SAP Certified Technology Professional - System Security Architect P_SECAUTH_21 Exam Practice Test

Page: 1 / 14
Total 80 questions
Question 1

Which features does SAProuter provide? Note: There are 2 correct answers to this question.



Answer : A, C

SAProuter is a software application that acts as an intermediate station between SAP systems and external networks. It provides features such as filtered and logged network connections based on access control lists, password-protected connections using Secure Network Communication (SNC), and encrypted connections using Secure Socket Layer (SSL). Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true


Question 2

What does return code 1 2 mean when performing STAUTHTRACE?



Answer : C

Return code 12 means that the user does not have the required authorization for an authority check but does have the authorization object in the user buffer. This means that the user has some values for the authorization object but not the ones that are needed for the specific check. Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true


Question 3

Which measures should we implement to protect the PSEs? Note: There are 2 correct

answers to this question.



Answer : A, D

These are some of the measures that should be implemented to protect the PSEs (Personal Security Environments). PSEs are files that store cryptographic information, such as keys and certificates, for various security purposes, such as SSL, SNC, or SSO. The usage of the S_ADMI_FCD object should be reviewed because it controls the access to PSE administration functions, such as creating, deleting, or displaying PSEs. The access to the operating system users should be restricted because they can access the PSE files directly from the file system and manipulate them. Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true


Question 4

An end user has indicated that they are getting an authorization error when attempting to call a Transaction Code (TCD). However, the TCD exists in their User Menu. What could be

the issue and where would you check?



Answer : A

This could be the issue that causes the end user to get an authorization error when attempting to call a Transaction Code (TCD) that exists in their User Menu. SE93 is a transaction that allows you to create and maintain transaction codes and their properties. One of the properties is the authorization check, which determines whether additional authorization objects are checked when a transaction code is executed. If the authorization check for a transaction code is set to Yes, the user needs to have the corresponding authorization objects in their role or profile, otherwise they will get an error message. Reference: https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9e2e3f6f8e41e8a283aaf2ad2c64c4/content.htm?no_cache=true


Question 5

Which of the following user types can be used to log on interactively? Note: There are 2

correct answers to this question.



Answer : A, B

Dialog and Communication are two user types that can be used to log on interactively to an SAP system. Dialog users are normal users who can access the system using a graphical user interface (GUI) or a web browser. Communication users are users who access the system using communication protocols, such as RFC or HTTP. Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true


Question 6

What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note:

There are 3 correct answers to this question.



Answer : B, C, E

You can maintain these aspects in transaction SU24 to reduce the overall maintenance in PFCG. By doing so, you can define which authorization objects are checked by default for each transaction code, what values are proposed for each authorization field, and which authorization objects are excluded from the proposal. This way, you can avoid manual adjustments in PFCG and ensure consistency across roles. Reference: https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a42189c.html https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a42189c.html


Question 7

What are characteristics of SAP HANA Deployment Infrastructure (HDI) roles? Note: There are 2 correct answers to this question.



Answer : B, C

These are some of the characteristics of SAP HANA Deployment Infrastructure (HDI) roles. HDI roles are roles that are defined and deployed as part of HDI containers, which are isolated units of database objects and data in SAP HANA systems. HDI roles are managed by the native HDI version control, which tracks changes and dependencies among HDI objects and artifacts. HDI roles are granted using database procedures, such as GRANT_CONTAINER_GROUP_ROLE or GRANT_CONTAINER_SCHEMA_ROLE, which enable dynamic role assignments based on container groups or schemas. Reference: https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/fafcbcf9d9101014b3d9a08ce33d9640.html


Page:    1 / 14   
Total 80 questions