GRC AC

You want to use the User Analysis Dashboard to evaluate SoD violations after your most recent batch risk analysis has completed. However, when reviewing the data you realise that the dashboard does not display all of your current users. What do you need to do to correct the problem?. Execute the Action Usage Sync followed by the Role Usage Sync and then re-execute the user level batch risk analysis. Execute the Authorization sync and then re-execute the user level batch risk analysis. Execute the Rep Object sync and then re-execute the user level batch risk analysis. Execute the user level batch risk analysis again and remove any exclude objects.

You are creating a mitigating control. How do you specify on which system and client the control is executed?. Assign one or more reports to the control from the desired system. Assign an approver or monitor from the desired system. Assign a rule set for the desired system. Assign a risk definition to the control for the desired system.

You want to configure an approval workflow to require an approval for updates to a defined function. How do you enable this capability?. Activate the SAP_GRAC_FUNC_APPR MSMP Process ID. Flag the function for approval. Set the 1064 Function Maintenance parameter to YES. Configure the GRAC_FUNCTION_APPROVER agent.

You are updating the configuration of a stage detail during maintenance of your MSMP Workflow configuration. You want to apply the updated configuration to both new and existing requests that are to be processed at the specified stage. Which configuration setting allows you to do this?. Reroute. Display Review Screen. RT Config Change OK. All Roles in Request (re-evaluate).

Which of the following is a prerequisite for scheduling a Role Usage Sync in SAP Access Control?. IdM/IAG Role Import. Action Usage Sync. Authorization Sync. BOM Data Sync.

You are defining a custom document object for a Custom Notification Message in MSMP Workflow. What is the correct Document Class?. General Text. Dialog Text. Alert Description. Modification Text.

Which of the following reviewer options does SoD Review support?. Manager and Role Owner. Manager or Risk Owner. Manager or Role Owner. Manager and Risk Owner.

You are implementing Access Request Management. Which integration scenarios should you assign to the target connector?. PROV. PROV, AUTH. PROV, ROLMG. PROV, ROLMG, SUPMG, AUTH.

The Consolidated Log Report provides data from which of the following?. ABAP debug information. ABAP dumb information. SQL command execution. ABAP trace execution.

You are maintaining an initiator rule in MSMP Workflow. Which of the following must you specify?. Rule Result. Notification Variables. Rule Purpose. Global Process Initiator.

Which of the following represent a valid Rule Kind when configuring MSMP Workflow? Note: There are 2 correct answers to this question. BRFplus. ABAP Class. Notification Variable. Agent.

You want to configure connector settings for a connector used by SAP Access Control. What are the supported connector group types that you can configure? Note: There are 2 correct answers to this question. Application Type. Logical. Cross System. Automated Monitoring.

Which of the following are features of a business role in SAP Access Control? Note: There are 2 correct answers to this question. They represent a job function. They can be viewed in transaction PFCG. They are provisioned on target systems. They contain one or more technical roles.

Which of the following tasks can you complete using the Role Certification process? Note: There are 2 correct answers to this question. Provide audit trail for role review. Periodic review of role content. Periodic review of user segregation of duties. Periodic review of user's role assignments.

Which of the following represent valid Agent Types within MSMP Workflow configuration? Note: There are 2 correct answers to this question. BRFplus rule. PFCG roles. BRFplus flat rule. GRC API Rules.

Which of the following Business Configuration (BC) sets configure a connector group in SAP Access Control? Note: There are 3 correct answers to this question. GRAC_ACCESS_REQUEST_APPL_MAPPING. GRAC_RA_RULESET_PSOFT. GRAC_RA_RULESET_COMMON. GRAC_RA_RULESET_BASIS. GRAC_ROLE_MGMT_LANDSCAPE.

Which of the following represent a valid Rule Kind when configuring MSMP Workflow? Note: There are 2 correct answers to this question. BRF plus. ABAP Class. Notification Variable. Agent.

You want to enable a maintenance workflow approval process for changes to the Access Risk Analysis environment. For which of the following can you enable an approval workflow? Note: There are 2 correct answers to this question. SOD Rule. Function. Mitigating Control. Ruleset.

Risk Terminator provides the capability to execute a user level risk analysis for which of the following tools? Note: There are 2 correct answers to this question. PFCG. SCUA. PA30. SU01.

Which methods can you use to send a firefight session log to a controller? Note: There are 2 correct answers to this question. Support Message. Workflow. Log Display. Email.

SAP Governance, Risk and Compliance solutions are organized along 4 key themes. Which of the following are key themes? Note: There are 3 correct answers to this question. Audit Management. Cybersecurity and Data Protection. Business Integrity Screening. Access Governance. Enterprise Risk and Compliance.

What can you use a custom end-user personalization configuration for? Note: There are 3 correct answers to this question. To assign it to the standard access request. To restrict a user's ability to approve their own requests. To determine fields shown in a workflow item. To determine roles that can be assigned on a request. To assign it to an access request template.

Which of the following are standard delivered SAP Fiori business catalogs for SAP Access Control? Note: There are 2 correct answers to this question. Compliance Owner. Compliance Specialist. Access Control Employee. Risk Manager.

You are defining connector settings for the connector between your SAP Access Control system and your SAP S/4HANA system. Which of the following integration scenarios should you configure? Note: There are 2 correct answers to this question. AM. PROV. S4HANA. SUPMG.

How can you ensure that a coordinator has the opportunity to review UAR request assignments?. Set the Admin review required before sending tasks to reviewers parameter for UAR to YES. Set the Who are the reviewers? parameter for UAR to COORDINATOR. Maintain the GRAC_COORDINATOR agent at the approval stage in MSMP Process ID SAP_GRAC_USER_ACCESS_REVIEW. Schedule the Generate new request for UAR rejected request job.

Where can you use a custom field in SAP Access Control? Note: There are 2 correct answers to this question. On a risk definition. On an access request. On a mitigating control definition. On a role definition.

When is it necessary to define subsequent connectors?. When you plan to configure multiple data sources for user authentication. When you are configuring HR triggers. When a connector needs to trigger another connector. When implementing Business Role Management landscape.

What are condition groups used for in Business Role Management? Note: There are 2 correct answers to this question. Role Methodology. Organizational Value Mapping. Role Owners. Role Naming Convention.

You want to generate an MSMP rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST. Which type of rule can you generate? Note: There are 2 correct answers to this question. Escalation Rule. BRFplus Flat rule. Business Rule. ABAP Class Rule.

You are creating an Initiator rule and want to build a condition using header attributes. Which of the following attributes can you use? Note: There are 2 correct answers to this question. Functional Area. Subprocess. Prerequisite. Company.

Which of the following are Service Level Agreement time frame options? Note: There are 2 correct answers to this question. No Date. Formula. Manually Entered Date. Fixed by Number of Days.

Which of the following reviewer options does User Access Review support?. Manager or Risk Owner. Manager or Role Owner. Manager and Role Owner. Manager and Risk Owner.

Which of the following are required to enable Centralized Emergency Access Management (EAM)? Note: There are 2 correct answers to this question. Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO. Set the Application Type parameter for Emergency Access Management to value ID in SAP Access Control. Set the Enable Decentralized Firefighting parameter for Emergency Access Management to YES. Set the Application Type parameter for Emergency Access Management to value ID in the target system GRC plug-in.

You want to restrict a user by specific organizational levels by creating a derived role. How would you complete this task using Business Role Management?. Assign an organization. Assign an organization value map. Assign a functional area. Assign a business process.

Which of the following jobs are a prerequisite for scheduling a User Access Review (UAR)? Note: There are 3 correct answers to this question. Role Usage Sync. Action Usage Sync. Authorization Sync. User/Role/Profile Sync. Role Comparison.

How can you make sure that a risk analysis is performed when you use access request management? Note: There are 2 correct answers to this question. Configure the MSMP workflow stage to require a risk analysis. Configure the MSMP workflow path to require a risk analysis. Set the Enable Risk Analysis Form on Submission parameter to Yes. Set Enable Offline Risk Analysis parameter to Yes.

Which of the following logs can be collected for an Emergency Access Management session? Note: There are 3 correct answers to this question. GRC Audit Log. Change Log. Audit Log. System Log. Application Log.

You are configuring your MSMP Workflow path and you want to allow an approver to decide which type of provisioning should occur upon approval. Which configuration options provide this capability? Note: There are 2 correct answers to this question. Set system provisioning option for auto-provisioning to manual provisioning. Set stage task setting to Override Assignment Type. Set stage task setting to Allow Manual Provisioning. Set global provisioning option for auto-provisioning to manual provisioning.

Which of the following are functions of the SAP Access Control Solution? Note: There are 3 correct answers to this question. Risk Response. Compliance Certification Sign-Off. Risk Analysis. Privilege Monitoring. Role Provisioning.

Which of the following SAP functionalities can you use to calculate rule results when configuring MSMP Workflow? Note: There are 2 correct answers to this question. ABAP Function Module. BRFplus. Standard SAP Report. Direct Operating System Call.

You are configuring a BRFplus flat rule and defining the attribute values for your Initiator rule conditions. You encounter the LINE_ITEM_KEY field. What value should you select for this field?. ITEMNUM. REQTYPE. PRIORITY. ROLE_NAME.

You have created a BRFplus Initiator Rule. Which of the following must be active in BRFplus for MSMP Workflow to utilize your new rule? Note: There are 2 correct answers to this question. Function. Application. Process ID. Path.

For which of the following objects can you create an access request? Note: There are 3 correct answers to this question. User. Department. Division. Job. Organizational Unit.

Why might you integrate Business Role Management with Business Rules Framework? Note: There are 2 correct answers to this question. Determine role naming convention. Determine role owner. Determine role methodology. Determine role business area.

SAP delivers multiple MSMP Process IDs. You want to implement an MSMP Workflow that targets your SAP S/4HANA system. Which BC set do you need to activate as a prerequisite?. BC Set GRC_MSMP_CONFIGURATION. BC Set GRAC_RA_RULESET_S4HANA_CORE. BC Set GRAC_DT_REQUEST_DISPLAY_SECTIONS. BC Set GRAC_ROLE_MGMT_LANDSCAPE.

Which component delivers SAP Access Control functionality in SAP GRC 12.0?. GRCFND_A. GRCPINW. UIGRAC01. GRCPIERP.

You are maintaining the Mapping for Actions and Connector Groups activity in Customizing. Which of the following events should be mapped to the target development system as default when using Business Role Management? Note: There are 2 correct answers to this question. Role Risk Analysis. Role Generation. Provisioning. Authorization Maintenance.

Which of the following items are mandatory for creating an access request template? Note: There are 2 correct answers to this question. Request description. End user personalisation. Template description. Request type.

You want to use Access Request Management to provision access in a target system. Which of the following actions are required before access can be provisioned using an access request? Note: There are 2 correct answers to this question. Maintain System Provisioning Configuration. Import roe definitions in Business Role Management. Maintain custom end user personalisation settings. Maintain Global Provisioning Configuration.

SAP Access Control delivers multiple applications that can be mapped to BRFplus functions. Which of the following applications can be mapped to a BRFplus function? Note: There are 3 correct answers to this question. Notification Variables. HR Triggers. Request Multiple Rule Set. Service Level Agreements. Initiators.

You are using the End User Login Page link configured in SAP Access Control. What options are provided for you to use? Note: There are 3 correct answers to this question. Create a Simplified Access Request. Review role assignments. Register security questions. submit a template request. specify approver delegation.

You want to create a role in SAP Access Control. Which of the following attributes are mandatory? Note: There are 3 correct answers to this question. Business Process. Naming Convention. Workflow approval path. Role methodology. Project Release.

Which of the following are possible ways to assign emergency access in Emergency Access Management? Note: There are 2 correct answers to this question. Assign a Firefighter role to a firefighter in SAP Access Control. Assign a Firefighter ID to a firefighter owner in SAP Access Control. Assign a Firefighter ID to a firefighter in SAP Access Control. Assign a Firefighter role to a firefighter in a target system.

You want to configure your MSMP Workflow stage definition to ensure that a workflow request that has NOT been processed after a certain period of time can be escalated and approved by another approver. Which of the following options can you use to configure escalation? Note: There are 3 correct answers to this question. Escalate to Specified Agent. Maintain Fallback Receiver. Use Defaults. Skip to Next Stage. Define an Alternate Approver.

Which of the following are prerequisites for implementing Emergency Access Management? Note: There are 2 correct answers to this question. Users and roles that are used for firefighting activities have been created in the target system. The repository object sync must be completed. Users and roles that are used for firefighting activities have been created for the SAP Access Control system. Implementation of a user exit on the SAP Access Control system to prevent direct logon with the Firefighter ID.

You want approver authentication when approving an access request. Which MSMP Workflow stage configuration option can you use?. Reaffirm Approval. Approve by Email. Approve Despite Risk. Confirm Approval.

You want to deploy the End User Login Page for your users. Which of the following actions must you perform for this page to be available? Note: There are 2 correct answers to this question. Set End User Login Page parameter value to ACTIVE in AC Configuration Settings. Maintain default user for application logon. Maintain RFC destination for target system. Activate service for the grac_uibb_end_user_login Web Dynpro.

Which of the following are benefits of the role methodology in Business Role Management? Note: There are 2 correct answers to this question. Is always the same for all roles. Enforce a process flow for role maintenance. Allows for the documentation of the role. Enforce a process flow for role assignment.

Business Role Management provides the functionality to improve the role management process. Which of the following capabilities does it offer? Note: There are 2 correct answers to this question. Identification of duplicate roles. management of role definition transports. enforcement of consistency in naming conventions. replacement of the PFCG role management transaction.

A Firefighter ID can be assigned to a firefighter using which of the following methods?. By maintaining the assignment in the Governance, Risk and Compliance plug-in on SAP Access Control. By assigning access using an access request. By maintaining the assignment in the Governance, Risk and Compliance plug-in on the target system. By assigning a Firefighter Role to the user on the target system.

You are performing an on demand risk analysis at the user level. Which report view can you use to apply a control and remove access?. Business View. Remediation View. Detail View. Technical View.

Which of the provisioning types can be used with Auto-Provisioning? Note: There are 2 correct answers to this question. Global Provisioning. Indirect Provisioning. Direct Provisioning. Manual Provisioning.

You want to configure SAP Access Control to generate alerts to help manage compliance. What are the available alert capabilities that can be configured? Note: There are 3 correct answers to this question. Identify a user who has executed conflicting functions. Identify a user who has executed a critical action and open a support desk message. Identify a user who has executed conflicting functions and open a support desk message. Identify a control monitor who has failed to execute defined reports in a timely fashion. Identify a user who has executed a critical action and generate an email notification.

You wish to synchronize data from transaction SU24 in the SAP S/4HANA production system into SAP Access Control for use in building a rule set. What is the correct synchronization job schedule for completing this task?. Authorization sync. It is not possible to synchronize SU24 data from a production system. Repository Object Sync followed by an Action Usage Sync. Action Usage Sync followed by Role Usage Sync.

You want to create a transportable BRFplus Routing Rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. What must be done in order for your rule to be transportable?. You must assign a package to the Application before you generate the rule. You must assign a package to the Function before you generate the rule. You must assign a package to the Application after you generate the rule. You must assign a package to the Function after you generate the rule.

SAP developed a three phase, six step SoD Risk Management Process for use when implementing Access Risk Analysis. Which of the following steps are a part of this process? Note: There are 3 correct answers to this question. Rule Set Design. Risk Recognition. Mitigation. Role Building and Analysis. Analysis.

Which of the following must be specified when defining a mitigating control? Note: There are 2 correct answers to this question. Report. Mitigation Monitor. Organization. Risk Approver.

You have created a BRFplus Initiator Rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES but the Decision Table did not get created. Where do you go to manually create a Top Expression for your rule?. Application. Business Rule. Function. Data Object.

Which of the following conditions can you use to configure an escape route in MSMP Workflow? Note: There are 2 correct answers to this question. Approver Not Found. No Role Owner. SoD Violation. Auto Provisioning Failure.

You are tasked with configuring SAP Access Control to retrieve user and authentication information. SAP Access Control supports connector configuration for which of the following functions? Note: There are 3 correct answers to this question. User Search Data Source. User Identity Federation. User Identity Management. User Detail Data Source. End User Verification.

Which of the following activities can you do in Emergency Access Management (EAM)? Note: There are 2 correct answers to this question. Maintain EAM master data in the back-end system. Perform tasks outside of the normal responsibilities. Display a log file of performed activities. Log on to the Firefighter ID directly with a password.

Which of the following solutions are installed with SAP GRC 12.0? Note: There are 3 correct answers to this question. SAP Process Control. SAP Global Trade Services. SAP Nota Fiscal Electronica. SAP Access Control. SAP Risk Management.

You want to create an Initiator rule in BRFplus for the standard access request. Which structures provide the attributes that you can use to define your rule? Note: There are 2 correct answers to this question. GRAC_ACCESS_REQUEST_APPL_MAPPING. GRAC_DT_REQUEST_FIELD_LABELS. GRAC_S_REQUEST_RULE_HEADER. GRAC_S_REQUEST_RULE_LINE.

Your compliance team requires that all changes to access rules be tracked. Which of the following change logs do you enable? Note: There are 3 correct answers to this question. Role. Rule Set. Critical Role. Access Rule. Function.

Which of the following rule sets are delivered standard in SAP Access Control 12.0? Note: There are 3 correct answers to this question. GRAC_RA_RULESET_S4HANA_NWBC. GRAC_RA_RULESET_JAVA. GRAC_RA_RULESET_JDE. GRAC_RA_RULESET_S4HANA_ALL. GRAC_RA_RULESET_COMMON.

The GRAC_REPOSITORY_OBJECT_SYNC program is used to synchronize which of the following types of data from your target system? Note: There are 3 correct answers to this question. Profile Data. User Data. Authorization Default Data. Role Data. Repository Data.

Which of the following does Emergency Access Management support?. A Firefighter ID can only be assigned to a single user. A user can only be assigned to a single Firefighter ID. Both role- and ID-based firefighting at the same time. Both centralized and decentralized firefighting at the same time.

Which component plug-in contains SAP Access Control functions for non-HR SAP systems?. GRCPIERP. GRCPINW. UIGRAC01. GRCFND_A.

You want to configure Password Self Service (PSS) to allow your end users to easily reset their password and process changes to their name. Which of the following actions are required before PSS can be used?. Set PSS parameter value to YES in AC Configuration settings. Deactivate password maintenance for target system in transaction SU01. Activate the PSS workflow Process ID. Maintain target system connector setting for PSS.

It is mandatory for a Firefighter ID to be assigned to which of the following?. FF ID controller. FF ID Owner and FF ID Controller. Firefighter. FF ID Owner.

You want to generate a BRFplus Initiator Rule that utilizes an expression of type Decision Table for the SAP_GRAC_ACCESS_REQUEST MSMP Process ID.Which rule types can you use? Note: There are 2 correct answers to this question. BRFplus Rule. BRFplus Flat Rule. Function Module Based Rule. Class Based Rule.