[Dec-2023] P-SECAUTH-21 Free Sample Questions to Practice One Year Update [Q10-Q30]

[Dec-2023] P-SECAUTH-21 Free Sample Questions to Practice One Year Update

Download P-SECAUTH-21 exam with SAP P-SECAUTH-21 Real Exam Questions

NEW QUESTION # 10
What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note:
There are 3 correct answers to this question.

• A. The default values in the tables USOBX and USOBT
• B. The authorization objects that have unacceptable default values
• C. The default authority check settings for the role maintenance tool
• D. The default values so they are appropriate for the transactions used in the roles
• E. The authorization objects that are not linked to transaction codes correctly

Answer: B,C,D

Explanation:
Explanation
You can maintain these aspects in transaction SU24 to reduce the overall maintenance in PFCG. By doing so, you can define which authorization objects are checked by default for each transaction code, what values are proposed for each authorization field, and which authorization objects are excluded from the proposal. This way, you can avoid manual adjustments in PFCG and ensure consistency across roles. References:
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a

NEW QUESTION # 11
To enable access between tenant databases, what do you need to do in an SAP HANA system for multitenant database containers? Note: There are 3 correct answers to this question.

• A. The cross-tenant database communication must be explicitly activated.
• B. The user in the source system must be associated with a user in the target database.
• C. The user in the source system must have sufficient privileges in the target database.
• D. The INIFILE ADMIN system privilege must be assigned.
• E. The bi-directional communication channel must be in the allow list.

Answer: A,C,E

Explanation:
Explanation
To enable access between tenant databases in an SAP HANA system for multitenant database containers, you need to do these steps: activate the cross-tenant database communication parameter in the global.ini file, add the bi-directional communication channel to the allow list parameter in the global.ini file, and grant the user in the source system the required privileges in the target database using a remote source object. References:
https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247
https://help.sap.com/viewer/6b94445c94ae495c83a19646e7c3fd56/2.0.05/en-US/20d5f6af75191014b47cf39247

NEW QUESTION # 12
Which communication methods does the SAP Fiori Launchpad use to retrieve business data?
Note: There are 2 correct answers to this question.

• A. IIOP
• B. OData
• C. InA
• D. SNC

Answer: B,C

Explanation:
Explanation
These are the communication methods that the SAP Fiori Launchpad uses to retrieve business data from various data sources and services. InA (Information Access) is a protocol that enables analytical queries and data visualization using SAP Analytics Cloud or SAP Lumira. OData (Open Data Protocol) is a protocol that enables CRUD (Create, Read, Update, Delete) operations on data using RESTful web services. References:
https://help.sap.com/viewer/product/SAP_FIORI_LAUNCHPAD/en-US

NEW QUESTION # 13
How would you control access to ABAP RFC function modules? Note: There are 2 correct answers to this question.

• A. Restrict RFC authorizations
• B. Block RFC Callback Whitelists
• C. Deactivate switchable authorization checks
• D. Implement UCON functionality

Answer: A,D

Explanation:
Explanation
These are some of the functions that can be used to control access to ABAP RFC function modules in an SAP system. RFC (Remote Function Call) is a protocol that enables communication and data exchange between SAP systems and components using function modules. ABAP RFC function modules are function modules that are written in ABAP language and can be called remotely by other systems or components. UCON (Unified Connectivity) is a feature that allows you to monitor and restrict RFC calls based on various criteria, such as source system, target system, user, or function module. RFC authorizations are authorizations that control access to RFC function modules based on authorization objects, such as S_RFC or S_RFCACL.
References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9e2e3f6f8e41e8a283aaf2ad2c64c4/content.htm?n

NEW QUESTION # 14
Which communication methods does the SAP Fiori Launchpad use to retrieve business data? Note: There are 2 correct answers to this question

• A. SNC
• B. HOP
• C. OData
• D. InA

Answer: A,D

NEW QUESTION # 15
In your SAP HCM system, you are implementing structural authorizations for your users. What are the characteristics of this authorization type? Note: There are 2 correct answers to this question.

• A. The structural profile is maintained and assigned to users using the Implementation Guide
• B. The structural profile is maintained and assigned to users using the Profile Generator
• C. The structural profile determines the access mode which the user can perform
• D. The structural profile determines the accessible object in the organizational structure

Answer: A,D

NEW QUESTION # 16
Which authorization object controls access to the trusting system between the managed system and SAP Solution Manager?

• A. S_RFC
• B. S_SERVICE
• C. S_RFCACL
• D. S_ ICM

Answer: C

NEW QUESTION # 17
Which of the following programs can be used to enable ALE Audit using the ALEAUD message type in the Customer Distribution Model and Partner Profiles? Note: There are 2 correct answers to this question.

• A. RBDAUD01
• B. RBDSTATE
• C. RBDAPP01
• D. RBDMIDOC

Answer: C,D

Explanation:
Explanation
These are some of the programs that can be used to enable ALE Audit using the ALEAUD message type in the Customer Distribution Model and Partner Profiles. ALE (Application Link Enabling) is a technology that enables distributed communication and data exchange between SAP systems and components. ALE Audit is a feature that allows you to monitor and verify the status and results of ALE processes, such as data distribution or message processing. ALEAUD is a message type that is used to send audit information from one system to another. RBDAPP01 is a program that processes inbound IDocs (Intermediate Documents), which are data containers for ALE messages. RBDMIDOC is a program that creates outbound IDocs based on change pointers, which are records of changes in application data. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9e2e3f6f8e41e8a283aaf2ad2c64c4/content.htm?n

NEW QUESTION # 18
What are the characteristics of HTTP security session management? Note: There are 3 correct answers to this question.

• A. Creates security sessions at logon
• B. Deletes security sessions at logoff
• C. Starts security sessions with a short user-based expiration time
• D. Checks the logon credentials again for every request.
• E. Refers to the session context through the session identifier

Answer: A,C,E

Explanation:
Explanation
These are some of the characteristics of HTTP security session management in SAP systems. HTTP security session management creates security sessions at logon that store information about the user's identity and authorizations in a session context on the server side. The security sessions start with a short user-based expiration time that can be extended by user activity or terminated by logoff or timeout. The security sessions refer to the session context through a session identifier that is passed between the client and the server using cookies or URL parameters. References:
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_

NEW QUESTION # 19
You want to use Configuration Validation functionality in SAP Solution Manager to check the consistency of settings across your SAP environment. What serves as the reference basis for Configuration Validation? Note: There are 2 correct answers to this question.

• A. A virtual set of manually maintained configuration items
• B. A result list of configuration items from Solution Finder for SAP EarlyWatch Alert
• C. A target system in your system landscape
• D. A list of recommended notes from RSECNOTE

Answer: A,C

Explanation:
Explanation
Configuration Validation in SAP Solution Manager allows you to check the consistency of settings across your SAP environment by comparing them with a reference basis. The reference basis can be either a virtual set of manually maintained configuration items or a target system in your system landscape that serves as a template or best practice example. References:
https://help.sap.com/viewer/bf82e6b26456494cbdd197057c09979f/7.2.10/en-US/4a0c1f51bb571014e10000000a
https://help.sap.com/viewer/bf82e6b26456494cbdd197057c09979f/7.2.10/en-US/4a0c1f51bb571014e10000000a

NEW QUESTION # 20
What authorization object is checked when a user selects an A BAP Web Dynpro application to execute?

• A. S_PROGRAM
• B. S_START
• C. S_TCODE
• D. S_SERVICE

Answer: B

NEW QUESTION # 21
How are security relevant objects related in the Cloud Foundry?Note: There are 2 correct answers to this question.

• A. Role Templates have 0 or many attributes.
• B. Role Templates have 1 or many scopes.
• C. Role Collections have 0 or many role templates.
• D. Role Collections have 0 or many roles.

Answer: C,D

Explanation:
Explanation
These are some of the ways that security relevant objects are related in the Cloud Foundry. Cloud Foundry is a platform-as-a-service (PaaS) that enables developers to deploy and run cloud-native applications using various services and frameworks. Cloud Foundry uses different security relevant objects to manage user access and authorization, such as role collections, roles, role templates, and scopes. Role collections are groups of roles that can be assigned to users or groups. Roles are sets of permissions that define what actions users can perform on resources or services. Role templates are predefined roles that can be reused for different role collections or services. Scopes are strings that represent specific permissions or attributes of a user or service.
References:
https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/9e1bf57130ef466e8017eab298

NEW QUESTION # 22
You have Reason Codes already defined. Which is the correct sequence of steps to configure a Firefighter ID in Emergency Access Management?

• A. Maintain an Owner for a Firefighter ID
  Maintain a Firefighter ID for Controllers and Firefighters
  Maintain Access Control Owner
• B. Maintain a Firefighter ID for Controllers and Firefighters
  Maintain an Owner for a Firefighter ID
  Maintain Access Control Owner
• C. Maintain an Owner for a Firefighter ID
  Maintain a Firefighter ID for Controllers and Firefighters
  Maintain Access Control Owner
• D. Maintain an Owner for a Firefighter ID
  Maintain a Firefighter ID for Controllers and Firefighters
  Maintain Access Control Owner

Answer: A

NEW QUESTION # 23
What are characteristics only valid for the MDC high isolation mode?

• A. Every tenant has its own set of OS users
• B. Every tenant has its own set of database users belonging to the same sapsys group
• C. Every tenant has its own set of database users
• D. All internal database communication is secured using SNC

Answer: A

NEW QUESTION # 24
A user is authorized to run SP01. What can this user access with authorization object S_ SPO_ ACT when the 'Value for Authorization Check' field is set to "__USER__"?

• A. All unprotected spool requests for all users in the client
• B. All spool requests for users in the same user group
• C. All spool requests for a specific user in the client
• D. All spool requests for all users in the client

Answer: C

Explanation:
Explanation
This is one of the things that a user can access with authorization object S_SPO_ACT when the 'Value for Authorization Check' field is set to "USER" and they are authorized to run SP01 transaction. S_SPO_ACT is an authorization object that controls access to spool requests based on various criteria, such as spool request number, output device, or user name. SP01 is a transaction that allows you to display and manage spool requests, which are requests for printing or outputting data from SAP systems. If the 'Value for Authorization Check' field is set to "USER" in S_SPO_ACT authorization object, the user can access all spool requests for their own user name in the client where they are logged on. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

NEW QUESTION # 25
You want to allow your trainee colleagues to use the SAP GUI to connect directly to your SAP S/4HANA (on-premise) demo system form a public internet connection Which of the following SAP solutions is suited for this purpose?

• A. SAP Web Dispatcher
• B. SAP Prouter
• C. SAP Cloud Connector
• D. SAP NetWeaver Gateway

Answer: C

NEW QUESTION # 26
How can you describe the hierarchical relationships between technical entities in the Cloud Foundry?

• A. A SaaS tenant acts as one provider account.
• B. A subscription is a PaaS tenant.
• C. A SaaS tenant acts as one Cloud Foundry Organization.
• D. A global account can have one or many subaccounts.

Answer: D

Explanation:
Explanation
This is one of the ways that you can describe the hierarchical relationships between technical entities in the Cloud Foundry. Cloud Foundry is a platform-as-a-service (PaaS) that enables developers to deploy and run cloud-native applications using various services and frameworks. Cloud Foundry uses different technical entities to organize and manage resources and access rights, such as global accounts, subaccounts, organizations, spaces, applications, and services. A global account is an entity that represents a customer or partner who has subscribed to SAP Cloud Platform services and products. A global account can have one or many subaccounts, which are entities that represent logical subdivisions or business units within a global account. References:
https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/9e1bf57130ef466e8017eab298

NEW QUESTION # 27
What does return code 1 2 mean when performing STAUTHTRACE?

• A. Too many parameters for authorization checks
• B. No authorization but does have authorization object in user buffer
• C. An invalid user name was specified in user
• D. No authorization and no authorization object in user buffer

Answer: B

Explanation:
Explanation
Return code 12 means that the user does not have the required authorization for an authority check but does have the authorization object in the user buffer. This means that the user has some values for the authorization object but not the ones that are needed for the specific check. References:
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_

NEW QUESTION # 28
You are reviewing the authorizations for Core Data Services (CDS) views. How are classic authorizations integrated with CDS authorizations?

• A. By assigning the CDS view to the authorization profile in PFCG
• B. By using the statement AUTHORITY-CHECK in the access control of the CDS view
• C. By defining access conditions in an access rule for the CDS view
• D. By defining the CDS view in the authorization object in SU21

Answer: C

NEW QUESTION # 29
Because of which security threat would you need to make additional configuration settings to run the SAP Fiori Launchpad from within your SAP NetWeaver Portal?

• A. Cross-Site Scripting
• B. Cross-Site Request Forgery
• C. Content Spoofing
• D. Clickjacking

Answer: D

NEW QUESTION # 30
......

Real exam questions are provided for SAP Certified Technology Professional tests, which can make sure you 100% pass: https://prep4sure.real4dumps.com/P-SECAUTH-21-prep4sure-exam.html