt from this limitation. Which instance profile parameter can you configure to allow a small group of users to bypass the limitation of multiple logins?

Answer 21

B. login/multi_login_users

Question 22

Which of the following are used in SAP Enterprise Threat Detection (ETD) architecture? Note: There are
2 correct Answers to this question.

Answer 22

B. SAP HANA Smart Data Streaming

D. Forensic lab

Question 23

Which of the following app-specific types of entities do users need to use SAP Fiori apps? Note: There are 2 correct Answers to this question.

Answer 23

B. UI

D. Authorizations

Question 24

During maintenance of role you notice that the status text for an authorization object indicates status “Changed New” What does this status text mean?

Answer 24

D. The authorization object was used to create a new authorization because the initial configuration of the role change a default value maintained in SU24

Question 25

Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?

Answer 25

A. S_SERVICE

Question 26

What content can be shared between the SAP Access Control and SAP Cloud Identity and Access Governance products? Note: There are 3 correct Answers to this question.

Answer 26

A. Mitigation controls

B. Risk library

D. Mitigations

Question 27

Which of the following illustrate the simplification of user and role maintenance on SAP Cloud? Note:
There are 2 correct Answers to this question.

Answer 27

A. Business users have business roles.

D. Read and write access can be restricted.

Question 28

Your system is configured to prohibit a user from logging on multiple times to the system with the same User ID in violation of your SAP licensing agreement. However, certain users need to be exempt from this limitation. Which instance parameter can you configure to allow small group of user to bypass the limitations of multiple logins?

Answer 28

B. Login/ multi_login_users

Question 29

Which of the following items are addressed by Configuration Validation? Note: There are 3 correct answer to this question.

Answer 29

A. RFC Logins

B. Database Parameters

D. Software Packages

Question 30

Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?

Answer 30

A. S_START

Question 31

Which of the following transaction allows you to define role assignments for 0 Data Services that are available on multiple back-end systems?
Note: There are 2 correct answer to this question.

Answer 31

C. /IWFND/MAINT_SERVICE

D. /UI2/GW_MAINT_SRV

Question 32

Which of the following table contains transport request object list and table entry keys? Note: There are 2 correct answer to this question.

Answer 32

C. E071

D. E071K

Question 33

SAP Cloud Identity and Access Governance consists of which of the following software services? Note:
There are 3 correct Answers to this question.

Answer 33

A. Access Request

B. Role Design

C. Access Analysis

Question 34

Which of the following are prerequisites for using transaction PFCG? Note: There are 2 correct Answers to this question.

Answer 34

B. Maintain parameter auth/no_check_in_some_cases = Y

C. Fill in initials values for customer tables using transaction SU25

Question 35

In SAP NetWeaver AS Java, the User Management Engine (UME) supports which of the following data sources for storing user data?
Note: There are 3 correct answer to this question.

Answer 35

A. ABAP-based sap system

C. LDAP Directory

E. Java system database

Question 36

You are configuring authorizations to secure access to table data using transaction SM31 and you encounter authorization object S_TABU_DIS and field DICBERCLS. How can this field be used to secure access?

Answer 36

D. It allows you to specify access to tables associated with a specific authorization group.

Question 37

Which ABAP transaction codes are relevant for SNC Parameter Configuration? Note: There are 2 correct Answers to this question.

Answer 37

C. SNCWIZARD

D. SNCCONFIG

Question 38

Which of the following phases in SAP AUDIT MANAGEMENT auditing process? Note: There are 3 correct answer to this question.

Answer 38

C. Monitoring Progress

D. Communication Results

E. Engagement Planning

Question 39

The DBMS tab in transaction SU01 allows you to manage database privilege assignments for which of the following scenarios?
Note: There are 2 correct answer to this question.

Answer 39

C. When a user needs to run applications that access database directly

D. When users need 1:1 user mapping to map analytical privileges of database to the virtual analysis of authorization on SAP BW

Question 40

A PFCG role can be linked to an SAP Organizational Management structure by which object types? Note:
There are 3 correct answer to this question.

Answer 40

A. Job

B. Organizational Unit

C. Position

Question 41

You want to limit an authorization administrator so that they can only assign certain authorizations. Which authorization object should you use?

Answer 41

A. S_USER_AGR

Question 42

Which of the following defines “Phishing”?

Answer 42

A. Acquiring sensitive information by masquerading as trustworthy entity

Question 43

Which of the following conditions apply when merging authorizations for the same object? Note: There are 2 correct Answers to this question.

Answer 43

A. Changed authorizations can be merged with manual authorizations, as long as the activation status is the same.

D. Both the activation status and the maintenance status of the authorizations match.

Question 44

Which of the following are the examples of personal data under the GDPR? Note: There are 3 correct answer to this question.

Answer 44

A. GPS data from Cellular phone

B. IP Address

D. Email Address

Question 45

Which of the following allows you to improve the quality of your enterprise data assets with consistent data validation rules, data profiling and metadata management?

Answer 45

A. SAP Information Steward

Question 46

Which is the frequency of SAP Patch day?

Answer 46

B. Monthly

Question 47

Which of the following describes an Authorization Object class?

Answer 47

A. It defines a logical grouping of authorization objects.

Question 48

You are responsible for determining the reason why you need personal data and how this data is processed or stored. What key role do you play under GDPR in relation to personal data?

Answer 48

A. Data Controller

Question 49

You want to turn off the SAP menu on Easy Access Menu Screen. What administrative function do you need in Authorization Object S_USER_ADM ?

Answer 49

A. SSM_CUST

Question 50

Which of the following are prerequisites for using transaction PFCG? Note: There are 2 correct answer to this question.

Answer 50

A. Maintain parameter auth/no_check_in_some_cases = Y

D. Fill Initial values for customer tables using transaction SU25

Question 51

Which archiving object can you use for archiving change documents related to changes with authorizations assigned to user?

Answer 51

D. US_AUTH

Question 52

Which of the following are SAPUI5 Fiori application types? Note: There are 2 correct Answers to this question.

Answer 52

C. Transactional

D. Analytical

Question 53

What is the purpose of securing sensitive business data? Note: There are 3 correct answer to this question.

Answer 53

C. Protection Image

D. Disruption of software deployment

E. Protection of Intellectual property

Question 54

Which of the following actions correctly describes the usage of Back Channel Single Sign-On based on (SAML) 2.0?

Answer 54

B. The service provider redirects the user to an identity provider and includes a SAML artifact referring to authentication request.

Question 55

Which of the following transaction allow you to customize or configure SAP Fiori Catalogs and Groups?
Note: There are 2 correct answer to this question.

Answer 55

C. /UI2/FLPD_CONF

D. /UI2/FLPD_CUST

Question 56

Which of the transaction allows a user to change the authorization values of multiple roles at same time?

Answer 56

B. PFCGMASSVAL

Question 57

Where you can enable Read Access Logging tools?

Answer 57

A. SICF

Question 58

Which TADIR Service Object type includes business functional authorization objects used within the OData execution?

Answer 58

A. IWSG und IWSV

Question 59

Your company uses derived roles. During maintenance of the Plant Manager imparting role, you add a new transaction to the Menu tab which introduces a new organizational level that will be unique for each of your
150
plants. How will the new organization level be maintained in the derived roles?

Answer 59

C. Manually by maintaining each derived role individually

Question 60

What is the equivalent of the AS ABAP user type System in the AS JAVA UME security policy?

Answer 60

A. Technical User

Question 61

Which of the following accurately describes the role/profile SAP_NEW? Note: There are 2 correct answer to this question.

Answer 61

C. The profile SAP_NEW provides authorizations to all new objects and objects change by release

D. The SAP_NEW must be generated in accordance with the system environment using the report REGENERATE_SAP_NEW

Question 62

Which of the following technical capabilities does SAP Code Vulnerability Analysis provide? Note: There are
2 correct answer to this question.

Answer 62

B. Static and Dynamic Application Security Testing

C. Capture of manual and automated check execution

Question 63

Which configuration options apply to the usage of VCLIENT in the parameter icm/server_port_ Note: There are 3 correct Answers to this question.

Answer 63

A. VCLIENT=0, which notifies the SSL server that no SSL client verification is needed

D. VCLIENT=1, the server asks the client to transfer a certificate

E. VCLIENT default value is 1

Question 64

Which transaction codes are relevant to enable SNC between ABAP systems? Note: There are 3 correct Answers to this question.

Answer 64

A. RZ10

C. STRUST

E. SNC0

Question 65

Which of the following accurately describe a Composite Role? Note: There are 2 correct Answers to this question.

Answer 65

A. User assignment is maintained at the Composite Role level.

C. Authorizations are maintained at the single role level.

Question 66

Which of the following checks are performed for SAProuter by the SAP Security Optimization Service?
Note: There are 3 correct Answers to this question.

Answer 66

A. Operating System Access Check

B. Secure Network Communication Check

C. SAProuttab Check

Question 67

The report “Search for Application in Role Menu” can be called via which of the following options? Note:
There are 2 correct Answers to this question.

Answer 67

A. Transaction SUIM (menu node “Roles”)

C. Transaction RSUSR_ROLE_MENU

Question 68

Which of the following features are provided by the SAP Fiori Launchpad content manager? Note: There are 3 correct Answers to this question.

Answer 68

B. Create and configure Catalogs

C. Display the issues with SAP Fiori Launchpad content

E. Display role assignments for Catalogs

Question 69

How can you protect a system when you do not want the user assignments for a role to be transported?

Answer 69

B. Restrict import of users in table PRGN_CUST in the target system

Question 70

Which of the following technical capabilities does SAP Code Vulnerability Analysis provide? Note: There are 2 correct Answers to this question.

Answer 70

A. Capture of manual and automated check executions

B. Static and Dynamic Application Security Testing

Question 71

Which transaction code allows you to configure the SAP Security Audit Log?

Answer 71

D. SM19

Question 72

Which feature is available in the CommonCryptoLib Scenario provided by SAP Security Library?

Answer 72

B. Secure Store and Forward(SSF)