PC1212

Which of the following SAP Access Control applications can be mapped to a BRFplus function? There are 3 correct answers to thisquestion. Notification Variables. Service Level Agreements. HR Triggers. Request Multiple Rule Set. Initiators.

You are implementing Access Request Management. Which integration scenarios should assign to the target connector?. PROV, AUTH. PROV, ROLMG. PROV. PROV, ROLMG, SUPMG, AUTH.

Which of the following are required for delivery of the EAM session logs to the controller via the Firefighter Log Report Review Workflow? Note: There are 3 correct answers to this question. Execution of the Firefighter Log Synch. Execution of the EAM Master Data Synch. Configuration of the Agent ID GRAC_SPM_CNTL_AGENT. Execution of the Firefighter Workflow Synch. Assignment of a EAM Owner ID.

Which of the following SAP Fiori business catalogs are delivered for SAP Access Control? Note: There are 2 correct answers question. SAP_GRC_BC_COMMRG_T. SAP_GRC_BC_SCRTYMGR_T. SAP_GRC_BC_COMSPL_T. SAP_GRC_BC_CMPLNCMGR_T.

Which of the following components deliver SAP Fiori for SAP GRC solutions? Note: there are 2 correct answers to this question. SAP_UI. UIGRRMPC. UIBAS001. UIGRAC01.

In Role Reaffirm, wich of the following can review role assignments?. Content Approver. Manager. Assignment Approver. Role owner.

When would be necessary to define a subsequent connector? Note: There are 2 correct answers to this question. When you are defining a cross system risk. When component GRCFND_A requieres multiple SAP NetWeaver instances. When the SAP Fiori launchpath for a target system connects to a central gateway. When all resources are not avaliable on a specific conector.

How can the data synchronized with GRAC_AUTH_SYNCH be used? Note: There are 2 correct anwers to this question. To populate the Role Analysis Dashboard. To populate authorization object text descriptions. To define roles in Business Role Management. To define a new function.

Which of the following reviewer options does User Access Review support?. Manager or Risk Owner. Manager and Risk Owner. Manager and Role Owner. Manager or Role Owner.

Which of the following logs can be collected for an Emergency Access Management session? Note: There are 2 correct answers to this question. Security Audit log. System log. SLG1 Application Log. Usage Procedure log.

You want to confirm the identity of an approver when processing an access request. Which MSMP Workflow stage configuration option can you use?. Approval Level. Confirm Approval. Reaffirm Approval. Comments Mandatory.

What can you use a custom end-user personalization configuration for? Note: There are 3 correct answers to this question. To determine fiels shown in a workflow item. To restrict a user´s ability to approve their own requests. To assign it to an access request template. To assign it to the standard access request. To determine roles that can be assigned on a request.

Which of the following conditions are contained in the MSMP Workflow Routing Rules delivered by SAP? Note: There are 2 correct answers to this question. No Role Owner. Auto Provisioning Failure. SOD Violation. Approver Not Found.

You want to use Access Request Management to provision access in a target system. Which of the following actions are required before access can be provisioned using an access request? Note: There are 2 correct answers to this question. Import role definitions in Business Role Management. Maintain System Provisioning Configuration. Maintain custom End User Personalization settings. Maintain Global Provisioning Configuration.

Which oh the following settings can be configured in both the global and system-specific provisioning configurations? Note: There are 3 correct answers to this question. Override Assignment Type. Deactivate Password. Send Password. Role Delimit Hours. Account Validation Error.

You have created a transportable initiator BRFplus Flat Rule. Which of the following must be active in BRFplus for MSMP Workflow to utilize your new rule? Note: There are 2 correct answers to this question. Path. Application. Package. Expression.

You are configuring a BRFplus fiat rule and you enter the context parameter ITEMNUM into the LINE_ITEM_KEY field in the result set. When the rule is executed, how will line item data be used when calculating a rule result?. It is aggregated. It is evaluated individually. It is averaged. It is compared to other line items.

You want to enable a workflow approval process for changes to the master data for the Access Risk Analysis environment. For which of the following can you enable an approval workflow? Note: There are 2 correct answers to this question. Role. Mitigating Control. Mitigation Assignment. Function.

Which of the following are possible ways to assing emergency access in Emergency Access Management? Note: There are 2 correct answers to this question. Assign a Firefighter ID to a firefighter owner in SAP Access Control. Assign a Firefighter ID to a firefighter in SAP Access Control. Assign a Firefighter role to a firefighter in SAP Access Control. Assign a Fire fighter role to a firefighter in a target system.

Which of the following are functions of the SAP Access Control solution? Note: There are 2 correct answers to this question. Role Provisioning. Privilege Monitoring. Issue Management. Manual Control Effectiveness.

Which of the following items are mandatory for creating an access request template? Note: There are 2 correct answers to this question. Role Assignment. Name. Access Details. EUP ID.

Where can you use a custom field in SAP Access Control? Note: There are 2 correct answers to this question. Simplified Access Request. Control Definition. Agent Rule. End User Personalization.

Which methods can be used to notify a controller of a new EAM session log? Note: There are 2 correct answers to this question. Support Message. Log Display. Email. Workflow.

Which of the following represent an Agent Type within MSMP Workflow configuration? Note: There are 2 correct answers to this question. Approval. User Group in SU01. PFCG Roles. Notification.

Which of the following are prerrequisites for using the Remediation View to remove a role following risk analysis? Note: There are 2 correct answers to this question. The Role Usage Sync job has been executed succesfully. Process ID SAP_GRAC_ROLE_APP has been configured. Role definitions have been maintained in Business Role Management. Process ID SAP_GRAC_ACCESS_REQUEST has been configured.

Which of the following standard roles does SAP deliver for use by the EAM Owner or EAM Controller or both? Note: There are 2 correct answers to this question. SAP_GRIA_SUPER_USER_MGMT_USER. SAP_GRAC_SUPER_USER_MGMT_CNTLR. SAP_GRIA_SUPER_USER_MGMT_ADMIN. SAP_GRAC_SPM_FFID.

Business Role Management provides which of the following capabilities? There are 3 correct answers to this question. Facilitate role creation at the function level. Standardize methodology for role assignment. Enforce real time risk analysis during role certificaton. Align role definitions with business processes. Enable role level emergency access.

Which of the following are prerequisites for implementing Emergency Access Management? Note: There are 2 correct answers to this question. Users and roles that are used for firefighting activities have been created for the SAP Access Control system. Users and roles that are used for firefighting activities have been created in the target system. The repository object sync has been completed. System-specific Firefighter roles have been configured en the SAP Access Control customizing settings.

You want to generate an MSMP rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST. Which type of rule can you generate? Note: There are 2 correct answers to this question. Function Module. BRFplus Rule. Decision Table. Function.

You are tasked with configuring SAP Access Control to retrieve user and authentication information SAP Access Control supports a connector configuration for wish of the following functions? Note: there are 2 correct answers to this questions. User Search Data Source data type HR. End User Verification SU01. User Authentication Data Source data type IDM. User Detail Data Source data type SU01.

SAP Governance, Risk and Compliance solutions are organized along 4 key themes. Which of the following are key themes? Note: there are 3 correct answers to this question. Access Governance. Cybersecurity and Data Protection. Enterprise Risk and Compliance. Business Integrity Screening. Audit management.

Which of the following rule sets are delivered in SAP Access Control? Note : there are 3 correct answers to this question. GRAC_RA_RULESET_SAP_HANA. GRAC_RA_RULESET_ERP. GRAC_RA_RULESET_JDE. GRAC_RA_RULESET_S4HANA_ALL. GRAC_RA_RULESET_COMMON.

Which component plug-ins contain SAP Access Control functionality for SAP S/4HANA? Note: There are 2 correct answers to this question. UIGRAC01. GRCPINW. GRCFND_A. GRCPIERP.

SAP delivers multiple MSMP Process IDs. You want implement an MSMP Workflow that targets your SAP S/4HANA system. Which BC Set do you need to activate as a prerequisite?. BC Set GRAC_RA_RULESET_S4HANA_CORE. BC Set GRAC_ROLE_MGMT_LANDSCAPE. BC Set GRAC_DT_REQUEST_DISPLAY_SECTIONS. BC Set GRC_MSMP_CONFIGURATION.

Your compliance team requires that all changes to access rules be auditable in the SAP Access Control application. Which of the following change logs do you enable?. Access Rule. Function. Role. Critical Role. Rule Set.

Which of the following are required to enable Cetralized Emergency Access Management(EAM)? Note: There are 2 correct answers to this question. Set the Enable Decentralized Firefighting parameter for Emergency Access Management to YES. Set the application Type parameter for emergency Access Management To value ID in SAP Access Control. Set the application Type parameter for emergency Access Management to value Role in the target system GRC plug-in. Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO.

Which of the following are prerequisites for scheduling a Role Usage Sync in SAP Access Control? Note: There are 2 correct answers to this question. GRCPINW plug-in has been deployed on target system. An action usage sync has been completed. GRCPIERP plug-in has been deployed on target system. An authorization sync has been completed.

In the SAP GRC landscape, which of the following activities must be taken to ensure that an update to the access risk rule set in the development system will be avaiable for risk analysis in the production system? Note: There are 2 correct answers to this question. The access risk rules must be downloaded from the development system and uploaded into the production system. The connector to the production system must be configured as the Production Environment under Access Control -> Maintain Connector Settings. Access risk rules must be generated and inserted inte the corresponding tables in the production system. Each change to a Function ID or Risk ID must be saved to its own transport request and imported into the access risk rule set in the production system.

You want to generate a BRF plus Initiator Rule that utilizes an expression of type Decision Table for the SAP_GRAC_ACCESS_REQUEST MSMP Process ID. Which rule types can you use? Note: There are 2 correct answers to this question. BRFplus Flat Rule. Funtion Module Based Rule. BRFplus Rule. Class Based Rule.

In Business Role Management, which of the following activities can beincorporated and enforced in a Role Metodology. 3 Correct. Certification. Testing. Derivation. Mitigation. Provisioning.

What are condition groups used for in Business Role Management? Note: There are 2 correct answers to this question. Role Methodology. Organizational Value Mapping. Role Owners. Role Naming Convention.

You want to configure your MSMP Workflow stage definition to ensure that a workflow request that has NOT been processed after a certain period of time can be escalated and approved by another approver. Which of the following options can you use to configure escalation? Note: There are 3 correct answers to this questions. Skip to the Next Stage. Escalate to Specified Agent. Define an Alternate Approver. Maintain Fallback Receiver. Use Defaults.

Which of the following must be specified when defining a mitigating control? Note: There are 2 correct answers to this question. Organization. Risk Owner. Report. Control ID.

Which of the following are required to create a role in SAP Access Control? Note: There are 3 correct answers to this question. Naming Convention. Business Process. Role Methodology. Owners/Approvers. Projet Release.

Which of the following jobs should be executed before you schedule a User Access Review (UAR)?. Action Usage Sync. Generate data for access request UAR review. Update Workflow for UAR request. Repository Object Sync.

You have created a BRFplus Initiator Role for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. However the Decision Table was not generated. Where can you manually create a Top Expression for your rule?. Function. Data Object. Expression. Application.

You want to use the User Analysis Dashboard to evaluate Segregation of Duties violations after your most recent batch risk analysis has completed. However, when reviewing the data you realice that the dashboard does not display all of your current users. What do you need do to correct the problem?. Execute the Authorization Synch and then re-execute the user level batch risk analysis. Execute the Action Usage Sync followed by the Role Usage Sync and then re-execute the user level batch risk analysis. Execute the repository Object Sync and then re-execute the user level batch risk analysis. Execute the user level batch risk analysis again and remove any exclude objects.

Activation of which of the following BC Sets is a prerequisite for activating the GRAC_RA_RULESET_S4HANA_FIORI?. GRAC_RA_RULESET_SAP_BASIS. GRAC_RA_RULESET_SAP_HANA. GRAC_RA_RULESET_SAP_S4HANA_ALL. GRAC_RA_RULESET_COMMON.

You want to create an anitiator rule in BRFplus that will route a request to a path and a specific approver based upon the role Business Process. Which of the following structures contains the attribute you need?. GRAC_S_REQUEST_RULE_LINE. GRAC_DT_REQUEST_FIELD_LABELS. GRFN_MW_S_AGENT_ID. GRAC_S_BRF_ROLE_ATT.

Which of the following represent a Rule Kind wen configuring MSMP Workflow? Note: There are 2 correct answers in this questions. Function Module. Decision Table. Agent. Notification Variable.

The Consolidated Log Report provides data from which of the following?. ABAP dump information. SQL command execution. ABAP debug information. ABAP trace execution.

You want to configure SAP Access Control to generate alerts to help manage compliance. What are the available alert capabilities that can be configured? Note: There are 3 correct answers to this question. Identify a user who has executed a critical action and open a support desk message. Identify a user who has executed conflicting functions. Identify a user who has executed conflicting functions and open a support desk message. Identify a user who has executed a critical action an generate an email notification. Identify a control monitor who has failed to execute defined reports in a timely fashion.

You are using the End User Login Page link configured in SAP Access Control. What option are provided for you to use? Note: There are 3 correct answers to this question. Create a Simplified Access Request. Review role assignments. Specify Appover Delegation. Submit a Template Request. Register Security Questions.

Which of the following Business Configuration (BC) sets configure a connector group in SAP Access Control? Note: There are 3 correct answers to this question. GRAC_ROLE_MGMT_LANDSCAPE. GRAC_RA_RULESET_BASIS. GRAC_ACCESS_REQUEST_APPL_MAPPING. GRAC_RA_RULESET_PSOFT. GRAC_RA_RULESET_COMMON.

How can you make sure that a risk analysis is performed when you use access request management? Note: There are 2 correct answers to this question. Configure the MSMP workflow path to require a risk analysis. Configure the MSMP workflow stage to require a risk analysis. Set the Enable Risk Analysis Form on Submission parameter to Yes. Set Enable Offline Risk Analysis parameter to Yes.

You are creating an Initiator rule and want to buil a condition usig header attributes. Which of the following attibutes can you use? Note: There are 2 correct answers to this question. Company. Functional Area. Subprocess. Prerequisite.

You are maintaining an anitiator rule in MSMP Workflow. Which of the folowing must you specify? Note: There are 2 correct answers to this question. Rule Result. Process Initiator. Notification Rule. Rule Type.

What are provisioning types that can be used with Auto-Provisioning? Note: There are 2 correct answers to this question. End of request. End of each path. Indirect. Direct.

You are configuring your MSMP Workflow path and you want to allow an approver to decide which type of provisioning should accour upon approval. Which configuration options provide this capability? Note: There are 2 correct answers to this question. Set stage task setting to Override Assignment Type. Set global provisioning option for auto-provisioning to manual provisioning. Set system provisioning option for auto-provisioning to manual provisioning. Set stage task setting to Allow Manual Provisioning.

Which of the following are Service Level Agreement time frame options? Note: There are 2 correct answers to this question. Fixed by Date. Fixed bi-weekly. Fixed by number of days. Fixed by Month.

You are updating an MSMP Workflow. You want the update to apply to both new and existing request that have not yet been processed. What must you configure to achieve this result?. Access Request Validation Parameters. Stage Details. EUP. Task Settings.

Why might you integrate Business Role Magement with Business Rules Framework? Note: There are 2 correct answers to this question. Determine role owner. Determine role type. Determine role naming convention. Determine role methodology.

You are creating a mitigating control. How do you specify on which system and client the control is executed?. Assign a risk definition to the control for the desired system. Assign a rule set for the desired system. Assign an approver or monitor from the desired system. Assign one or more reports to the control from the desired system.

Which of the following steps are part of the SoD Risk Management Process for rule set imprementation and Access Risk Analysis? Note: There are 3 correct answers to this question. Remediation. Analysis. Risk Recognition. Activation. Role Building and Validation.

Which of the following reviewer options does SoS Review support?. Manager or Role Owner. Manager and Role owner. Manager or Risk Owner. Manager and Risk Owner.

You have been asked to change the email message delivered to an end user when their access request is rejected. Which of the following actions should you do? Note: There are 3 correct answers to this question. Define a custom notification template in table GRFNVNOTIFYMSG. Replace the SAP standard document object for the message class with a custom document object. Update the required text for the standard document object. Update the required text using a copy of the standard document object. Configure the Notification Event for all relevant paths and stages in MSMP Workflow.

You are configuring the role of connectors in a landscape. When mapping Action 004 Provisioning, what must you ensure?. All connectors in the landscape using provisioning must be mapped as Default to Action 004 Provisioning as Default. All connectors classified as Production that are mapped to the PROV Integration Scenario must be mapped to Action 004 Provisioning. All conectors in the landscape must be mapped to Action 004 Provisioning. All connectors in the landscape using privisioning must be mapped to Action 004 Provisioning wiht one connector marked as Default.

Business Role Management provides which of the following standard reports? Note: There are 3 correct answers to this question. User by Logon Date and Password Change. Embedded Action Calls in Programs of SAP System. PFCG Change History. Role Relationships with User/User Group. Transaction Executable for User.

You are maintaining the Mapping for Actions and Connector Groups Activity in Customizing. Which of the following events should be mapped to the target development system as default when using Business Role Management? Note: There are 2 correct answers to this question. Provisioning. Authorization Maintenance. Role Risk Analysis. Role Generation.

Which of the following task can you complete using the Role Certification process? Note: There are 2 correct answers to this question. Send email notification for role review. Send work item for role review. Determine if the role is designed correctly. Determine if the role is assigned correctly.

You have configured a workflow to require an approval for updates to a function that is contained within a delivered SAP risk. What else must you do enable the approval process?. Set the 1063 Risk Maintenance parameter to YES. Set the 1064 Function Maintenance parameter to YES. Activate the SAP_GRAC_RISK_APPR MSMP Process ID. Activate the SAP_GRAC_FUNC_APPR MSMP Process ID.

In which order does GRAC_REPOSITORY_OBJECT_SYNC execute the following programs?. 1. User Sync 2. Role Sync 3. Role Search Syn 4. Profile Sync. 1. Profile Sync 2. Role Sync 3. User Sync 4. Role Search Sync. 1. Role Sync 2. Profile Sync 3. User Sync 4. Role Search Sync. 1. Profile Sync 2. Role Sync 3. Role Search Sync 4. User Sync.

You want to deploy the End User Logon Page for the users. Which of the following actions must you perform for this page to be avaiable? Note: there are 2 correct answers to this question. Activate Web Dynpro service. Activate End User Logon for each target connector. Configure default user for application logon. Maintain target system RFC Destination.

Which of the following activities can you do in Emergency Access Management (EAM)? Note: There are 2 correct answers to this question. Log on to the Firefighter ID directly wiht a password. Maintain EAM master data in the back-end system. Perform tasks outside of the normal responsabilities. Display a log file of performed activities.

It is mandatory for a Firefighter ID to be assigned to which of the following?. Firefighter ID Controller. Firefighter ID Owner. Firefighter ID Owner and Firefighter ID Controller. Firefighter.

Which of the following allows you to control how many access requests can be active for a user and a system at the same time?. BRFplus flat rule. AC Parameter Configuration. Stage Details. End User Personalization.

How can you ensure that a coordinator has the opportunity to review UAR request assignments?. Maintain the GRAC_COORDINATOR agent at the approval stage in MSMP Process ID SAP_GRAC_USER_ACCESS_REVIEW. Set the Admin review required before sending tasks to reviewers parameter for UAR to YES. Set the Who are the reviwers? Parameter for UAR to COORDINATOR. Schedule the Generate new request for UAR rejected request job.

Which of the following solutions are delivered in component GRCFND_A?. SAP Risk Management. SAP Global Trade Services. SAP Audit Management. SAP Access Control.

You want to create a transportable BRFplus Routing Rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. What must be done in order for your rule to be transportable?. You must assing a package to the Function after you generate the rule. You must assing a package to the Aplication before you generate the rule. You must assing a package to the Function before you generate the rule. You must assing a package to the Aplication after you generate the rule.

You want to configure Password Self Service (PSS) to alllow your end users to reset their password and process changes to their name. Which of the following actions are required before PSS can be used?. Activate PSS for User Authentication Data Source in activity Maintain Data Source Configuration. Map the PSS Application to a BRFplus function ID in activity Maintain AC Applications and BRFplus Function Mapping. Activate PSS manually for each target connector in activity Maintain Connector Settings. Activate PSS manually for each target connector group in activity Maintain Connectors and Connection Types.