SEC_LUG_FIG_CUL

Which of the following illustrate the simplification of user and role maintenance on SAP Cloud? Note: There are 2 correct Answers to this question. Read and write access can be restricted. Business users have business roles. Templates are provided for role derivation. Business roles are automatically provisioned.

The DBMS tab in transaction SU01 allows you to manage database privilege assignments for which of the following scenarios? Note: There are 2 correct Answers to this question. When users need to use reporting authorizations on SAP BW. When a user needs to execute CDS Views. When a user needs to run applications that access the database directly. When users need 1:1 user mapping to map analytical privileges of the database to the virtual analysis authorization of SAP BW.

Which of the following are prerequisites for using transaction PFCG? Note: There are 2 correct Answers to this question. Maintain parameter auth/no_check_in_some_cases = Y. Fill in initials values for customer tables using transaction SU25. Maintain the Check Indicators for Critical Authorization objects. Generate Standard Role SAP_NEW using transaction SU25.

A PFCG role can be linked to an SAP Organizational Management structure by which object types? Note: There are 3 correct Answers to this question. Person. Position. Job. Organizational Unit. Task.

During maintenance of a role you notice that the status text for an authorization object indicates status "Changed New". What does this status text mean?. The authorization object has been flagged as a critical object. The authorization object must be maintained again. The authorization object was used to create a new authorization because the initial configuration of the role changed a default value maintained in SU24. The authorization object was used to create a new authorization because the values contained in SU24 differ from the SAP Standard contained in SU25.

Which of the following accurately describe Solution Manager functionality? Note: There are 3 correct Answers to this question. System recommendations provide a worklist of potentially relevant security notes. Configuration validation helps to standardize and harmonize security-related configuration items for ABAP systems only. SAP SOS self-service is a convenient entry point to introduce security monitoring. Configuration validation can check if security policies were applied. SAP EWA provides the most comprehensive security check.

Which of the following are used in SAP Enterprise Threat Detection (ETD) architecture? Note: There are 2 correct Answers to this question. SAP IQ. SAP HANA Smart Data Streaming. SAP ASE. Forensic lab.

Which transaction codes are relevant to enable SNC between ABAP systems? Note: There are 3 correct Answers to this question. SNC0. PFCG. RZ10. STRUST. SU01.

Which of the following objects allows you to restrict which users can distribute a role to another system using an RFC destination?. S_USER_AGR. S_USER_SYS. S_USER_STA. S_USER_AUT.

Which of the following conditions apply when merging authorizations for the same object? Note: There are 2 correct Answers to this question. Changed authorizations can be merged with manual authorizations, as long as the activation status is the same. Changed authorizations can be merged with manual authorizations, even if the activation status is different. Both the activation status and the maintenance status of the authorizations do not match. Both the activation status and the maintenance status of the authorizations match.

Which of the following app-specific types of entities do users need to use SAP Fiori apps? Note: There are 2 correct Answers to this question. Authorizations. Master Data. UI. Parameters.

When building a PFCG role for SAP Fiori access on an embedded front-end server configuration, which of the following items should be provided? Note: There are 3 correct Answers to this question. UI access to the Apps. SAP Favorites. Start Authorizations for OData services. Catalog for the Start Authorization. WAPA Business Server Pages.

Which of the following are core principles of GDPR? Note: There are 3 correct Answers to this question. Data Archiving. Lawfulness, Fairness and Transparency. Storage Limitations. Data Quality. Data Minimization.

Which of the following defines "Phishing"?. Pretending to be another user. Acquiring sensitive information by masquerading as a trustworthy entity. Overloading an application with requests. Modifying an IP address of the source of the TCP/IP packet.

Which of the following accurately describe a Composite Role? Note: There are 2 correct Answers to this question. Transactions cannot be deleted from the menu with the authorizations retained. Authorizations are maintained at the single role level. Menus cannot be adjusted as required. User assignment is maintained at the Composite Role level.

Which of the following are examples of personal data under the GDPR? Note: There are 3 correct Answers to this question. IP address. Aggregated statistics on the use of a product. GPS data from a cellular phone. Age group. E-mail address.

Which of the following are system security threats? Note: There are 3 correct Answers to this question. Availability. Code injection. Authorization violation. System penetration. Nonrepudiation.

Which of the following describe SAP Fiori Tile Target Mapping? Note: There are 2 correct Answers to this question. It defines the target application which is launched. It is part of the SAP Fiori Launchpad configuration. It represents the visual part of a tile. It is defined within an SAP Tile Group.

Which of the following user types are precluded from logging onto the system directly? Note: There are 3 correct Answers to this question. Dialog. Service. Communication. Reference. System.

Which of the various protocols can be used to establish secure communication? Note: There are 3 correct Answers to this question. From Secure Login Client to Secure Login Server: DIAG/RFC (SNC), HTTPS, RADIUS. From Business Explorer to SAP Netweaver: DIAG/RFC (SNC), HTTPS (SSL). From SAP GUI to SAP Netweaver: DIAG/RFC (SNC). From Secure Login Server to SAP Netweaver: RFC (SNC). From Secure Login Server to LDAP Server: HTTPS (SSL).

Which of the following authorization objects are used to secure the execution of External Commands when defining a background job step? Note: There are 2 correct Answers to this question. S_RZL_ADM. S_BTCH_EXT. S_LOG_COM. S_PROGRAM.

If the OData back-end service is located on a remote back-end, users need which authorization objects to perform the RFC call on the back-end system? Note: There are 2 correct Answers to this question. S_RFC. S_RFCACL. S_START. S_SERVICE.

You want to limit an authorization administrator so that they can only assign certain authorizations. Which authorization object should you use?. S_USER_AGR. S_USER_ADM. S_USER_TCD. S_USER_VAL.

What is the equivalent of the AS ABAP user type System in the AS Java UME security policy?. Default user. J2EE user. Technical user. Internal service user.

Which transaction code allows you to configure the SAP Security Audit Log?. SM19. SM20. SM18. SUIM.

Which values are permitted for the S_BTCH_JOB authorization object? Note: There are 3 correct Answers to this question. DELE. 01 (Create). RELE. SHOW. 02 (Change).

What is the main purpose of SAP Access Control, as an enterprise software solution?. Identify security risk and document compliance. Deployment of encryption services. Secure authentication for cloud and on-premise. Manage corporate social media presence.

Which of the following are phases in the SAP Audit Management auditing process? Note: There are 3 correct Answers to this question. Monitoring Progress. Engagement Planning. Remediation Analysis. Communicating Results. Mitigation Review.

In SAP S/4HANA Cloud authorization objects are grouped into which item?. Single technical roles. Groups. Business roles. Privileges.

Which of the following accurately describes the role/profile SAP_NEW? Note: There are 2 correct Answers to this question. The profile SAP_NEW provides authorization for all new objects and objects changed by release. Organizational levels need to be maintained in profile SAP_NEW. The role SAP_NEW does not guarantee backward compatibility for all scenarios. The role SAP_NEW must be generated in accordance with the system environment using the report REGENERATE_SAP_NEW.

Which configuration options apply to the usage of VCLIENT in the parameter icm/server_port_<xx> Note: There are 3 correct Answers to this question. VCLIENT value must be specified if SSL configuration is defined by SSLCONFIG. VCLIENT default value is 0. VCLIENT=1, the server asks the client to transfer a certificate. VCLIENT default value is 1. VCLIENT=0, which notifies the SSL server that no SSL client verification is needed.

Which TADIR Service Object type includes business functional authorization objects used within the OData execution?. IWSG. OSOD. IWSC. IWSV.

In SAP NetWeaver AS Java, the User Management Engine (UME) supports which of the following data sources for storing user data? Note: There are 3 correct Answers to this question. Java system database. Directory /usr/sap. LDAP Directory. UDDI provider. ABAP-based SAP system.

Which authorization object is required to modify authorization data of derived roles?. S_USER_SYS. S_USER_AUT. S_USER_VAL. S_USER_AGR.

Which CDS-related repository object types are provided with ABAP CDS? Note: There are 3 correct Answers to this question. CDS View Entity. Metadata Extensions. SQL View. Access Control. Data Definition.

Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?. S_TCODE. S_START. S_SERVICE. S_PERSONAS.

Which UCON phase blocks the access to RFC Function Modules without an assigned Communication Assembly?. Logging. Configuration. Activation. Evaluation.

How can you protect a system when you do not want the user assignments for a role to be transported?. Restrict import of users in table PRGN_CUST in the target system. Restrict import of users in table PRGN_CUST in the development system. Restrict access to the user assignment tab in PFCG in the target system. Restrict access to the user assignment tab in PFCG in the development system.

Which archiving object can you use for archiving change documents related to changes with authorizations assigned to a user?. US_AUTH. US_USER. US_PROF. US_PASS.

Which of the following transactions allow you to customize or configure SAP Fiori Catalogs and Groups? Note: There are 2 correct. /UI2/FLPD_CONF. /UI2/FLPCM_CONF. /UI2/FLPD_CUST. /UI2/FLPCM_CUST.

Which of the following describe the behavior of a reference user when assigned to a user master record? Note: There are 2 correct Answers to this question. The reference user roles are directly assigned to the user master record. The roles of the reference user are always hidden. The roles of the reference user can be shown. The user master record references the roles and authorizations assigned to the reference user.

Which of the following correctly describe the SAP Security Optimization Service (SOS) offerings? Note: There are 3 correct Answers to this question. Self Service: performed by experienced service engineers. Onsite Service: performed by specialists. Onsite Service: available with additional costs. Remote Service: part of CQC service offering. Self Service: all completely automated checks in all SAP systems.

Which of the following checks are performed for SAProuter by the SAP Security Optimization Service? Note: There are 3 correct Answers to this question. SAProuttab Check. Password Check. Secure Network Communication Check. User Management Check. Operating System Access Check.

What is the purpose of securing sensitive business data? Note: There are 3 correct Answers to this question. Reduction of training costs. Disruption of software deployment. Protection of intellectual property. Protection of image. Correctness of data.

You are responsible for determining the reason why you need personal data and how this data is processed or stored. What key role do you play under GDPR in relation to personal data?. Data Steward. Data Processor. Data Subject. Data Controller.

In the case of missing OData authorizations, why is it not recommended to maintain S_SERVICE manually within an SAP Fiori authorization role? Note: There are 2 correct Answers to this question. Both front-end and back-end entries are generating the same S_SERVICE authorization object with different authorization values. Both front-end and back-end entries are generating the same S_SERVICE authorization object with the same authorization values. The SRV_NAME value of the S_SERVICE authorization object is the name of an OData service. The SRV_NAME value of the S_SERVICE authorization object is the hash value of an OData service.

Which of the following actions correctly describes the usage of Front Channel Single Sign-On based on (SAML) 2.0?. The service provider queries the user for authentication credentials. The identity provider queries the user for authentication credentials. The identity provider returns the user to the service providers with an authentication request. The identity provider presents the requested resource to the user.

Which of the following actions correctly describes the usage of Back Channel Single Sign-On based on (SAML) 2.0?. The service provider redirects the user to an identity provider and includes a SAML artifact referring to the authentication request. The service provider gets the authentication request from the identity provider over a SOAP channel. The service provider queries the user for authentication credentials. The identity provider gets the authentication response from the service provider over a SOAP channel.

Your system is configured to prohibit a user from logging on multiple times to the system with the same User ID in violation of your SAP licensing agreement. However, certain users need to be exempt from this limitation. Which instance profile parameter can you configure to allow a small group of users to bypass the limitation of multiple logins?. login/server_logon_restriction. login/multi_login_users. login/disable_multi_gui_login. login/disable_multi_rfc_login.

Which of the following features are provided by the SAP Fiori Launchpad content manager? Note: There are 3 correct Answers to this question. Display role assignments for Catalogs. Activate OData Services. Create and configure Groups. Display the issues with SAP Fiori Launchpad content. Create and configure Catalogs.

You want to adjust check indicator values for certain authorization objects delivered by SAP. In which of the following tables should your adjustments be recorded?. USOBHASH. USOBX. USOBT_C. USOBX_C.

Which of the following allows you to improve the quality of your enterprise data assets with consistent data validation rules, data profiling and metadata management?. SAP Data Services. SAP Information Steward. SAP Information Lifecycle Management. SAP Process Control.

Which of the following tables contain transport request object lists and table entry keys? Note: There are 2 correct Answers to this question. E071K. E070. E070L. E071.

What are the main features of SAP Enterprise Threat Detection (ETD)? Note: There are 3 correct Answers to this question. Monitoring of GDPR compliance. Segregation of Duty analysis. Forensic investigations. Realtime alerts. Monitoring of security events.

Your company uses derived roles. During maintenance of the Plant Manager imparting role, you add a new transaction to the Menu tab which introduces a new organizational level that will be unique for each of your 150 plants. How will the new organization level be maintained in the derived roles?. All at once using transaction PFCGMASSVAL. Automatically using the Copy Data button during maintenance of the imparting role. Automatically after generating the profiles of the imparting role and adjusting the derived roles. Manually by maintaining each derived role individually.

Which of the following are SAPUI5 Fiori application types? Note: There are 2 correct Answers to this question. Analytical. Web Dynpro. Transactional. Legacy.

You want to turn off the SAP Menu on the Easy Access Menu screen. What administrative function do you need in Authorization Object S_USER_ADM?. SSM_CUST. PRGN_CUST. USR_CUST. USR_CUST_S.

Which transaction allows a user to change the authorization values of multiple roles at the same time?. PFCGROLEDIST. SUPC. PFCG. PFCGMASSVAL.

Which of the following parameters must be configured to capture log data in the Security Audit Log?. rec/client. dir_logging. rsau/enable. rdisp/TRACE.

Which of the following items are addressed by Configuration Validation? Note: There are 3 correct Answers to this question. Database parameters. Critical roles. Software packages. Failed transports. RFC logins.

Which of the following actions are required to ensure complete logging of table data changes? Note: There are 3 correct Answers to this question. Log data changes must be enabled at the table level in transaction SE13. Parameter RECCLIENT must be maintained in transaction STMS. Client change options must be set to Automatic Recording of Changes. The security audit log must be activated using transaction SM19. Instance profile parameter rec/client must be maintained for client.

Which of the following technical capabilities does SAP Code Vulnerability Analysis provide? Note: There are 2 correct Answers to this question. Static and Dynamic Application Security Testing. Deprovisioning of problematic ABAP code. Capture of manual and automated check executions. Direct integration with Root Cause Analysis.

Which of the following SUIM reports can you use to determine if a user has a segregation of duty violation? Note: There are 2 correct Answers to this question. User Comparison. User Level Access Risk Analysis. Users by Complex Search. Users With Critical Authorizations.

The report "Search for Application in Role Menu" can be called via which of the following options? Note: There are 2 correct Answers to this question. Transaction RSUSR_ROLE_MENU. Transaction SUIM, (Menu node "Change Documents"). Transaction RSUSR_START_APPL. Transaction SUIM (menu node "Roles").

SAP Cloud Identity and Access Governance consists of which of the following software services? Note: There are 3 correct Answers to this question. Access Request. User Access Certification. Emergency Access Management. Access Analysis. Role Design.

Where is the application log information (SLG1) saved?. In the location specified by the rsau/local/file parameter. In the directory specified by DIR_TRANS parameter. In the database. In the directory specified by DIR_LOGGING parameter.

Which is the frequency of SAP Patch day?. Yearly. Quarterly. Weekly. Monthly.

You are configuring authorizations to secure access to table data using transaction SM31 and you encounter authorization object S_TABU_DIS and field DICBERCLS. How can this field be used to secure access?. It allows you to specify access to a specific client-independent table. It allows you to specify access to tables referenced by a specific program group. It allows you to specify access to tables associated with a specific authorization group. It allows you to specify access to a specific client-dependent table.

What content can be shared between the SAP Access Control and SAP Cloud Identity and Access Governance products? Note: There are 3 correct Answers to this question. Mitigations. Risk library. Emergency access. Process hierarchy. Mitigation controls.

What information can be provided by an Audit Class? Note: There are 3 correct Answers to this question. User Authorizations. Dialog Logon. RFC/CPIC Logon. User Roles. Transaction Start.

Which of the following describes an Authorization Object class?. It defines a group of 1 to 10 authorization fields together. It defines the smallest unit against which an authorization check can be run. It defines a logical grouping of authorization objects. It defines authorizations for different authorization objects.

How can you enforce an additional transaction start authorization check for a custom transaction?. Maintain the SU24 entry for the custom transaction and adding the desired authorization object, setting the Check Indicator to "Check" and setting Proposal to Yes. Using transaction SE93, update the custom transaction definition by specifying the desired authorization object and maintaining the desired field values. Without additional custom development it is not possible to add another check during transaction start. For each role containing the custom transaction, add the desired authorization object manually in transaction PFCG, maintain the field values and then generate the profile.

Which ABAP transaction codes are relevant for SNC Parameter Configuration? Note: There are 2 correct Answers to this question. SNC0. SNCWIZARD. SNCCONFIG. STRUST.

What is the purpose of SAP Notes listed by SAP Solution Manager System Recommendations? Note: There are 2 correct Answers to this question. To recommend Legal Change Notes related to SAP innovations. To recommend Performance Notes to improve system response. To recommend SAP Hot News Notes (priority 1 and 2). To recommend SAP Security Notes for evaluation.

Which of the following functionalities are supported by SAP Information Lifecycle Management (ILM)? Note: There are 3 correct Answers to this question. Data Destruction. Data Archiving. Data Retention. Data Logging. Alert Notification.

Which of the following transactions allow you to define role assignments for OData Services that are available on multiple back-end systems? Note: There are 2 correct Answers to this question. /IWFND/MAINT_SERVICE. /UI2/GW_MAINT_SRV. /IWFND/GW_SYS_ALIAS. /IWFND/GW_CLIENT.

Which application allows a role developer to perform the mass maintenance of menu options from selected SAP Fiori Tile Catalogs?. PRGN_COMPARE_ROLE_MENU. PRGN_CREATE_FIORI_BACKENDROLES. PRGN_PRINT_AGR_MENU. PRGN_CREATE_FIORI_FRONTENDROLE.

Where can you enable the Read Access Logging tools?. SWI5. SUIM. SPRO. SICF.

Which feature is available in the CommonCryptoLib scenario provided by SAP Security Library?. SSL/TLS. SPNEGO / ABAP. Secure Store and Forward (SSF). Hardware Security Module (HSM).

When you are troubleshooting an application start issue, what does the Search for Startable Applications in Roles report help you determine? Note: There are 2 correct Answers to this question. If the PFCG role menu contains SAP Fiori Tile Groups. If the PFCG roles contain all of the start authorizations required for the application. If there is an application start lock. If the PFCG roles are assigned to end users.