• Home
  • Blogs
  • Pass SAP P-SECAUTH-21 exam questions - convert Test Engine to PDF [Q11-Q36]

Pass SAP P-SECAUTH-21 exam questions - convert Test Engine to PDF [Q11-Q36]

Share

Pass SAP P-SECAUTH-21 exam questions - convert Test Engine to PDF

Pass Your P-SECAUTH-21 Exam Easily - Real P-SECAUTH-21 Practice Dump Updated Mar 18, 2024


SAP P_SECAUTH_21 certification exam is an important certification for technology professionals who are responsible for designing and implementing secure SAP systems. P-SECAUTH-21 exam covers a broad range of topics, and candidates are encouraged to have hands-on experience with SAP System Security and Authorization. With the right preparation, candidates can pass the exam and become certified as a Technology Professional - System Security Architect.

 

NEW QUESTION # 11
Which characteristics apply to the SAP ID Service? Note: There are 2 correct answers to this question

  • A. Customizable user interface
  • B. Non-configurable MFA for SAP BTP Cockpit
  • C. User base owned and managed by SAP
  • D. Configurable password policy

Answer: A,C


NEW QUESTION # 12
Which basis transaction provides an optimized user interface for evaluating authorization checks only?

  • A. RSECADMIN
  • B. ABAP_TRACE
  • C. STAUTHTRACE
  • D. ST01

Answer: C


NEW QUESTION # 13
What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note: There are 3 correct answers to this question.

  • A. The authorization objects that are not linked to transact on codes correctly
  • B. The default values in the tables USOBX and USOBT
  • C. The authorization objects that have unacceptable default values
  • D. The default values so they are appropriate for the transactions used in the roles
  • E. The default authority check settings for the role maintenance tool

Answer: A,C,D


NEW QUESTION # 14
You want to check the custom ABAP codes in your system for security vulnerabilities and you want to use the SAP Code Vulnerability Analyzer to carry out these extended security checks. What need to be done for this purpose? Note: There are 2 correct answers to this question

  • A. Run the extended syntax check from the SLIN transaction
  • B. Run SAP Code Vulnerability Analyzer from the transaction ST01
  • C. Run the transaction ST12 to start the analysis
  • D. Run SAP Code Vulnerability Analyzer from the ABAP Test Cockpit

Answer: A,D


NEW QUESTION # 15
You are using the SAP Web Dispatcher for load-balancing purposes. Which actions are performed by the SAP Web Dispatcher in this scenario? Note: There are 2 correct answers to this question.

  • A. Decrypts the HTTPS request and then selects the server
  • B. Authenticates the user's credentials
  • C. Uses SAP logon groups to determine which requests are directed to which server
  • D. Checks current state of the message server

Answer: C,D


NEW QUESTION # 16
How can you register an SAP Gateway service? Note: There are 2 correct answers to this question.

  • A. Use SAP_GAT EWAY_BASIC_CONFIG in transact on STCO 1 on the frontend server
  • B. Use transaction /IWFND/MA INT_SERVICE on the front-end server
  • C. Use transaction SEGW on the back-end server
  • D. Use SAP_GAT EWAY_ACTIVATE_ODATA_SERV in transact on STC01 on the front-end server

Answer: B,C


NEW QUESTION # 17
You have a load balancer in a DMZ network zone (called natl.mydomain.com) in front of 2 SAP NetWeaver AS systems (hostl.mydomain.com, host2.mydomain.com). What is the recommended common name part of the distinguished name on the SSL Server's PSE?

  • A. It should be a combined DNS alias for host 1.mydomain.com and host2.mydomain.com and nat1.mydomain.com
  • B. It should be host 1.mydomain.com, host2.mydornain.com individually for each PSE
  • C. It should be *.mydomain.com (wildcard) names
  • D. It should be natl.mydomain.com

Answer: C


NEW QUESTION # 18
You want to create an SAP Fiori app for multiple users and multiple back-end systems. To support this, you create different roles for the different back-end systems in the SAP Fiori front-end system (central hub). What transaction do you have to use to map a back-end system to one of those roles?

  • A. PFCG
  • B. SEGW
  • C. /IWFND/MAINT_SERVICE
  • D. /UI2/GW_SYS_ALIAS

Answer: D

Explanation:
Explanation
This is one of the transactions that you have to use to map a back-end system to one of those roles for creating an SAP Fiori app for multiple users and multiple back-end systems in an SAP Fiori front-end system (central hub). /UI2/GW_SYS_ALIAS is a transaction that allows you to create and maintain gateway system aliases for OData services in an SAP Fiori front-end system (central hub), which is a system that handles OData requests and responses between the user's browser and the back-end systems. A gateway system alias is a name that represents a connection to a specific back-end system or service. You can assign different gateway system aliases to different roles in the SAP Fiori front-end system to map them to different back-end systems or services. References:
https://help.sap.com/viewer/a7b390faab1140c087b8926571e942b7/7.5.9/en-US/5c3d6d0f6c461014a1d99bc8a4f


NEW QUESTION # 19
Which transaction or report can be used to audit profile assignments in an SU01 user master record? Note: There are 2 correct answers to this question.

  • A. SM20N
  • B. RSUSR1 00
  • C. ST01
  • D. RSUSR002

Answer: B,D

Explanation:
Explanation
These are some of the transactions or reports that can be used to audit profile assignments in an SU01 user master record. A user master record is a record that contains information about a user in an SAP system, such as personal data, logon data, defaults, parameters, or authorizations. A profile assignment is an assignment of a profile to a user master record, which grants the user certain authorizations or permissions in the system.
RSUSR002 is a transaction or report that displays users by complex selection criteria, such as profiles, authorizations, or transactions. RSUSR100 is a transaction or report that displays users according to logon date and password change date, along with their profiles and roles. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?


NEW QUESTION # 20
Currently, transports into your SAP system are not scanned automatically. To avoid the import of non-secure programs, you have implemented the strategy to set up a virus scanner using a script to automatically scan for the malicious programs. What is the valid fi e format where data files are first converted into and then checked by a virus scanner?

  • A. SAP compressed
  • B. Plain text
  • C. 0csv
  • D. XML

Answer: D


NEW QUESTION # 21
In addition to the authorization /UI2/LAUNCHPAD, which other authorizations are required to assign to an SAP Fiori Launchpad user? Note: There are 2 correct answers to this question.

  • A. /U12/INTEROP
  • B. /U12JPAGE_BUILDER_PERS
  • C. /UI2/FLC
  • D. /UI2JPAGE_BUILDER_CUST

Answer: A,B


NEW QUESTION # 22
When re-configuring the user management engine (UME) of an AS Java system, what do you need to consider to change the data source from system database to an ABAP system successfully?

  • A. All users and groups in the system database must have different IDs than existing users and groups in the ABAP system.
  • B. You must manually replace the UME configuration file dataSourceConfiguration_database_only.xmlwith an appropriate dataSourceConfiguration_abap.xmlfile.
  • C. The logon security policy for the existing users is aligned with the logon security policy in the ABAP system.
  • D. You need to import the users from the system database into the ABAP system.

Answer: A


NEW QUESTION # 23
How is the role concept applied for modeled authorizations based on Core Data Services (CDS) views?

  • A. CDS roles are mapped to the CDS view in the access rules.
  • B. CDS roles are defined for CDS views in Object Navigator.
  • C. CDS roles are defined in the WHERE clause when calling a CDS view in Open SQL.
  • D. CDS roles are defined for the CDS views and implicitly applied to each user.

Answer: A

Explanation:
Explanation
The role concept for modeled authorizations based on Core Data Services (CDS) views works in this way:
CDS roles are mapped to the CDS view in the access rules that define which users can access which data from the CDS view. The access rules are defined using annotations in the CDS view definition or using a separate access control DDL source file. References:
https://help.sap.com/viewer/cc0c305d2fab47bd808adcad3ca7ee9d/7.5.9/en-US/fafcbcf9d9101014b3d9a08ce33d
https://help.sap.com/viewer/cc0c305d2fab47bd808adcad3ca7ee9d/7.5.9/en-US/fafcbcf9d9101014b3d9a08ce33d


NEW QUESTION # 24
A user reports an issue with data not showing up in the visualization of the SAP Fiori tiles. You want to verify the target mapping. At what level are you going to check the target mapping?

  • A. O At the group level in the SAP Fiori Launchpad
  • B. O At the group level in the SAP Fiori front-end server
  • C. O At the application level in the Web IDE
  • D. O At the catalog level in the SAP Fiori front-end server

Answer: D


NEW QUESTION # 25
What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note:
There are 3 correct answers to this question.

  • A. The default authority check settings for the role maintenance tool
  • B. The default values in the tables USOBX and USOBT
  • C. The authorization objects that have unacceptable default values
  • D. The default values so they are appropriate for the transactions used in the roles
  • E. The authorization objects that are not linked to transaction codes correctly

Answer: A,C,D

Explanation:
Explanation
You can maintain these aspects in transaction SU24 to reduce the overall maintenance in PFCG. By doing so, you can define which authorization objects are checked by default for each transaction code, what values are proposed for each authorization field, and which authorization objects are excluded from the proposal. This way, you can avoid manual adjustments in PFCG and ensure consistency across roles. References:
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a


NEW QUESTION # 26
User1 grants role 1 to user2. Who can revoke role 1 role from user2?

  • A. The owner of role 1
  • B. The system OBA user
  • C. Only User1
  • D. Any user with the 'ROLE ADMIN' database role

Answer: D


NEW QUESTION # 27
What authorization object is checked when a user selects an A BAP Web Dynpro application to execute?

  • A. S_SERVICE
  • B. S_PROGRAM
  • C. S_TCODE
  • D. S_START

Answer: D


NEW QUESTION # 28
What does the SAP Security Optimization Service provide? Note: There are 2 correct answers to this question.

  • A. Analysis of the security vulnerabilities within an SAP landscape
  • B. Results containing the list of patches that have to be applied.
  • C. Configuration checks of SAP systems
  • D. Analysis of the network configuration

Answer: B,C


NEW QUESTION # 29
You are using the SAP Web Dispatcher for load-balancing purposes. Which actions are performed by the SAP Web Dispatcher in this scenario? Note: There are 2 correct answers to this question.

  • A. Validates the user credentials
  • B. Checks the current state of the message server
  • C. Decrypts the HTTPS request and then selects the server
  • D. Uses logon groups to determine how to direct requests

Answer: B,D

Explanation:
Explanation
The SAP Web Dispatcher performs these actions when it is used for load-balancing purposes. It uses logon groups to determine how to direct requests to the appropriate application servers based on the user's role and preferences. It also checks the current state of the message server to obtain information about the load and availability of the application servers. References:
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_


NEW QUESTION # 30
How do you handle user "SAP 'in AS ABAP? Note: There are 3 correct answers to this question.

  • A. Lock and expire the user in all clients except 000
  • B. Set profile parameter login/no_automatic_user_sapstar to 0
  • C. Lock and expire the user in all clients
  • D. Set profile parameter login/no_automatic_user_sapstar to 1
  • E. Remove all authorizations from the user

Answer: C,D,E


NEW QUESTION # 31
How do you check when and by whom profiles were assigned or deleted?

  • A. Run report RSUSR100 with appropriate filters
  • B. Check security audit log using transact on SM20
  • C. Run report RSUSR008_009_NEW with appropriate filters
  • D. Check system trace using transaction ST01

Answer: A


NEW QUESTION # 32
Which tools can you use to troubleshoot an authorization issue with a Fiori application? Note:
There are 2 correct answers to this question.

  • A. /UI2/GW_APPS_LOG
  • B. /UI2/FLC
  • C. /IWFND/ERROR_LOG
  • D. /IWBEP/ERROR_LOG

Answer: C,D

Explanation:
Explanation
These are some of the tools that you can use to troubleshoot an authorization issue with a Fiori application.
/IWFND/ERROR_LOG is a transaction that displays the error log for the SAP Gateway framework, which handles the OData requests and responses between the Fiori front-end server and the back-end system.
/IWBEP/ERROR_LOG is a transaction that displays the error log for the SAP Gateway service implementation, which contains the business logic and data access for the OData services. References:
https://help.sap.com/viewer/a7b390faab1140c087b8926571e942b7/7.5.9/en-US/5c3d6d0f6c461014a1d99bc8a4f


NEW QUESTION # 33
Where can we store the Security Audit Log events? Note: There are 2 correct answers to this question.

  • A. In the file system of the application servers
  • B. In the database table RSAU_BUF_DATA
  • C. In a central fi e system
  • D. In the SAP Solution Manager system

Answer: A,D


NEW QUESTION # 34
How are user group administrators and user groups related in SAP HANA? Note: There are 2 correct answers to this question.

  • A. Only one user group per user group administrator
  • B. Multiple user group administrators per user group
  • C. Only one user group administrator per user group
  • D. Multiple user groups per user group administrator

Answer: C,D

Explanation:
Explanation
User group administrators and user groups are related in SAP HANA in this way: a user group administrator can manage multiple user groups, but a user group can have only one user group administrator. A user group administrator can create, modify, and delete user groups, as well as assign users to them. References:
https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247
https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247


NEW QUESTION # 35
The SAP HANA database is installed with multi database container (MDC) mode with multiple tenant databases configured. What are the required activities to enable access between tenants? Note: There are 2 correct answers to this question.

  • A. Configure smart data access (SDA) between the relevant HANA tenants
  • B. Decrease the level of isolation mode on all MDC tenants
  • C. Set whitelist of cross-tenant database communication channel
  • D. Create user mapping between local and remote tenant databases

Answer: C,D


NEW QUESTION # 36
......


SAP P-SECAUTH-21 Certification is a valuable asset for IT professionals who are seeking to advance their careers in SAP system security. Certified Technology Professional - System Security Architect certification demonstrates that the candidate has a deep understanding of SAP security architecture and is capable of implementing and maintaining secure SAP systems. Certified Technology Professional - System Security Architect certification is recognized worldwide and is highly regarded by SAP customers and partners.

 

P-SECAUTH-21 Real Exam Questions and Answers FREE: https://www.pass4leader.com/SAP/P-SECAUTH-21-exam.html

2024 Realistic Verified Free SAP P-SECAUTH-21 Exam Questions: https://drive.google.com/open?id=1TYeqC3A8CBdnOo66jFZSRUF5yGcKacf_

Related Blogs

more
Go To P-SECAUTH-21 Questions