AKChawada

When segregating the duties for user and role maintenance, which of the following should be part of a decentralized treble control strategy for a production system? (3 correct). One authorization data administrator. One user administrator per production system. One authorization profile administrator. One user administrator per application area in the production system. One decentralized role administrator.

What happens to data within SAP Enterprise Threat Detection during the aggregation process? (3 correct). It is prioritized. It is pseudonymized. It is categorized. It is normalized. It is enriched.

Which cybersecurity type does NOT focus on protecting connected devices?. Cloud security. Application Security. Network Security. Lot Security.

What are some security safeguards categories? (3 correct). Physical. Access Control. Organisational. technical. Financial.

Which of the blowing functions within SAP GRC Access Control support access certification and review? (2 correct). Role Reaffirm. SOD Review. User Reaffirm. Role Review.

Which solution analyzes an SAP system's administrative areas to safeguard against potential threats?. SAP EarlyWatch Alert. SAP Security Optimization Services. SAP Enterprise Threat Detection. SAP Code Vulnerability Analyzer.

Which functions in SAP Access Control can be used to approve or reject a user's continued access to specific security roles? (2 correct). User Access Review. Role Certification. SOD Review. Role Reaffirm.

In the administration console of the Cloud Identity Services, which system property types can you add? (2 correct). Standard. Internal. Credential. Default.

In the administration console of the Cloud Identity Services, for which system type can you define both read and write transformations?. Source systems. Target Systems. Proxy System.

What do you configure the Social Media deny providers?. In the SAP BTP Cockpit Account Explorer. In the code editor of the SAP Business Application Studio. In the administration console for SAP Cloud identity Services.

For which of the following can transformation variables be used?. To save data to the output JSON file. To save data permanently. To save data temporarily.

In the administration console of the Cloud Identity Services, which authentication providers are available? (2 correct). Fieldglass. SuccessFactors. Concur. Ariba.

In which order do you define the security-relevant objects in SAP BTP?. A. Role collection B. Role templateC. Role. A. Role template B. RoleC. Role collection. A. Role B. Role templateC. Role collection.

Which of the following services does the Identity Authentication Service provide? (2 correct). Authentication. Single Sign-On. Central User Repository. Policy refinement.

What use cases are available for a Local Identity Directory? (3 correct). Hybrid mode. Merging attributes. S/4HANA use case. Proxy mode. Classic use case.

SAP BTP distinguishes between which of the following users? (2 correct). Business users. Technical users. Platform users. Key users.

Which cryptographic libraries are provided by SAP? (2 correct). Cryptlib. SecLib. SAPCRYPTOLIB. CommonCryptoLib.

Which log types are available in the Administration Console of Cloud Identity Services? (2 correct). Change Logs. Role collections. Performance logs. Usage logs.

Which protocol is the industry standard for provisioning identity and access management in hybrid landscapes?. SCIM. SAML. SSl. OIDC.

What can be assigned directly to a user when using the SAP Launchpad service in SAP BTP?. Launchpad roles. Role collections. Spaces. Catalogs.

Which tool can you use to modify the entities schema content across multiple repositories?. SAP Business Application Studio. SAP BTP Account Explorer. SAP Cloud Identity Services Transformation Editor. SAP Cloud Identity Services Schemas app.

What does SAP Key Management Service (KMS) do to secure cryptographic keys? (3 correct). Store keys. Conceal keys. Rotate keys. Generate keys. Transmit keys.

In the SAP BTP Cockpit, at which level is Trust Configuration available? (2 correct). Global Account. Organization. Subaccount. Directory.

Which levels of security protection are provided by Secure Network Communication (SNC)? (3 correct). Authentication. Integrity. Availability. Privacy. Authorization.

Following an upgrade of your SAP S/4HANA on-premise system to a higher release, you perform a Modification Comparison using SU25. What does this comparison do?. It compares your changes to the SAP defaults in USOBX and USOBT with the new SAP defaults in the current release and allows you to make adjustments. It compares the Role Maintenance data from the current release with the data for the previous release and allows you to adjust any custom default values in tables USOBX and USOBT. It compares the Role Maintenance data from the previous release with the data for the current release and writes any new default values in tables USOBX_C and USOBT_C. It compares your changes to the SAP defaults in USOBX_C and USOBT_C with the new SAP defaults in the current release and allows you to make adjustments.

Which of the following allow you to control the assignment of table authorization groups? (2 correct). PRGN_CUST. V_DDAT_54. V_BRG_54. SSM_CUST.

Which limitations apply to restricted users in SAP HANA Cloud? (3 correct. They can only create objects in their own database schema. They can only connect to the database using HTTP/HTTPS. They only have full SQL access via the SQL console. They cannot connect via ODBC or JDBC. They cannot create objects in the database.

When performing a comparison from the imparting role, what happens to the organizational level field values in the derived role? (2 correct). Data for organizational levels is always transferred when authorization data for the derived role is modified. Data for organizational levels that have already been maintained in the derived role is NOT overwritten. Data for organizational levels is transferred only when authorization data for the derived role is first modified. Data for organizational levels that have already been maintained in the derived role is overwritten.

What authorization object can be used to restrict which users a security administrator is authorized to maintain?. S_USER_GRD. S_USER_AUTO. S_USER_SASO. S_USER_GRP.

In SAP HANA Cloud, who has access to a database object?. The user DBADMIN and the group owner. The user SYSTEM and the creator. The owner and the SAP-owned users. The creator and the schema owner.

What does a status text value of "Old" mean during the maintenance of authorizations for an existing role?. Field values have not been changed. Field values were unchanged and no new authorization was added. Field values were changed as a result of the merge process. The field delivered with content was changed but the old value was retained.

What must you do before you can use transaction PFCG? (2 correct). Fill tables USOBT and USOBX with the SAP-delivered authorization default values. Set the system profile parameter auth/no_check_in_some_cases to Y. Fill tables USOBT_C and USOBX_C with the SAP-delivered authorization default values. Set the system profile parameter auth/no_check_in_some_cases to N.

Your developer has created a new custom transaction for your SAP S/4HANA on-premise system and has provided you a list of the authorizations needed to execute the new ABAP program. What must you do to ensure that each required authorization is automatically created every time this new custom transaction is added to a PFCG role?. Maintain each authorization object in transaction SU24 and set the Default Status to "Yes". Maintain each authorization object in transaction SU22 and set the Default Status to "Yes". Maintain each authorization in transaction SU24 and set the Default Status to "Yes". Maintain each authorization in transaction SU22 and set the Check Indicator value to "Check".

What must you do if you want to enforce an additional authorization check when a user starts an SAP transaction?. Assign authorization object S_START to the chosen transaction code with transaction SU24 and specify the Program ID and Object Type. Assign the authorization object to be checked to the chosen transaction code in the SAP Default authorization data using transaction SU22 and set Check Indicator to "Check". Assign the authorization object to be checked to the chosen transaction code with transaction SU24 and set Default Status to "Yes". Assign the authorization object and permissions to the chosen transaction code using transaction SE93.

Which of the following rules does SAP recommend you consider when you define a role- naming convention for an SAP S/4HANA on-premise system? (3 correct). Role names must NOT start with "SAP". Role names are system language-independent. Role names can be no longer than 20 characters. Role names are system language-dependent. Role names can be no longer than 30 characters.

Where can you find information on the SAP-delivered default authorization object and value assignments? (2 correct). USOBT_C. USOBT. SU22. Su24.

After you maintained authorization object S_TABU_DIS and ACTVT field value 02 as authorization defaults for transaction SM30 in your development system, what would be the correct option for transporting only these changes to your quality assurance system?. Save your changes to a Workbench transport request and transport using the Transport Management System. Save your changes to a Customizing transport request and transport using the Transport Management System. Save tables USOBT_C and USOBX_C to a transport request and transport using the Transport Management System. Save your changes and use the transport interface in SU25 to transport the changes using the Transport Management System.

Which optional components can be included when transporting a role definition from the development system to the quality assurance system? (3 correct). Generated profiles of dependent roles. Indirect user assignments. Personalization data. Generated profiles of single roles. Direct user assignments.

Which privilege types are available in SAP HANA Cloud? (3 correct). Application. Package. System. Analytic. Object.

Under which of the following conditions can you merge authorizations for the same object during role maintenance? (2 correct). The maintenance status of the changed authorizations must match the status of a manual authorization. The activation status and the maintenance status of the authorizations must match. The activation status and the maintenance status of the authorizations must NOT match. The activation status of a manual authorization must match the status of the changed authorizations.

What are some disadvantages of a Composite Role? (2 correct). Changes to the authorizations can only be made using the included roles. Transactions that are deleted from the Composite Role menu are also removed from the included roles. Changes to the included roles are not immediately visible in the composite role menu, requiring a renewed import. Menus from the included roles cannot be mixed.

For users with system administration authorization, which additional functions are provided by the SAP Easy Access menu? (2 correct). Creating users. Calling programs. Creating roles. Calling menus for roles and assigning them to users.

What authorization object can be used to authorize an administrator to create specific authorizations in roles?. S_USER_AUT. S_USER_VAL. S_USER_AGR. S_USER_TCD.

Which code does the authority-check return when a user does NOT have any authorizations for the authorization object checked?. 12. 16. 0. 4.

Which of the following is part of the SAP S/4HANA central UI component?. SAP Fiori launchpad. SAP Fiori object page. SAP Fiori analytical application. SAP Fiori transactional application.

You are evaluating startable applications. Which of the following can you use to check if there is an application start lock on an application contained in a PFCG role? (2 correct). Transaction SUIM-Executable Transactions report. Transaction SM01_DEV. Transaction SM01_CUS. Transaction SUIM - Transactions Executable with Profile report.

You are building a PFCG role for access to an SAP Fiori app on your SAP S/4HANA on- premise system. After you enter the catalog in the role menu, an entry for an OData service is missing and you have to add it manually to the role menu. When you maintain authorization data in the PFCG role, why does SAP recommend that you NOT maintain the SRV_NAME field value of the S_SERVICE authorization object manually?. Because the TADIR Service name is the same for the front-end server component and the back-end server component. Because the TADIR Service name for the back-end server component was automatically added to the role menu. Because the SRV_NAME hash value for the front-end server component and back-end server component are the same. Because the SRV_NAME hash value for the front-end server component and back-end server component are different.

When creating PFCG roles for SAP Fiori access, what is included automatically when adding a catalog to the menu of a back-end PFCG role? (2 correct). The start authorizations and the authorization default values for each IWSG TADIR service definitions in the catalog. The start authorizations and the authorization default values for each IWSV TADIR service definitions in the catalog. The IWSG TADIR service definitions from the catalog. The IWSV TADIR service definitions from the catalog.

When creating PFCG roles for SAP Fiori access, what is included automatically when adding a catalog to the menu of a back-end PFCG role? (2 correct). The start authorizations and the authorization default values for each IWSG TADIR service definitions in the catalog. The start authorizations and the authorization default values for each IWSV TADIR service definitions in the catalog. The IWSG TADIR service definitions from the catalog. The IWSV TADIR service definitions from the catalog.

Which of the following are SAP Fiori Launchpad functionalities? (2 correct). Spaces. SAP GUI. Web Dynpro. User Actions Menu.

How does Rapid Activation support customers during the SAP S/4HANA on-premise implementation process? (3 correct). By helping customers to start exploring SAP Fiori in SAP S/4HANA on premises as quickly as possible. By supporting content activation at the business role level, including SAP Fiori apps and all associated Web Dynpro for ABAP applications. By allowing customers to select individual SAP Fiori apps for their end-to-end business processes. By allowing customers to select and activate SAP Fiori apps one by one, independent of dependencies needed for app-to-app navigation. By reducing the SAP Fiori activation effort during the Explore phase of SAP Activate.

What is the authorization object required to define the start authorization for an SAP Fiori legacy Web Dynpro application?. S_SDSAUTH. S_START. S_TCODE. S_SERVICE.

To connect to data sources that are NOT all based on OData, which of the following options does SAP recommend you use?. SAP Process Integration. SAP Integration Suite. Cloud connector. OData Provisioning service.

An authorization based on what object is required for trusted system access to an SAP Fiori back-end server?. S_RFC. S_RFCACL. S_SERVICE. S_START.

In S/4HANA on-premise, which of the following combinations is required to grant a business user access to data from a Core Data Services (CDS) view using the standard ABAP authorization concept and authorization object S_RS_AUTH?. A CDS role with access conditions based on authorization object S_RS_AUTH, APFCG role with authorization for object S_RS_AUTH and assignment of the PFCG role, The CDS role to the business user. A CDS role with access conditions based on authorization object S_RS_AUTH , APFCG role containing the CDS role and access conditions based up authorization object S_RS_AUTH , Assignment of the PFCG role to the business user. ACDS role with access conditions based on authorization object S_RS_AUTH , A PFCG role with authorization for object S_RS_AUTH , Assignment of the PFCG role to the business user. A CDS role with access conditions based on authorization object S_RS_AUTH , APFCG role containing the CDS role and access conditions based up authorization object S_RS_AUTH , Assignment of the PFCG role and the CDS role to the business user.

When you maintain authorizations for SAPUI5 Fiori apps, which of the following object types is the front-end authorization object type?. TADIR G4BA-SAP Gateway OData V4 Backend Service Group & Assignments. TADIR IWSV - SAP Gateway Business Suite Enablement-Service. TADIR IWSG - SAP Gateway: Service Groups Metadata. TADIR INA1 InA Service.

Which object type is assigned to activated OData services in transaction SU24?. IWSV. G4BA. IWSG. HTTP.

Which SAP Fiori deployment option requires the Cloud connector?. SAP Fiori for SAP S/4HANA standalone front-end server. SAP S/4HANA embedded. SAP Business Technology Platform. SAP S/4HANA Cloud Public Edition.

Which authorization objects can be used to restrict access to SAP Enterprise Search models in the SAP Fiori launchpad? (2 correct). S_ESH_CONN. SDDLVIEW. S_ESH_ADM. RSDDLTIP.

Where can you find SAP Fiori tiles and target mappings according to segregation of duty?. Assigned Pages. Assigned Spaces. Assigned Technical Catalogs. Assigned Business Catalogs.

If you want to evaluate catalog menu entries and authorization default values of IWSG and IWSV applications, which SUIM reports would you use? (2 correct). Search Startable Applications in Roles. Search Applications in Roles. Roles By Transaction Assignment in Menu. Roles By Authorization Object.

What are some of the rules for SAP-developed roles in SAP S/4HANA Cloud Public Edition? (3 correct). Authorization defaults define role authorizations. Role maintenance reads applications from role menus. Role maintenance reads applications from a catalog. Catalogs are assigned to role menus. Manual role authorizations are supported in custom catalogs.

Which user type in SAP S/4HANA Cloud Public Edition is used for API access, system integration, and scenarios where automated data exchange is required?. SAP Communication User. SAP Technical User. SAP Administrative User. SAP Support User.

What does SAP recommend you do when you transport a custom leading business role in SAP S/4HANA Cloud Public Edition?. Add all other leading business roles from the same Line of Business as dependencies to the Software Collection. Add all derived business roles as dependencies to the Software Collection. Add the pre-delivered business role that was used as a template to create the custom. leading business role to the Software Collection.

Which application in SAP S/4HANA Cloud Public Edition allows you to upload employee information independent of the customers' HR system?. Maintain Business User app. Display Technical Users app. Manage Workforce app. Identity and Access Management app.

When planning an authorization concept for your SAP S/4HANA Cloud Public Edition implementation, what rules must you consider? (2 correct). SAP Fiori apps, dashboards, and displays can be assigned directly to a business role. Business catalogs can be assigned directly to a business user. Business roles can be assigned directly to a business user. Business catalogs can be assigned directly to a business role.

In SAP S/4HANA Cloud Public Edition, what does the ID of an SAP-predefined Space refer to?. The business roles it is to be assigned to. The business area it was designed for. The software release it was created for. The SAP Fiori applications it was defined for.

Which access categories are available to maintain restrictions in SAP S/4HANA Cloud Public Edition? (3 correct). Read (read access). Write, Read (write access). Read, Value Help (read access). Value Help (value help access). Write, Read, Value Help (write access).

In SAP S/4HANA Cloud Public Edition, what can you do with the Display Authorization Trace? (3 correct). Display business roles granting specific access. Adjust role restrictions to further limit access when performing forensic analysis. Analyze authorization check results for missing authorizations. Adjust role restrictions to account for missing authorizations. Analyze authorization check results for already assigned authorizations.

In SAP S/4HANA Cloud Public Edition, which of the following can you change in a derived business role if the "Inherit Spaces in Derived Business Roles" checkbox is NOT selected in the leading business role?. Business Catalogs. Business Role Template. Pages. Restrictions.

Which user types can log on to the SAP S/4HANA system in interactive mode? (2 correct). Dialog User. Service User. System User. Communication User.

In SAP HANA Cloud, what can you configure in user groups? (2 correct). Password policy settings. Client connect restrictions. Identity providers. Authorization privileges.

Which archiving objects are relevant for archiving change documents for user master records? (2 correct). US_PROF. US_USER. US_AUTH. US_PASS.

What is the correct configuration setting in table PRGN_CUST for user assignments when transporting roles within a Central User Administration scenario?. SET_IMP_LOCK_USERS = YES. SET_IMP_LOCK_USERS = NOO. USER_REL_IMPORT = YES. USER_REL_IMPORT = NO.

Which of the following user types are excluded from some general password-related rules, such as password validity or initial password? (2 correct). Dialog. System. Communication. Service.

What is required to centrally administer a user's master record using Central User Administration? (3 correct). An RFC destination to the target system. An RFC destination to the target client. An existing master record in the target client for the user. An ALE distribution model. An entry in transaction BD54 for the child system.

Which SU01 user types are NOT enabled for interaction? (2 correct). Service. System. Dialog. Communications Data.

Which entities share data with Business Partners in the S/4HANA Business User Concept? (2 correct). Employer. Administrator. User. Employee.

Which solution is NOT used to identify security recommendations for the SAP Security Baseline?. SAP Code Vulnerability Analyzer. SAP EarlyWatch Alert. SAP Security Optimization Service. SAP Security Notes.