SAP P_SECAUTH_21 Exam Questions Instant Access

Question 1

Which measures should we implement to protect the PSEs? Note: There are 2 correct

answers to this question.

AReview the usage of the S_ADMI_FCD object

BEncrypt the files with the transaction SNC0

CReview the usage of the S_DATASET object

DRestrict access to the operating system users

Answer : A, D

These are some of the measures that should be implemented to protect the PSEs (Personal Security Environments). PSEs are files that store cryptographic information, such as keys and certificates, for various security purposes, such as SSL, SNC, or SSO. The usage of the S_ADMI_FCD object should be reviewed because it controls the access to PSE administration functions, such as creating, deleting, or displaying PSEs. The access to the operating system users should be restricted because they can access the PSE files directly from the file system and manipulate them. Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true

Question 2

Which communication methods does the SAP Fiori Launchpad use to retrieve business data?

Note: There are 2 correct answers to this question.

AIIOP

BInA

COData

DSNC

Answer : B, C

These are the communication methods that the SAP Fiori Launchpad uses to retrieve business data from various data sources and services. InA (Information Access) is a protocol that enables analytical queries and data visualization using SAP Analytics Cloud or SAP Lumira. OData (Open Data Protocol) is a protocol that enables CRUD (Create, Read, Update, Delete) operations on data using RESTful web services. Reference: https://help.sap.com/viewer/product/SAP_FIORI_LAUNCHPAD/en-US

Question 3

Which authorizations are required for an SAP Fiori Launchpad user? Note: There are 2

correct answers to this question.

A/UI2/PAGE_BUILDER_CUST

B/UI2/INTEROP

C/UI2/PAGE_BUILDER_PERS

D/UI2/CHIP

Answer : B, C

These are some of the authorizations that are required for an SAP Fiori Launchpad user. /UI2/INTEROP is an authorization object that controls the access to interoperability features, such as opening SAP GUI transactions or Web Dynpro applications from the Fiori Launchpad. /UI2/PAGE_BUILDER_PERS is an authorization object that controls the access to personalization features, such as adding or removing tiles or groups from the Fiori Launchpad. Reference: https://help.sap.com/viewer/a7b390faab1140c087b8926571e942b7/7.5.9/en-US/5c3d6d0f6c461014a1d99bc8a4f3a7f9.html

Question 4

How are user group administrators and user groups related in SAP HANA? Note: There are 2

correct answers to this question.

AMultiple user groups per user group administrator

BOnly one user group per user group administrator

CMultiple user group administrators per user group

DOnly one user group administrator per user group

Answer : A, D

User group administrators and user groups are related in SAP HANA in this way: a user group administrator can manage multiple user groups, but a user group can have only one user group administrator. A user group administrator can create, modify, and delete user groups, as well as assign users to them. Reference: https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247d9c0db.html https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247d9c0db.html

Question 5

The security administrator is troubleshooting authorization errors using transaction SU53.

While running transaction MM50, the user received the following error: "You are not

authorized to use transaction MM01 ." The users position in the organization makes it

inappropriate for them to have direct access to transaction MM01 because it creates a

Segregation of Duties conflict. What would cause the system to run an authority check using

object S_TCODE for transaction MM01 while running transaction MM50?

AThe developer who wrote the program for transaction MM50 issues the ABAP command
CALL TRANSACTION for transaction MM01 .

BThe proposal value for the object S_TCODE in the SU24 data for transaction MM50 was
incorrectly set to YES.

CThe instance parameter auth/no_check_in_some_cases has been set to Y.

DMM01 was maintained as the CALLING transaction in table TCDCOUPLES with field
OKFLAG value X.

Answer : A

This would cause the system to run an authority check using object S_TCODE for transaction MM01 while running transaction MM50. The CALL TRANSACTION command is used to start another transaction from within a program. If the user does not have the authorization to execute the called transaction, an error message is displayed and the authority check fails. Reference: https://help.sap.com/doc/abapdocu_751_index_htm/7.51/en-US/abenlogon_check_guidl.htm

Question 6

An end user has indicated that they are getting an authorization error when attempting to call a Transaction Code (TCD). However, the TCD exists in their User Menu. What could be

the issue and where would you check?

AAdditional authorization checks are required for the TC; check in SE93.

BThis user is blocked from calling the TCD; check in SM01 .

CThe TCD is assigned to the user via multiple roles; check in PFCG.

DAn entry in table USRBF prevents them from calling the TCD; check in SE1 6

Answer : A

This could be the issue that causes the end user to get an authorization error when attempting to call a Transaction Code (TCD) that exists in their User Menu. SE93 is a transaction that allows you to create and maintain transaction codes and their properties. One of the properties is the authorization check, which determines whether additional authorization objects are checked when a transaction code is executed. If the authorization check for a transaction code is set to Yes, the user needs to have the corresponding authorization objects in their role or profile, otherwise they will get an error message. Reference: https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9e2e3f6f8e41e8a283aaf2ad2c64c4/content.htm?no_cache=true

Question 7

Which features does SAProuter provide? Note: There are 2 correct answers to this question.

AFiltered and logged network connections

BLoad-balanced RFC connections

CPassword-protected connections

DHTTP conversion into HTTPS connections

Answer : A, C

SAProuter is a software application that acts as an intermediate station between SAP systems and external networks. It provides features such as filtered and logged network connections based on access control lists, password-protected connections using Secure Network Communication (SNC), and encrypted connections using Secure Socket Layer (SSL). Reference: https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_cache=true

SAP Certified Technology Professional - System Security Architect P_SECAUTH_21 Exam Questions