Profile parameter:
Number of incorrect logon attempts allowed with a user master record before the logon
procedure is terminated login/fails_to_session_end login/min_password_lng Login/fails_to_user_lock login/failed_user_auto_unlock login/password_expiration_time.
The security policies are created by the security team in isolation from the business team.
Determine whether this statement is true or false. True False.
What are the 2 types of roles implementation strategy? Menu roles Authorization roles Item roles.
What is the transaction of the ICM monitor? SMICM SHDFK SIFIDH.
Which authorization object enforces administering the spool system (Admin)?
Values SP01, SP0R, SPAA, SPAB, SPAC, SPAD, SPAM, SPAR, SPTD, SPTR S_ADMI_FCD S_SPO_PAGE.
Which authorization object is checked when a user invokes a RFC? RSRFCCHK object S_RFC.
The reports of the user information system start with? RSUSR + # ESUSE + #.
Which authorization object is needed to execute external commands? Sapxpg S_RZL_ADM S_LOG_COM.
Authorization that defines the authorization object name and the authorization name for which
an administrator has authorization and the activities that are allowed ? S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_AGR S_USER_TCD.
The Audit Information System is intended for external audits only. True False.
Which transaction allows you to view the assignments of the events to audit classes and
security levels with the system log message maintenance? SE92 SE93 SE91 SE94.
What is the default password of the user SAP*? SAP* PASS 06071992.
What are the 5 steps of the authorization concept conception? Preparation: Analysis and Conception Implementation Quality assurance and Tests Cutover Authorization profile.
What is the transaction for client copy between systems? SCC9 SCC8 SCC7 SCC6.
How to ensure that the indirectly called transaction with the ABAP statement
CALL_TRANSACTION is subject to an authorization check? SE97 TCDCOUPLES SE96 SE95.
Transaction code to maintain profile parameters? RZ11 USOBX_C USOBT_C USOBX.
What is the transaction for the User Information system? SDFM ADIM SUIM SUPM.
What are the 3 main components of a SAP role? Role Menu Authorization User Access Control.
What are the 3 different fields of the S_LOG_COM authorization object? Command Opsystem Host COMP.
Which transaction displays the table change log? SCU3 SCU2 SCU1.
What are the 3 constraints of the logon ticket? same DNS user Id identical in all systems user must accept session cookies Same DHF,Id passcode contents passcode.
Which authorization object enforce actions you can take with spool requests (Admin) and
enforce access to a spool request that does not belong to you? S_SAO_ACT S_SPO_ACT.
CUA: In which transaction is the technical definition of the RFC connection maintained? SM59 SM58 SM57 SM56.
Only the complete user master and not individual users canbe copied? TRUE FALSE.
Which authorization object defines which table contents may be maintained by which
employees? S_TABU_DIS The authorization object S_TABU_DIS controls only complete accesses, which are made
using standard table maintenance S_TAEAU_DPS.
What is the transaction for local client copy? SCCL SFGH CDDF SCEL.
509 client certificates: which table is responsible for the user mapping? USREXTID UDBNVVD UFSKSDHD.
At which level is it possible to enforce the changes? System client viable.
The SAP also has a CA that issues digital certificates to customers. How is the digital certificate
issued by the SAP Trust Center Services called? the SAP Passport Digital signature.
Profile parameter:
Number of incorrect logon attempts allowed with a user master record before the user master
record is locked. The lock is removed at midnight. login/fails_to_session_end login/min_password_lng Login/fails_to_user_lock login/failed_user_auto_unlock login/password_expiration_time.
Which authorization object protects the standard list download? S_GUI S_DFG S_GUT.
Which SAP Product is used for DIAG/RFC Proxy? SAP Create SAP router.
You have successfully finished an SAP S/4HANA backend, SAP Fiori front-end and Web-
dispatcher configuration.
In the SAP Fiori Launchpad the search for a G/L account fails, but regular app search works
fine.
What could be the cause of the problem? Missing authorization on the front-end side The search connectors are NOT activated The SAP Web Dispatcher is down Missing authorization on the back-end side.
Derived roles: 2 ways to perform the comparison between the roles? Comparison from the imparting role ("Generate Derived role" button Comparison from the derived role ("Transfer Data" button) Comparison from the derived role ("Transfer blow").
3 enterprise portal authentication mechanisms: User Id/Password (Form based iView) X. 509 digital certificate Third party authentication (Windows) Use external authentication (snc/extid_login_diag).
Which table defines which authorization checks are to be performed with a transaction and
which not? RZ11 USOBX_C USOBT_C USOBX.
Which profile parameters specifies the number of seconds until an inactive user is automatically
logged out? rdisp/gui_auto_logout rdisp/gui.
What are the 2 different worlds for SSO? SAP GUI for Windows SNC Web SSL SAP RTD for Windows SFG.
4 SNC profile parameters? Activate SNC (snc/enable) Set level of protection (snc/data_protection/max) Accept RFC and DIAG connection that are not protected with SNC
(snc/accept_insecure_gui) Use external authentication (snc/extid_login_diag) Portal Content Directory (content role assignment).
Which transaction should be used when access to a table and why? SM28 SM29 SM30 SM31.
How to display the results of the security audit log (transaction)? SE20 SE21 SE22 SE23.
Which of the following are logs that exist in an SAP system? (More than one answer is correct). Webflowlogs Application logs Change documents logs User and authorization change logs None of the above.
What program allows you to assign an authorization group to all executable programs or to
individual programs or program group?
RSCSAUTH RDFFGSAH REDVDDFF.
What are the 2 status texts about authorizations after a comparison? Old New Previous.
The client change option does not override the system change option (t/f)? True False.
What is the goal of SNC in an ITS environment? Authentication between the components Authentication between the components Privacy protection Using groups at the creation dolmen level.
What is the meaning of the traffic lights Icons for The authorization maintenance? Green Yellow Red Blue.
Which is the only user in the SAP system for which no user master record is required (since it is
defined in the code)?
SAP* PASS 06071992.
What is the measure for each source of risk? Organizational Measures Technical Measures Environmental measures Access Control System Access Control.
4 types of security audit log filters? User Audit Classes Client Security Level Unsecurity.
SAP systems maintain their audit logs on a daily basis. The system does not delete or overwrite
audit files from previous days; it keeps them until you manually delete them. Which transaction
is used in order to archive or delete the audit files?
SM15 SM16 SM17 SM18.
Which authorization object is provided to create and maintain users and assignments in a
decentralized fashion with user groups?
S_USER_GRP S_CHANGE_GRP S_CHATLOG_GRP S_PROFESSION_GRP.
Which authorization object control the authorization to execute a program S_PROGRAM C_PROGRAM F_PROGRAM H_PROGRAM.
What are the 3 major components of the Role maintenance tool (PFCG)? menu authorizations users profile.
Which authorization object is needed to maintain external commands? gw/sec_info Sapxpg S_RZL_ADM.
What are the return codes after the authorization check with the ABAP object authoritycheck? The user has the authorization for the object and the fields value The user has the authorization for the object, but not for filed value The user has no authorization No profile is entered in the user master record Check if an authorization object is assigned to the transaction code.
What is the SAP standard role for spool administration? S_SPO_PAGE SAP_BC_SPOOL_ADMIN.
What is the safeguard of Eavesdropping Safeguard Encryption.
What activities can be assigned to the authorization object S_PROGRAMM? Starting a program (SUBMIT) Scheduling a program as a background job (BTCSUBMIT) Variant maintenance (VARIANT) Variant maintenance (SDFGHJT).
Can a role have several profile generated? True False.
What is the default password of the special user Early Watch? SUPPORT Maintain.
Which special user is responsible for maintaining the ABAP Dictionary and the software logistics
in the client 000?
DDIC Early Watch SUPPORT S_TCODE.
How do you protect access to the ITS service and template files? Using groups at the operating system level Using groups at the creation dolmen level.
What are the 3 main sources of risks? Persons Technology Environment Implementation & support.
Authorization Profile that defines the profile names for which an administrator has authorization
and the activities that are allowed?
S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_AGR S_USER_TCD.
What are the authorizations needed to create and maintain an external command? SM69 SM70 SM71 SM72.
Which SAP standard roles gives access required to administer background jobs SAP_BA_BATCH_ADMIN PANEL SAP_BC_BATCH_ADMIN.
Which authorization object ensure that the decentralized admin only add authorized t-codes to
roles?
S_USER_AGR S_USER_TCD S_USER_VAL.
What are the 2 possibilities to establish a trust when using the SAPCRYPTOLIB? Either use a single PSE for all communication partner Exchange public-key certificates Using groups at the creation dolmen level.
What are the 4 types of RFC connections? Synchronous RFC Asynchronous RFC Dsshsdbcvdsa RFC.
Which authorization object helps you to enforce the role naming convention in restricting the
allowed roles names?
S_USER_AGR S_USER_TCD S_USER_VAL.
Which authorithation object determines what table someone can look at with the transactions
SE16, SE16N, or SE17; SM30 or SM31; and SE12
S_TABU_DIS S_TEDU_FID S_TRAS_DIC.
Which are the 2 ways to control the choice of user passwords? System profile parameters Invalid passwords Valid passwords.
Which profile parameters define the location of the secinfo file? gw/sec_info Sapxpg S_RZL_ADM.
What are the 3 authorization objects required to create and maintain user master records? S_USER_GRP S_USER_PRO S_USER_AUT S_CHANGE_PRO.
What are the 3 trust manager profile parameters? sec/libsapsecu, specify the location of the SAPCRYPTOLIB ssf/ssfapi_lib, specify the location of the SAPCRYPTOLIB ssf/name must be set to SAPSECULIB Using groups at the creation dolmen level.
Which transaction allows you to approve a transport request? STMS SYAS AJSA.
What are the 2 main options to create and save audit filters? Create and save filters permanently in the database Change filters dynamically Create and save filter temporary in the database.
Which field has the authorization object S_TABU_CLI? CLIIDMAINT MAINTAIN.
Which are the 2 ways in which we can determine the required authorization, if we can not find documentation? authorization error analysis SU53 ST01 SF34.
What are the 3 standards approval steps and their authorization object, value and default value? By request owner By user department By system administrator By user administrator.
What is the SAP standard composite menu and authorization Role which contains every role in the AIS?
SAP_AUDITOR SAP_CA_AUDITOR SAP_CF_AUTITOR SAP_SEC_AUDITOR.
What are the 2 required steps necessary for operating the profile generator? Profile parameter auth/no_check_in_some_cases has the value Y The default tables USOBX_C and USOBT_C are filled The default tables UQWFX_C and UKDBT_C are filled.
When you connect the Diagnostics Agent to your Solution Manager system, which of the
following Outside
Discovery jobs are triggered?
Note: There are 3 correct answers to this question. Log File Discovery IIS Discovery Database Discovery Network Discovery Host Discovery.
What are the different types of Organization plans objects? Organizational Unit Position Job Task Work.
What are the 2 ways to assign roles to users for a limited period of time with a user comparison?
As a background job: report pfcg_time_dependency With the transaction PFUD (User master record reconciliation) With the transaction PEAD (User master record reconciliation).
Which protocol is used between SAP Servers? RFC, Remote function call The ITS, Internet Transaction Server The SAP Web-GUI.
PFCG, which are the activities to create a role? Define role name Determine activities Design user menus Maintain authorization data Maintain master data.
How can you deactivate the special properties of SAP*? set the system profile parameter login/no_automatic_user_sapstar to a value greater than zero set the new profile parameter.
What is the transaction to maintain and activate the security audit log? SM19 SM20 SM22 SM21 SM23.
3 types of security policy General Security policy. IT Security policy Configuration documentation Change Policy.
In a dual host installation, where do you use firewalls? Firewall in front of the Web server to deny access using undesired protocols Firewall between the Web server and the AGate to restrict access even more Using groups at the operating system level.
To which object type are person assigned to in the organizational plan? Position Post Cost.
Derived roles: Can the inherited roles be changed? True False.
Which 2 tables control the behavior of the Profile Generator after the transaction has been selected? RZ11 USOBX_C USOBT_C USOBX.
Which ABAP object used to check the authorization object assigned to the transaction? TSTCA Authoritycheck S_USER_GRP S_USER_AUTH S_USER_PRO.
Which protocol is used between the SAP GUI and the Server? DEDG Protocol DIAG Protocol.
Transaction to define child and central system in the CUA SALE PURCHASE.
Which SAP product transforms the traditional SAP applications to Web-based transactions, so
that they are accessible using Internet technology?
RFC, Remote function call The ITS, Internet Transaction Server The SAP Web-GUI.
What are the 4 check indicators? CM = Check/Maintain C = Check N = No Check U = Unmaintained C= Uuregistered.
Are transactions called indirectly with the ABAP statement CALL_TRANSACTION checked? True False.
Which safeguards answers to the threat of Tampering (denial, message alteration)? the SAP Passport Digital signature.
What is the transaction to display an overview of the modifications and enhancement found in
the system that you can search by Last transport request or Request/Task?
SE95 SE96 SE97 SE99.
In which transaction can you release the change request to transport? SE09 SE10 SE08.
Which SAP Standard role allow you to set-up the AIS? SAP_AUDITOR_ADMIN SAP_EDITOR_ADMIN.
What are the 3 user authentication mechanisms? User Id and passwords X.509 client certificates Pluggable Authentication Services PAS External mechanisms Y.508 client certification.
Which transaction lists each RFC destination and the user involved? RSRFCCHK object S_RFC.
Which authorization objects protect the file access? C_DATASET S_DATASET P_DATASET.
Which transaction allows you to see if the TMS Quality Assurance approval procedure has been
set up?
STMS SAMS SRMS.
Which of the authorization objects protect transaction code execution? S_TCODE P_TCODE Q_TCODE X_TCODE.
Which transactions allow you to view the transport system log? SE10 SE09 SE11.
What is the important property of catalog roles in SAP HANA? Catalog roles are transportable Privilege revocation is transitive SYS_REPO needs to be granted privileges on data Version management in place.
Profile parameter: If the parameter is set to 1 (default), user locks caused by incorrect logons
during previous days are not taken into consideration. If the value is set to 0, the lock is not removed
login/fails_to_session_end login/min_password_lng Login/fails_to_user_lock login/failed_user_auto_unlock login/password_expiration_time.
What are the 2 profile parameters used to configure sso with sap logon tickets? Login/create_sso2_ticket Login/accept_sso2_ticket Login/accept_sso3_ticket.
What are the 2 main components of the AIS reporting tree? System auditing functions Business auditing functions Reporting auditing functions.
How entries in the Table USR40 (Invalid passwords) can be made generically? ? denotes a single character * denotes a character string ? denotes double character.
4 activities of the ICF with transaction SICF (Maintain services) SE80 SE79 SE78 SE77.
What 4 information contains the sap logon ticket? User Id, User passcode Validity period, Issuing System ID Issuing system's digital signature.
What are the main components of the authorization concept? Authorization object class Authorization object Authorization field Authorization Authorization profile Consultant.
What contains the Personal Security Environment (PSE) Public key Private key Server`s public-key certificate Certificates of trusted CAs (certificate list).
How should be the naming convention for new developments? Authorization and authorization profiles Authorization classes, object, fields Analysis and Conception Quality assurance and Tests.
3 kinds of alternatives technologies for the load balancing Hardware load balancer Software load balancer Web switchd.
What is the default Communication RFC user set up for the transport management? TMSADM TRSDASM TGRDHSJ.
Profile parameter: If this parameter is set to value
1, the system blocks multiple SAP dialog logons (in the same client and with the same username)
login/fails_to_session_end login/disable_multi_gui_login login/min_password_lng Login/fails_to_user_lock.
The activity "Send User Name and Password" is the first step during the password
authentication procedure in SAP NetWeaver ABAP based systems; whereas the activity
"Authenticate" is the last.
What is the correct sequence of the activities between these two steps? Check Code Conversion
Calculate hash function (pwd) in Application Server
Compare hash stored in USR02 Calculate hash function (pwd) in Application Server
Check Code Conversion
Compare hash stored in USR02 Calculate hash function (pwd) in Application Server
Compare hash stored in USR02
Check Code Conversion Compare hash stored in USR02 Check Code Conversion
Calculate hash function (pwd) in Application Server.
Which transaction allows you to maintain the profile parameters? RZ11 RZ12 RZ13.
Is it possible to add composite roles to composite roles? True False.
For what is the Audit Information System (AIS) a checking tool? External auditing Internal auditing System checks Data protection Ultra data prodection.
ITS, scalability and load balancing, what are the 6 possible landscape? Single Wgates connects to multiple Agates Separate WGates connects to single Agate Multiple WGates connects to multiple Agates ITS connects to single Application server Using groups at the creation dolmen level Multiple ITS instances connect to single systems ITS connects to message server (Load balancing).
Which authorization object restricts a user's access rights to specific parts of a table? S_TABU_LIN TDDAT S_TABU_CLI Early Watch.
What are the 4 status texts about authorizations maintenance? Standard Maintained Changed Manual Double.
What are the 2 checks executed after a transaction start to ensure that the user has the appropriate authorization? Check if the user is authorized to start the Transaction Check if an authorization object is assigned to the transaction cod Check if the user is unauthorized to start the Transaction Check if an un-authorization object is assigned to the transaction code.
Which profile parameter can you use in order to specify the use of S_RFC? Name of RFC to be protected Activity auth/rfc_authority_check.
What is the table for the SNC System access control list SNCSYSACL SNFDJDEVM SDFJDLSMD.
What are the 3 fields of the authorization object S_RFC? Type of RFC object to be protected Name of RFC to be protected Activity Deactivity.
Profile parameter: The value 0 means that the user is not forced to change the password.
A value > 0 specifies the number of days after which the user must change the logon password
login/fails_to_session_end login/min_password_lng Login/fails_to_user_lock login/failed_user_auto_unlock login/password_expiration_time.
6 types of information that can be recorded with the security audit log? Dialog log-on attempts RFC log-on attemps Transaction starts Modification.
What are the 3 steps to install the PAS? Install SAP package ntauth.sar Set the Service file parameters Maintain user mapping. Maintain table USREXTID Report (RSUSREXTID) user must accept session cookies.
Composite role:
What are the 2 possibilities if the composite role has been modified and you click on the refresh button? Re import Merge Reduction Extension.
What is the transaction to maintain the SNC PSE? Use the trust manager S_Trust Use the trust manager A_Trust Use the trust manager D_Trust.
What is the audit log's main objective? Security-related changes Higher level of transparency Enables the reconstruction of a series of events Slower level of transparency.
SSL encryption with WAS. 4 info to specify with the help of profile parameters? Specify Plug-in Specify Server Port Specify whether to use client certificate Software load balancer Specify location of sap cryptolab.
Which special user is delivered in the client 066? DDIC Early Watch SUPPORT S_TCODE.
Which authorizations object do you use to grant access to all ABAP Workbench components S_DEVELOP C_DEVELOP F_DEVELOP.
Which transaction will be used to choose the granularity of log category to Multi Step Multi
Process (MSMP) ID while debugging issues with the MSMP workflow?
GRFNMW_ADMIN GRFNMW_CONFIGURE_WD GRFNMW_DEBUG_MSG GRFNMW_DEBUG.
What is the field of the authorization object S_TABU_CLI Filament CLIIDMAINT.
What are the authorization object and their fields that allow you to work with transport? CUST DTRA TASK DARK.
Authorization that defines the roles names for which an administrator is authorized and the
activities that are allowed?
S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_AGR S_USER_TCD.
What are the transactions code for creating, editing and display the organizational plan? Create Change Display Uncreate.
What is the principle of Treble control? Sharing the administrative tasks (user admin and authorization admin, role maintenance, profile generation) amongst three administrators is called the principle of treble control authorization admin, role maintenance, profile don't generation).
Which kind of attack makes the server unavailable?
There are several ways to do this, such as snap the network cable, physically destroy the
server, or unplug it from the network.
A denial of data A denial of service.
Profile parameter: minimum length of the logon password login/fails_to_session_end login/min_password_lng Login/fails_to_user_lock login/failed_user_auto_unlock login/password_expiration_time.
In which table is the assignment between the groups and the ABAP dictionary objects (tables)? TDDAT S_TABU_CLI Early Watch SUPPORT.
What is the transaction to access the CCMS alert monitor RZ20 RZ21 RZ22 RZ23.
Which authorization object gives access to many administration functions? S_AGFI_FCD S_AFGI_FCD S_ADMI_FCD.
What are the 2 options and the properties of a stateful user session? Session ID (Either in web browser cookie or into the user´s URL) -> SSL doesn´t work IP Address of client -> SSL Ok (but an issue with proxy) IP Address of client ->SAL Ok (but an issue with proxy).
Which authorization object grants authorization to maintain crossclient tables with the standard
table maintenance transaction?
TDDAT S_TABU_CLI Early Watch SUPPORT.
Mandatory fields needed to create user masterdata. On the Address tab page: Last name field On the logon data tab page: Initial password To administer user master records centrally To create authorization profiles centrally.
Which user group should be assigned to the users SAP*, DDIC, EARLYWATCH?
user group Support user group SUPER.
What are the transactions to create and monitor background jobs? SM36 SM37 SM38.
Profile parameter: list containing the users who may log onto the system more than once is
stored login/fails_to_session_end login/multi_login_users login/min_password_lng Login/fails_to_user_lock.
Which authorization object define which printers you can print to? S_SPO_DEV S_SVR_DEV.
How is the system called to set up a trusted relationship and allow user logging based on this
trusted relationship for transport?
TGD Trusted Services TMS Trusted Services TJF Trusted Services.
What are the fields of the authorization object S_DEVELOP DEVCLASS OBJTYPE (PROG) OBJNAME P_GROUP ACTV C_Group.
Which transaction show which authorizations are currently in the user buffer? SU56 SU45 SU34 SU76.
The following tools are available for conducting thorough system security audits. Role maintenance tool System audit log CCMS security alert System trace tools Users and Authorizations information systems All of the above.
Does the user assigned to a position then inherits all authorization profiles of these roles? YES NO.
Which of the following are benefits of creating a custom t-code to link SE16 to a specific table? You no longer need to grant access to transaction code SE16 With your custom transaction code, you can look at any table With your custom transaction code, you can look only at the table specified in the transaction
code
Custom transaction codes can be easily created, without requiring any programming.
What is the transaction to view the change document for an object SCDO SFED SCGH SCVF.
Which kind of servers translates the logical name into the physical name, the domain name into
the IP address?
DNS DES DJF.
Derived roles: is the user assignment inherited? True False.
7 activities of the ICM monitor? Start and Stop the ICM Set trace level, view logs View profile parameters settings View statistics View memory pipe informationView active services Monitor service cache Start Memory in icm.
What are the 5 steps of the ASAP Methodology? Project preparation Business blueprint Implementation Final preparation Go live and support Analysis and Conception.
How to maintain the configuration of the logon tickets? SSO1 SSO2 STRUSTSSO3 STRUSTSSO2.
What are the 4 supported check indicators for transactions? No check Unmaintained Check Check/Maintain.
In which 4 cases Secure Store and Forward (SSF) provides security for SAP data and documents? Data leaves the SAP system Data is stored on insecure media Data is transmitted over insecure networks Data security is associated with persons and individuals Data book is associated with persons.
Which table maps the Authorization Group to a list of tables? TDDAT TPPDE RTYRA.
What are the 2 fields of the authorization object S_TABU_DIS DICBERCLS ACTVT Odet fee.
What are the 4 activities required for an upgrade of The Profile Generator? Migrate the report tree Check the Profile Generation activation Upgrade the roles and default tables (su25) Conversion of manually created profiles to roles if necessary (su25).
Which authorization object checks the objects of an area menu, since a transaction code is
assigned to each executables menu entry?
DDIC Early Watch SUPPORT S_TCODE.
Authorization object that defines the user groups for which an administrator has authorization
and the activities that are allowed?
S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_AGR S_USER_TCD.
After a transport of the user master record. Should a comparison occur? YES NO.
Which command displays all connections and listening ports on your computer? netstat -a netstat -b netstat -c.
What is Central User Administration used for? To administer password for SAP users centrally To maintain printer landscapes centrally To administer user master records centrally To create authorization profiles centrally.
Which transactions copies the SAP default table USOBX and USOBT to the custom tables
USOBX_C and USOBX_T?
SU25 RZ11 USOBX_C USOBT_C USOBX.
What are the 4 steps required to setup the AIS Copy the SAP role Update the roles Create a user for the auditor Assign the roles User profile roles.
Which authorization objects can you examine to determine if security is administered centrally
or regionally?
S_USER_GRP S_TCD_GRP S_USER_AGR S_USER_ADD.
Which authorization object and its field enforce the administration function in the change and transport system? TABL INIT IMPA IMPS TADD TESSD.
ITS: What are the 4 main functions of the A gate? Communication to and from the SAP system Communicates using the SAP protocols RFC and DIAG Data security is associated with persons and individuals Generating the HTML pages from SAP screens Managing user logon data and session information.
Which transaction displays the history of the system change options? SE03 SE04 SE05 SE06.
How is a system (or a combination of systems) called that protects a networked system from
unauthorized or unwelcome access? A firewall B firewall F firewall.
ABAP Workbench components that are protected with S_DEVELOP ABAP development tools ABAP Dictionary and Data Modeler Screen Painter and Menu Painter ABAP WORKBENCH COMPONENTS.
Which authorization component can be transported? User master records Roles Authorization profiles Check indicators components.
What are the 2 main corposants of the ITS Web gate Application gate Transfer gate.
Testing and analyzing: SNC information is provided in trace files.
What are the 3 most common errors?
Library could not be loaded No credentials No entry in ACL No contents format.
Which table specify the users that can log on to the system using SNC? USRACL URDSAL URSLAA.
Which table specifies that WebRFC users can log on using the AGate`s SNC-protected connection?
USRACLEXT USRACJFFXL UYTGFESDK.
Which of the following are security advantages to a three-tier landscape? Ensure changes occur only on development system. Ensure changes occur only on your production system. Developers do not have access to production data. You control when changes are moved into production. You can test changes in a QA system.
What are the four main sections of the audit analysisreport? Introductory information Audit data Statistical analysis Contents Detailed data.
5 Options available when manually inserting a new authorization?
PFCG > Authorization tab > Edit > Insert authorization Selection criteria Manual input Full authorization From profile From template From csv file.
The following logon parameters can be used to ensure your system is adequately secured logon/fails_to_user_lock logon/min_password_specials logon/min_password_diff logon/named_super_user.
Which profile parameter set the time for automatic SAPGUI logout? rdisp/gui_auto_Signin rdisp/gui_auto_logout.
By default, authorization profiles are transported with role.What should be set up in order to avoid it?
PROFILE_TRANSPORT:=NO Table PRGN_CUST PROFILE_TRANSPORT:=YES.
What is the structure of SAP Router file entry? D: Deny P: Permit S: Permit T:Permit.
What is the transaction of the Internet Communication Framework (ICF)? SICF SERT SDFG.
Which authorization object limit the number of pages a user can print to a specific printer? S_ADMI_FCD S_SPO_PAGE.
Which authorization object can be used to ensure the security administrator only add value for a
specific company code?
S_USER_AGR S_USER_TCD S_USER_VAL.
How is it called when programs can be written that modify the IP address of the source of the
TCP/IP packet, to fool the network into thinking that the packet is coming from within the
network.
Buffer Overflow Spoofing.
What is the default password of the user master record SAP* after the installation of the client
000?
SAP* PASS 06071992.
What 3 security goals answer SSF? Integrity Privacy Authentication Unprivacy.
What is the interface of web based information for enduser RFC, Remote function call The ITS, Internet Transaction Server The SAP Web-GUI.
What is the profile parameter to define the maximum of filters that can be used? Rsau/creation_slot rsau/selection_slot.
Which authorization object enforces that one person can create the role, but another person
must generate the role?
S_USER_AUT S_USER_PRO.
What is the standard password of the user Early Watch? DDIC Early Watch SUPPORT S_TCODE.
What is the profile of the special user Eearlywatch? S_WOOLS_EX_A S_TOOLS_EX_A.
What are the 4 different types of roles? Customizing role Derived role Composite role Normal role Straight role.
SNC: Where are the private keys stored? In the SDC PSE In the SNC PSE In the SEC PSE.
What are the 3 types of encryption? Symmetric Asymmetric Sdfmmetric.
What are the 5 majors authorisation objects used to protect which transaction codes a user can
access and for which product are they meant to be? S_TCODE Q_TCODE I_TCODE E_TCODE.
What is the table for the Extended user Access control USRACLEXT LDSSDSJMX.
ITS: What are the 2 main functions of the Wgate (Webserver)? Connects the ITS to the Webserver Use the HTTP protocol Use the HTML language.
What is the transaction for the system trace tool? ST01 ST02 ST03 ST04.
How can you protect the target system with an import lock in order to avoid transporting the user
assignments to roles?
PRGN_CUST USER_REL_IMPORT:=NO USER_REL_IMPORT:=YES.
Authorization that defines which field values an administrator may enter in roles for which
authorization object and which fields?
S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_VAL S_USER_SYS.
Which User information system report monitors the passwords of all predefined users? RSUSR003 RSUSR004 RSUSR005.
Of which fields consist the authorization S_TABU_DIS? DICBERCLS: Authorization group for ABAP Dictionary objects (only tables/views assigned to
authorization group "V*" (DICBERCLS=V*) may be maintained.) ACTVT: Activity (02, 03) ACTVT: Activity (05, 07) ACTVT: Activity (09, 01).
Which transactions maintain the custom tables USOBX_C and USOBX_T? RZ11 USOBX_C USOBT_C USOBX SU24.
Which table defines for each transaction and for each authorization object which default values
an authorization created from the authorization object should have in the Profile Generator?
USOBT RZ11 USOBX_C USOBT_C USOBX.
Which are the 3 different roles in decentralized User Administration? User administrator Authorization data administrator Authorization profile administrator Authorization uses administrator.
In which table are the table change logged? DBTABPRT DFTAHG DGJKAHST.
What is the difference between System Access Control and Role based Access control? Organizational Measures Technical Measures Environmental measures Access Control System Access Control.
Which authorization enforces that one person can create the menu portion of the role, but
someone else updates the authorizations?
S_USER_AUT S_USER_PRO.
Authorization that defines the transactions that an administrator may include in a role? S_USER_GRP S_USER_AUTH S_USER_PRO S_USER_AGR S_USER_TCD S_USER_TND.
2 roles that the web application server (WAS) can play? SAP Web AS as client component SAP Web AS as server component SAP Web AS as server component.
Which fields has the authorization object S_TABU_LIN? Activity Organizational criterion Attribute for organizational criterion Pripare.
What is a characteristic of the pre-delivered 'system-local' package within the SAP HANA
repository?
It can be assigned to a delivery unit It is used for development testing It contains the SAP HANA Interactive Education (SHINE) It is used as a container for the SAP HANA live content.
What are the pro and cons of composite roles? + One work center + One composite role + One assignment + One central menu.
SAP offers many types of systems and applications. Each type of SAP system (mySAP CRM,
SAP BW, SAP R/3, mySAP SRM, SAP APO) is so varied that the systems do not share security
tools or security services.
Determine whether this statement is true or false
True False.
What are the 2 special users defined in client 000? SAP* DIDIC *SAP.
Which profile contains authorization for all new checks in existing transaction? SAP_NEW SAP_ OLD SAP_ ADVANCED SAP_ PREVIOUS.
Regardless of the release status, after an upgrade you will have 2 possible statuses? What are they?
Source release did not use PFCG (it might have to be activated) Source release used PFCG (This means that tables USOBT_C and US OBX_C have to be
updated as well as the existing roles)
Conversion of manually created profiles to roles if necessary (su25).
Which are the two different maintenance views of the profile generator PFCG? Basic maintenance Complete view Design user menus Maintain authorization data.
With which transaction can you assess the security audit log? SM20 or SM20n SM21 or SM21n SM22 or SM22n.
What 3 security goals answer the digital signature? Integrity Authentication Non-repudiation repudiation.
What are the 3 main windows of the Organization plan transaction? Organizational Structure window Staff Assignments window Task Profile window Work task window.
5 Scenarios of load-balancing with the WAS? Message Server-based redirection Dispatcher or Load-Balancer SAP Web dispatcher IP Address of client -> SSL Ok (but an issue with proxy) Alternative technologies Combining technologies (Web switch and web dispatcher).
Which table Specifies which systems are allowed to connect to the SAP system using SNC? SNCSYSACL SNDFKEERL SLOKUHTDL.
Which program start the external command after it has passed the gateway? gw/sec_info Sapxpg S_RZL_ADM.
What is an ITS service? Multiple ITS instances connect to single systems An ITS service is the set of components needed to call an SAP transaction via the ITS.
Which authorization object check program (reports) use? S_TABU_CLI Early Watch S_PROGRAM.
How to combine the 2 worlds (SAP GUI and web)? How to combine the 2 worlds (SAP GUI and web)? Logon tickets is passed to the SAP shortcuts using ITS service wngui Only from web to traditional (traditional to web not supported) Maintain user mapping. Maintain table USREXTID Report (RSUSREXTID).
What is the table for maintaining system clients? T000 T001 T002 T0000.
What is the safeguard of Eavesdropping?
Safeguard Encryption.
In which transaction can you release the change request to transport? SE10 SE08 SE09.
ITS configuration: What is the difference between a single host configuration and a dual host configuration? Single Host Dual Host Multiple Host.
Which profile parameter specifies the exactness of the logon timestamp? logon/update_logon_timestamp logon/update.
|
