SAP Certified Application Associate - SAP Access Control 12.0 C_GRCAC_13 Exam Questions

Answer : B, C

According to the SAP Help Portal, you can perform two activities in Emergency Access Management: perform tasks outside of the normal responsibilities and display a log file of performed activities. Perform tasks outside of the normal responsibilities means that you can use a firefighter ID or a firefighter role to access a target system and perform emergency activities that require elevated authorizations. Display a log file of performed activities means that you can view the usage procedure log or the security audit log of a firefighting session.

Answer : B, C

According to the SAP Help Portal, you can make sure that a risk analysis is performed when you use access request management by setting the Enable Risk Analysis Form on Submission parameter to Yes and configuring the MSMP workflow stage to require a risk analysis. The Enable Risk Analysis Form on Submission parameter allows you to perform a risk analysis before submitting an access request. The MSMP workflow stage configuration allows you to define a risk analysis as a mandatory step in the approval process.

Answer : B, C

According to the SAP Help Portal1, to enable Centralized Emergency Access Management (EAM), two of the steps that are required are: Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO and Set the Application Type parameter for Emergency Access Management to value ID in SAP Access Control. These steps ensure that the EAM configuration is centralized on the GRC system and that the Firefighter IDs are maintained on the GRC system. Therefore, B and C are the correct answers. A and D are not valid steps for enabling Centralized EAM, as they would enable Decentralized EAM instead.E is not a valid step for enabling Centralized EAM, as it would set the Application Type parameter to value Role, which is not supported for Centralized EAM. Reference:1https://help.sap.com/doc/e2ccae7ee6354b169cf845cd665e07fe/1.0%202016-07/en-US/frameset.htm?frameset.htm

Answer : A, D

According to the SAP Help Portal, you can collect two types of logs for an Emergency Access Management session: usage procedure log and security audit log. Usage procedure log is a log that records the actions performed by a firefighter during a firefighting session, such as transactions executed, reports generated, or changes made. Security audit log is a log that records the security-related events that occur during a firefighting session, such as logon attempts, password changes, or authorization checks.

Answer : D

According to the SAP blog1, when you enter the context parameter ITEMNUM into the LINE_ITEM_KEY field in the result set of a BRFplus flat rule, it means that each line item data is evaluated individually when calculating a rule result. The ITEMNUM parameter represents the line item number of the access request.

Answer : A, C

According to the SAP Press blog3, you need to specify the control ID and the risk owner when defining a mitigating control. Control ID is a unique identifier for the mitigating control, and risk owner is the person who is responsible for monitoring and reporting on the mitigating control.

Answer : A, C

According to the SAP Help Portal, you can assign emergency access in Emergency Access Management by assigning a firefighter role to a firefighter in SAP Access Control or by assigning a firefighter ID to a firefighter in SAP Access Control. A firefighter role is a role that contains elevated authorizations for performing emergency activities. A firefighter ID is a dedicated user identity that has elevated authorizations for performing emergency activities.