You want to use the User Analysis Dashboard to evaluate Segregation of Duties violations after your most recent batch risk analysis has completed. However, when reviewing the data you realice that the dashboard does not display all of your current users. What do you need do to correct the problem? Execute the repository Object Sync and then re-execute the user level batch risk analysis. Execute the user level batch risk analysis again and remove any exclude objects. Execute the Authorization Synch and then re-execute the user level batch risk analysis. Execute the Action Usage Sync followed by the Role Usage Sync and then re-execute the user level batch risk analysis.
Your compliance team requires that all changes to access rules be auditable in the SAP Access Control application. Which of the following change logs do you enable? Access Rule Rule Set Function Role Critical Role.
How can the data synchronized with GRAC_AUTH_SYNCH be used? Note: There are 2 correct anwers to this question. To define a new function. To populate the Role Analysis Dashboard. To populate authorization object text descriptions. To define roles in Business Role Management.
Which of the following must be specified when defining a mitigating control? Note: There are 2 correct answers to this question. Control ID Organization Report Risk Owner.
Which of the following are prerrequisites for using the Remediation View to remove a role following risk analysis? Note: There are 2 correct answers to this question. Role definitions have been maintained in Business Role Management The Role Usage Sync job has been executed succesfully Process ID SAP_GRAC_ROLE_APP has been configured Process ID SAP_GRAC_ACCESS_REQUEST has been configured.
In the SAP GRC landscape, which of the following activities must be taken to ensure that an update to the access risk rule set in the development system will be avaiable for risk analysis in the production system? Note: There are 2 correct answers to this question. The connector to the production system must be configured as the Production Environment under Access Control -> Maintain Connector Settings The access risk rules must be downloaded from the development system and uploaded into the production system Each change to a Function ID or Risk ID must be saved to its own transport request and imported into the access risk rule set in the production system Access risk rules must be generated and inserted inte the corresponding tables in the production system.
You have configured a workflow to require an approval for updates to a function that is contained within a delivered SAP risk. What else must you do enable the approval process? Set the 1063 Risk Maintenance parameter to YES Set the 1064 Function Maintenance parameter to YES Activate the SAP_GRAC_RISK_APPR MSMP Process ID Activate the SAP_GRAC_FUNC_APPR MSMP Process ID.
You are creating a mitigating control. How do you specify on which system and client the control is executed? Assign a risk definition to the control for the desired system Assign a rule set for the desired system Assign an approver or monitor from the desired system Assign one or more reports to the control from the desired system.
In which order does GRAC_REPOSITORY_OBJECT_SYNC execute the following programs? 1. Role Sync
2. Profile Sync
3. User Sync
4. Role Search Sync 1. Profile Sync
2. Role Sync
3. User Sync
4. Role Search Sync 1. Profile Sync
2. Role Sync
3. Role Search Sync
4. User Sync 1. User Sync
2. Role Sync
3. Role Search Syn
4. Profile Sync.
You want to configure SAP Access Control to generate alerts to help manage compliance. What are the available alert capabilities that can be configured? Note: There are 3 correct answers to this question. Identify a user who has executed conflicting functions Identify a user who has executed conflicting functions and open a support desk message Identify a control monitor who has failed to execute defined reports in a timely fashion Identify a user who has executed a critical action and open a support desk message Identify a user who has executed a critical action an generate an email notification .
Which of the following are prerequisites for scheduling a Role Usage Sync in SAP Access Control? Note: There are 2 correct answers to this question. An authorization sync has been completed GRCPIERP plug-in has been deployed on target system An action usage sync has been completed GRCPINW plug-in has been deployed on target system.
Which of the following steps are part of the SoD Risk Management Process for rule set imprementation and Access Risk Analysis? Note: There are 3 correct answers to this question. Activation Risk Recognition Remediation Role Building and Validation Analysis.
You want to enable a workflow approval process for changes to the master data for the Access Risk Analysis environment. For which of the following can you enable an approval workflow? Note: There are 2 correct answers to this question. Mitigating Control Function Role Mitigation Assignment.
In Business Role Management, which of the following activities can beincorporated and enforced in a Role Metodology. 3 Correct Testing Certification Provisioning Derivation Mitigation.
In Role Reaffirm, wich of the following can review role assignments? Role owner Content Approver Manager Assignment Approver.
Which of the following task can you complete using the Role Certification process? Note: There are 2 correct answers to this question. Determine if the role is assigned correctly Send work item for role review Send email notification for role review Determine if the role is designed correctly.
Business Role Management provides which of the following standard reports? Note: There are 3 correct answers to this question. Role Relationships with User/User Group User by Logon Date and Password Change Transaction Executable for User PFCG Change History Embedded Action Calls in Programs of SAP System.
Why might you integrate Business Role Magement with Business Rules Framework? Note: There are 2 correct answers to this question. Determine role naming convention Determine role methodology Determine role owner Determine role type.
Which of the following are required to create a role in SAP Access Control? Note: There are 3 correct answers to this question. Naming Convention Role Methodology Owners/Approvers Business Process Projet Release.
What are condition groups used for in Business Role Management? Note: There are 2 correct answers to this question. Role Methodology Role Naming Convention Organizational Value Mapping Role Owners.
Business Role Management provides which of the following capabilities? There are 3 correct answers to this question. Facilitate role creation at the function level Enable role level emergency access Standardize methodology for role assignment Align role definitions with business processes Enforce real time risk analysis during role certificaton.
You want to create a transportable BRFplus Routing Rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. What must be done in order for your rule to be transportable? You must assing a package to the Aplication after you generate the rule. You must assing a package to the Function before you generate the rule. You must assing a package to the Aplication before you generate the rule. You must assing a package to the Function after you generate the rule.
You want to create an anitiator rule in BRFplus that will route a request to a path and a specific approver based upon the role Business Process. Which of the following structures contains the attribute you need? GRAC_S_BRF_ROLE_ATT GRAC_DT_REQUEST_FIELD_LABELS GRFN_MW_S_AGENT_ID GRAC_S_REQUEST_RULE_LINE.
You want to generate an MSMP rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST. Which type of rule can you generate? Note: There are 2 correct answers to this question. Decision Table Function BRFplus Rule Function Module.
You have created a BRFplus Initiator Role for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. However the Decision Table was not generated. Where can you manually create a Top Expression for your rule? Application Expression Function Data Object.
You want to generate a BRF plus Initiator Rule that utilizes an expression of type Decision Table for the SAP_GRAC_ACCESS_REQUEST MSMP Process ID. Which rule types can you use? Note: There are 2 correct answers to this question. Funtion Module Based Rule BRFplus Rule Class Based Rule BRFplus Fiat Rule.
You are creating an Initiator rule and want to buil a condition usig header attributes. Which of the following attibutes can you use? Note: There are 2 correct answers to this question. Prerequisite Company Functional Area Subprocess.
You have created a transportable initiator BRFplus Flat Rule. Which of the following must be active in BRFplus for MSMP Workflow to utilize your new rule? Note: There are 2 correct answers to this question. Application Path Package Expression.
You are configuring a BRFplus fiat rule and you enter the context parameter ITEMNUM into the LINE_ITEM_KEY field in the result set. When the rule is executed, how will line item data be used when calculating a rule result? It is averaged It is compared to other line items It is aggregated It is evaluated individually.
Which of the following are possible ways to assing emergency access in Emergency Access Management? Note: There are 2 correct answers to this question. Assign a Fire fighter role to a firefighter in a target system Assign a Firefighter ID to a firefighter owner in SAP Access Control Assign a Firefighter ID to a firefighter in SAP Access Control Assign a Firefighter role to a firefighter in SAP Access Control.
The Consolidated Log Report provides data from which of the following? ABAP debug information ABAP trace execution SQL command execution ABAP dump information.
Which of the following are required to enable Cetralized Emergency Access Management(EAM)? Note: There are 2 correct answers to this question Set the application Type parameter for emergency Access Management To value ID in SAP Access Control Set the Enable Decentralized Firefighting parameter for Emergency Access Management to YES Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO Set the application Type parameter for emergency Access Management to value Role in the target system GRC plug-in.
Which of the following are prerequisites for implementing Emergency Access Management? Note: There are 2 correct answers to this question System-specific Firefighter roles have been configured en the SAP Access Control customizing settings. Users and roles that are used for firefighting activities have been created in the target system Users and roles that are used for firefighting activities have been created for the SAP Access Control system The repository object sync has been completed.
It is mandatory for a Firefighter ID to be assigned to which of the following? Firefighter Firefighter ID Owner Firefighter ID Controller Firefighter ID Owner and Firefighter ID Controller.
Which of the following are required for delivery of the EAM session logs to the controller via the Firefighter Log Report Review Workflow? Note: There are 3 correct answers to this question. Configuration of the Agent ID GRAC_SPM_CNTL_AGENT Execution of the EAM Master Data Synch Execution of the Firefighter Log Synch Assignment of a EAM Owner ID Execution of the Firefighter Workflow Synch.
Which of the following standard roles does SAP deliver for use by the EAM Owner or EAM Controller or both? Note: There are 2 correct answers to this question. SAP_GRIA_SUPER_USER_MGMT_USER SAP_GRAC_SUPER_USER_MGMT_CNTLR SAP_GRAC_SPM_FFID SAP_GRIA_SUPER_USER_MGMT_ADMIN.
Which methods can be used to notify a controller of a new EAM session log? Note: There are 2 correct answers to this question. Support Message Log Display Email Workflow.
Which of the following activities can you do in Emergency Access Management (EAM)? Note: There are 2 correct answers to this question. Display a log file of performed activities Log on to the Firefighter ID directly wiht a password Perform tasks outside of the normal responsabilities Maintain EAM master data in the back-end system.
Which of the following logs can be collected for an Emergency Access Management session? Note: There are 2 correct answers to this question. System log Security Audit log Usage Procedure log SLG1 Application Log.
Which of the following solutions are delivered in component GRCFND_A? SAP Global Trade Services SAP Risk Management SAP Audit Management SAP Access Control.
Which of the following rule sets are delivered in SAP Access Control? Note : there are 3 correct answers to this question. GRAC_RA_RULESET_SAP_HANA GRAC_RA_RULESET_COMMON GRAC_RA_RULESET_S4HANA GRAC_RA_RULESET_JDE GRAC_RA_RULESET_ERP.
You are tasked with configuring SAP Access Control to retrieve user and authentication information SAP Access Control supports a connector configuration for wish of the following functions? Note: there are 2 correct answers to this questions. User Search Data Source data type HR User Detail Data Source data type SU01 End User Verification SU01 User Authentication Data Source data type IDM.
Which of the following components deliver SAP Fiori for SAP GRC solutions? Note: there are 2 correct answers to this question. SAP_UI UIGRRMPC UIBAS001 UIGRAC01.
SAP Governance, Risk and Compliance solutions are organized along 4 key themes. Which of the following are key themes? Note: there are 3 correct answers to this question. Access Governance Audit management Cybersecurity and Data Protection Enterprise Risk and Compliance Business Integrity Screening.
Which of the following SAP Fiori business catalogs are delivered for SAP Access Control? Note: There are 2 correct answers question. SAP_GRC_BC_SCRTYMGR_T SAP_GRC_BC_CMPLNCMGR_T SAP_GRC_BC_COMMRG_T SAP_GRC_BC_COMSPL_T.
Which of the following SAP Access Control applications can be mapped to a BRFplus function? Note: There are 3 correct answers to this question. Service Level Agreements Notification Variables Initiators HR Triggers Request Multiple Rule Set.
Which component plug-ins contain SAP Access Control functionality for SAP S/4HANA? Note: There are 2 correct answers to this question. UIGRAC01 GRCPINW GRCPIERP GRCFND_A.
Which of the following are functions of the SAP Access Control solution? Note: There are 2 correct answers to this question. Privilege Monitoring Manual Control Effectiveness Role Provisioning Issue Management.
You are configuring the role of connectors in a landscape. When mapping Action 004 Provisioning, what must you ensure? All connectors in the landscape using provisioning must be mapped as Default to Action 004 Provisioning as Default. All conectors in the landscape must be mapped to Action 004 Provisioning. All connectors in the landscape using privisioning must be mapped to Action 004 Provisioning wiht one connector marked as Default. All connectors classified as Production that are mapped to the PROV Integration Scenario must be mapped to Action 004 Provisioning.
You are maintaining the Mapping for Actions and Connector Groups Activity in Customizing. Which of the following events should be mapped to the target development system as default when using Business Role Management? Note: There are 2 correct answers to this question. Provisioning Authorization Maintenance Role Risk Analysis Role Generation.
Activation of which of the following BC Sets is a prerequisite for activating the GRAC_RA_RULESET_S4HANA_FIORI? GRAC_RA_RULESET_SAP_HANA GRAC_RA_RULESET_SAP_BASIS GRAC_RA_RULESET_COMMON GRAC_RA_RULESET_SAP_S4HANA_ALL.
Which of the following Business Configuration (BC) sets configure a connector group in SAP Access Control? Note: There are 3 correct answers to this question. GRAC_RA_RULESET_COMMON GRAC_RA_RULESET_PSOFT GRAC_ROLE_MGMT_LANDSCAPE GRAC_RA_RULESET_BASIS GRAC_ACCESS_REQUEST_APPL_MAPPING.
When would be necessary to define a subsequent connector? Note: There are 2 correct answers to this question. When you are defining a cross system risk When all resources are NOT avaliable on a specific conector When component GRCFND_A requieres multiple SAP NetWeaver instances When the SAP Fiori launchpath for a target system connects to a central gateway.
You are implementing Access Request Management. Which integration scenarios should assign to the target connector? PROV, ROLMG, SUPMG, AUTH PROV PROV, AUTH PROV, ROLMG.
You are maintaining an anitiator rule in MSMP Workflow. Which of the folowing must you specify? Note: There are 2 correct answers to this question. Rule Result Rule Type Process Initiator Notification Rule.
Which of the following allows you to control how many access requests can be active for a user and a system at the same time? Stage Details BRFplus fiat rule End User Personalization AC Parameter Configuration.
You want to configure your MSMP Workflow stage definition to ensure that a workflow request that has NOT been processed after a certain period of time can be escalated and approved by another approver. Which of the following options can you use to configure escalation? Note: There are 3 correct answers to this questions. Skip to the Next Stage Use Defaults Define an Alternate Approver Escalate to Specified Agent Maintain Fallback Receiver.
You want to confirm the identity of an approver when processing an access request. Which MSMP Workflow stage configuration option can you use? Approval Level Confirm Approval Reaffirm Approval Comments Mandatory.
Which of the following represent a Rule Kind wen configuring MSMP Workflow? Note: There are 2 correct answers in this questions. Notification Variable Function Module Agent Decision Table.
SAP delivers multiple MSMP Process IDs. You want implement an MSMP Workflow that targets your SAP S/4HANA system. Which BC Set do you need to activate as a prerequisite? BC Set GRAC_RA_RULESET_S4HANA_CORE BC Set GRAC_ROLE_MGMT_LANDSCAPE BC Set GRC_MSMP_CONFIGURATION BC Set GRAC_DT_REQUEST_DISPLAY_SECTIONS.
You are updating an MSMP Workflow. You want the update to apply to both new and existing request that have not yet been processed. What must you configure to achieve this result? Access Request Validation Parameters Task Settings EUP Stage Details.
You have been asked to change the email message delivered to an end user when their access request is rejected. Which of the following actions should you do? Note: There are 3 correct answers to this question. Define a custom notification template in table GRFNVNOTIFYMSG. Update the required text for the standard document object Configure the Notification Event for all relevant paths and stages in MSMP Workflow Update the required text using a copy of the standard document object Replace the SAP standard document object for the message class with a custom document object.
Where can you use a custom field in SAP Access Control? Note: There are 2 correct answers to this question. End User Personalization Agent Rule Control Definition Simplified Access Request.
Which of the following conditions are contained in the MSMP Workflow Routing Rules delivered by SAP? Note: There are 2 correct answers to this question. SOD Violation Approver Not Found No Role Owner Auto Provisioning Failure.
You are configuring your MSMP Workflow path and you want to allow an approver to decide which type of provisioning should accour upon approval. Which configuration options provide this capability? Note: There are 2 correct answers to this question. Set stage task setting to Allow Manual Provisioning Set global provisioning option for auto-provisioning to manual provisioning Set stage task setting to Override Assignment Type Set system provisioning option for auto-provisioning to manual provisioning.
Which of the following represent an Agent Type within MSMP Workflow configuration? Note: There are 2 correct answers to this question. PFCG Roles Notification Approval User Group in SU01.
Which of the following reviewer options does SoS Review support? Manager or Risk Owner Manager and Risk Owner Manager or Role Owner Manager and Role owner.
How can you ensure that a coordinator has the opportunity to review UAR request assignments? Schedule the Generate new request for UAR rejected request job Maintain the GRAC_COORDINATOR agent at the approval stage in MSMP Process ID SAP_GRAC_USER_ACCESS_REVIEW Set the Admin review required before sending tasks to reviewers parameter for UAR to YES. Set the Who are the reviwers? Parameter for UAR to COORDINATOR.
Which of the following jobs should be executed before you schedule a User Access Review (UAR)? Repository Object Sync Update Workflow for UAR request Action Usage Sync Generate data for access request UAR review.
Which of the following reviewer options does User Access Review support? Manager or Role Owner Manager and Risk Owner Manager and Role Owner Manager or Risk Owner.
Which of the following are Service Level Agreement time frame options? Note: There are 2 correct answers to this question. Fixed by Date Fixed bi-weekly Fixed by Month Fixed by number of days.
You want to deploy the End User Logon Page for the users. Which of the following actions must you perform for this page to be avaiable? Note: there are 2 correct answers to this question. Activate End User Logon for each target connector Configure default user for application logon Activate Web Dynpro service Maintain target system RFC Destination.
Which of the following items are mandatory for creating an access request template? Note: There are 2 correct answers to this question. Role Assignment Access Details Name EUP ID.
What can you use a custom end-user personalization configuration for? Note: There are 3 correct answers to this question. To assign it to the standard access request To determine fiels shown in a workflow item To determine roles that can be assigned on a request To assign it to an access request template To restrict a userĀ“s ability to approve their own requests.
How can you make sure that a risk analysis is performed when you use access request management? Note: There are 2 correct answers to this question. Set Enable Offline Risk Analysis parameter to Yes Configure the MSMP workflow stage to require a risk analysis Set the Enable Risk Analysis Form on Submission parameter to Yes Configure the MSMP workflow path to require a risk analysis.
You want to use Access Request Management to provision access in a target system. Which of the following actions are required before access can be provisioned using an access request? Note: There are 2 correct answers to this question. Import role definitions in Business Role Management Maintain Global Provisioning Configuration Maintain System Provisioning Configuration Maintain custom End User Personalization settings.
You want to configure Password Self Service (PSS) to alllow your end users to reset their password and process changes to their name. Which of the following actions are required before PSS can be used? Activate PSS manually for each target connector in activity Maintain Connector Settings Map the PSS Application to a BRFplus function ID in activity Maintain AC Applications and BRFplus Function Mapping Activate PSS manually for each target connector group in activity Maintain Connectors and Connection Types Activate PSS for User Authentication Data Source in activity Maintain Data Source Configuration.
What are provisioning types that can be used with Auto-Provisioning? Note: There are 2 correct answers to this question. Direct End of request Indirect End of each path.
You are using the End User Login Page link configured in SAP Access Control. What option are provided for you to use? Note: There are 3 correct answers to this question. Review role assignments Register Security Questions Specify Appover Delegation Create a Simplified Access Request Submit a Template Request.
Which oh the following settings can be configured in both the global and system-specific provisioning configurations? Note: There are 3 correct answers to this question. Account Validation Error Send Password Deactivate Password Role Delimit Hours Override Assignment Type.
|
