New P_SECAUTH_21 Test Materials & Valid P_SECAUTH_21 Test Engine [Q28-Q50]

Posted On March 4, 2024

New P_SECAUTH_21 Test Materials & Valid P_SECAUTH_21 Test Engine

P_SECAUTH_21 Updated Exam Dumps [2024] Practice Valid Exam Dumps Question

QUESTION 28
You have configured a Gateway SSO authentication using X.509 client certificates. The configuration of the dual trust relationship between client (browser) and SAP Web Dispatcher as well as the configuration of the SAP Web Dispatcher to accept and forward client certificates were done. Users complain that they can’t log in to the back-end system. How can you check the cause?

Run back-end transaction SMICM and open the trace file

Run back-end system trace using ST12

Run gateway transaction /IWFND/TRACES

Run gateway transaction /IWFND/ ERRORJ.OG

QUESTION 29
What can you maintain in transaction SU24 to reduce the overall maintenance in PFCG? Note:
There are 3 correct answers to this question.

The authorization objects that are not linked to transaction codes correctly

The default authority check settings for the role maintenance tool

The default values so they are appropriate for the transactions used in the roles

The default values in the tables USOBX and USOBT

The authorization objects that have unacceptable default values

Explanation
You can maintain these aspects in transaction SU24 to reduce the overall maintenance in PFCG. By doing so, you can define which authorization objects are checked by default for each transaction code, what values are proposed for each authorization field, and which authorization objects are excluded from the proposal. This way, you can avoid manual adjustments in PFCG and ensure consistency across roles. References:
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a
https://help.sap.com/viewer/df185fd53bb645b1bd99284ee4e4a750/7.5.21/en-US/4a0c1f51bb571014e10000000a

QUESTION 30
You want to configure SNC in a newly-installed AS ABAP based SAP system. Besides running SNCWIZARD, what else do you need to perform for this scenario? Note: There are 2 correct answers to this question.

Enable the encrypted HTTP service

Restart the SAP system

Set the parameters using sapgenpse

Manage the PSE

Explanation
These are some of the things that you need to perform for this scenario of configuring SNC in a newly-installed AS ABAP based SAP system. SNC (Secure Network Communication) is a feature that enables secure and encrypted communication between SAP systems and components using certificates and keys. PSE (Personal Security Environment) is a file that contains certificates and keys for SNC communication. You need to restart the SAP system after running SNCWIZARD, which is a transaction that guides you through the steps of configuring SNC for your SAP system. You also need to manage the PSE using sapgenpse, which is a tool that allows you to create, import, export, or delete certificates and keys in the PSE. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

QUESTION 31
Which of the following user types can be used to log on interactively? Note: There are 2 correct answers to this question.

Dialog

Communication

Service

System

Explanation
Dialog and Communication are two user types that can be used to log on interactively to an SAP system.
Dialog users are normal users who can access the system using a graphical user interface (GUI) or a web browser. Communication users are users who access the system using communication protocols, such as RFC or HTTP. References:
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_
https://help.sap.com/doc/saphelp_nw70ehp3/7.03/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?no_

QUESTION 32
You have created an RFC destination with a registered external RFC server program. When you try to connect to the external RFC destination you receive a “SERVER_NOT_REGISTERED” error message. Note: There are 2 correct answers to this question How can you resolve the issue?

Maintain the access list in the transaction SMMS

Maintain the entries in the REGINFO file

Maintain the profile parameter gw/acl_mode = 0

Maintain the entries in the SECINFO file

QUESTION 33
Which basis transaction provides an optimized user interface for evaluating authorization checks only?

STAUTHTRACE

RSECADMIN

ST01

ABAP_TRACE

QUESTION 34
What are main characteristics of the Logon ticket throughout an SSO logon procedure? Note: There are 2 correct answers to this question

The Logon ticket is not domain restricted

The Logon ticket session is held in the working memory

The Logon ticket is sued for user-to-system communication

The Logon ticket is always set to client 000

QUESTION 35
Which data source needs to be integrated into SAP Identity Management via the Virtual Directory Server (VOS)?

AS ABAP

AS Java

LDAP

SAP HCM

QUESTION 36
How can you protect a table containing sensitive data using the authorization object S_TABU_DIS?

The tables containing sensitive data must be associated with table groups in table TBRG.

The field DICBERCLS of the authorization object must enumerate all table names of the tables containing sensitive data.

Authorization table groups containing tables with sensitive data must be defined in table TDDAT and these must be omitted for all employees who do not need access to these tables

The tables containing sensitive data must be named using the authorization object S_TA BU_NAM for all responsible administrator employees. The fields DICBERCLS of the object S_TABU_DIS can

then be filled with *.

QUESTION 37
Which users should exist in client 000? Note: There are 2 correct answers to this question.

EARLYWATCH

SAPCPIC

TMSADM

SAP*

Explanation
These are some of the users that should exist in client 000 of an SAP system. Client 000 is a special client that contains configuration data and tools for system administration and maintenance. TMSADM is a user that is used for Transport Management System (TMS) communication and administration. SAP* is a user that can be used to log on to any client with a predefined password if no other users exist or if all users are locked.
References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

QUESTION 38
What authorization object is checked when a user selects an A BAP Web Dynpro application to execute?

S_PROGRAM

S_START

S_TCODE

S_SERVICE

QUESTION 39
In your system, you have a program which calls transaction A. Users with access to this program can still execute transaction A without explicit authorizations given to this transaction.
How do you prevent the access of users to the transaction A from within the program?

Make sure you do NOT assign transact on A to the authorization object S_TCODE in the role that you assign to the unauthorized users.

Maintain SE93 with authorization objects for transact on A.

Maintain the check indicator in table TCDCOUPLES

Ensure that transact on A is NOT assigned into the same program authorization group

QUESTION 40
While performing an audit of changes to the system and client change options for your production SAP S/4HANA environment, you receive the following message in transaction SCC4: “No logs found for selected period.” How can you correct the problem?

Maintain parameter rsau/enable with value 1

Maintain parameter log_mode with value normal for SAP HANA

Maintain parameter rdisp/TRACE with value 3

Maintain parameter rec/client with value ALL

Explanation
This is one of the things that you need to do to correct the problem and enable logging of changes to the system and client change options for your production SAP S/4HANA environment. The system and client change options are settings that determine whether changes to configuration data or customizing objects are allowed or restricted in a system or client. The changes to these options can be logged using the Security Audit Log, which is a tool that records security-relevant events in SAP systems. The parameter rsau/enable is a parameter that controls whether the Security Audit Log is activated or deactivated. If the parameter is set to
‘1’, the Security Audit Log is activated and changes to the system and client change options are logged.
References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

QUESTION 41
How can you describe static and dynamic assignments? Note: There are 2 correct answers to this question.

Static assignments are set up via the Cloud Cockpit.

Static assignments occur at runtime.

Dynamic assignments are based on scope values.

Dynamic assignments are based on attribute values

Explanation
Static assignments are the assignments of roles and role collections to users or groups that are done manually via the Cloud Cockpit. Dynamic assignments are the assignments of roles and role collections to users or groups that are done automatically based on scope values. Scope values are attributes that are derived from the user’s identity provider or from the application context. References:
https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/9e1bf57130ef466e8017eab298
https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/9e1bf57130ef466e8017eab298

QUESTION 42
What are the key capabilities of Enterprise Threat Detection? Note: There are 2 correct answers to this question.

Dashboard-based analysis for security risks

Predictive threat notification

Real time capture of abnormal user activities

Blocking user access

Explanation
Enterprise Threat Detection is a security solution that provides dashboard-based analysis for security risks and real time capture of abnormal user activities. It enables you to monitor and detect cyberattacks and internal fraud by analyzing log data from various sources, such as SAP systems, operating systems, databases, firewalls, and routers. References:
https://help.sap.com/viewer/product/SAP_ENTERPRISE_THREAT_DETECTION/en-US
https://help.sap.com/viewer/product/SAP_ENTERPRISE_THREAT_DETECTION/en-US

QUESTION 43
What is required when you configure the PFCG role for an end-user on the front-end server? Note: There are 2 correct answers to this question.

The catalog assignment for the start authorization

The S_RFC authorization object for the OData access

The Fiori Launchpad designer assignment

The group assignment to display it in the Fiori Launchpad

QUESTION 44
For which reasons would you choose an “anonymous SSL Client PSE” setup? Note: There are 2 correct answers to this question

To perform mutual authentication

To use data encryption

To use as a container for the CAs

To perform authentication

QUESTION 45
Which tool do you use to customize the SAP HANA default password policy? Note: There are 2 correct answers to this question.

SAP HANA Lifecycle Manager

SAP HANA Studio

SAP HANA Cockpit

SAP Web IDE

QUESTION 46
What are main characteristics of the Logon ticket throughout an SSO logon procedure? Note:
There are 2 correct answers to this question.

The Logon ticket is used for user-to-system communication.

The Logon ticket session is held in the working memory.

The Logon ticket is always set to client 000.

The Logon ticket is not domain restricted.

Explanation
These are some of the main characteristics of the Logon ticket throughout an SSO logon procedure. SSO (Single Sign-On) is a feature that enables users to log on to multiple systems or applications with one authentication process and without entering their credentials multiple times. Logon ticket is one of the methods for implementing SSO in SAP systems, which uses digital certificates and cookies to authenticate users and systems. The Logon ticket is used for user-to-system communication, which means that it contains information about the user’s identity and authorizations that can be verified by the target system or application.
The Logon ticket session is held in the working memory, which means that it is stored temporarily in the memory of the user’s browser or system and deleted when the session ends or expires. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

QUESTION 47
Based on your company guidelines you have set the password expiration to 60 days. Unfortunately, there is an RFC user in your SAP system who must not have a password change for 180 days. Which option would you recommend to accomplish such a request?

Create an enhancement spot or user exit

Create a security policy via SECPOL and assign it to the RFC user

Change the profile parameter login/password_expiration_time to 180

Define the RFC user as a reference user

QUESTION 48
You want to allow your trainee colleagues to use the SAP GUI to connect directly to your SAP S/4HANA (on-premise) demo system from a public internet connection. Which of the following SAP solutions is suited for this purpose?

SAP Web Dispatcher

SAP Cloud Connector

SAProuter

SAP NetWeaver Gateway

Explanation
This is one of the SAP solutions that is suited for this purpose of allowing your trainee colleagues to use the SAP GUI to connect directly to your SAP S/4HANA (on-premise) demo system from a public internet connection. SAProuter is a program that acts as an application-level gateway between SAP systems and networks using TCP/IP protocol. SAProuter can be used to establish secure and encrypted connections between SAP systems and external networks using SNC (Secure Network Communication) certificates and keys. SAProuter can also be used to control access to SAP systems based on various criteria, such as source IP address, destination IP address, service name, or port number. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/c8/e8d53d35fb11d182b90000e829fbfe/content.htm?

QUESTION 49
You have an HR table for which you want to create a role to provide users the ability to display and change its table content based on the country groupings. Which of the steps would you take to accomplish these requirements? Note: There are 2 correct answers to this question.

Maintain the authorization object S_TABU_LIN

Create an authorization group with appropriate authorization fields for the table

Define an organization criterion through transaction SPRO

Maintain the authorization object S_TABU_NAM

QUESTION 50
When re-configuring the user management engine (UME) of an AS Java system, what do you need to consider to change the data source from system database to an ABAP system successfully?

The UME configuration file dataSourceConfiguration_database_only.xml is automatically updated with an appropriate dataSourceConfiguration_abap.xml file.

All users and groups in the system database must have different IDs than existing users and groups in the ABAP system.

The logon security policy for the existing users is aligned with the logon security policy in the ABAP system.

You need to import the users from the system database into the ABAP system.

Explanation
This is one of the tasks that you need to consider to change the data source from system database to an ABAP system successfully when re-configuring the user management engine (UME) of an AS Java system. The UME is a component that handles user administration and authentication for AS Java systems. The UME can use different data sources for storing user and group data, such as system database, ABAP system, or LDAP directory. When changing the data source from system database to an ABAP system, you need to ensure that all users and groups in the system database have different IDs than existing users and groups in the ABAP system, otherwise there will be conflicts and errors during the migration process. References:
https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/9e2e3f6f8e41e8a283aaf2ad2c64c4/content.htm?n

Loading …

SAP P-SECAUTH-21 exam covers a variety of topics related to system security architecture, including access control, authentication, authorization, and auditing. Candidates are required to have a deep understanding of these topics and be able to apply them in real-world scenarios. P_SECAUTH_21 exam also tests candidates on their ability to design secure systems that meet the specific needs of an organization.

Candidates for the SAP P_SECAUTH_21 certification exam should have a minimum of two years of experience in system security architecture and design. They should also have a strong understanding of SAP system architecture and design principles, as well as experience with SAP security technologies and solutions. Additionally, candidates should possess strong analytical and problem-solving skills and be able to work effectively in a team environment.

P_SECAUTH_21 Sample with Accurate & Updated Questions: https://www.exams4sures.com/SAP/P_SECAUTH_21-practice-exam-dumps.html