Test_Dec

Which cloud-based SAP solution helps organizations control their data across various cloud platforms and on-premise data sources?. SAP Identity Access Governance. SAP Privacy Governance. SAP Data Custodian. SAP Information Steward.

Which cybersecurity type does NOT focus on protecting connected devices?. Cloud Security. Application Security. Network Security. lot security.

What happens to data within SAP Enterprise Threat Detection during the aggregation process? There are 3 correct answers to this question. It is prioritized. It is pseudonymized. It is categorized. It is normalized. It is enriched.

What are some security safeguard categories? There are 3 correct answers to this question. Physical. Financial. Access Control. Organizational. Technical.

Which of the functions within SAP GRC Access Control support access certification and review? There are 2 correct answers to this question. Role Ream. GO. Review CI User Reaffirm. Role Review.

Which solution analyzes an SAP system's administrative areas to safeguard against potential threats?. SAP Security Optimization Services. SAP EarlyWatch Alert. SAP Code Vulnerability Analyzer. SAP Enterprise Threat Detection.

Which is NOT used to identify Security recommendations for the SAP Security Baseline?. SAP Code Vulnerability Analyzer. SAP EarlyWatch Alert. SAP Security Optimization Service. SAP Security Notes.

Which functions in SAP Access Control can be used to approved or rejects a user's continued access to specific security roles? There are 2 answers to this question. SOD Review. Role Certification. User Access Review. Role Reaffirm.

Which of the following are Security Goals? There are 2 correct answers to this question. Information Integrity. Encryption. Repudiation. Identity Authentication.

When segregating the duties for user and role maintenance, which of the following should be part of a decentralized treble control strategy for a production system?. One authorization data administrator. One user administrator per production system. One authorization profile administrator. One user administrator per application area in the production system. One decentralized role administrator.

In the administration console of the cloud identity services, which system property types can you add?. Default. Credential. Standard. Internal.

In the administration console of the cloud identity services, for which system type can you define both read and write transformations?. Target System. Proxy System. Source System.

What do you configure the Social Media deny providers?. In the code editor of the SAP Business Application Studio. In the SAP BTP Cockpit Account Explorer. In the administration console for SAP Cloud Identity Services.

For which of the following can transformation variables be used?. To save data temporarily. To save data permanently. To save data to the output JSON file.

In the administration console of the Cloud Identity Services, which authentication providers are available? There are 2 correct answers to this question. FieldGlass. Successfactors. Concur. Ariba.

In which order do you define the security-relevant objects in SAP BTP?. Role. Role Template. Role Collection.

Which of the following services does the identity authentication service provide?. Authentication. Single Sign-On. Central User Repository. Policy refinement.

What use cases are available for a local Identity Directory? There are 3 correct answers to this question. Merging attributes. Proxy Mode. Classic use case. S/4HANA use case. Hybrid mode.

SAP BTP distinguishes between which of the following users?. Key Users. Platform Users. Business Users. Technical Users.

Which cryptographic libraries are provided by SAP?. Cryptlib. SecLib. SAPCRYPTOLIB. CommonCryptoLib.

What can be assigned directly to a user when using SAP Launchpad service in SAP BTP?. Launchpad roles. Role collections. Spaces. Catalogs.

Which protocol is the industry standard for provisioning identity and access management in hybrid?. OIDC. SSL. SCIM. SAML.

Which log types are available in the Administration console of Cloud Identity Services?. Change logs. Troubleshooting logs. Performance logs. Usage logs.

What does SAP Key Management Service (KMS) do to secure cryptographic keys?. Store keys. Conceal keys. Rotate keys. Transmit Keys. Generate Keys.

In the SAP BTP Cockpit, at which level is Trust Configuration available?. Global Account. Subaccount. Organization. Directory.

Which level of security protection are provided by Secure Network Communication (SNC)?. Authentication. Integrity. Availability. Privacy. Authorization.

Which tool can you use to modify the entities schema content across multiple repositories?. SAP Business Application Studio. SAP BTP Account Explorer. SAP Cloud Identity Services Transformation Editor. SAP Cloud Identity Services Schemas App.

Following an upgrade of your SAP S/4 HANA on-premise system to a higher release, you perform a modification comparison using SU25. What does this comparison do?. It compares your changes to the SAP defaults in USOBX and USOBT with the new SAP defaults in the current release and allows you to make adjustments. It compares the Role Maintenance data from the current release with the data for the previous release and allows you to adjust any custom default values in tables USOBX and USOBT. It compares the Role Maintenance data from the previous release with the data for the current release and writes any new default values in tables USOBX_C and USOBT_C. It compares your changes to the SAP defaults in USOBX_C and USOBT_C with the new SAP defaults in the current release and allows you to make adjustments.

Which of the following allows you to control the assignment of table authorization groups?. PRGN_CUST. V_DDAT_54. V_BRG_54. SSM_CUST.

Which limitation apply to restricted users in SAP HANA Cloud?. They only have full SQL access via the SQL console. They cannot create objects in the database. They cannot connect via ODBC or JDBC. They can only create objects in their own database schema. They can only connect to the database using HTTP/HTTPS.

When performing a comparison from the imparting role, what happens to the organizational level field values in the derived role?. Data for organizational levels is always transferred when authorization data for the derived role is modified. Data for organizational levels that have already been maintained in the derived role is NOT overwritten. Data for organizational levels is transferred only when authorization data for the derived role is first modified. Data for organizational levels that have already been maintained in the derived role is overwritten.

What authorization object can be used to restrict which users a security administrator is authorized to maintain?. S_USER_GRD. S_USER_AUT. S_USER_SAS. S_USER_GRP.

In the SAP HANA Cloud, who has access to a database object?. The user DBADMIN and the group owner. The user SYSTEM and the creator. The owner and the SAP-owned users. The creator and the schema owner.

What does status 'old' mean during the maintenance of authorization for an existing role?. Field values have not been changed. Field values were unchanged and no new authorization was added. Field values were changed as a result of the merge process. The field delivered with content was changed but the old value was retained.

What must you do before you can use transaction PFCG?. Fill tables USOBT and USOBX with the SAP-delivered authorization default values. Set the system profile parameter auth/no_check_in_some_cases to Y. Fill tables USOBT_C and USOBX_C with the SAP-delivered authorization default values. Set the system profile parameter auth/no_check_in_some_cases to N.

Your developers has created a new custom transaction for your SAP S/4HANA on-premise system and has provided you a list of authorizations needed to execute the new ABAP program. What must you do to ensure that each required authorization is automatically created every time this new custom transaction is added to a PFCG role?. Maintain each authorization in transaction SU24 and set the Default Status to "Yes". Maintain each authorization object in transaction SU24 and set the Default Status to "Yes". Maintain each authorization object in transaction SU22 and set the Default Status to "Yes". Maintain each authorization in transaction SU22 and set the Check Indicator value to "Check".

Which of the following rules does SAP recommend you consider when you define a role-naming convention for an SAP S/4HANA on-premise System?. Role names are system language-dependent. Role names can be no longer than 30 characters. Role names are system language-independent. Role names can be no longer than 20 characters. Role names must NOT start with "SAP".

Where you can find the information on the SAP-delivered default authorization object and value assignments?. USOBT_C. USOBT. SU22. SU24.

After you maintained authorization object S_TABU_DIS and ACTVT field value 02 as authorization defaults for transaction SM30 in your development system, what would be the correct option for transporting only these changes your quality assurance system?. Save your changes to a Workbench transport request and transport using the Transport Management System. Save your changes to a Customizing transport request and transport using the Transport Management System. Save tables USOBT_C and USOBX_C to a transport request and transport using the Transport Management System. Save your changes and use the transport interface in SU25 to transport the changes using the Transport Management System.

Which optional components can be included when transporting a role definition from the development system to the quality assurance system?. Direct user assignments. Generated profiles of dependent roles. Generated profiles of single roles. Personalization data.

Which privilege types are available in SAP HANA Cloud?. System. Object. Application. Package. Analytic.

Under which of the following conditions can you merge authorizations for the same object during role maintenance?. The activation status and the maintenance status of the authorizations must NOT match. The activation status of a manual authorization must match the status of the changed authorizations. The activation status and the maintenance status of the authorizations must match. The maintenance status of the changed authorizations must match the status of a manual authorization.

What are some disadvantages of a Composite role?. Changes to the authorizations can only be made using the included roles. Transactions that are deleted from the Composite Role menu are also removed from the included roles. Changes to the included roles are not immediately visible in the composite role menu, requiring a renewed import. Menus from the included roles cannot be mixed.

For users with system administration authorization, which additional functions are provided by the SAP Easy Access Menu?. Calling programs. Creating users. Creating roles. Calling menus for roles and assigning them to users.

What authorization object can be used to authorize an administrator to create authorizations in roles?. S_USER_AUT. B. S_USER_VAL. S_USER_AGR. S_USER_TCD.

Which code does the authority check return when a user does NOT have any authorizations for the authorization object checked?. 0. 12. 4. 16.

Which of the following is part of the SAP S/4HANA central UI component?. SAP Fiori Launchpad. SAP Fiori Object page. SAP Fiori analytical application. SAP Fiori transactional application.

You are evaluating startable applications. Which of the following can you use to check if there is an application start lock on an application contained in PFCG Role?. Transaction SUIM-Executable Transactions Report. Transaction SM01_DEV. Transaction SM01_CUS. Transaction SUIM - Transactions executable with profile report.

You are building a PFCG role to access an SAP Fiori app on your SAP S/4HANA on-premise system. Why does SAP recommend that you NOT maintain SRV_NAME field value of the S_SERVICE authorization object manually?. Because the TADIR Service name is the same for the front-end server component and the back-end server component. Because the TADIR Service name for the back-end server component was automatically added to the role menu. Because the SRV_NAME hash value for the front-end server component and back-end server component are the same. Because the SRV_NAME hash value for the front-end server component and back-endserver component are different.

When creating a PFCG roles for SAP Fiori access, what is included automatically when adding a catalog to the menu of a back-end PFCG role?. The start authorizations and the authorization default values for each IWSG TADIR service definitions in the catalog. The IWSG TADIR service definitions from the catalog. The start authorizations and the authorization default values for each IWSV TADIR service definitions in the catalog. The IWSV TADIR service definitions from the catalog.

Which of the following are SAP Fiori Launchpad functionalities?. Web Dynpro. Spaces. SAP GUI. User Actions Menu.

How does Rapid activation support customers during the SAP S/4HANA on-premise implementation process?. By helping customers to start exploring SAP Fiori in SAP S/4HANA on premises as quickly as possible. By supporting content activation at the business role level, including SAP Fiori apps and all associated Web Dynpro for ABAP applications. By allowing customers to select individual SAP Fiori apps for their end-to-end business processes. By allowing customers to select and activate SAP Fiori apps one by one, independent of dependencies needed for app-to-app navigation. By reducing the SAP Fiori activation effort during the Explore phase of SAP Activate.

What is the authorization object required to define the start authorization for an SAP Fiori legacy Web Dynpro application?. S_SDSAUTH. S_START. S_TCODE. S_SERVICE.

To connect to data sources that are not all based on Odata, which of the following options does SAP recommend you use?. OData Provisioning service. SAP Process Integration. Cloud connector. SAP Integration Suite.

An authorization based on what object is required for trusted system access to an SAP Fiori back-end server?. S_RFC. S_RFCACL. S_SERVICE. S_START.

In S/4HANA on-premise, which of the following combinations is require to grant a business user access to data from a Core Data Services (CDS) view using the standard ABAP authorization concept and authorization S_RS_AUTH?. *ACDS role with access conditions based on authorization object S_RS_AUTH *A PFCG role containing the CDS role and access conditions based up authorization object S_RS_AUTH *Assignment of the PFCG role to the business user. *ACDS role with access conditions based on authorization object S_RS_AUTH *A PFCG role with authorization for object S_RS_AUTH *Assignment of the PFCG role to the business user. *ACDS role with access conditions based on authorization object S_RS_AUTH *A PFCG role containing the CDS role and access conditions based up authorization object S_RS_AUTH *Assignment of the PFCG role and the CDS role to the business user. *ACDS role with access conditions based on authorization object S_RS_AUTH, *A PFCG role with authorization for object S_RS_AUTH and assignment of the PFCG role *The CDS role to the business user.

When you maintain authorizations for SAPUI5 Fiori apps, which of the following object types is the front-end authorization object type?. TADIR G4BA-SAP Gateway Odata V4 Backend Service Group & Assignments. TADIR IWSV - SAP Gateway Business Suite Enablement-Service. TADIR IWSG - SAP Gateway: Service Groups Metadata. TADIR INA1 InA Service.

Which object type is assigned to activated Odata services in transaction SU24?. IWSV. G4BA. IWSG. HTTP.

Which SAP Fiori deployment options requires the Cloud Connector?. SAP Fiori for SAP S/4HANA standalone front-end server. SAP S/4HANA embedded. SAP Business Technology Platform. SAP S/4HANA Cloud Public Edition.

Which authorization objects can be used to restrict access to SAP Enterprise Search models in the SAP Fiori Launchpad?. S_ESH_ADM. RSDDLTIP. SDDLVIEW. S_ESH_CONN.

Where you can find the SAP Fiori tiles and target mappings according to segregation of duty?. Assigned Pages. Assigned Spaces. Assigned Technical Catalog. Assigned Business Catalog.

If you want to evaluate catalog menu entries and authorization default value of IWSG and IWSV applications, which SUIM reports would you use?. Search Startable Applications in Roles. Roles By Authorization Object. Search Applications in Roles. Roles By Transaction Assignment in Menu.

What are some of the rules for SAP-developed roles in SAP S/4HANA Cloud Public Edition?. Role maintenance reads applications from a catalog. Role maintenance reads applications from role menus. Manual role authorizations are supported in custom catalogs. Authorization defaults define role authorizations. Catalogs are assigned to role menus.

Which user type in SAP S/4HANA Cloud Public edition is used for API access, system integration, and scenarios where automated data exchange is required?. SAP Communication User. SAP Technical User. SAP Administrative User. SAP Support User.

What does SAP recommend you do when you transport a custom leading business role in SAP S/4HANA Cloud Public Edition?. Add all other leading business roles from the same Line of Business as dependencies to the Software Collection. Add all derived business roles as dependencies to the Software Collection. Add the pre-delivered business role that was used as a template to create the custom leading business role to the Software Collection.

Which application in SAP S/4HANA Cloud Public Edition allows you to upload employee information independent of the the customers' HR System?. Maintain Business User app. Identity and Access Management app. Manage Workforce app. Display Technical Users app.

When planning an authorization concept for your SAP S/4HANA Cloud Public Edition implementation, what rules must you consider?. SAP Fiori apps, dashboards, and displays can be assigned directly to a business role. Business catalogs can be assigned directly to a business user. Business roles can be assigned directly to a business user. Business catalogs can be assigned directly to a business role.

In SAP S/4HANA Cloud Public Edition, what does the ID of an SAP-predefined Space refer to?. The business roles it is to be assigned to. The business area it was designed for. The software release it was created for. The SAP Fiori applications it was defined for.

Which access categories are available to maintain restrictions in SAP S/4HANA Cloud Public Edition?. Read (read access). Write, Read (write access). Read, Value Help (read access). Value Help (value help access). Write, Read, Value Help (write access).

In SAP S/4HANA Cloud Public Edition, what can you do with the Display Authorization Trace?. Display business roles granting specific access. Adjust role restrictions to further limit access when performing forensic analysis. Analyze authorization check results for missing authorizations. Adjust role restrictions to account for missing authorizations. Analyze authorization check results for already assigned authorizations.

In SAP S/4HANA Cloud Public Edition, which of the following can you change in a derived business role if the 'Inherit Spaces in Derived Business Roles' checkbox is NOT selected in the leading business role?. Business Catalogs. Business Role Template. Pages. Restrictions.

What is the required to centrally administer a user's master record using Central User Administration?. An RFC destination to the target client. An entry in transaction BD54 for the child system. An ALE distribution model. An RFC destination to the target system. An existing master record in the target client for the user.

Which SU01 user types are NOT enabled for interaction?. System. Communications Data. Dialog. Service.

Which entities share data with Business Partners in the S/4HANA Business User Concept?. Administrator. Employer. Employee. User.

In SAP HANA Cloud, what can you configure in user groups?. Password policy settings. Client connect restrictions. Identity providers. Authorization privileges.

Which archiving objects are relevant for archiving change documents for user master records?. US_PROF. US_USER. US_AUTH. US_PASS.

What is the correct configuration setting in table PRGN_CUST for user assignments when transporting roles within a Central User Administration scenario?. SET_IMP_LOCK_USERS = YES. SET_IMP_LOCK_USERS = NOO. USER_REL_IMPORT = YES. USER_REL_IMPORT = NO.

Which of the following user types are excluded from some general password-related rules, such as password validity or initial password?. Dialog. System. Communication. Service.

Which user types can log on the SAP S/4HANA system in interactive mode?. Dialog User. Service User. System User. Communication User.