March Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > SAP > SAP Certified Technology Professional > P_SECAUTH_21

P_SECAUTH_21 SAP Certified Technology Professional - System Security Architect Question and Answers

Question # 4

An end user has indicated that they are getting an authorization error when attempting to call a Transaction Code (TCD). However, the TCD exists in the User Manu. What could be the issue and where would you check?

A.

The TCD is assigned to the user via multiples roles; check in PFCG

B.

An entry in table USRBF prevents them from calling the TCD; check SE16

C.

This user is blocked from calling the TCD; check in SM01

D.

Additional authorization checks are required for the TC; check in SE93

Full Access
Question # 5

You are reviewing the authorizations for Core Data Services (CDS) views. How are classic authorizations integrated with CDS authorizations?

A.

By using the statement AUTHORITY-CHECK in the access control of the CDS view

B.

By defining access conditions in an access rule for the CDS view

C.

By assigning the CDS view to the authorization profile in PFCG

D.

By defining the CDS view in the authorization object in SU21

Full Access
Question # 6

What are some characteristics of an SAP HANA multitenant database system (MDC) running in high insolation mode? Note: there are 2 correct answers to this question.

A.

The adm user can access the tenant-specific configuration and trace files.

B.

All tenant databases will share the operating system user and group.

C.

All tenant-specific file and directory permissions are managed by the SAP HANA system.

D.

All tenant-specific permissions to access files and directories are revoked from the adm user.

Full Access
Question # 7

For which purpose do you use instance Secure Storage File System (SSFS) in an SAP HANA system? Note: There are 2 correct answers to this question.

A.

To protect the password of the root key backup

B.

To store root keys for data volume encryption

C.

To store the secure single sign-on configuration

D.

To protect the X.509 public key infrastructure certificates

Full Access
Question # 8

You are using the SAP Web Dispatcher for load-balancing purposes. Which actions are performed by the SAP Web Dispatcher in this scenario? Note: There are 2 correct answers to this question.

A.

Authenticates the user's credentials

B.

Uses SAP logon groups to determine which requests are directed to which server

C.

Checks current state of the message server

D.

Decrypts the HTTPS request and then selects the server

Full Access
Question # 9

Which tasks would you perform to allow increased security for the SAP Web Dispatcher Web Administration interface? Note: There are 2 correct answers to this question.

A.

Use a separate port for the content

B.

Use access restrictions with the icm/HTTP/auth_ profile parameter

C.

Use subparameter ALLOWPUB = FALSE of the profile parameter icm/server_port_

D.

Use Secure Socket Layer (SSL) for password encrypt on

Full Access
Question # 10

What are the features of the Audit Information System (AIS)? Note: There are 2 correct answers to this question.

A.

The roles are built from nodes in the Implementation Guide (IMG)

B.

It can be launched directly using transact on SECR

C.

It offers two types of audit reports: system and business

D.

The report selection variables are configured during setup

Full Access
Question # 11

Which transaction or report can be used to audit profile assignments in an SU01 user master record? Note: There are 2 correct answers to this question

A.

RSUSR100

B.

ST01

C.

SM20N

D.

RSUSR002

Full Access
Question # 12

What does the SAP Security Optimization Service provide? Note: There are 2 correct answers to this question.

A.

Configuration check of the SAP systems and the SAP middleware components against defined configurations

B.

Results with recommendations on how to resolve identified vulnerabilities without prioritization

C.

Analysis of security vulnerabilities within an enterprise's SAP landscape to ensure optimal protection against intrusions

D.

Analysis of your operating system, database, and entire SAP system to ensure optimal performance and reliability

Full Access
Question # 13

What is the purpose of the parameter rec/client in an AS ABAP based SAP system?

A.

To log changes in Core Data Services views

B.

To log changes in tables

C.

To generate changes in documents

D.

To generate source code versions

Full Access
Question # 14

You want to create an SAP Fiori app for multiple users and multiple back-end systems. To support this, you create different roles for the different back-end systems in the SAP Fiori front-end system (central hub). What transactions do you have to use to map a back-end system to one of those roles?

A.

/UI2/GW_SYS_ALIAS

B.

/IWFND/MAINT_SERVICE

C.

SEGW

D.

PFCG

Full Access
Question # 15

Which features do SAP HANA SQL-based analytic privileges offer compared to classic XML-based ones? Note: there are 2 correct answers to this question.

A.

Control of read-only SAP HANA procedures

B.

Transportable

C.

Complex filtering

D.

Control of read-only access to SQL views

Full Access
Question # 16

Which of the following user types can be used to log on interactively? Note: There are 2 correct answers to this question

A.

System

B.

Dialog

C.

Communication

D.

Service

Full Access
Question # 17

Based on your company guidelines you have set the password expiration to 60 days. Unfortunately, there is an RFC user on your SAP system which must not have a password change for 180 days. Which option would you recommend to accomplish such a request?

A.

Change profile parameter login/password_expiration_time to 180

B.

Create a security policy via SECPOL and assign it to tile RFC users

C.

Create additional authorizations for RFC users and assign it to them

D.

Create enhancement spot I user-exit

Full Access
Question # 18

How do you handle user "SAP 'in AS ABAP? Note: There are 3 correct answers to this question.

A.

Remove all authorizations from the user

B.

Lock and expire the user in all clients

C.

Set profile parameter login/no_automatic_user_sapstar to 0

D.

Set profile parameter login/no_automatic_user_sapstar to 1

E.

Lock and expire the user in all clients except 000

Full Access
Question # 19

You have configured a Gateway SSO authentication using X.509 client certificates. The configuration of the dual trust relationship between client (browser) and SAP Web Dispatcher as well as the configuration of the SAP Web Dispatcher to accept and forward client certificates were done. Users complain that they can't log in to the back-end system. How can you check the cause?

A.

Run back-end transaction SMICM and open the trace file

B.

Run back-end system trace using ST12

C.

Run gateway transaction /IWFND/TRACES

D.

Run gateway transaction /IWFND/ ERRORJ.OG

Full Access
Question # 20

You have Reason Codes already defined. Which is the correct sequence of steps to configure a Firefighter ID in Emergency Access Management?

A.

Maintain a Firefighter ID for Controllers and Firefighters

Maintain an Owner for a Firefighter ID

Maintain Access Control Owner

B.

Maintain an Owner for a Firefighter ID

Maintain a Firefighter ID for Controllers and Firefighters

Maintain Access Control Owner

C.

Maintain an Owner for a Firefighter ID

Maintain a Firefighter ID for Controllers and Firefighters

Maintain Access Control Owner

D.

Maintain an Owner for a Firefighter ID

Maintain a Firefighter ID for Controllers and Firefighters

Maintain Access Control Owner

Full Access