Which of the following logs can be collected for an Emergency Access Management session? Note: There are 3 correct answers to this question.
- A . Audit log
- B . System log
- C . Change log
- D . GRC Audit log
- E . Application log
For which of the following objects can you create an access request? Note: There are 3 correct answers to this question.
- A . User
- B . Job
- C . Division
- D . Department
- E . Organizational Unit
You want to use the User Analysis Dashboard to evaluate Segregation of Duties violations after your most recent batch risk analysis has completed. However, when reviewing the data you realize that the dashboard does not display all of your current users .
What do you need do to correct the problem?
- A . Execute the Repository Object Sync and then re-execute the user level batch risk analysis.
- B . Execute the Authorization Synch and then re-execute the user level batch risk analysis.
- C . Execute the Action Usage Sync followed by the Role Usage Sync and then re-execute the user level batch risk analysis.
- D . Execute the user level batch risk analysis again and remove any exclude objects.
Which of the following reviewer options does SoD Review support?
- A . Manager and Role Owner
- B . Manager or Role Owner
- C . Manager and Risk Owner
- D . Manager or Risk Owner
How can you make sure that a risk analysis is performed when you use access request management? Note: There are 2 correct answers to this question
- A . Set Enable Offline Risk Analysis parameter to Yes
- B . Configure the MSMP workflow stage to require a risk analysis
- C . Configure the MSMP workflow path to require a risk analysis
- D . Set the Enable Risk Analysis Form on Submission parameter to Yes
SAP delivers multiple MSMP Process IDs. You want to implement an MSMP Workflow that targets your SAP S/4HANAsystem.
Which BC set do you need to activate as a prerequisite?
- A . BC Set GRAC_ROLE_MGMT_LANDSCAPE
- B . BC Set GRC_MSMP_CONFIGURATION
- C . BC Set GRAC_DT_REQUEST_DISPLAY_SECTIONS
- D . BC Set GRAC_RA_RULESET_S4HANA_CORE
Why might you integrate Business Role Management with Business Rules Framework? Note: There are 2 correct answers to this question.
- A . Determine role owner
- B . Determine role methodology
- C . Determine role business area
- D . Determine role naming convention
Which of the following are standard delivered SAP Fiori business catalogs for SAP Access Control? Note: There are 2 correct answers to this question.
- A . Access Control Employee
- B . Risk Manager
- C . Compliance Specialist
- D . Compliance Owner
You want approver authentication when approving an access request .
Which MSMP Workflow stage configuration option can you use?
- A . Confirm Approval
- B . Approve Despite Risk
- C . Approve by Email
- D . Reaffirm Approval
You are maintaining an initiator rule in MSMP Workflow .
Which of the following must you specify?
- A . Rule Result
- B . Notification Variables
- C . Rule Purpose
- D . Global Process Initiator
You have created a BRFplus Initiator Rule for MSMP Process ID SAP_GRAC_ACCESS_REQUEST using transaction GRFNMW_DEV_RULES but the Decision Table did not get created.
Where do you go to manually create a Top Expression for your rule?
- A . Business Rule
- B . Function
- C . Data Object
- D . Application
You wish to synchronize data from transaction SU24 in the SAP S/4HANA production system into SAP Access Control for use in building a rule set.
What is the correct synchronization job schedule for completing this task?
- A . It is not possible to synchronize SU24 data from a production system
- B . Repository Object Sync followed by an Action Usage Sync
- C . Action Usage Sync followed by Role Usage Sync
- D . Authorization Sync
Which of the following are required to enable Centralized Emergency Access Management (EAM)? Note: There are 2 correct answers to this question.
- A . Set the Application Type parameter for Emergency Access Management to value ID in the target system UGRC plug-in
- B . Set the Application Type parameter for Emergency Access Management to value ID in SAP Access Control
- C . Set the Enable Decentralized Firefighting parameter for Emergency Access Management to YES
- D . Set the Enable Decentralized Firefighting parameter for Emergency Access Management to NO
What can you use a custom end-user personalization configuration for? Note: There are 3 correct answers to this question.
- A . To assign it to the standard access request
- B . To assign it to an access request template
- C . To restrict a user’s ability to approve their own requests
- D . To determine fields shown in a workflow item
- E . To determine roles that can be assigned on a request
A Firefighter ID can be assigned to a firefighter using which of the following methods?
- A . By assigning access using an access request
- B . By maintaining the assignment in the Governance, Risk and Compliance plug-in on SAP Access Control
- C . By assigning a Firefighter Role to the user on the target system
- D . By maintaining the assignment in the Governance, Risk and Compliance plug-in on the target system
You want to configure your MSMP Workflow stage definition to ensure that a workflow request that has NOT been processed after a certain period of time can be escalated and approved by another approver .
Which of the following options can you use to configure escalation? Note: There are 3 correct answers to this question.
- A . Define an Alternate Approver
- B . Skip to Next Stage
- C . Maintain Fallback Receiver
- D . Escalate to Specified Agent
- E . Use Defaults
You want to configure SAP Access Control to generate alerts to help manage compliance .
What are the available alert capabilities that can be configured? Note; There are 3 correct answers to this question.
- A . Identify a user who has executed a critical action and generate an email notification
- B . Identify a user who has executed conflicting functions and open a support desk message
- C . Identify a user who has executed conflicting functions
- D . Identify a control monitor who has failed to execute defined reports in a timely fashion
- E . Identify a user who has executed a critical action and open a support desk message.
It is mandatory for a Firefighter ID to be assigned to which of the following?
- A . Firefighter ID Controller
- B . Firefighter
- C . Firefighter ID Owner and Firefighter ID Controller
- D . Firefighter ID Owner
You are creating an Initiator rule and want to build a condition using header attributes .
Which of the following attributes can you use? Note: There are 2 correct answers to this question.
- A . Prerequisite
- B . Functional Area
- C . Company
- D . Subprocess
You want to configure an approval workflow to require an approval for updates to a defined function .
How do you enable this capability?
- A . Flag the function for approval
- B . Set the 1064 Function Maintenance parameter to YES
- C . Configure the GRAC_FUNCTION_APPROVER agent
- D . Activate the SAP_GRAC_FUNC_APPR MSMP Process ID
Which of the following are prerequisites for implementing Emergency Access Management? Note: There are 2 correct answers to this question.
- A . Users and roles that are used for firefighting activities have been created for the SAP Access Control V D system
- B . The repository object sync must be completed.
- C . Implementation of a user exit on the SAP Access Control system to prevent direct logon with the Firefighter ID
- D . Users and roles that are used for firefighting activities have been created in the target system
Which of the following reviewer options does User Access Review support?
- A . Manager or Risk Owner
- B . Manager or Role Owner
You are performing an on demand risk analysis at the user level .
Which report view can you use to apply a control and remove access?
- A . Remediation view
- B . Technical view
- C . Business view
- D . Detail view
Which of the following represent valid Agent Types within MSMP Workflow configuration? Note: There are 2 correct answers to this question.
- A . PFCG Roles
- B . BRFplus flat rule
- C . BRFplus rule
- D . GRC API (Application Programming Interface) Rules
Business Role Management provides the functionality to improve the role management process .
Which of the following capabilities does it offer? Note: There are 2 correct answers to this question.
- A . Replacement of the PFCG role management transaction
- B . Management of role definition transports
- C . Enforcement of consistency in naming conventions
- D . Identification of duplicate roles