Pregunta 1
Pregunta
How do you check that only appropriate users have access to sensitive data in the production system?
Respuesta
-
Confirm that the user group SUPER is assigned to all administrators using the transaction SUGR
-
Search for sensitive transactions calls by business users in the security audit log using transaction SM20
-
Search for roles containing critical authorization objects assigned to users in the production system using transaction SUIM
-
Check if SAP standard roles are assigned in production systems
Pregunta 2
Pregunta
Who can implement the recommended security measures after a security check session is complete?
Pregunta 3
Pregunta
What tools allow to create, modify and remove users and assign authorizations in SAP and non-SAP systems?
Respuesta
-
SAP NetWeaver Identity Management (IdM)
-
SAP GRC Access Control module Access Request Management (ARQ)
-
SAP Central User Management ( CUA)
-
SAP Solution Manager
Pregunta 4
Pregunta
When ABAP is used as a data store for the user management engine (UME), what Java objects are mapped to ABAP…?
Respuesta
-
Groups
-
Actions
-
Roles
-
Users
Pregunta 5
Pregunta
What are the requirements of a mutual trust relationship between two SAP Systems? Note: There are two correct answers to this question.
Respuesta
-
Each system must have its timeout mechanism set to inactive
-
Each system must have the same security level requirements
-
Each system must disable modifications to the system ID, system number and destination name
-
Each system must be defined in the corresponding partner system
Pregunta 6
Pregunta
What can user type SYSTEM be used for?
Respuesta
-
For background processing
-
To receive additional authorizations
-
For dialog-free communication
-
For a dialog logon
Pregunta 7
Pregunta
What is the SAProuter for? Note: There are two correct answers to this question.
Respuesta
-
Controlling and logging connections to SAP systems
-
Replacing the corporate firewall
-
Load balancing for better network performance
-
Granting access to only selected SAP router and systems
Pregunta 8
Pregunta
How can you assign roles to a user in a back-end system using SAP NetWeaver Identity Management?
Respuesta
-
A. Assign by associating the users with the variable MISKEY
-
B. Assign as tasks that includes roles
-
C. Assign as privileges with the attribute MXREF_MX_PRIVILEGE
-
D. Assign by starting the SU01 transaction from the Identity Management Control
Pregunta 9
Pregunta
What information is stored in the SAP logon ticket? Note: There are three correct answers to this question.
Pregunta 10
Pregunta
Which of the following checks are performed by SAP Early Watch Alert (EWA)?
The are 3 correct answers
Pregunta 11
Pregunta
In what table are the relationships between transaction codes and start authorization objects stored?
Pregunta 12
Pregunta
What are some of the steps required to configure secure socket layer (SSL) for the SAP Web Dispatcher?
Respuesta
-
Create entrees with deny (D) at the end of SAProutlab file
-
Create a personal security environment
-
Restart the SAP Web Dispatcher after configuration
-
Restart the SAP backend server after changing the SAP Web Dispatcher
Pregunta 13
Pregunta
For what reasons do you install the SAP NetWeaver single sign-on (SSO) components?
Respuesta
-
Secure Login Library is used as a cryptographic library for SAP Netweaver as ABAP
-
Secure Login Server is used as a central service to provide X 509 user certificates
-
Secure Login Client is used as a server application that provides security tokens
-
Secure Login Library is used as a cryptographic library for SAP Netweaver as Java
Pregunta 14
Pregunta
How does the security policy profile in the user management engine (UME) behave using basic authentication?
Respuesta
-
For the “default” security policy profile, it is possible to log on to AS Java and a password change is forced
-
For the “unknown” security policy profile, the log on to AS Java depends on AS ABAP user type
-
For the “internal service user” security policy profile, it is possible to log on to AS Java
-
For the “technical user” security policy profile, a password change is forced
Pregunta 15
Pregunta
What are some of the uses for secure network communication (SNC)?
Respuesta
-
Encrypting a LDAP connection to a LDAP directory
-
Protecting the integrity of transmitted data
-
Encrypting a HTTP connection between web browser and application gateway
-
Providing cryptographically strong mutual authentication
Pregunta 16
Pregunta
Which login module flag has the following behaviour?
“If the authentication is successful, control returns to the application, otherwise the authentication proceeds…”
Respuesta
-
Required
-
Optional
-
Requisite
-
Sufficient
Pregunta 17
Pregunta
What are the capabilities of SAP Web Dispatcher? Note: There are three correct answers to this question.
Respuesta
-
Re- encrypts secure sockets layer (SSL) encrypted requirements
-
Enables deep packet inspection of TCP/IP traffic
-
Filters URLs of http/https requests
-
Replaces a firewall
-
Enable load balanced
Pregunta 18
Pregunta
Which setup steps in an SAP Human Capital Managements (HCM) system to transfer data to an SAP NetWeaver?
Respuesta
-
Maintain attribute mapping
-
Import the staging area template
-
Create an identify store for data staging
-
Create the export query
Pregunta 19
Pregunta
What type of personal security environment (PSE) is used by default on an ABAP server acting as a client in a secure sockets…?
Pregunta 20
Pregunta
Which algorithms are used in symmetric key encryption? Note: There are three correct answers to this question.
Respuesta
-
Digital Encryption Standard (DES)
-
RSA
-
International Data Encryption Algorithm (DEA)
-
(D-H)
-
Advanced Encryption Standard (AES)
Pregunta 21
Pregunta
Which of the following is management required to do under section 404 of the Starbanes-Oxley Act?
Respuesta
-
Conduct internal survey of security procedures
-
Document the design of significant controls
-
Identify resulting issues and monitor remediation
-
Enforce internal audit recommendations
-
Perform an evaluation of control design and effectiveness
Pregunta 22
Pregunta
What are the functions of the SAP NetWeaver Identify Management (IdM) dispatcher? Note: There are three correct answers to this question.
Respuesta
-
Writing data to external repositories
-
Updating the identify stores
-
Monitoring the execution queues
-
Evaluating task and workflow expressions
-
Starting a runtime engine when a job or a task is to be executed
Pregunta 23
Pregunta
How do you create a connector to an SAP back-end system using SAP Netweaver Identify Management (IdM)?
Respuesta
-
Implement a central user management system and create an RFC connection
-
Create roles in the target system using an initial load job
-
Create a repository containing access data to the target system
-
Create a computing centre management system (CCMS) job in the back-end system
Pregunta 24
Pregunta
What object is used to grant administration rights to users administrators in a child system from the Central User Administration?
Respuesta
-
S_USER_GRP
-
S_USER_AGR
-
S_USER_SYS
-
S_USER_SAS
Pregunta 25
Pregunta
What is SAProuter used for? Note: There are two correct answers to this question.
Respuesta
-
To route HTTP protocols inside a customer network
-
To grant access to encrypted connections from a known partner
-
To route SMTP protocols inside a customer network
-
To grant access only to other selected SAProuters
Pregunta 26
Pregunta
How does the system parameter “login/disable_multi_gui_login” with value =1 affect a service user?
Respuesta
-
Only profiles can be assigned to the service users
-
A check for password expiration is always performed for the service user at logon
-
Multiple logons are allowed for the service users
-
A password is always required for the service user
Pregunta 27
Pregunta
Which of the following is a signature algorithm?
Respuesta
-
Message Digest Algorithm (MDA)
-
US Secure Hash Algorithm (SHA)
-
RSA
-
International Data Encryption Algorithm (IDEA)
Pregunta 28
Pregunta
Where is the user-relevant data stored when an SAP System is connected to an LDAP server? Note: There are two correct answers to this question.
Respuesta
-
In AS Java the user-relevant data is stored both in the AS Java and on the LDAP Server
-
In AS Java the user-relevant data is stored on the LDAP server
-
In AS ABAP the user-relevant data is stored only in the LDAP server
-
In AS ABAP the user-relevant data is stored both in the AS ABAP and on the LDAP
Pregunta 29
Pregunta
How can a critical table containing sensitive data be protected using the authentication object S_TABU_DIS?
Respuesta
-
The tables containing sensitive data have to be named using the authorization object S_TABU_NAM for all responsible administrator
-
The tables containing sensitive data have to be associated with table groups in table TBRG
-
Authorization table groups containing tables with sensitive data have to be declined in table TDDAT and these must be omitted for…
-
The field DICBERCLS of the authorization object has to enumerate all table names of the tables containing sensitive data
Pregunta 30
Pregunta
What can SAP Systems use to communicate with another SAP systems or a non-SAP system using a Remote Function Call (RFC)?
Respuesta
-
Hypertext Transfer Protocol (HTTP)
-
Simple mail Transfer Protocol (SMTP)
-
Application Programming Interface (API)
-
Hypertext Transfer Protocol Secure (HTTPS)
Pregunta 31
Pregunta
In which project phase do you determine the structure of the role design?
Pregunta 32
Pregunta
What data sources does the user management engine (UME) support?
Respuesta
-
Directory service using LDAP
-
ABAP based repository
-
Internal system database
-
Universal description, Discovery and Integration (UDDI) provider
-
Database management system (DEMS) provider
Pregunta 33
Pregunta
What data store is used to show the implemented SAP Notes in the Security Optimization Service?
Respuesta
-
ABAP_TRANSPORTS
-
ABAP_NOTES
-
RSECNOTE
-
SECSNOTE
Pregunta 34
Pregunta
How can you build access rights for security administrators, IT administrators, master data administrators and auditors for business…?
Respuesta
-
a. Analyse business needs
b. Check SAP delivered roles
c. Generate profiles for SAP roles
d. Assign these roles accordingly
-
a. Analyse business needs
b. Check SAP delivered roles
c. Create custom roles
d. Assign these roles accordingly
-
a. Check SAP delivered roles
b. Add rights into SAP delivered roles
c. Generate profiles for SAP roles
d. Assign these roles accordingly
-
a. Analyse business needs
b. Create roles without extended access
c. Generate profiles for the custom roles
d. Assign these roles accordingly
Pregunta 35
Pregunta
Which of the following are value-added features of the Virtual Directory Server (VDS)? Note: There are three correct answers to this question.
Respuesta
-
Attribute Mapping
-
Filtering
-
User provisioning
-
Value conversion
-
Approvals workflow
Pregunta 36
Pregunta
Your customer is using the GRC Access control module Emergency Access Management (EAM).
Which user receives a session protocol after a firefighter super user session has ended?
Pregunta 37
Pregunta
How do you secure access to custom data? Note: There are three correct answers to this question.
Respuesta
-
Lock transaction SE 16N to prevent access to custom data
-
Assign authorization for transaction SA38 to users who have access to custom data
-
Ensure that proper controls are in place if custom programs or function modules access critical tables
-
Include AUTHORITY-CHECK statements for all custom programs that access custom data
-
Link custom programs to custom transactions codes
Pregunta 38
Pregunta
For what can you use Assertion tickets?
Respuesta
-
For system-to-system communication with 1 to n recipients
-
For system-to-system communication using RFC or HTTP
-
For system-to-system communication with 1 to n recipients where immediate consumption is needed
-
For system communication using cross-system single sign-on (SSO)
Pregunta 39
Pregunta
What are the SAP best practices to build SAP ABAP access rights to differentiate between administrators such as the IT administrators?
Respuesta
-
Create roles based on traces made with STATUTHRACE and assign them to the appropriate users
-
Generate profiles for SAP delivered roles and assign them to the appropriate users
-
Define the transactions administrators should be able to use, create appropriate PFCG roles and assign those roles to the…
-
Assign SAP delivered profiles to the appropriate users
Pregunta 40
Pregunta
What are some components of the Virtual Directory Server (VDS)?
Pregunta 41
Pregunta
What functions of the Virtual Directory Server (VDS) secure access to data in VDS repository?
Respuesta
-
Attribute filtering
-
Value mapping
-
Data join
-
Logging
-
Namespace conversion
Pregunta 42
Pregunta
What is the user management engine (UME) property “connection pooling” used for?
Respuesta
-
To create a new connection to the LDAP directory server for each request
-
To improve performance of requests to the LDAP directory server
-
To avoid unauthorized request to the LDAP directory server
-
To share server resources among requesting LDAP clients
Pregunta 43
Pregunta
What is the default SSL Port Number of the ABAP Internet Communication Manager (ICM) if the instance number of the …?
Pregunta 44
Pregunta
Why do you use table logging?
Respuesta
-
To log changes in application data
-
To log changes in master data
-
To log changes in customizing tables
-
To log changes in table technical settings
Pregunta 45
Pregunta
How is a support user password communicated securely to SAP support?
Respuesta
-
Written in an encrypted email to the support employee with an sap.com email address
-
By enabling the Early Watch user and setting the password to SUPPORT
-
Included in the support message with the username
-
Delivered via the secure store in the SAP Service Marketplace
Pregunta 46
Pregunta
The following shows an example of the command line entry to star the Microsoft Windows SAP GUI.
Sapgui.exe.host1 01 SNC_PARTNERNAME = “p.CN=sap01.host1, OU=TEST01, O=myCompany, C=US…”
What SNC_QOP parameter value does the client sent to the server to achieve the maximum level of protection?
Pregunta 47
Pregunta
Which of the following threats modify the IP address of the source of the TCP/IP packet?
Pregunta 48
Pregunta
What services does the SAP NetWeaver Identity Management (IdM) identify Centre Provide?
Pregunta 49
Pregunta
Which of the following categories of Remote Function Call (RFC) communication use the SAP Gateway?
Pregunta 50
Pregunta
You have to setup a Remote Function Call (RFC) connection between a SAP ERP system and a central SAP NetWeaver.
What user type do you use to secure these activities?
Respuesta
-
System
-
Dating
-
Communication
-
Service
Pregunta 51
Pregunta
The Emergency Access Management (EAM) administrator of an SAP system wants to create a support user account.
How can a support user be enable to access a firefighter ID with support authorizations? Note: There are three correct answers to this question.
Respuesta
-
The firefighter controller assigns the support user to the firefighter ID
-
The EAM owner of the firefighter ID maintains the association to the responsible support user
-
The EAM firefighter ID user has to be assigned to the role Z_SAP_GRAC_SPM_FFID
-
The EAM administrator has to provide the password to the end user for the firefighter ID users who is responsible for…
-
The roles Z_SAP_GRC_FN_BASE and Z_SAP_GRC_FN_BUSINESS_USER must be assigned to the support user…
Pregunta 52
Pregunta
What security-related functions does SAP Web Dispatcher support? Note: There are two correct answers to this question.
Pregunta 53
Pregunta
Using the hybrid encryption method, which of the following is safely transmitted only once between the communication partners?
Respuesta
-
Private key
-
Public key
-
Secret key
-
Private/Public key pair
Pregunta 54
Pregunta
What tasks do you perform in the business blueprint phase to define the authorization concept for an AS ABAP- based systems? Note: There are two correct answers to this question.
Respuesta
-
Select the internal and external members of the project team
-
Build a project plan to implement an authorization concept
-
Determine the business requirements for the customer doing the implementation
-
Define the authorization concept for how roles should be built
Pregunta 55
Pregunta
To be compliant with regulations such as Sarbanes Oxley, you want to check your authorization assignments against defined…
How does SAP recommend you find violations to SoDs in SAP systems?
Respuesta
-
Use report RSUSR0008_009_NEW appropriate variant
-
Use SAP governance, risk and compliance with a configured SoD matrix
-
Use transaction SUIM
-
Use STAUTHTRACE
Pregunta 56
Pregunta
You download and upload PFCG roles between SAP ABAP systems. After assigning these roles in the destination system to…
How can you prevent this situation? Note: There are two correct answers to this question.
Respuesta
-
Check user profiles after upload in the destination system
-
Assign roles and reconcile the user master data after the upload
-
Generate profiles of the roles immediately after the upload
-
Change number range for transports in the destination system
Pregunta 57
Pregunta
Which of the following are the default components of a distinguished name (DN)? Note: There are three correct answers to this question.
Respuesta
-
Organization unit
-
Country
-
Position
-
Job
-
State
Pregunta 58
Pregunta
In SAP NetWeaver Application Server Java, where do you configure additional posts for SSL, before you can start using…?
Pregunta 59
Pregunta
What must you do to secure the Microsoft Windows client environment for the SAPGUI user interface?
Respuesta
-
Replace the saprules.xml file in the installation directory
-
Make special permissions to files in the installation directory available to the end user
-
Protect the registry key by disallowing user access to the reedit program
-
Save the SAPGUI client user security rules file “saprules.xml” in the directory %APPDATA%/SAP/Common
-
Use the SNC Client Encryption software for the SAPGUI
Pregunta 60
Pregunta
What authorization object is checked when a user selects an ABAP Web Dynpro application to execute?
Respuesta
-
S_PROGRAM
-
S_START
-
S_SERVICE
-
S_TCODE
Pregunta 61
Pregunta
What are some of the users for secure network communication (SNC)? Note: There are two correct answers to this question.
Respuesta
-
Encrypting a LDAP connection to a LDAP directory
-
Protecting the integrity of transmitted data
-
Encrypting a HTTP connection between web browser and application gateway
-
Providing cryptographically strong mutual authentication
Pregunta 62
Pregunta
What elements are included in the Personal Security Environment (PSE)? Note: There are three correct answers to this question.
Respuesta
-
The certificates of trusted certificate authorities
-
The private key
-
The password hash of the user account
-
The public key certificate
-
The secure network communication name of the user
Pregunta 63
Pregunta
What activity is performed to manage SAP user licenses?
Respuesta
-
Run the RSURS200 report to viewer users by logon date and password change
-
Execute the AL08 transaction for an overview of active users
-
Run the RSURS002 report to view users by complex selection criteria
-
Run the RFALD006_BCE report to view the number of user master records
Pregunta 64
Pregunta
64. Which of the following tools can be used in SAP Solution Manager to view the health and status of management…?
Respuesta
-
SAP Security Optimization Service
-
SAP User information System
-
SAP Security Audit Log
-
SAP Computing Centre Management System
-
SAP Early Watch Alert
Pregunta 65
Pregunta
Why do you use the SAP User Information System? Note: There are three correct answers to this question.
Respuesta
-
To display the transactions contained in roles
-
To compare users across SAP systems
-
To list the users logged on to the SAP systems
-
To report authorization errors
-
To compare roles within an SAP system
Pregunta 66
Pregunta
What is the correct sequence of steps to enable secure network communication (SNC) on SAP NetWeaver AS..?
Respuesta
-
a. Create on import SNC personal security environment (PSE)
b. Establish trust relationship
c. Set SNC profile parameters
d. Create credentials
e. Install SAP Cryptographic library
f. Restart Application Server Java
-
a. Install SAP Cryptographic library
b. Create on import SNC personal security environment (PSE)
c. Create credentials
d. Establish trust relationship
e. Set SNC profile parameters
f. Restart Application Server Java
-
a. Set SNC profile parameters
b. Establish trust relationship
c. Create credentials
d. Install SAP Cryptographic library
e. Create on import SNC personal security environment (PSE)
f. Restart Application Server Java
-
a. Install SAP Cryptographic library
b. Create credentials
c. Create on import SNC personal security environment (PSE)
d. Set SNC profile parameters
e. Establish trust relationship
f. Restart Application Server Java
Pregunta 67
Pregunta
What features are common to both virtual directory and synchronization methodology? Note: There are two correct answers to this question.
Respuesta
-
Enabling multiple access points to data
-
Modifying name spaces
-
Preventing LDAP access to data
-
Manipulating attribute values
Pregunta 68
Pregunta
What does authorization object S_SPO_ACT with value _USER_ allow?
Respuesta
-
Grants access to all spool requests in the current client
-
Grants access to your own spool requests
-
Grants access to named user requests
-
Grants access to all spool requests in all clients
Pregunta 69
Pregunta
What are the benefits of the Audit Information System (AIS) to companies? Note: There are three correct answers to this question.
Respuesta
-
Offers two types of audit reports: system and business
-
Roles are built from modes in the implementation guide (IMG)
-
Report selection variables are configured quickly during setup
-
In used by both internal and external auditors
-
Starts with aa single transaction code SECR
Pregunta 70
Pregunta
You have sensitive roles created in SAP ERP systems.
What can you do to restrict the assignment of these roles to only the appropriate users? Note: There are two correct answers to this question.
Respuesta
-
Use transaction SUIM to check the assignment of sensitive roles to users
-
Implement and use the Access request Management module of SAP Governance Risk and Compliance
-
Create appropriate roles and assign these roles to the right users to protect the assignment
-
Configure the audit system to check the usage of sensitive actions
Pregunta 71
Pregunta
You have to setup a Remote Function Call (RFC) connection between a SAP ERP system and a central SAP Netweaver…
What user type do you use to secure these activities?
Respuesta
-
System
-
Dialog
-
Communication
-
Service
Pregunta 72
Pregunta
What are the sequence steps to determine the authorizations for users using the PFCG role administration tool?
Respuesta
-
a. Update the user master records
b. Edit and generate authorization profiles
c. Assign transactions to job descriptions
d. Maintain roles using role maintenance
e. Assign user
-
a. Assign user
b. Maintain roles using role maintenance
c. Assign transactions to job descriptions
d. Edit and generate authorization profiles
e. Update the user master records
-
a. Assign transactions to job descriptions
b. Maintain roles using role maintenance
c. Edit and generate authorization profiles
d. Assign user
e. Update the user master records
-
a. Assign transactions to job descriptions
b. Maintain roles using role maintenance
c. Assign user
d. Update the user master records
e. Edit and generate authorization profiles
Pregunta 73
Pregunta
How do you analyse when and by whom profiles where assigned or deleted?
Respuesta
-
Open the role and review the users tab in the transaction PFCG
-
Run the RSUSR100 report with appropriate filters
-
Start the SM20 transaction to view the security audit log
-
Review the tab profiles in the transaction SU01
Pregunta 74
Pregunta
At what levels of authorization do you differentiate access right within AS ABAP roles? Note: There are two correct answers to this question.
Respuesta
-
Transaction
-
User parameter
-
User type
-
Authorization object
Pregunta 75
Pregunta
What are the goals of SAP Governance Risk Compliance (GRC) Global Trade Services? Note: There are three correct answers to this question.
Respuesta
-
Increase margin contribution
-
Optimize the cross-border supply chain
-
Automate manual tasks
-
Better management of global trade operations
-
Ensure ongoing compliance
Pregunta 76
Pregunta
What can you find in the SAP Solution Manager System Recommendations? Note: There are two correct answers to this question.
Respuesta
-
HotNews
-
Relevant operating system updates
-
Correction notes for ABAP and Java
-
Customer support messages
Pregunta 77
Pregunta
What is mandatory to establish a connection with SAP Support?
Respuesta
-
A domain reverse to establish proxy must be mentioned in the SAP Support ticket
-
SAP service Marketplace system ID must be associated with the support employee
-
The S-User ID and the password of the requestor must be mentioned in the SAP Support ticket
-
The SAProuter must be configured in the customer’s Solution Manager.
Pregunta 78
Pregunta
What does the sap security optimization service deliver? (3)
Respuesta
-
Analyses security vulnerabilities within an enterprise `s SAP Landscape to ensure optimal protection against intrusions
-
Analysis your operating system database and entire SAP system to ensure optimal performance and reliability
-
Check the SAP systems and SAP middleware components against defined configurations
-
Prioritices and delivers results with recommendations to resolve identified vulnerabilities
-
Modifies system parameters to resolve security issues.
Pregunta 79
Pregunta
What user type is recommended for Remote Call Function (RFC) communication in a central user administration (CUA) environment?
Respuesta
-
Dialog
-
System
-
Service
-
Reference
Pregunta 80
Pregunta
Which component are requires to perform changes via the transport system in a secure way? (2)
Respuesta
-
Basis administrator authorizations are assigned to customize the production system
-
S_TRANSPRT authorization object is needed by the transport administrator
-
Developer authorizations must be assigned in production environment
-
TMSADM is needed as the Remote Function Call (RFC) user