This page was exported from Valid Premium Exam [ http://premium.validexam.com ] Export date:Fri Sep 20 0:59:26 2024 / +0000 GMT ___________________________________________________ Title: [Dec 22, 2023] Valid P_SECAUTH_21 Test Answers & SAP P_SECAUTH_21 Exam PDF [Q12-Q33] --------------------------------------------------- [Dec 22, 2023] Valid P_SECAUTH_21 Test Answers & SAP P_SECAUTH_21 Exam PDF Realistic P_SECAUTH_21 Exam Dumps with Accurate & Updated Questions The Certified Technology Professional - System Security Architect certification program is aimed at professionals who are responsible for designing, implementing, and maintaining secure SAP systems. P_SECAUTH_21 exam covers a range of topics such as architecture and design, security concepts, risk management, and compliance. It also includes practical applications of system security architecture in SAP environments.   NO.12 What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note: There are 3 correct answers to this question.  The default values so they are appropriate for the transactions used in the roles  The authorization objects that are not linked to transact on codes correctly  The default values in the tables USOBX and USOBT  The default authority check settings for the role maintenance tool  The authorization objects that have unacceptable default values NO.13 The SAP HANA database is installed with multi database container (MDC) mode with multiple tenant databases configured. What are the required activities to enable access between tenants? Note: There are 2 correct answers to this question.  Create user mapping between local and remote tenant databases  Configure smart data access (SDA) between the relevant HANA tenants  Set whitelist of cross-tenant database communication channel  Decrease the level of isolation mode on all MDC tenants NO.14 You want to check the custom ABAP codes in your system for security vulnerabilities and you want to use the SAP Code Vulnerability Analyzer to carry out these extended security checks. What need to be done for this purpose? Note: There are 2 correct answers to this question  Run SAP Code Vulnerability Analyzer from the ABAP Test Cockpit  Run SAP Code Vulnerability Analyzer from the transaction ST01  Run the transaction ST12 to start the analysis  Run the extended syntax check from the SLIN transaction NO.15 What authorization objects do we need to create job steps with external commands in a background job? Note: There are 2 correct answers to this question.  S_ADMI_FCD  S_LOG_COM  S_RZL_ADM  S_BTCH_EXT NO.16 What information constitutes an indirect connection to an individual, in the context of GDPR? Note: There are 3 correct answers to this question  National Identifier  Postal Address  Date of Birth  License plate number  IP Address NO.17 Which basis transaction provides an optimized user interface for evaluating authorization checks only?  STAUTHTRACE  RSECADMIN  ST01  ABAP_TRACE NO.18 For which purpose do you use instance Secure Storage File System (SSFS) in an SAP HANA system? Note: There are 2 correct answers to this question.  To protect the password of the root key backup  To store root keys for data volume encryption  To store the secure single sign-on configuration  To protect the X.509 public key infrastructure certificates NO.19 What authorization object is checked when a user selects an ABAP Web Dynpro application to run?  S_SERVICE  S_PROGRAM  S_START  S_TCODE ExplanationThe authorization object S_SERVICE is checked when a user selects an ABAP Web Dynpro application to run. This authorization object controls the access to Web services and Web Dynpro applications based on the service name and type. References:https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_NO.20 Who can revoke a runtime role from a user in the SAP HANA tenant database? Note: There are 2 correct answers to this question.  The granting user  Anyone with “ROLE ADMIN”  The owner of the HDI container  The DBACOCKPIT user ExplanationThese are some of the users who can revoke a runtime role from a user in the SAP HANA tenant database. A runtime role is a role that is granted dynamically to a user when they connect to a database using an application or service, such as XSODATA or XSJS. A runtime role can be revoked by the user who granted it, or by anyone who has the “ROLE ADMIN” system privilege, which allows them to create, grant, and revoke roles in the database. References:https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/fafcbcf9d9101014b3d9a08ce33NO.21 Which type of systems can be found in the Identify Provisioning Service landscape? Note: There are 2 correct answers to this question  Identify Provider  Source  Proxy  Service Provider NO.22 How are assertion tickets used?  They are used for user-to-system trusted login.  They are used for encrypting Web service communication.  They are used for system-to-system encryption.  They are used for system-to-system communication. ExplanationAssertion tickets are used for system-to-system communication in SAP systems. They are based on the SAML (Security Assertion Markup Language) standard and contain information about the identity and attributes of a user or a system. Assertion tickets can be used to establish trust relationships between systems and enable single sign-on scenarios. References:https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_NO.23 What are characteristics of SAP HANA Deployment Infrastructure (HDI) roles? Note: there are 2 correct answers to this question.  They are transportable between systems  They are granted using database procedures  They are managed by the native HDI version control.  They are owned by the user who creates them NO.24 Your customer runs a 3-tier environment You are asked to set up controls around monitoring the sensitive objects (such as programs, user-exits, function modules) in a development system before they are transported to the quality assurance system.Which table would you maintain to monitor such sensitive objects before executing an import?  TMSCDES  TMSBUFFER  TMSMCONF  TMSTCRI NO.25 Which authorizations should you restrict when you create a developer role in an AS ABAP production system? Note: There are 2 correct answers to this question.  The ability to use the ABAP Debugger through authorization object S_DEVELOP  The ability to run class methods through authorization object S_PROGRAM  The ability to run queries through authorization object S_QUERY  The ability to run function modules through authorization object S_DEVELOP ExplanationDevelopers should not be able to use the ABAP Debugger or run function modules in a production system, as these actions could compromise the system integrity and security. Authorization object S_DEVELOP controls both these activities and should be restricted for developers in a production system. References:https://help.sap.com/viewer/68bf513362174d54b58cddec28794093/7.5.20/en-US/4a0c1f51bb571014e10000000https://help.sap.com/viewer/68bf513362174d54b58cddec28794093/7.5.20/en-US/4a0c1f51bb571014e10000000NO.26 What are main characteristics of the Logon ticket throughout an SSO logon procedure? Note:There are 2 correct answers to this question.  The Logon ticket is used for user-to-system communication.  The Logon ticket session is held in the working memory.  The Logon ticket is always set to client 000.  The Logon ticket is not domain restricted. ExplanationThese are some of the main characteristics of the Logon ticket throughout an SSO logon procedure. SSO (Single Sign-On) is a feature that enables users to log on to multiple systems or applications with one authentication process and without entering their credentials multiple times. Logon ticket is one of the methods for implementing SSO in SAP systems, which uses digital certificates and cookies to authenticate users and systems. The Logon ticket is used for user-to-system communication, which means that it contains information about the user’s identity and authorizations that can be verified by the target system or application.The Logon ticket session is held in the working memory, which means that it is stored temporarily in the memory of the user’s browser or system and deleted when the session ends or expires. References:https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?NO.27 An end user has indicated that they are getting an authorization error when attempting to call a Transaction Code (TCD). However, the TCD exists in the User Manu. What could be the issue and where would you check?  The TCD is assigned to the user via multiples roles; check in PFCG  An entry in table USRBF prevents them from calling the TCD; check SE16  This user is blocked from calling the TCD; check in SM01  Additional authorization checks are required for the TC; check in SE93 NO.28 Under which group can you find the “System Recommendations” file in the Solution Manager launchpad?  IT Service Management  Technical Administration  Change Management  Root Cause Analysis NO.29 You have delimited a single role which is part of a composite role, and a user comparison for the composite role has been performed. You notice that the comparison did NOT remove the profile assignments for that single role. What program would you run to resolve this situation?  0 PRGN_COMPRESS_TIMES  0PRGN_COMPARE_ROLE_MENU  0 PRGN_DELETE_ACT IVITY_GROUPS  0 PRGN_MERGE_PREVIEW NO.30 What must be included in a PFCG role for an end user on the Fiori front-end server to run an app?  The group assignment to display it in the Fiori Launchpad  The S_RFC authorization object for the OData access  The S_START authorization object for starting the OData service  The catalog assignment for the start authorization ExplanationThis must be included in a PFCG role for an end user on the Fiori front-end server to run an app. The catalog assignment for the start authorization defines which apps can be started by the user from the Fiori Launchpad.The catalog assignment is done using the authorization object S_CTS_ADMI with field CTS_ADMI_RUN = SAP_CATALOG_ALL. References:https://help.sap.com/viewer/a7b390faab1140c087b8926571e942b7/7.5.9/en-US/5c3d6d0f6c461014a1d99bc8a4fhttps://help.sap.com/viewer/a7b390faab1140c087b8926571e942b7/7.5.9/en-US/5c3d6d0f6c461014a1d99bc8a4fNO.31 What are the characteristics of HTTP security session management? Note: There are 3 correct answers to this question.  Creates security sessions at logon  Starts security sessions with a short user-based expiration time  Checks the logon credentials again for every request.  Deletes security sessions at logoff  Refers to the session context through the session identifier ExplanationThese are some of the characteristics of HTTP security session management in SAP systems. HTTP security session management creates security sessions at logon that store information about the user’s identity and authorizations in a session context on the server side. The security sessions start with a short user-based expiration time that can be extended by user activity or terminated by logoff or timeout. The security sessions refer to the session context through a session identifier that is passed between the client and the server using cookies or URL parameters. References:https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_NO.32 What is the User Management Engine (UME) property “connect on pooling” used for? Note: There are 2 correct answers to this question.  To improve performance of requests to the LDAP directory server  To avoid unauthorized request to the LDAP directory server  To create a new connect on to the LDAP directory server for each request  To share server resources among requesting LDAP clients NO.33 Which authorization object is required to support trusted system access by an RFC user following the configuration of a Managed System in SAP Solution Manager?  S_RFCACL  S_ACL_HIST  S_RFC_TT  S_RFC_TTAC  Loading … SAP P-SECAUTH-21 exam is a comprehensive test that covers a wide range of topics related to system security architecture. Candidates will be tested on their knowledge of access control, risk management, cryptography, and network security, among other areas. P_SECAUTH_21 exam consists of 80 multiple-choice questions and candidates have 180 minutes to complete it. Passing the SAP P-SECAUTH-21 exam requires a score of at least 65%, which demonstrates a candidate's proficiency in system security architecture.   P_SECAUTH_21 Exam Dumps - PDF Questions and Testing Engine: https://www.validexam.com/P_SECAUTH_21-latest-dumps.html --------------------------------------------------- Images: https://premium.validexam.com/wp-content/plugins/watu/loading.gif https://premium.validexam.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-12-22 09:51:46 Post date GMT: 2023-12-22 09:51:46 Post modified date: 2023-12-22 09:51:46 Post modified date GMT: 2023-12-22 09:51:46