P_TSEC10_75 – SAP Certified Technology Professional – System Security Architect (252 Questions)

The SAP Certified Technology Professional P_TSEC10_75 exam is a well-known certification test and passing it calls for the candidate to put up their best effort. The path that can help you pass the P_TSEC10_75  SAP Certified Technology Professional – System Security Architect exam is what you need to pay close attention to. Let’s have a look one by one.

Topic Areas

P_TSEC10_75 – SAP Certified Technology Professional – System Security Architect exam covers the following topics:

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap

Exam details:

Here is the List of MCQ’s (Multiple Choice Questions):                         (The correct answers are mentioned with *)

1. Testing and analyzing: SNC information is provided in trace files. What are the 3 most common errors?
A. Library could not be loaded*
B. No credentials*
C. No entry in ACL*
D. No contents format

2. Which is the only user in the SAP system for which no user master record is required (since it is defined in the code)?
A. SAP*
B. PASS
C. 6071992

3. Which fields have the authorization object S_TABU_LIN?
A. Activity*
B. Organizational criterion*
C. Attribute for organizational criterion*
D. Pripare

4. Which safeguards answer the threat of Tampering (denial, message alteration)?
A. the SAP Passport
B. Digital Signature*

5. What are the 2 ways in which we can determine the required authorization if we can not find documentation?
A. authorization error analysis*
B. SU53*
C. ST01*
D. SF34

6. What are the two different maintenance views of the profile generator PFCG?
A. Basic maintenance*
B. Complete view*
C. Design user menus
D. Maintain authorization data

7. Which SAP Standard role allows you to set up the AIS?
A. SAP_AUDITOR_ADMIN*
B. SAP_EDITOR_ADMIN

8. Which authorization object determines what table someone can look at with the transactions SE16, SE16N, or SE17; SM30 or SM31; and SE12
A. S_TABU_DIS*
B. S_TEDU_FID
C. S_TRAS_DIC

9. Which authorization objects protect file access?
A.  C_DATASET
B. S_DATASET*
C.  P_DATASET

10. Is it possible to add composite roles to composite roles?
A. True
B. False*

11. What are the 2 options and the properties of a stateful user session? 
A. Session ID (Either in web browser cookie or into the user ́s URL) -> SSL doesn’t work*
B. IP Address of client -> SSL Ok (but an issue with proxy)*
C. IP Address of client ->SAL Ok (but an issue with proxy)

12. Transaction to define child and central system in the CUA
A. SALE*
B. PURCHASE

13. How to maintain the configuration of the logon tickets?
A.  SSO1
B. SSO2*
C. STRUSTSSO3
D. STRUSTSSO2*

14. What is the table for the Extended user Access control
A. USRACLEXT*
B. LDSSDSJMX

15. Which of the following are the benefits of creating a custom t-code to link  SE16 to a specific table?
A. You no longer need to grant access to transaction code SE16.*
B. With your custom transaction code, you can look at any table.
C. With your custom transaction code, you can look only at the table specified in the transaction code.*
D. Custom transaction codes can be easily created, without requiring any
programming.*

16. How to display the results of the security audit log (transaction)?
A. SE20*
B. SE21
C. SE22
D. SE23

17. Which authorization object can be used to ensure the security administrator only adds value for a specific company code?
A. S_USER_AGR
B. S_USER_TCD
C. S_USER_VAL*

18. What are the 3 steps to install the PAS?
A. Install SAP package ntauth.sar*
B. Set the Service file parameters*
C. Maintain user mapping. Maintain table USREXTID Report (RSUSREXTID)*
D. user must accept session cookies

19. How should be the naming convention for new developments?
A. Authorization and authorization profiles*
B. Authorization classes, objects, fields*
C. Analysis and Conception
D. Quality assurance and Tests

20. Which authorization object helps you to enforce the role naming convention in restricting the allowed role names?
A. S_USER_AGR*
B. S_USER_TCD
C. S_USER_VAL

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap

21. 4 activities of the ICF with transaction SICF (Maintain services)
A. SE80*
B. SE79
C. SE78
D. SE77

22. What are the authorizations needed to create and maintain an external command?
A. SM69*
B. SM70
C. SM71
D. SM72

23. Which authorization object ensures that the decentralized admin only adds authorized t- codes to roles
A. S_USER_AGR
B. S_USER_TCD*
C. S_USER_VAL

24. What are the 3 major components of the Role maintenance tool (PFCG)?
A. menu*
B. authorizations*
C. users*
D. profile

25. Profile parameter: Number of incorrect login attempts allowed with a user master record before the user master record is locked. The lock is removed at midnight
A. login/fails_to_session_end
B. login/min_password_lng
C. Login/fails_to_user_lock*
D. login/failed_user_auto_unlock
E. login/password_expiration_time

26. Which transaction lists each RFC destination and the user involved?
A. RSRFCCHK*
B. object S_RFC

27. What are the 2 ways to control the choice of user passwords?
A. System profile parameters*
B. Invalid passwords*
C. Valid passwords

28. Which protocol is used between SAP Servers?
A. RFC, Remote function call*
B. The ITS, Internet Transaction Server
C. The SAP Web-GUI

29. What 4 pieces of information contain the sap logon ticket?
A. User Id,*
B. User passcode
C. Validity period,*
D. Issuing System ID,*
E. Issuing system’s digital signature*

30. Which profile parameters define the location of the secinfo file?
A. gw/sec_info*
B. Sapxpg
C. S_RZL_ADM

31. ITS: What are the 2 main functions of the Wgate (Webserver)?
A. Connects the ITS to the Webserver*
B. Use the HTTP protocol*
C. Use the HTML language

32. The reports of the user information system start with?
A. RSUSR + #*
B. ESUSE + #

33. What is the field of the authorization object S_TABU_CLI
A. Filament
B. CLIIDMAINT*

34. Which special user is responsible for maintaining the ABAP Dictionary and the software logistics in client 000?
A. DDIC*
B. Early Watch
C. SUPPORT
D. S_TCODE

35. What are the 4 activities required for an upgrade of The Profile Generator?
A. Migrate the report tree*
B. Check the Profile Generation activation*
C. Upgrade the roles and default tables (su25)*
D. Conversion of manually created profiles to roles if necessary (su25)*

36. What is the transaction for client copy between systems?
A. SCC9*
B. SCC8*
C. SCC7
D. SCC6

37. Composite role: What are the 2 possibilities if the composite role has been modified and you click on the refresh button?
A. Re-import*
B. Merge*
C. Reduction*
D. Extension*

38. What is the SAP standard composite menu and authorization Role which contains every role in the AIS?
A. SAP_AUDITOR*
B. SAP_CA_AUDITOR*
C.  SAP_CF_AUTITOR

39. What is Central User Administration used for?
A. To administer passwords for SAP users centrally
B. To maintain printer landscapes centrally
C. To administer user master records centrally*
D. To create authorization profiles centrally

40. Which transaction allows you to view the assignments of the events to audit classes and security levels with the system log message maintenance
A. SE92*
B. SE93
C. SE91
D. SE94

41. 6 types of information that can be recorded with the security audit log?
A.  Dialog log-on attempts*
B.  RFC log-on attempts*
C.  Transaction starts*
D. Modification

42. 3 types of security policy
A. General Security policy.
B. IT Security policy
C. Configuration documentation*
D. Change Policy.

43. Which SAP Product is used for DIAG/RFC Proxy?
A.  SAP Create
B. SAP router*

44. Are transactions called indirectly with the ABAP statement CALL_TRANSACTION checked?
A. True
B. False*

45. What is the standard password of the user Early Watch?
A. DDIC
B. Early Watch
C. SUPPORT*
D. S_TCODE

46. What are the 2 special users defined in client 000?
A.  SAP*
B. DIDIC*
C.  DEDIF

47. Which table defines which authorization checks are to be performed with a transaction and which are not?
A. RZ11
B. USOBX_C
C. USOBT_C
D. USOBX*

48. What are the main components of the authorization concept?
A. Authorization object class*
B. Authorization object*
C. Authorization field*
D. Authorization*
E. Authorization profile*

49. Which authorization object define which printers you can print to?
A. S_SPO_DEV*
B. S_SVR_DEV

50. What are the 5 steps of the authorization concept conception?
A. Preparation:*
B. Analysis and Conception*
C. Implementation*
D. Quality assurance and Tests*
E. Cutover*

51. What are the 3 main sources of risks?
A. Persons*
B. Technology*
C. Environment*
D. Implementation & support

52. After transport of the user master record. Should a comparison occur?
A. YES*
B.  NO

53. Which authorization object enforce actions you can take with spool requests (Admin) and enforce access to a spool request that does not belong to you?
A. S_SAO_ACT
B. S_SPO_ACT*

54. Profile parameter: The value 0 means that the user is not forced to change the password. A value > 0 specifies the number of days after which the user must change the login password.
A. login/fails_to_session_end
B. login/min_password_lng
C. Login/fails_to_user_lock
D. login/failed_user_auto_unlock
E. login/password_expiration_time*

55. How is it called when programs can be written that modify the IP address of the source of the TCP/IP packet, to fool the network into thinking that the packet is coming from within the network?
A. Buffer
B. Overflow
C. Spoofing*

56. SAP systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them.
Which transaction is used in order to archive or delete the audit files?
A. SM15
B. SM16
C.  SM17
D. SM18*

57. What activities can be assigned to the authorization object S_PROGRAMM?
A.  Starting a program (SUBMIT)*
B. Scheduling a program as a background job (BTCSUBMIT)*
C. Variant maintenance (VARIANT)*
D. Variant maintenance (SDFGHJT)

58. Which kind of server translates the logical name into the physical name, and the domain name into the IP address?
A. DNS*
B. DES
C. DJF

59. Which transaction displays the history of the system change options?
A. SE03*
B. SE04
C. SE05
D. SE06

60. What is the default Communication RFC user set up for transport management?
A. TMSADM*
B. TRSDASM
C. TGRDHSJ

61. Which SAP standard roles give access required to administer background jobs
A.  SAP_BA_BATCH_ADMIN PANEL
B.  SAP_BC_BATCH_ADMIN*

62. What is the interface of web-based information for the end user
A.  RFC, Remote function call
B. The ITS, Internet Transaction Server
C.  The SAP Web-GUI*

63. What is the default password of the user master record SAP* after the installation of client 000?
A. SAP
B. PASS
C. 6071992*

64. Which table Specifies which systems are allowed to connect to the SAP system using SNC?
A.  SNCSYSACL*
B.  SNDFKEERL
C.  SLOKUHTDL

65. What are the 4 check indicators?
A. CM = Check/Maintain*
B. C = Check*
C. N = No Check*
D. U = Unmaintained.
E. C= Unregistered

66. What are the fields of the authorization object S_DEVELOP
A. DEVCLASS*
B. OBJTYPE (PROG)*
C. OBJNAME*
D. P_GROUP*
E. ACTV*

67. How to ensure that the indirectly called transaction with the ABAP statement
CALL_TRANSACTION is subject to an authorization check?
A.  SE97*
B.  TCDCOUPLES*
C.  SE96 D SE95

68. Which authorization object is checked when a user invokes an RFC?
A. RSRFCCHK
B. object S_RFC*

69. Which authorization object checks the objects of an area menu since a transaction code is assigned to each executables menu entry?
A. DDIC
B. Early Watch
C.  SUPPORT
D. S_TCODE*

70. Which authorization objects can you examine to determine if security is administered centrally or regionally?
A. S_USER_GRP*
B. S_TCD_GRP
C. S_USER_AGR*
D. S_USER_ADD

71. Which transaction allows you to approve a transport request?
A. STMS*
B. SYAS
C. AJSA

72. Which authorization enforces that one person can create the menu portion of the role, but someone else updates the authorizations?
A. S_USER_AUT*
B. S_USER_PRO

73. In which table is the assignment between the groups and the ABAP dictionary objects (tables)?
A. TDDAT*
B. S_TABU_CLI
C. Early Watch
D. SUPPORT

74. What are the 3 different roles in decentralized User Administration?
A.  User administrator*
B. Authorization data administrator*
C.  Authorization profile administrator*
D. Authorization uses administrator

75. What are the 2 required steps necessary for operating the profile generator?
A. Profile parameter auth/no_check_
in_some_cases has the value Y*
B. The default tables USOBX_C and USOBT_C
are filled*
C.  The default tables UQWFX_C and UKDBT_C
are filled

76. Which transaction will be used to choose the granularity of the log category to Multi-Step Multi-Process (MSMP) ID while debugging issues with the MSMP workflow?
A. GRFNMW_ADMIN
B. GRFNMW_CONFIGURE_WD
C. GRFNMW_DEBUG_MSG*
D. GRFNMW_DEBUG

77. What are the 4 status texts about authorization maintenance?
A. Standard*
B. Maintained*
C. Changed*
D. Manual*
E. Double

78. Derived roles: 2 ways to perform the comparison between the roles?
A. Comparison from the imparting role (“Generate Derived role” button*
B. Comparison from the derived role (“Transfer Data” button)*
C. Comparison from the derived role (“Transfer blow”)

79. ITS: What are the 4 main functions of the A gate?
A. Communication to and from the SAP system*
B. Communicates using the SAP protocols RFC and DIAG.*
C. Data security is associated with persons and individuals*
D. Generating the HTML pages from SAP screens*
E. Managing user logon data and session information*

80. What is the profile of the special user Eearlywatch?
A.  S_WOOLS_EX_A
B.  S_TOOLS_EX_A*

Join SAP Learner Community on Linkedin – https://www.linkedin.com/showcase/sap-learner-community

81. The following logon parameters can be used to ensure your system is adequately secured.
A.  logon/fails_to_user_lock*
B. logon/min_password_specials*
C. logon/min_password_diff*
D. logon/named_super_user

82. What is the transaction for a local client copy?
A. SCCL*
B. SFGH
C. CDDF
D. SCEL

83. Which User information system report monitors the passwords of all predefined users?
A. RSUSR003*
B. RSUSR004
C. RSUSR005

84. Which authorization object check program (reports) use?
A. S_TABU_CLI
B. Early Watch
C. S_PROGRAM*

85. Which transaction should be used when access to a table and why?
A. SM28
B. SM29
C. SM30*
D. SM31

86. The Audit Information System is intended for external audits only.
A. True
B. False*

87. What are the 3 different fields of the S_LOG_COM authorization object?
A. Command*
B. Opsystem*
C. Host D Host*

88. What are the 2 ways to assign roles to users for a limited period of time with a useful comparison?
A. As a background job: report pfcg_time_dependency*
B. With the transaction PFUD (User master record reconciliation)*
C.  With the transaction PEAD (User master record reconciliation)

89. What are the 2 profile parameters used to configure SSO with sap logon tickets?
A. Login/create_sso2_ticket*
B. Login/accept_sso2_ticket*
C.  Login/accept_sso3_ticket

90. What is the meaning of the traffic lights Icons for authorization maintenance?
A. Green*
B. Yellow*
C. Red*
D. blue

91. Which authorization object controls the authorization to execute a program
A. S_PROGRAM*
B. C_PROGRAM
C. F_PROGRAM
D. H_PROGRAM

92. When you connect the Diagnostics Agent to your Solution Manager system, which of the following Outside Discovery jobs are triggered? Note: There are 3 correct answers to this question.
A. Log File Discovery
B. IIS Discovery*
C. Database Discovery*
D. Network Discovery
E. Host Discovery*

93. What are the 5 steps of the ASAP Methodology?
A. Project preparation*
B. Business blueprint*
C. Implementation*
D. Final preparation*
E. Go live and support*

94. Mandatory fields are needed to create user master data.
A. On the Address tab page: The last name field*
B. On the logon data tab page: Initial password*
C.  To administer user master records centrally
D.  To create authorization profiles centrally

95. What are the four main sections of the audit analysis report?
A.  Introductory information*
B. Audit data*
C.  Statistical analysis*
D.  Contents*
E.  Detailed data

96. Which authorization object grants authorization to maintain cross-client tables with the standard table maintenance transaction?
A. TDDAT
B. S_TABU_CLI*
C. Early Watch
D. SUPPORT

97. 4 SNC profile parameters?
A. Activate SNC (snc/enable)*
B. Set level of protection (snc/data_protection/max)*
C.  Accept RFC and DIAG connections that is not protected by SNC (snc/accept_insecure_gui)*
D. Use external authentication (snc/extid_login_diag)*
E. Portal Content Directory (content role assignment)

98. What are the pro and cons of composite roles?
A. One work center*
B. One composite role*
C. One assignment*
D. One central menu*

99. With which transaction can you assess the security audit log?
A. SM20 or SM20n*
B. SM21 or SM21n
C. SM22 or SM22n

100. What is the default password of the special user Early Watch?
A. SUPPORT*
B. Maintain

101. Which kind of attack makes the server unavailable? There are several ways to do this, such as snapping the network cable, physically destroying the server, or unplugging it from the network.
A. A denial of data
B. A denial of service*

102. Which field has the authorization object S_TABU_CLI?
A. CLIIDMAINT*
B. MAINTAIN

103. In which table is the table change logged?
A. DBTABPRT*
B. DFTAHG
C. DGJKAHST

104. Which transactions allow you to view the transport system log?
A. SE09*
B. SE10*
C. SE111

105. Which authorizations object do you use to grant access to all ABAP Workbench components
A. S_DEVELOP*
B. C_DEVELOP
C. F_DEVELOP

106. Authorization that defines which field values an administrator may enter in roles for which authorization object and which fields?
A. S_USER_GRP
B. S_USER_AUTH
C. S_USER_PRO
D. S_USER_VAL*
E. S_USER_SYS

107. What are the 3 trust manager profile parameters?
A. sec/libsapsecu, specify the location of the SAPCRYPTOLIB*
B. ssf/ssfapi_lib, specify the location of the SAPCRYPTOLIB*
C.  ssf/name must be set to SAPSECULIB*
D. Using groups at the creation dolmen level

108. In which 4 cases does Secure Store and Forward (SSF) provide security for SAP data and documents?
A. Data leaves the SAP system*
B. Data is stored on insecure media*
C. Data is transmitted over insecure networks*
D. Data security is associated with persons and individuals*
E.  Data book is associated with persons

109. The SAP also has a CA that issues digital certificates to customers. What is the digital certificate issued by the SAP Trust Center Services called?
A. the SAP Passport*
B. Digital signature

110. What are the transactions to create and monitor background jobs?
A. SM36*
B. SM37*
C. SM38

111. 5 Options available when manually inserting a new authorization? PFCG > Authorization tab > Edit > Insert authorization.
A. Selection criteria*
B. Manual input*
C. Full authorization*
D. From profile*
E. From template*

112. SSL encryption with WAS. 4 info to specify with the help of profile parameters?
A. Specify Plug-in*
B. Specify Server Port*
C. Specify whether to use client certificate*
D. Software load balancer
E. Specify the location of sap cryptolab*

113. Only the complete user master and not individual users can be copied.
A. True*
B. False

114. What are the different types of Organization plan objects?
A. Organizational Unit*
B. Position*
C. Job*
D. Task*
E. Work

115. Which profile parameters specifies the number of seconds until an inactive user is automatically logged out?
A. rdisp/gui_auto_logout*
B. rdisp/gui

116. For what is the Audit Information System (AIS) a checking tool?
A. External auditing*
B. Internal auditing*
C. System checks*
D. Data protection*
E. Ultra data protection

117. What is the SAP standard role for spool administration?
A.  S_SPO_PAGE
B. SAP_BC_SPOOL_ADMIN*

118. Which profile contains authorization for all new checks in an existing transaction?
A. SAP_NEW*
B. SAP_ OLD
C. SAP_ ADVANCED
D. SAP_ PREVIOUS

119. What are the 4 different types of roles?
A. Customizing role*
B. Derived role*
C. Composite role*
D. Normal role*
E. Straight role

Join SAP Learner Community on Linkedin – https://www.linkedin.com/showcase/sap-learner-community

120. Transaction code to maintain profile parameters?
A. RZ11*
B. USOBX_C
C. USOBT_C
D. USOBX

121. Which profile parameter specifies the exactness of the logon timestamp?
A. logon/update_logon_timestamp*
B. logon/update

122. Which protocol is used between the SAP GUI and the Server?
A. DEDG Protocol
B. DIAG Protocol*

123. 5 Scenarios of load-balancing with the WAS?
A. Message Server-based redirection*
B. Dispatcher or Load-Balancer*
C. SAP Web dispatcher*
D. Alternative technologies*
E. Combining technologies (Web switch and web dispatcher)*

124. The activity “Send User Name and Password” is the first step during the password authentication procedure in SAP NetWeaver ABAP-based systems; whereas the activity “Authenticate” is the last.
What is the correct sequence of the activities between these two steps?
A. Check Code Conversion Calculate hash function (pwd) in the Application
Server Compare hash stored in USR02
B. Calculate the hash function (pwd) in the Application Server Check Code
Conversion Compare hash stored in USR02
C. Calculate hash function (pwd) in the Application Server Compare hash
stored in USR02 Check Code Conversion
D. Compare hash stored in USR02 Check Code Conversion Calculate hash function
(pwd) in Application Server*

125. Which table defines each transaction and for each authorization object which default values an authorization created from the authorization object should have in the Profile Generator?
A. USOBT*
B. RZ11
C. USOBX_C
D. USOBT_C
E. USOBX

126. Which transaction show which authorizations are currently in the user buffer?
A. SU56*
B. SU45
C. SU34
D. SU76

127. What are the transactions code for creating, editing, and displaying the organizational plan?
A. Create*
B. Change*
C. Display*
D. Uncreate

128. What is the table for maintaining system clients?
A. T000*
B. T001
C. T002

129. What is the principle of Treble control?
A.  Sharing the administrative tasks (user admin and*
B. authorization admin, role maintenance,
profile generation)*
C. amongst three administrators is called the principle of treble control*
D. authorization admin, role maintenance, profile don’t generation)

130. What are the 2 different worlds for SSO?
A. SAP GUI for Windows SNC*
B. Web SSL*
C. SAP RTD for Windows SFG

131. In a dual host installation, where do you use firewalls?
A. Firewall in front of the Web server to deny access using undesired protocols*
B. Firewall between the Web server and the AGate to restrict access even more.*
C Using groups at the operating system level

132. How is the system called to set up a trusted relationship and allow user
logging based on this trusted relationship for transport?
A. TGD Trusted Services*
B. TMS Trusted Services
C. TJF Trusted Services

133. Which transaction allows you to maintain the profile parameters?
A. RZ11*
B. RZ12
C. RZ13

134. What is the goal of SNC in an ITS environment?
A. Authentication between the components*
B. Integrity protection*
C. Privacy protection*
D. Using groups at the creation dolmen level

135. Which authorization object is needed to maintain external commands?
A. gw/sec_info
B. Sapxpg
C. S_RZL_ADM*

136. What are the authorization object and their fields that allow you to work with transport?
A. CUST*
B. DTRA*
C. TASK*
D. DARK

137. What is the transaction for the User Information system?
A. SDFM
B. ADIM
C. SUIM*
D. SUPM

138. What program allows you to assign an authorization group to all executable programs or to individual programs or program groups?
A. RSCSAUTH*
B. RDFFGSAH
C. REDVDDFF

139. What are the 3 user authentication mechanisms?
A. User Id and passwords*
B. X.509 client certificates*
C. Pluggable Authentication Services PAS*
D. External mechanisms*
E. Y.508 client certification

140. Which authorization object protects the standard list download?
A. S_GUI*
B. S_DFG
C. S_GUT

141. What is the transaction to maintain the SNC PSE?
A. Use the trust manager S_Trust*
B. Use the trust manager A_Trust
C. Use the trust manager D_Trust

142. Profile parameter: Number of incorrect login attempts allowed with a user master record before the logon procedure is terminated
A. login/fails_to_session_end*
B. login/min_password_lng
C. Login/fails_to_user_lock
D. login/failed_user_auto_unlock
E. login/password_expiration_time

143. What are the 3 fields of the authorization object S_RFC?
A. Type of RFC object to be protected*
B. Name of RFC to be protected*
C. Activity*
D. Deactivity

144. PFCG, which are the activities to create a role?
A. Define role name*
B. Determine activities*
C. Design user menus*
D. Maintain authorization data*
E. Maintain master data

145. Can a role have several profiles generated?
A. True*
B. False

146. What are the 2 checks executed after a transaction start to ensure
that the user has the appropriate authorization?
A. Check if the user is authorized to start the Transaction*
B. Check if an authorization object is assigned to the transaction code*
C. Check if the user is unauthorized to start the Transaction
D. Check if an un-authorization object is assigned to the transaction code

147. Which table specifies the users that can log on to the system using SNC?
A. USRACL*
B. URDSAL
C. URSLAA

148. You have successfully finished an SAP S/4HANA backend, SAP Fiori front-end, and Web-dispatcher configuration. In the SAP Fiori Launchpad,
the search for a G/L account fails, but the regular app search works fine.
What could be the cause of the problem?
A. Missing authorization on the front-end side
B.  The search connectors are NOT activated
C.  The SAP Web Dispatcher is down*
D. Missing authorization on the backend side

149. Which authorization object limits the number of pages a user can print to a specific printer?
A.  S_ADMI_FCD
B. S_SPO_PAGE*

150. How can you protect the target system with an import lock in order to avoid transporting the user assignments to roles?
A. PRGN_CUST*
B. USER_REL_IMPORT:=NO.*
C. USER_REL_IMPORT:=YES.

151. Which transactions copy the SAP default table USOBX and USOBT to the custom tables USOBX_C and USOBX_T?
A. SU25*
B. RZ11
C. USOBX_C
D. USOBT_C
E. USOBX

152. What is an ITS service?
A. Multiple ITS instances connect to a single systems
B.  An ITS service is the set of components needed to call
an SAP transaction via the ITS*

153. SNC: Where are the private keys stored?
A. In the SDC PSE*
B. In the SNC PSE
C. In the SEC PSE*

154. Which 2 tables control the behavior of the Profile Generator after the transaction has been selected?
A. RZ11
B. USOBX_C*
C. USOBT_C*
D. USOBX

155. What is the measure for each source of risk?
A. Organizational Measures*
B. Technical Measures*
C. Environmental measures*
D. Access Control
E. System Access Control

156. Regardless of the release status, after an upgrade, you will have 2 possible statuses. What are they?
A. The source release did not use PFCG (it might have to be activated)*
B. Source release used PFCG (This means that tables USOBT_C and US OBX_C have
to be updated as well as the existing roles)*
C. Conversion of manually created profiles to roles if necessary (su25)

157. 3 kinds of alternatives technologies for the load balancing
A. Hardware load balancer*
B. Software load balancer
C. Web switched*

158. 2 roles that the web application server (WAS) can play?
A. SAP Web AS as client component*
B. SAP Web AS as server component*
C. SAP Web AS as server component

159. Does the user assigned to a position then inherit all authorization profiles of these roles?
A. YES*
B. NO

160. Profile parameter: a list containing the users who may log onto the system more than once is stored
A. login/fails_to_session_end
B. login/multi_login_users*
C. login/min_password_lng
D. Login/fails_to_user_lock

161. Which authorization object enforces administering the spool system (Admin)? Values SP01, SP0R, SPAA, SPAB, SPAC, SPAD, SPAM, SPAR, SPTD, SPTR
A. S_ADMI_FCD*
B. S_SPO_PAGE

162. Does authorization define the roles names for which an administrator is authorized and the activities that are allowed?
A. S_USER_GRP
B. S_USER_AUTH
C. S_USER_PRO
D. S_USER_AGR*
E. S_USER_TCD

163. The security policies are created by the security team in isolation from the business team. Determine whether this statement is true or false.
A. True
B. False*

164. What is a system (or a combination of systems) called that protects a networked system from unauthorized or unwelcome access?
A. A firewall*
B. B firewall
C. F firewall

165. Which authorization object and its field enforce the administration function in the change and transport system?
A. TABL*
B. INIT*
C. IMPA*
D. IMPS*
E. TADD*

166. What is the safeguard against Eavesdropping?
A. Safeguard
B. Encryption*

167. What are the 2 possibilities to establish trust when using the SAPCRYPTOLIB?
A. Either use a single PSE for all communication partners*
B. Exchange public-key certificates*
C. Using groups at the creation dolmen level

168. What is a characteristic of the pre-delivered ‘system-local’ package within the SAP HANA repository?
A. It can be assigned to a delivery unit
B. It is used for development testing*
C. It contains SAP HANA Interactive Education (SHINE)
D. It is used as a container for the SAP HANA live content

169. Which profile parameter set the time for automatic SAPGUI logout?
A. rdisp/gui_auto_Signin
B. rdisp/gui_auto_logout*

170. Which transaction allows you to see if the TMS Quality Assurance approval procedure has been set up?
A. STMS*
B. SAMS
C. SRMS

171. What are the 2 main corposants of the ITS
A. Web gate*
B. Application gate*
C. Transfer gate

172. ABAP Workbench components that are protected with S_DEVELOP
A. ABAP development tools*
B. ABAP Dictionary and Data Modeler*
C. Screen Painter and Menu Painter*
D. ABAP WORKBENCH COMPONENTS

173. Which authorization component can be transported?
A. User master records*
B. Roles*
C. Authorization profiles*
D. Check indicators*
E. components

174. 4 types of security audit log filters?
A. User*
B. Audit Classes*
C. Client*
D. Security Level*
E. Unsecurity

175. What 3 security goals answer SSF?
A. Integrity*
B. Privacy*
C. Authentication*
D. Unprivacy

176. By default, authorization profiles are transported with roles. What should be set up in order to avoid it?
A. PROFILE_TRANSPORT:=NO*
B. Table PRGN_CUST*
C. PROFILE_TRANSPORT:=YES

177. What are the 2 types of role implementation strategies?
A. Menu roles*
B. Authorization roles*
C. Item roles

178. Which authorization object restricts a user’s access rights to specific parts of a table?
A. S_TABU_LIN*
B. TDDAT
C. S_TABU_CLI
D. Early Watch

179. What are the 3 main windows of the Organization plan transaction?
A. Organizational Structure window*
B. Staff Assignments window*
C. Task Profile window*
D. Work task window

180. CUA: In which transaction is the technical definition of the RFC connection maintained?
A. SM59*
B. SM58
C. SM57
D. SM56

181. What are the 3 main components of an SAP role?
A. Role Menu*
B. Authorization*
C. User*
D. Access Control

182. How can you deactivate the special properties of SAP*?
A. set the system profile parameter*
B. login/no_automatic_user_sapstar to a value greater than zero*
C.  set the new profile parameter

183. Which SAP product transforms the traditional SAP applications to Web-based transactions, so that they are accessible using Internet technology?
A. RFC, Remote function call
B. The ITS, Internet Transaction Server*
C. The SAP Web-GUI

184. What 3 security goals answer the digital signature?
A. Integrity*
B. Authentication*
C. Non-repudiation*
D. repudiation

185. To which object type is persons assigned in the organizational plan?
A. Position*
B. Post
C. Cost

186. Which authorization object defines which table contents may be maintained by which employees?
A. S_TABU_DIS*
B. The authorization object S_TABU_DIS controls only complete accesses, which
are made using standard table maintenance*
C. S_TAEAU_DPS

187. What is the transaction to access the CCMS alert monitor
A. RZ20*
B. RZ21
C. RZ22 D RZ23

188. What is the structure of the SAP Router file entry?
A D: Deny*
B P: Permit*
C S: Permit*
D T:Permit

189. What are the 4 types of RFC connections?
A. Synchronous RFC*
B. Asynchronous RFC*
C. Dsshsdbcvdsa RFC

190. Which transactions maintain the custom tables USOBX_C and USOBX_T?
A. RZ11
B. USOBX_C
C. USOBT_C
D. USOBX
E. SU24*

191. Authorization that defines the transactions that an administrator may include in a role?
A. S_USER_GRP
B. S_USER_AUTH
C.  S_USER_PRO
D. S_USER_AGR
E. S_USER_TCD*

192. What is the profile parameter to define the maximum of filters that can be used?
A. Rsau/creation_slot
B. rsau/selection_slot*

193. How entries in the Table USR40 (Invalid passwords) can be made generically?
A. ?denotes a single character*
B. *denotes a character string*
C. ?denotes double character

194. How to combine the 2 worlds (SAP GUI and web)?
A. Using logon tickets, ITS and SAP shortcuts*
B. Logon tickets are passed to the SAP shortcuts using ITS service wngui*
C. Only from the web to traditional (traditional to web not supported)*
D. Maintain user mapping. Maintain table USREXTID Report (RSUSREXTID)

195. Which authorization object gives access to many administration functions?
A. S_AGFI_FCD*
B. S_AFGI_FCD
C. S_ADMI_FCD

196. What are the 4 steps required to set up the AIS
A. Copy the SAP role*
B. Update the roles*
C. Create a user for the auditor*
D. Assign the roles*
E. User profile roles

197. Does authorization define the authorization object name and the authorization name for which an administrator has authorization and the activities that are allowed ?
A. S_USER_GRP
B. S_USER_AUTH*
C. S_USER_PRO
D. S_USER_AGR
E. S_USER_TCD

198. Which user group should be assigned to the users’ SAP*, DDIC, and EARLYWATCH?
A. user group Support*
B. user group SUPER

199. Profile parameter: If this parameter is set to value 1, the system blocks multiple SAP dialog logons (in the same client and with the same user name)
A. login/fails_to_session_end
B. login/disable_multi_gui_login*
C. login/min_password_lng
D. Login/fails_to_user_lock

200. At which level is it possible to enforce the changes?
A. System*
B. client*
C. viable

201. Profile parameter: If the parameter is set to 1 (default), user locks caused by
incorrect logins during previous days are not taken into consideration.
If the value is set to 0, the lock is not removed
A. login/fails_to_session_end
B. login/min_password_lng
C. Login/fails_to_user_lock
D. login/failed_user_auto_unlock*
E. login/password_expiration_time

202. Which of the authorization objects protects transaction code execution?
A. S_TCODE*
B. P_TCODE*
C. Q_TCODE*
D. X_TCODE

203. Which ABAP object is used to check the authorization object assigned to the transaction?
A. TSTCA
B. Authoritycheck*
C. S_USER_GRP
D. S_USER_AUTH
E. S_USER_PRO

204. What is the transaction to maintain and activate the security audit log?
A. SM19*
B. SM20
C. SM21
D. SM22
E. SM23

205. Which authorization object is provided to create and maintain users and assignments in a decentralized fashion with user groups?
A. S_USER_GRP*
B. S_CHANGE_GRP
C. S_CHATLOG_GRP
D. S_PROFESSION_GRP

206. What is the transaction of the ICM monitor?
A. SMICM*
B. SHDFK
C. SIFIDH

207. What are the 5 major authorization objects used to protect which transaction codes a user can access and for which product are they meant to be?
A. S_TCODE*
B. Q_TCODE*
C. I_TCODE*
D. E_TCODE

208. Derived roles: Can the inherited roles be changed?
A.  True
B. False*

209. What is the transaction to display an overview of the modifications and enhancements found in the system that you can search by Last transport request or Request/Task?
A. SE95*
B. SE96
C. SE97
D. SE98

210. What is the transaction for the system trace tool?
A. ST01*
B. ST02
C. ST03
D. ST04

211. What are the 3 types of encryption?
A. Symmetric*
B. Asymmetric*
C. Sdfmmetric

212. What are the 3 authorization objects required to create and maintain user master records?
A. S_USER_GRP*
B. S_USER_PRO*
C. S_USER_AUT*
D. S_CHANGE_PRO

213. Which table maps the Authorization Group to a list of tables?
A. TDDAT*
B. TPPDE
C. RTYRA

214. Which fields consist of the authorization S_TABU_DIS?
A. DICBERCLS: Authorization group for ABAP Dictionary objects (only tables/views assigned to authorization group “V*”
(DICBERCLS=V*) may be maintained.)*
B. ACTVT: Activity (02, 03)*
C. ACTVT: Activity (05, 07) D ACTVT: Activity (09, 01)

215. What are the 2 status texts about authorizations after a comparison?
A. Old*
B. New*
C. Previous

216. Which table specifies that WebRFC users can log on using the AGate‘s SNC-protected connection?
A. USRACLEXT*
B. USRACJFFXL
C. UYTGFESDK

217. Which authorization object is needed to execute external commands?
A.  Sapxpg
B. S_RZL_ADM
C. S_LOG_COM*

218. What are the return codes after the authorization check with the ABAP object authority check?
A. The user has the authorization for the object and the value of the field*
B. The user has the authorization for the object, but not for filed value*
C. The user has no authorization*
D. No profile is entered in the user master record*
E. Check if an authorization object is assigned to the transaction code

219. Derived roles: is the user assignment inherited?
A. True
B. False*

220. Which command displays all connections and listening ports on your computer?
A. netstat –a*
B. netstat –b
C. netstat –c

221. Which of the following are logs that exist in an SAP system? (More than one answer is correct).
A. Webflowlogs*
B. Application logs*
C. Change documents log*
D. User and authorization change logs*
E. None of the above

222. What is the difference between System Access Control and Role-based Access control?
A. Organizational Measures
B. Technical Measures
C. Environmental measures
D. Access Control*
E. System Access Control*

223. What are the 3 constraints of the logon ticket?
A. the same DNS,*
B. user Id identical in all systems,*
C. user must accept session cookies*
D. Same DHF, Id passcode contents passcode

224. What is the default password of the user SAP*?
A. SAP*
B. PASS*
C. 6071992

225. Which program starts the external command after it has passed the gateway?
A. gw/sec_info
B. Sapxpg*
C. S_RZL_ADM

226. Which of the following are security advantages to a three-tier landscape?
A. Ensure changes occur only in the development system.*
B. Ensure changes occur only on your production system.
C. Developers do not have access to production data.*
D. You control when changes are moved into production.*
E. You can test changes in a QA system*

227. What is the audit log’s main objective? (3 points)
A. Security-related changes*
B. Higher level of transparency*
C. Enables the reconstruction of a series of events*
D. Slower level of transparency

228. What is the table for the SNC System access control list
A. SNCSYSACL*
B. SNFDJDEVM
C. SDFJDLSMD

229. SAP offers many types of systems and applications. Each type of SAP system (mySAP CRM, SAP BW, SAP R/3, mySAP SRM, SAP APO) is so varied that the systems do not share security tools or security services. Determine whether this statement is true or false
A. True
B. False*

230. What is the important property of catalog roles in SAP HANA?
A. Catalog roles are transportable
B. Privilege revocation is transitive*
C. _SYS_REPO needs to be granted privileges on data
D. Version management in place

231. What contains the Personal Security Environment (PSE)
A. Public key
B. Private key*
C. Server‘s public-key certificate*
D. Certificates of trusted CAs (certificate list)*

232. 7 activities of the ICM monitor?
A. Start and Stop the ICM*
B. Set trace level, view logs*
C. View profile parameters settings View statistics*
D. View memory pipe information view active services*
E. Monitor service cache*

233. The client change option does not override the system change option (t/f).
A. True*
B. False

234. Authorization object that defines the user groups for which an administrator has authorization and the activities that are allowed.
A. S_USER_GRP*
B. S_USER_AUTH
C. S_USER_PRO
D. S_USER_AGR
E. S_USER_TCD

235. Which transaction displays the table change log?
A. SCU3*
B. SCU2
C. SCU1

236. What are the 4 supported check indicators for transactions?
A. No check*
B. Unmaintained*
C. Check*
D. Check/Maintain*

237. What are the 2 fields of the authorization object S_TABU_DIS
A. DICBERCLS*
B. ACTVT*
C. Odet fee

238. ITS configuration: What is the difference between a single host configuration and a dual host configuration?
A. Single Host*
B. Dual Host*
C. Multiple Host

239. What are the 2 main components of the AIS reporting tree?
A. System auditing functions*
B. Business auditing functions*
C. Reporting auditing functions

240. X.509 client certificates: which table is responsible for the user mapping?
A. USREXTID*
B. UDBNVVD
C. UFSKSDHD

241. How do you protect access to the ITS service and template files?
A. Using groups at the operating system level*
B Using groups at the creation dolmen level

242. Profile parameter: minimum length of the login password
A. login/fails_to_session_end
B. login/min_password_lng*
C. Login/fails_to_user_lock
D. login/failed_user_auto_unlock
E. login/password_expiration_time

243. What are the 3 standards approval steps and their authorization object, value, and default value?                                                                                                    A. By request owner*
B. By user department
C. By system administrator
D. By user administrator

244. Which authorization object enforces that one person can create the role, but another person must generate the role?
A. S_USER_AUT
B. S_USER_PRO*

245. What is the transaction to view the change document for an object
A. SCDO*
B. SFED
C. SCGH
D. SCVF

246. Which profile parameter can you use in order to specify the use of S_RFC?
A. Name of RFC to be protected
B. Activity
C. auth/rfc_authority_check*

247. Which special user is delivered in client 066?
A. DDIC
B. Early Watch*
C. SUPPORT
D. S_TCODE

248. What are the 2 main options to create and save audit filters?
A. Create and save filters permanently in the database*
B. Change filters dynamically*
C. Create and save a filter temporary in the database

249. 3 enterprise portal authentication mechanisms:
A. User Id/Password (Form-based iView) X. 509 digital certificate*
B. Third-party authentication (Windows)*
C. Use external authentication (snc/extid_login_diag)

250. Authorization Profile that defines the profile names for which an administrator has authorization and the activities that are allowed.
A. S_USER_GRP
B. S_USER_AUTH
C. S_USER_PRO*
D. S_USER_AGR
E. S_USER_TCD

251. In which transaction can you release the change request to transport?
A. SE09*
B. SE10*

252. What is the transaction of the Internet Communication Framework (ICF)?
A. SICF*
B. SERT
C. SDFG
C. SE08

Hope these MCQ’s will help you with your SAP certification.

Good Luck!!

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap

Join SAP Learner Community on LinkedIn – https://www.linkedin.com/showcase/sap-learner-community

Visit our website – https://www.zarantech.com

Keep learning & innovating!

Here is some other SAP Certification MCQ’s for your reference:

P_SECAUTH_21 – SAP Certified Technology Professional – System Security Architect (80 Questions)

C_MDG_90 – SAP Certified Application Associate – SAP Master Data Governance