SAP p-secauth-21 practice test

SAP Certified Technology Professional - System Security Architect Exam


Question 1

Based on your company guidelines you have set the password expiration to 60 days. Unfortunately,
there is an RFC user on your SAP system which must not have a password change for 180 days. Which
option would you recommend to accomplish such a request?

  • A. Change profile parameter login/password_expiration_time to 180
  • B. Create a security policy via SECPOL and assign it to tile RFC users
  • C. Create additional authorizations for RFC users and assign it to them
  • D. Create enhancement spot I user-exit
Answer:

B

Discussions

Question 2

You want to carry out some preparatory work for executing the SAP Security Optimization Self-
service on a customer system. Which of the following steps do you have to execute on the managed
systems? Note: There are 2 correct answers to this question.

  • A. Install the ST-A/PI plug-in
  • B. Configure Secure Network Communications
  • C. Configure specific authorizations
  • D. Grant operating system access
Answer:

A, C

Discussions

Question 3

What is the SAP Best Practice to delete a security SAP role in SAP landscape?

  • A. Transport the SAP role and delete the role using Profile Generator
  • B. Delete the SAP role in all clients using Profile Generator
  • C. Delete the SAP role using Profile Generator, and then put it in the transport
  • D. Delete the SAP role in all clients in all systems using Profile Generator
Answer:

A

Discussions

Question 4

You are consolidating user measurement results and transferring them to SAP. What act on do you
take?

  • A. Run report RSUSR200
  • B. Run report RFAUDI06_BCE
  • C. Run report RSLAW_PLUGIN
  • D. Run transact on USMM
Answer:

D

Discussions

Question 5

A security consultant has activated a trace via ST01 and is analyzing the authorization error with
Return Code 12. What does the Return Code 12 signify?

  • A. "Objects not contained in User Buffer"
  • B. "No authorizations and does NOT have authorization object in their buffer"
  • C. "No authorizations but does have authorization object in their buffer"
  • D. "Too many parameters for authorization checks"
Answer:

B

Discussions

Question 6

You have delimited a single role which is part of a composite role, and a user comparison for the
composite role has been performed. You notice that the comparison did NOT remove the profile
assignments for that single role. What program would you run to resolve this situation?

  • A. 0 PRGN_COMPRESS_TIMES
  • B. 0PRGN_COMPARE_ROLE_MENU
  • C. 0 PRGN_DELETE_ACT IVITY_GROUPS
  • D. 0 PRGN_MERGE_PREVIEW
Answer:

A

Discussions

Question 7

You are running a 3-tier SAP system landscape. Each time you are accessing STMS_IMPORT on any of
these systems, you are prompted for a TMSADM password. How can you stop this prompt from
appearing?

  • A. Run the report RSUSR405 on the domain controller.
  • B. Reset the TMSADM user's password on the system you are trying to access STMS_ IMPORT.
  • C. Change the TMSA DM user's password directly in the TMS RFC destination in transact on SM59.
  • D. Run the report TMS_ UPDATE_PWD_OF_TMSADM on the domain controller.
Answer:

D

Discussions

Question 8

Which tasks would you perform to allow increased security for the SAP Web Dispatcher Web
Administration interface? Note: There are 2 correct answers to this question.

  • A. Use a separate port for the content
  • B. Use access restrictions with the icm/HTTP/auth_<xx> profile parameter
  • C. Use subparameter ALLOWPUB = FALSE of the profile parameter icm/server_port_<xx>
  • D. Use Secure Socket Layer (SSL) for password encrypt on
Answer:

A, C

Discussions

Question 9

Which OData authorizations are required for a user to see business data in the SAP Fiori Launchpad?
Note: There are 2 correct answers to this question.

  • A. Start authorization in the SAP Fiori front-end system
  • B. Access authorization in the SAP Fiori front-end system
  • C. Access authorization in the SAP S/4HANA back-end system
  • D. Start authorization in the SAP S/4HANA back-end system
Answer:

A, C

Discussions

Question 10

A system user created a User1 and a schema on the HANA database with some dat
a. User2 is developing modelling views and requires access to objects in User1's schema. What needs
to be done?

  • A. User1 should grant _SYS_REPO with SELECT WITH GRANT privilege
  • B. User2 needs to be granted with the same roles like User1
  • C. System user should grant User2 with SELECT privilege to User 1schema
  • D. ROLE ADMIN needs to be granted to User2
Answer:

C

Discussions
To page 2