GRC AC 12

Which of the following roles delivered by SAP can you use to grant access to Emergency Access Management? Please choose the correct answer. SAP_GRAC_END_USER. SAP_GRAC_SUPER_USER_MGMT_USER. SAP_GRAC_SPM_FFID. SAP_GRAC_RULE_SETUP.

Which periodic review process allows a role owner to remove roles from the users? Please choose the correct. UAR Review. SoD Review. Firefighter Log Review. Role Certification Review.

Which transaction do you use to synchronize transactions and their descriptions in the Access Control repository? Please choose the correct answer. Role Usage Synchronization (GRAC_ROLE_USAGE_SYNC). Profile Synchronization (GRAC_PROFILE_SYNC). Repository Object Synchronization (GRAC_REP_OBJ_SYNC). Authorizations Synchronization (GRAC_AUTH_SYNC).

What is the difference between an SoD risk and a critical action risk? Please choose the correct answer. An SoD risk is comprised of two or more conflicting functions, while a critical action risk is comprised of one function. An SoD risk is comprised of one function, while a critical action risk is comprised of two or more actions that conflict within a function. An SoD risk is comprised of two or more conflicting permissions, while a critical action risk is comprised of two or more permissions that conflict within a function. An SoD risk is comprised of actions in one function, while a critical action risk is comprised of two or more conflicting functions.

Which risk analysis reports must be executed in the background? There are 2 correct answers to this question. Role level simulation with "Include Users" as an additional criterion. User level risk analysis with "Show All Objects" as an additional criterion. Offline risk analysis. Role level risk analysis with "Show All Objects" as an additional criterion.

Which workflow-related MSMP rule kinds can you create in BRFplus? There are 3 correct answers to this question. Notification variables rule. Detour rule. Process rule. Routing rule. Agent rule.

What is a purpose of the Access Rule Maintenance work set? Please choose the correct answer. To set up specific access risk rules to reflect company policies. To delete a table structure from the rule set. To maintain the rule set so that you can combine rules to build risks. To tie actions to risks so that you can combine them to build functions.

You have created a custom role methodology for your firefight-related security roles. However, when you create a specific firefight-related security role, the expected methodology is not applied. What could be the reason? Please choose the correct answer. The BRFplus decision table does not contain the appropriate condition. The role methodology is not assigned to an organizational value map. The condition group is not assigned to a role prerequisite. The Direct Value Input method was used for the condition column.

When is a BRFplus Routing rule triggered? Please choose the correct answer. During workflow processing. During BRFplus decision table activation. During workflow configuration. During BRFplus rule configuration.

You have created a connector to use Access Control for access request management. What does SAP recommend regarding the assignment of integration scenarios to this connector? Please choose the correct answer. Assign the Provisioning (PROV) integration scenario to the connector. Assign all four Access Control integration scenarios to the connector. Assign the Role Management (ROLMG) integration scenario to the connector. Assign the Authorization Management (AUTH) integration scenario to the connector.

For which IMG object can you activate the password self-service (PSS) in Access Control? Please choose the correct answer. Logical system. Connector. Cross system. Condition group.

How do you enable manual provisioning in Access Control? Please choose the correct answer. Maintain the relevant global settings. Maintain the relevant plug-in settings. Maintain the end-user personalization form. Maintain the "Override Assign Type" MSMP task setting.

Which of the following objects can you use as an agent type to define approvers assigned to a workflow stage in MSMP workflow? There are 3 correct answers to this question. PFCG User Groups. GRC BAPI Rules. User Group for Authorization Check. Directly Mapped Users. PFCG Roles.

You have created a new end-user personalization (EUP) form. Where can you make use of this EUP form? There are 2 correct answers to this question. In an organizational assignment request. In a stage configuration of a workflow. In a template-based request. In a model user request.

Your customer wants to eliminate false positives from their risk analysis results. How must you configure Access Control to include organizational value checks when performing a risk analysis? There are 2 correct answers to this question. Configure organization rules for each relevant function. Update the functions that contain each relevant action by activating the fields for the required permissions. Configure organization rules for each relevant risk. Configure organization level system parameters to incorporate all organization levels for each relevant risk. Update the functions that contain each relevant action by activating the fields for the required permissions and maintaining a value for each specific organization.

You want request details to be sent to specific users automatically using a custom notification. What do you have to do to enable this? There are 2 correct answers to this question. Define a notification message using the required variables. Define a stage in MSMP workflow. Enable e-mail reminders for the required users. Assign a document object to a message class.

What are the advantages of Mass Mitigation? There are 2 correct answers to this question. Eliminates the need for system-level mitigation. Improves efficiency of the mitigation process. Improves mitigation quality control. Integrates directly with transactions SU01, SU10 and PFCG.

Which access control owners are relevant when defining a mitigating control? There are 2 correct answers to this question. Role Owner. Mitigation Approver. Mitigation Monitor. Point of Contact.

You have completed development of your custom MSMP Workflow configuration. How do you ensure that requests submitted in Access Request Management will be approved or rejected using your custom workflow configuration? Please choose the correct answer. Maintain global process initiator mapping. Notify the project team and all end users of the change. Maintain custom initiator rule and rule results. Simulate your new custom configuration.

Your company requires that you CANNOT have more than one access request that is In Process for the same User ID. Where can you enable this restriction? Please choose the correct answer. Connector Group Field Mapping settings. Global Provisioning settings. Parameter Configuration settings. End User Personalization settings.

Which of the following activities occur during a role certification? There are 2 correct answers to this question. Periodic review of the role assignment based on the certification period. Workflow items are created based on the certification period. Periodic review of the role content based on the certification period. E-mail notifications are created based on the certification period.

Which of the following assignments can be listed in the Access Control Owners table? There are 2 correct answers to this question. Firefighter role controller. Firefighter ID owner. Firefighter ID. Firefighter user ID.

When is a BRFplus Routing rule triggered? Please choose the correct answer. During workflow processing. During BRFplus decision table activation. During workflow configuration. During BRFplus rule configuration.