C_GRCAC_10 - SAP Certified Application Associate - SAP BusinessObjects Access Control 10.0
Go back to
What is the purpose of role mining?
To consolidate roles by taking actions after running comparisons
Which activity can you perform when you use the Test and Generate options in transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
Generate and activate function modules for workflow-related rules.
How do you enable the Access Control audit trail function for access rules?
Activate the relevant configuration parameter using the Customizing Edit Project (SPRO) transaction.
Your customer wants a manager to fulfill both MSMP workflow agent purposes. How do you configure this?
Maintain the manager agent twice, once for each purpose, using different agent IDs.
What data is synchronized when you run the GRAC_REPOSITORY_OBJECT_SYNC report? (Choose three)
Which connection type do you use for the RFC destination to establish a connection between GRC and an SAP ERP back-end system?
Which of the following is a feature of centralized Emergency Access Management?
Reason codes are defined once and assigned per system.
What is the purpose of a mitigating control?
To assign a compensating control to a risk
Which periodic review process allows a role owner to remove roles from the users?
Which of the following attributes are mandatory when creating business role definition details in Business Role Management? (Choose three)
You have set up your Firefighter IDs in the target system. Which of the following jobs do you have to run to synchronize these IDs and their role assignments with the Access Control system?
Which indirect provisioning types are supported in user provisioning? (Choose three)
Which agent purposes are available in MSMP workflow? (Choose two)
Which Access Control master data is shared with Process Control and Risk Management?
Organizational master data
Your customer wants to eliminate false positives from their risk analysis results. How must you configure Access Control to include organizational value checks when performing a risk analysis? (Choose two)
Configure organization rules for each relevant risk.
Update the functions that contain each relevant action by activating the fields for the required permissions.
Which integration scenarios are specific to Access Control? (Choose three)
Superuser Privilege Management (SUPMG)
Authorization Management (AUTH)
Which of the following role provisioning types does Access Control user provisioning support? (Choose three)
What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to do?
Use the connector group as a business role management landscape.
Which objects must you activate when you create a BRFplus Routing rule? (Choose three)
What information must you specify first when you copy a user access request?
Which of the following jobs do you have to schedule to collect Firefighter session information?
Which of the following are rule types used in MSMP workflow? (Choose three)
ABAP Class-Based rule
Function Module-Based rule
What do you mitigate using Access Control?
You want to synchronize the Access Control repository with data from various clients. In which sequence do you execute the synchronization jobs?
1. PFCG Authorization Sync 2. Repository Object Sync (profile, role, user) 3. Action Usage Sync 4. Role Usage Sync
How do you enable stage configuration changes to become effective after a workflow has been initiated?
Activate the Runtime Configuration Changes OK indicator.
You want to assign an owner when creating a mitigating control. However, you cannot find the user you want to assign as an owner in the list of available users. What could be the reason?
The user has not been assigned as an owner in the organizational hierarchy.
You define a background job using transaction SM36. Which of the following options are start conditions you can use to schedule the background job to run periodically? (Choose two)
You have created an agent rule in BRFplus. Which additional configurations do you have to perform to use this agent rule in a workflow? (Choose two)
Define agents and their purposes.
Link the rule to the appropriate process ID.
Which of the following objects can you customize for MSMP workflows? (Choose two)
Multiple paths for one process ID
Multiple notification templates for one process ID
Which configuration parameters determine the content of the log generated by the SPM Log Synch job? (Choose three)
Retrieve System log (4004)
Retrieve OS Command log (4006)
Retrieve Audit log (4005)
You have updated authorization data for your roles in the target system using PFCG. You now want to synchronize the authorization data in Business Role Management without changing the existing role attributes. How do you accomplish this?
Use the Role Mining function.
Which process steps should you perform when you define a workflow-related MSMP rule? (Choose two)
Select a result data object.
Save condition parameters.
Which combination of rule kind and rule type determines the path upon submission of a request?
Initiator rule BRFplus
For which IMG object can you activate the password self-service (PSS) in Access Control?
For which purpose can you use organizational value mapping?
To maintain derived roles with organizational units
Which of the following IMG activities are common component settings shared across GRC? (Choose three)
Maintain connection settings.
Define a connector.
Assign a connector to a connector group.
For what purpose can you use the Role Status attribute in Business Role Management?
To restrict the roles available for user access requests
Which auto-provisioning options are available in the global provisioning configuration? (Choose three)
Auto-Provision at End of Request
Which of the following objects can you maintain in the "Maintain Paths" work area of MSMP workflow configuration? (Choose three)
Stage notification settings
Which report types require the execution of batch risk analysis? (Choose two)
Offline risk analysis reports
User and role analysis dashboards
What does an agent rule determine?
The approvers/recipients for the workflow
Which prerequisites must be fulfilled if you want to create a technical role using Business Role Management? (Choose two)
The role methodology must be defined.
Role attributes such as business process and subprocess must be defined.
Which of the following tasks must you perform if you want to enable a user to log on to a Firefighter ID?
Create a reason code.
Your customer wants to adapt their rule set to include custom programs from their SAP ERP production system. How do you ensure that the custom programs can be maintained properly in the rule set? (Choose three)
Synchronize SU24 data for use in Access Control Function maintenance using transaction GRAC_AUTH_SYNC.
Maintain all relevant authorization objects and the associated default field values in transaction SU24 in the SAP ERP system.
Create a custom transaction code for each customer program using transaction SE93 in the SAP ERP system.
How do you manually replicate initiators from a previous version of Access Control so they can be used in BRFplus and a MSMP workflow?
Create an initiator rule and assign it to a process ID.
You want to update two authorizations that are shared across multiple roles. How do you accomplish this most efficiently?
Update each authorization in all roles in two mass role update sessions.
Who approves the review of the periodic segregation of duties?
Which transaction do you use to monitor background jobs in Access Control repository synchronization?
Overview of Job Selection (SM37)
You have identified some risks that need to be defined as cross-system risks. How do you configure your system to enable cross-system risk analysis?
1. Set the analysis scope of the function to cross-system. 2. Create a cross-system type connector group. 3. Assign the corresponding connectors to the connector group. 4. Generate rules.
Which transaction do you use to access the general Customizing activities for Access Control?
Customizing Edit Project (SPRO)