Free SAP Certified Technology Professional – System Security Architect Exam P_SECAUTH_21 Exam Practice Test

A system user created a User1 and a schema on the HANA database with some data. User2 is developing modelling views and requires access to objects in User1's schema. What needs to be done?

• User1 should grant _SYS_REPO with SELECT WITH GRANT privilege
• User2 needs to be granted with the same roles like User1
• System user should grant User2 with SELECT privilege to User 1schema
• ROLE ADMIN needs to be granted to User2

Based on your company guidelines you have set the password expiration to 60 days. Unfortunately, there is an RFC user on your SAP system which must not have a password change for 180 days. Which option would you recommend to accomplish such a request?

• Change profile parameter login/password_expiration_time to 180
• Create a security policy via SECPOL and assign it to tile RFC users
• Create additional authorizations for RFC users and assign it to them
• Create enhancement spot I user-exit

Which tasks would you perform to allow increased security for the SAP Web Dispatcher Web Administration interface? Note: There are 2 correct answers to this question.

• Use a separate port for the content
• Use access restrictions with the icm/HTTP/auth_ profile parameter
• Use subparameter ALLOWPUB = FALSE of the profile parameter icm/server_port_
• Use Secure Socket Layer (SSL) for password encrypt on

You have delimited a single role which is part of a composite role, and a user comparison for the composite role has been performed. You notice that the comparison did NOT remove the profile assignments for that single role. What program would you run to resolve this situation?

• 0 PRGN_COMPRESS_TIMES
• 0PRGN_COMPARE_ROLE_MENU
• 0 PRGN_DELETE_ACT IVITY_GROUPS
• 0 PRGN_MERGE_PREVIEW

What are characteristics only valid for the MDC high isolation mode?

• Every tenant has its own set of OS users
• All internal database communication is secured using SNC
• Every tenant has its own set of database users
• Every tenant has its own set of database users belonging to the same sapsys group

How can you register an SAP Gateway service? Note: There are 2 correct answers to this question.

• Use SAP_GAT EWAY_BASIC_CONFIG in transact on STCO 1 on the frontend server
• Use transaction /IWFND/MA INT_SERVICE on the front-end server
• Use SAP_GAT EWAY_ACTIVATE_ODATA_SERV in transact on STC01 on the front-end server
• Use transaction SEGW on the back-end server

You want to launch classic SAP GUI transactions directly from the SAP Fiori Launchpad. Which of the following scenarios do you choose?

• Chrome, SAP Enterprise Portal, SAP GUI for Java
• Chrome, SAP Cloud Platform, SAP GUI for Java
• Internet Explorer, ABAP front-end server, SAP GUI for Windows
• Internet Explorer, SAP Business Client, SAP GUI for Windows

You have configured a Gateway SSO authentication using X.509 client certificates. The configuration of the dual trust relationship between client (browser) and SAP Web Dispatcher as well as the configuration of the SAP Web Dispatcher to accept and forward client certificates were done. Users complain that they can't log in to the back-end system. How can you check the cause?

• Run back-end transaction SMICM and open the trace file
• Run back-end system trace using ST12
• Run gateway transaction /IWFND/TRACES
• Run gateway transaction /IWFND/ ERRORJ.OG

Which authorizations should you restrict when you create a developer role in an AS ABAP production system? Note: There are 2 correct answers to this question.

• The ability to execute class methods through authorization object S_PROGRAM
• The ability to execute queries through authorization object S_OUERY
• The ability to execute function modules through authorization object S_DEVELOP
• The ability to use the ABAP Debugger through authorization object S_DEVELOP

The SSO authentication using X.509 client certificates is configured. Users complain that they can't log in to the back-end system. The trace file shows the following error message: 'HTTP request [2/5/9] Reject untrusted forwarded certificate'. What is missing in the configuration? Note: There are 2 correct answers to this question.

• On the back-end, the profile parameter icm/HTTPS/verify client must NOT be set to 0
• On the web-dispatcher, the SAPSSLS.pse must be signed by a trusted certification authority
• On the web-dispatcher, the profile parameter icm/HTTPS/verify_client must be set to 0
• The web dispatcher's SAPSSLC.PSE certificate must be added to the trusted reverse proxies list in icm/trusted_reverse_proxy_