Question No : 1
How can you ensure that a coordinator has the opportunity to review UAR request assignments?

• A.Set the Admin review required before sending tasks to reviewers parameter for UAR to YES
• B.Schedule the Generate new request for UAR rejected request job
• C.Maintain the GRAC_COORDINATOR agent at the approval stage in MSMP Process ID SAP_GRAC_USER_ACCESS_REVIEW
• D.Set the Who are the reviewers? parameter for UAR to COORDINATOR

Show Answers

Answer:

Question No : 2
1.You want to generate a BRFplus Initiator Rule that utilizes an expression of type Decision Table for the SAP_GRAC_ACCESS_REQUEST MSMP Process ID.
Which rule types can you use? Note: There are 2 correct answers to this question.
A. Class Based Rule
B. Function Module Based Rule
C. BRFplus Flat Rule
D. BRFplus Rule

Show Answers

Answer:A,D

BRFplus (Business Rule Framework plus) is an important part of SAP's approach to enable business rule management. In the context of SAP Access Control and Multi-Stage, Multi-Path (MSMP) workflows, BRFplus is used to create rules for routing, agent determination, notifications, and so on.

To generate a BRFplus Initiator Rule that utilizes an expression of type Decision Table for the SAP_GRAC_ACCESS_REQUEST MSMP Process ID, you can use the following rule types:

A. Class Based Rule
D. BRFplus Rule

BRFplus Flat Rules (C) are used for simple calculations and don't utilize Decision Tables. Function Module Based Rules (B) are a different way to define logic that does not utilize BRFplus.

Question No : 3
Why might you integrate Business Role Management with Business Rules Framework? Note: There are 2 correct answers to this question.
A. Determine role owner
B. Determine role methodology
C. Determine role business area
D. Determine role naming convention

Show Answers

Answer:A,D

The integration of Business Role Management with Business Rules Framework (BRFplus) in SAP can help streamline and automate various processes. In the context of this question, the correct answers are:

A. Determine role owner
D. Determine role naming convention

BRFplus can be used to define business rules for determining the role owner based on certain attributes or conditions. Similarly, it can be used to define rules for the role naming convention, ensuring consistency across the organization. The role methodology and role business area are typically determined during the design and implementation phase of the SAP security model, not through the integration of Business Role Management with BRFplus.

Question No : 4
Which of the following are required to enable Centralized Emergency Access Management (EAM)? Note: There are 2 correct answers to this question.

• A.Set the Application Type parameter for Emergency Access Management to value ID in the target system UGRC plug-in
• B.Set the Application Type parameter for Emergency Access Management to value ID in SAP Access Control
• C.Set the Enable Decentralized Firefighting parameter for Emergency Access Management to YES
• D.Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO

Show Answers

Answer:

Question No : 5
You are tasked with configuring SAP Access Control to retrieve user and authentication information. SAP Access Control supports connector configuration for which of the following functions? Note: There are 3 correct answers to this question.
A. User Search Data Source
B. User Detail Data Source
C. End User Verification
D. User Identity Federation
E. User Identity Management

Show Answers

Answer:A,B,E

When configuring SAP Access Control to retrieve user and authentication information, you can utilize the following functions:

A. User Search Data Source
B. User Detail Data Source
E. User Identity Management

User Search Data Source and User Detail Data Source are configurations that allow SAP Access Control to retrieve user data from connected systems. User Identity Management refers to managing identities of users across multiple systems, which includes retrieving and managing user and authentication information.

Option C, End User Verification, and option D, User Identity Federation, while important in the broader context of access control and identity management, are not specific functions supported for connector configuration in SAP Access Control.

Question No : 6
Which of the following are features of a business role in SAP Access Control? Note: There are 2 correct answers to this question.

• A.They can be viewed in transaction PFCG
• B.They are provisioned on target systems
• C.They represent a job function
• D.They contain one or more technical roles

Show Answers

Answer:

Question No : 7
SAP developed a three phase, six step SoD Risk Management Process for use when implementing Access Risk Analysis.
Which of the following steps are a part of this process? Note: There are 3 correct answers to this question.
A. Risk Recognition
B. Mitigation
C. Analysis
D. Role Building and Analysis
E. Rule Set Design

Show Answers

Answer:A,B,E

The three-phase, six-step SoD (Segregation of Duties) Risk Management Process developed by SAP for implementing Access Risk Analysis includes the following steps:

A. Risk Recognition
B. Mitigation
E. Rule Set Design

Risk Recognition refers to the identification of potential risks. Mitigation refers to the strategies and actions taken to reduce or eliminate identified risks. Rule Set Design is about defining and establishing rules that manage identified risks.

Option C. Analysis, while an important aspect of risk management, is not specifically called out as one of the six steps in the SAP SoD Risk Management Process.

Option D. Role Building and Analysis, while part of the broader SAP security and governance process, is not specifically identified as a step in the three-phase, six-step SAP SoD Risk Management Process.

Question No : 8
Which of the provisioning types can be used with Auto-Provisioning? Note: There are 2 correct answers to this question.
A. Direct provisioning
B. Indirect provisioning
C. Manual provisioning
D. Global provisioning

Show Answers

Answer:A,B

Auto-Provisioning in SAP Access Control allows for automatic assignment or removal of access in the target systems. It can be used with the following provisioning types:

A. Direct provisioning
B. Indirect provisioning

Direct provisioning occurs when access is automatically provisioned to the target system immediately upon approval of the access request. Indirect provisioning, on the other hand, refers to scenarios where provisioning is dependent on a triggering event other than the approval of an access request, such as changes in HR data.

Option C, Manual provisioning, is not compatible with Auto-Provisioning, as it requires manual intervention to assign or remove access.

Option D, Global provisioning, does not exist as a distinct provisioning type in the context of SAP Access Control as of my knowledge cutoff in September 2021. For the most current information, it is recommended to refer to the latest SAP Access Control documentation or SAP Support.

Question No : 9
Which of the following are possible ways to assign emergency access in Emergency Access Management? Note: There are 2 correct answers to this question.

• A.Assign a Firefighter ID to a firefighter owner in SAP Access Control
• B.Assign a Firefighter ID to a firefighter in SAP Access Control
• C.Assign a Firefighter role to a firefighter in SAP Access Control
• D.Assign a Firefighter role to a firefighter in a target system

Show Answers

Answer:

Question No : 10
Risk Terminator provides the capability to execute a user level risk analysis for which of the following tools? Note: There are 2 correct answers to this question.

• A.SCUA
• B.PA30
• C.SU01
• D.PFCG

Show Answers

Answer: