SAP C_GRCAC_13 Exam Practice Test Instant Access

Question 1

Which of the following are required to enable Centralized Emergency Access Management (EAM)? Note: There are 2 correct answers to this question.

ASet the Enable Decentralized Firefighting parameter for Emergency Access Management to YES

BSet the Enable Decentralized Firefighting parameter for Emergency Access Management to NO

CSet the Application Type parameter for Emergency Access Management to value ID in SAP Access Control

DYou are configuring the role of connectors in a landscape.

ESet the Application Type parameter for Emergency Access Management to value Role in the target system GRC plug-in.

Answer : B, C

According to the SAP Help Portal1, to enable Centralized Emergency Access Management (EAM), two of the steps that are required are: Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO and Set the Application Type parameter for Emergency Access Management to value ID in SAP Access Control. These steps ensure that the EAM configuration is centralized on the GRC system and that the Firefighter IDs are maintained on the GRC system. Therefore, B and C are the correct answers. A and D are not valid steps for enabling Centralized EAM, as they would enable Decentralized EAM instead.E is not a valid step for enabling Centralized EAM, as it would set the Application Type parameter to value Role, which is not supported for Centralized EAM. Reference:1https://help.sap.com/doc/e2ccae7ee6354b169cf845cd665e07fe/1.0%202016-07/en-US/frameset.htm?frameset.htm

Question 2

You have created a BRFplus Initiator Rule for MSMP Process ID SAP GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES. However, the Decision Table was not generated. Where can you manually create a Top Expression for your rule?

AExpression

BFunction

CApplication

DData Object

Answer : B

a BRFplus Initiator Rule for MSMP Process ID SAP GRAC_ACCESS_REQUEST is a Function Module rule that can be created using transaction GRFNMW_DEV_RULES. However, if the Decision Table was not generated automatically, it can be manually created as a Top Expression for the rule in the Function tab of the BRFplus application. Therefore, B is the correct answer.A, C, and D are not valid options for creating a Top Expression for a rule. Reference:1https://blogs.sap.com/2014/09/24/build-a-simple-brf-initiator-rule/

Question 3

You are configuring your MSMP Workflow path and you want to allow an approver to decide which type of provisioning should occur upon approval. Which configuration options provide this capability? Note: There are 2 correct answers to this question.

ASet stage task setting to Allow Manual Provisioning

BSet system provisioning option for auto-provisioning to manual provisioning

CSet stage task setting to Override Assignment Type

DSet global provisioning option for auto-provisioning to manual provisioning

Answer : A, C

According to the SAP Help Portal2, there are two configuration options that provide the capability to allow an approver to decide which type of provisioning should occur upon approval: Set stage task setting to Allow Manual Provisioning and Set stage task setting to Override Assignment Type. These settings can be configured in the Maintain Stages step of the MSMP Workflow configuration.Setting the system or global provisioning option for auto-provisioning to manual provisioning does not allow the approver to choose the type of provisioning, but rather forces all requests to be manually provisioned. Reference:2https://help.sap.com/doc/e2ccae7ee6354b169cf845cd665e07fe/1.0%202016-07/en-US/frameset.htm?frameset.htm

Question 4

Which of the following SAP Fiori business catalogs are delivered for SAP Access Control? Note: There are 2 correct answers to this question.

ASAP_GRC_BC_SCRTYMGR_T

BSAP_GRC_BC_COMSPL_T

CSAP_GRC_BC_COMMRG_T

DSAP_GRC_BC_CMPLNCMGR_T

Answer : B, D

According to the SAP Blogs1, SAP Fiori business catalogs are collections of apps that are organized by business roles or tasks. SAP Access Control delivers four business catalogs for different user groups: SAP_GRC_BC_COMSPL_T for Compliance Specialist, SAP_GRC_BC_CMPLNCMGR_T for Compliance Manager, SAP_GRC_BC_SCRTYMGR_T for Security Manager, and SAP_GRC_BC_AUDITOR_T for Auditor. Therefore, B and D are the correct answers.C is not a valid business catalog for SAP Access Control, and A is a business catalog for Security Manager, not Compliance Manager. Reference:1https://blogs.sap.com/2020/06/30/sap-fiori-solution-for-sap-access-control/

Question 5

How can you ensure that a coordinator has the opportunity to review UAR request assignments?

AMaintain the GRAC_COORDINATOR agent at the approval stage in MSMP Process ID SAP GRAC_USER_ACCESS_REVIEW

BSchedule the Generate new request for UAR rejected request job

CSet the Who are the reviewers? parameter for UAR to COORDINATOR

DSet the Admin review required before sending tasks to reviewers parameter for UAR to YES

Answer : D

According to the SAP wiki3, you can ensure that a coordinator has the opportunity to review UAR request assignments by setting the Admin review required before sending tasks to reviewers parameter for UAR to YES. This parameter controls whether a coordinator can review and modify the UAR request assignments before they are sent to reviewers.

Question 6

You want to use the User Analysis Dashboard to evaluate Segregation of Duties violations after your most recent batch risk analysis has completed. However, when reviewing the data you realize that the dashboard does not display all of your current users. What do you need do to correct the problem?

AExecute the Authorization Synch and then re-execute the user level batch risk analysis.

BExecute the user level batch risk analysis again and remove any exclude objects.

CExecute the Repository Object Sync and then re-execute the user level batch risk analysis.

DExecute the Action Usage Sync followed by the Role Usage Sync and then re-execute the user level batch risk analysis.

Answer : C

According to the SAP blog1, you need to execute the Repository Object Sync and then re-execute the user level batch risk analysis to correct the problem of missing users in the User Analysis Dashboard. The Repository Object Sync is a job that synchronizes objects such as users, roles, profiles, or transactions from connected systems into the SAP Access Control repository. The user level batch risk analysis is a job that performs a risk analysis for all users in the system and updates the risk violation tables.

Question 7

Which of the following are prerequisites for implementing Emergency Access Management? Note: There are 2 correct answers to this question.

AUsers and roles that are used for firefighting activities have been created in the target system.

BThe repository object sync has been completed.

CUsers and roles that are used for firefighting activities have been created for the SAP Access Control system.

DSystem-specific Firefight roles have been configured in the SAP Access Control customizing settings.

Answer : A, B

According to the SAP Help Portal, you need to perform two prerequisites for implementing Emergency Access Management: creating users and roles that are used for firefighting activities in the target system and executing the repository object sync. The users and roles that are used for firefighting activities are the firefighter ID, firefighter role, firefighter owner, and firefighter controller. The repository object sync is a job that synchronizes objects such as users, roles, profiles, or transactions from connected systems into the SAP Access Control repository.

SAP C_GRCAC_13 SAP Certified Application Associate - SAP Access Control 12.0 Exam Practice Test