C_GRCAC_12 – SAP Certified Application Associate – SAP Access Control 12.0 (90 Questions)

The “SAP Certified Application Associate – SAP Access Control 12.0” certification exam for the essentials edition certifies that the applicant possesses the fundamental understanding of SAP Governance, Risk, and Compliance needed for the consultant profile. With an emphasis on SAP Governance, Risk, and Compliance in a mentoring capacity, this certification demonstrates that the applicant has a comprehensive understanding and in-depth technical abilities to participate as a member of an SAP Access Control installation project team. The recommended qualification for entry-level employment is this certification exam.

Topic Areas

C_GRCAC_12 – SAP Certified Application Associate – SAP Access Control 12.0 exam covers the following topics:

Please see below the list of topics that may be covered within this certification and the courses that cover them. Its accuracy does not constitute a legitimate claim; SAP reserves the right to update the exam content (topics, items, weighting) at any time.

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap

Exam details:

1. Which of the following represents valid Agent Types within MSMP Workflow configuration? Note: There are 2 correct answers to this question.
a. BRFplus rule
b. PFCG Roles*
c. BRFplus flat rule
d. GRC API (Application Programming Interface) Rules*

2. SAP Governance, Risk, and Compliance solutions are organized along 4 key themes. Which of the following are key themes? Note: There are 3 correct answers to this question.
a. Audit Management*
b. Cybersecurity and Data Protection
c. Business Integrity Screening*
d. Access Governance
e. Enterprise Risk and Compliance*

3. You are implementing Access Request Management. Which integration scenarios should you assign to the target connector? Choose the correct answer.
a. PROV*
b. PROV, AUTH
c. PROV, ROLMG
d. PROV, ROLMG, SUPMG, AUTH

4. Which of the following reviewer options does User Access Review support? Choose the correct answer.
a. Manager or Risk Owner
b. Manager or Role Owner*
c. Manager and Role Owner
d. Manager and Risk Owner

5. Which of the following SAP functionalities can you use to calculate rule results when configuring MSMP Workflow? Note: There are 2 correct answers to this question.
a. ABAP Function Module*
b. BRFplus*
c. Standard SAP report
d. Direct Operating System call

6. You want to use Access Request Management to provision access in a target system. Which of the following actions are required before access can be provisioned using an access request? Note: There are 2 correct answers to this question.
a. Maintain System Provisioning Configuration*
b. Import role definitions in Business Role Management
c. Maintain custom End User Personalization settings
d. Maintain Global Provisioning Configuration*

7. You want approver authentication when approving an access request. Which MSMP Workflow stage configuration option can you use? Choose the correct answer.
A. Reaffirm Approval*
B. Approve by Email
C. Approve Despite the Risk
D. Confirm Approval

8. You wish to synchronize data from transaction SU24 in the SAP S/4HANA production system into SAP Access Control for use in building a rule set. What is the correct synchronization job schedule for completing this task? Choose the correct answer.
a. Authorization Sync*
b. It is not possible to synchronize SU24 data from a production system
c. Repository Object Sync followed by an Action Usage Sync
d. Action Usage Sync followed by Role Usage Sync

9. You want to create an Initiator rule in BRFplus for the standard access request. Which structures provide the attributes that you can use to define your rule? Note: There are 2 correct answers to this question.
a. GRAC_ACCESS_REQUEST_APPL_MAPPING
b. GRAC_DT_REQUEST_FIELD_LABELS
c. GRAC_S_REQUEST_RULE_HEADER*
d. GRAC_S_REQUEST_RULE_LINE*

10. It is mandatory for a Firefighter ID to be assigned to which of the following? Choose the correct answer.
a. Firefighter ID Controller
b. Firefighter ID Owner and Firefighter ID Controller
c. Firefighter
d. Firefighter ID Owner*

11. Which combination of rule kind and rule type determines the path upon submission of a request?
a. Agent rule BRFplus Flat
b. Routing rule BRFplus
c. Initiator rule BRFplus*
d. Agent rule ABAP Class-Based

12. Which transaction do you use to monitor background jobs in Access Control repository synchronization?
a. Schedule Background Jobs (SM36)
b. Test Background Processing (SBTA)
c. Batch Input Monitoring (SM35)
d. Overview of Job Selection (SM37)*

13. Which type of user account does an emergency access user need to log on to a Firefighter session using transaction GRAC_SPM?
a. A user account in the User Management Engine (UME)
b. A user account in the Access Control system*
c. A user account in the LDAP system
d. A user account in the target system

14. Which of the following IMG activities are common component settings shared across GRC? (Choose three.)
a. Maintain plug-in settings.
b. Maintain connection settings.*
c. Maintain mapping for actions and connector groups.
d. Define a connector.*
e. Assign a connector to a connector group.*

15. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to do?
a. Run a cross-system analysis.
b. Use the connector group for transports to the target system.
c. Monitor the target system.
d. Use the connector group as a business role management landscape.*

16. Your customer wants to adapt their rule set to include custom programs from their SAP ERP production system.
How do you ensure that the custom programs can be maintained properly in the rule set? (Choose three.)
a. Maintain all relevant authorization objects and the associated default field values in transaction SU24 in the GRC system.
b. Synchronize SU24 data for use in Access Control Function maintenance using transaction GRAC_AUTH_SYNC.*
c. Synchronize SU24 data for use in Access Control Function maintenance using transaction GRAC_REP_OBJ_SYNC.
d. Maintain all relevant authorization objects and the associated default field values in transaction SU24 in the SAP ERP system.*
e. Create a custom transaction code for each customer program using transaction SE93 in the SAP ERP system.*

17. Which auto-provisioning options are available in the global provisioning configuration? (Choose three.)
a. Manual Provisioning*
b. Indirect Provisioning
c. Auto-Provision at End of Request*
d. No Provisioning*
e. Combined Provisioning

18. Which tasks must you perform to enable a user to begin a central Firefighter session? (Choose three.)
a. Create a user ID for the Firefighter in the target system.
b. Assign an owner to the Firefighter.
c. Maintain Firefighter ID owners in Access Control owners.*
d. Maintain reason codes in Superuser Maintenance.*
e. Assign a controller and a Firefighter to a Firefighter ID.*

19. What data is synchronized when you run the GRAC_REPOSITORY_OBJECT_SYNC report? (Choose three.)
a. Profiles*
b. Roles*
c. Role usage
d. PFCG authorizations
e. Users*

20. You create a BRFplus initiator rule for the Access Request approval workflow.
Which standard request attribute that is listed as a header data object, as well as a line item data object, can you insert into a condition column?
a. Location
b. Business Process*
c. Department
d. Priority
Answer: B

21. Which Access Control master data is shared with Process Control and Risk Management?
a. Access risk master data
b. Organizational master data*
c. Business process master data
d. Subprocess master data

22. Which of the following objects can you maintain in the “Maintain Paths” work area of MSMP workflow configuration? (Choose three.)
a. Paths*
b. Path versions
c. Rules for path mappings
d. Stage notification settings*
e. Stages*

23. For what purpose can you use the Display Review Screen setting in MSMP Stage Details?
a. To view the rule result
b. To view the stage configuration
c. To view the initiator rule
d. To view the access request*

24. How do you enable the Access Control audit trail function for access rules?
a. Activate the relevant configuration parameter using the Customizing Edit Project (SPRO) transaction.*
b. Activate the table logging parameter using the Profile Parameter Maintenance (RZ11) transaction.
c. Activate table logging using the Table History (SCU3) transaction.
d. Activate the security audit log using the Security Audit Configuration (SM19) transaction.

25. Which process steps should you perform when you define a workflow-related MSMP rule? (Choose two.)
a. Save a bottom expression.
b. Select a result data object.*
c. Select result parameters.
d. Save condition parameters.*

26. Which transaction can you use to customize notification templates?
a. Change Documentation (SII1)
b. SAP Documentation (SE61)*
c. Message Maintenance (SE91)
d. Documentation Message Types (WE64)

27. What is the purpose of mitigating control?
a. To control the access that is allowed to be assigned to a role
b. To determine which users are allowed to access the system
c. To assign a compensating control to risk*
d. To limit the access that is allowed to be assigned to a user

28. Which BRFplus object is used as a container for all other BRFplus objects?
a. Expression
b. Condition Group
c. Application*
d. Function

29. Which of the following tasks must you perform if you want to enable a user to log on to a Firefighter ID?
a. Schedule the Firefighter Workflow Sync job periodically.
b. Run the Firefighter Log Sync job.
c. Set up the Firefighter log configuration parameters.
d. Create a reason code.*

30. Which of the following is a feature of centralized Emergency Access Management?
a. Reason codes are defined once and assigned per system.*
b. The Firefighter is required to log on to each target system to perform Firefighter activities.
c. The Firefighter IDs are created centrally in Access Control.
d. Administration, reporting, and Firefighter logon are performed on target systems.

31. Which periodic review process allows a role owner to remove roles from the users?
a. UAR Review*
b. SoD Review
c. Firefighter Log Review
d. Role Certification Review

32. You want to assign an owner when creating a mitigating control. However, you cannot find the user you want to assign as an owner in the list of available users.
What could be the reason?
a. The user is already assigned as an owner to another mitigating control.
b. The workflow for creating a mitigating control has not yet been approved.
c. The user is locked.
d. The user has not been assigned as an owner in the organizational hierarchy.*

33. Which report types to require the execution of batch risk analysis? (Choose two.)
a. Ad-hoc risk analysis reports
b. Offline risk analysis reports*
c. User-level simulation reports
d. Access rules detail reports
e. User and role analysis dashboards*

34. Where can you define a mitigating control? (Choose three.)
a. In the mitigating controls workset in Access Control*
b. In the rule setup in Access Control
c. In the Access Control risk analysis result screen*
d. In the central process hierarchy in Process Control*
e. In the activity setup in Risk Management

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap      

35. You have created a new end-user personalization (EUP) form. Where can you make use of this EUP form? (Choose two.)
a. In a stage configuration of a workflow*
b. In an organizational assignment request
c. In a template-based request*
d. In a model user request

36. Your customer has created a custom transaction code ZFB10N by copying transaction FB10 and implementing a user exit.
How can you incorporate customer enhancement into the global rule set so that it will be available for Risk Analysis?
a. Update security permissions in all relevant authorization objects, maintain the custom program name in all relevant functions, and generate the access rules.
b. Update all relevant functions with ZFB10N, maintain the permission values for all relevant authorization objects, and generate the access rules.*
c. Update all relevant functions with ZFB10N, maintain the permission values in the relevant access risk, and generate the
global rule set.
d. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions, and generate the global rule set.

37. What is the purpose of role mining?
a. To consolidate roles by taking actions after running comparisons.*
b. To compare authorizations by merging roles during the back-end synchronization.
c. To consolidate authorizations by merging roles in one step.
d. To compare roles by running back-end synchronizations.

38. Which of the following attributes are mandatory when creating business role definition details in Business Role Management? (Choose three.)
a. Functional Area
b. Company
c. Landscape*
d. Project Release*
e. Application Type*

39. What information is available in the audit trail log for access rules? (Choose two.)
a. Which terminal ID the change was made from
b. When the change was made*
c. Who made the change*
d. Who approved the change

40. For which purpose can you use organizational value mapping?
a. To maintain derived roles with organizational units*
b. To group roles by organization
c. To maintain composite roles with organizational units
d. To group users by organization

41. Which reviewers can you select using the Access Control configuration parameter 2006 (Who are the reviewers) for user access review (UAR)? (Choose two.)
a. A.MANAGER*
b. B. ROLE OWNER*
c. C. RISK OWNER
d. D. SECURITY LEAD
e. E. APPROVER

42. Which of the following are rule types used in MSMP workflow? (Choose three.)
a. Web Service rule
b. ABAP Class-Based rule*
c. Function Module-Based rule*
d. BRFplus rule*
e. ABAP User Exit-Based rule

43. How do you manually replicate initiators from a previous version of Access Control so they can be used in BRFplus and an MSMP workflow?
a. Create multiple initiator rules and assign them to a process ID containing different detour path
assignments.
b. Create an initiator rule and assign it to multiple process IDs.
c. Create multiple initiator rules and assign them to a process ID.
d. Create an initiator rule and assign it to a process ID.*

44. For what purpose can you use the Role Status attribute in Business Role Management?
a. To organize the authorization structure for your company.
b. To indicate that a role is relevant for a specific project.
c. To restrict the roles available for user access requests.*
d. To define how essential a role might be for your company.

45. What does an agent rule determine?
a. The workflow initiator to be executed
b. The workflow detour routing to be executed
c. The available variables to be used in notifications
d. The approves/recipients for the workflow*

46. Which indirect provisioning types are supported in user provisioning? (Choose three.)
A. Organization Type*
B. Job*
C. Position*
D. Holder
E. User

47. Which agent purposes are available in MSMP workflow? (Choose two.)
a. Approval*
b. Notification*
c. Forwarding
d. Routing
e. Rejection

48. Which of the following objects can you customize for MSMP workflows? (Choose two.)
a. Multiple initiator rule IDs for one process ID
b. Multiple paths for one process ID*
c. Multiple agent IDs for one stage
d. Multiple notification templates for one process ID*

49. Which of the following owner types must be assigned to a user to receive the notification that a log report has been generated as the result of a Firefighter session?
a. Mitigation approver
b. Firefighter ID owner
c. Firefighter ID controller*
d. Firefighter role owner

50. How are lines and columns linked in a BRFplus initiator decision table?
a. A column to a column through a logical OR
b. A column to a line through a logical OR
c. A column to a column through a logical AND*
d. A line to a line through a logical AND

51. You have set up your Firefighter IDs in the target system.
Which of the following jobs do you have to run to synchronize these IDs and their role assignments with the Access Control system?
a. GRAC_SPM_WORKFLOW_SYNC
b. GRAC_REPOSITORY_OBJECT_SYNC*
c. GRAC_SUPER_USER_MGMT_USER
d. GRAC_PFCG_AUTHORIZATION_SYNC

52. What do you mitigate using Access Control?
a. Roles
b. Users
c. Risks*
d. Functions

53. What information must you specify first when you copy a user access request?
a. User ID
b. System ID
c. Role
d. Request number*

54. Which integration scenarios are specific to Access Control? (Choose three.)
a. Provisioning (PROV)*
b. Risk Management (RMGM)
c. Superuser Privilege Management (SUPMG)*
d. Automatic Monitoring (AM)
e. Authorization Management (AUTH)*

55. You have identified some risks that need to be defined as cross-system risks. How do you configure your system to enable cross-system risk analysis?
Option 1
a. Set the analysis scope of the function to cross-system.
b. Create cross-system type connectors.
c. Assign the corresponding connectors to the appropriate connector group.
d. Generate rules.

Option 2
a. Set the analysis scope of the risk to cross-system.
b. Create cross-system type connectors.
c. Assign the corresponding connectors to the appropriate connector group.
d. Generate rules.

Option 3
a. Set the analysis scope of the risk to cross-system.
b. Create a cross-system type connector group.
c. Assign the corresponding connectors to the connector group.
d. Generate rules.

Option 4*
a. Set the analysis scope of the function to cross-system.
b. Create a cross-system type connector group.
c. Assign the corresponding connectors to the connector group.
d. Generate rules.

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap      

56. Why would you generate a new MSMP workflow version?
a. To activate the stage configuration settings*
b. To deactivate parallel batch processing
c. To delete the existing workflow configuration settings
d. To change the process global settings

57. You want to synchronize the Access Control repository with data from various clients. In which sequence do you execute the synchronization jobs?
Option 1
1. Repository Object Sync (profile, role, user)
2. PFCG Authorization Sync
3. Action Usage Sync
4. Role Usage Sync

Option 2
a. PFCG Authorization Sync
b. Action Usage Sync
c. Role Usage Sync
d. Repository Object Sync (profile, role, user)

Option 3
a. Repository Object Sync (profile, role, user)
b. Action Usage Sync
c. PFCG Authorization Sync
d. Role Usage Sync

Option 4*
a. PFCG Authorization Sync
b. Repository Object Sync (profile, role, user)
c. Action Usage Sync
d. Role Usage Sync

58. Which task is mandatory for the successful generation of a workflow?
a. Transport every generated workflow version.
b. Correct errors prior to activating the workflow.*
c. Save the workflow version locally.
d. Perform a workflow version simulation.

59. Who approves the review of the periodic segregation of duties?
a. Mitigation monitors
b. Role owners
c. Mitigation approvers
d. Risk owners*

60. You have updated authorization data for your roles in the target system using PFCG. You now want to synchronize the authorization data in Business Role Management without changing the existing role attributes.
How do you accomplish this?
a. Use the Role Import template.
b. Use the Role Mass Update function.
c. Use the Role Mining function.*
d. Use the Mass Role Generation function.

61. Which of the following jobs do you have to schedule to collect Firefighter session information?
a. GRAC_SPM_LOG_ARCHIVING
b. GRAC_SPM_WORKFLOW_SYNC
c. GRAC_SPM_LOG_SYNC_UPDATE*
d. GRAC_SPM_CLEANUP

62. You define a background job using transaction SM36.
Which of the following options start conditions you can use to schedule the background job to run periodically? (Choose two.)
a. Step
b. Class
c. Date/Time*
d. Immediate*

63. Which transaction do you use to access the general Customizing activities for Access Control?
a. MSMP Workflow Configuration (GRFNMW_CONFIGURE)
b. Customizing Edit Project (SPRO)*
c. Launchpad Customizing (LPD_CUST)
d. Call View Maintenance (SM30)

64. What is a mandatory prerequisite for creating business roles in Business Role Management?
a. A condition group must be created.
b. A role methodology must exist.*
c. A workflow approval must be configured.
d. A role naming convention must be defined.

65. Your customer wants a manager to fulfill both MSMP workflow agent purposes. How do you configure this?
a. Maintain the manager agent twice, once for each purpose, using the same agent ID.
b. Maintain the manager agent once and assign both purposes to it without using an agent ID.
c. Maintain the manager agent twice, once for each purpose, using different agent IDs.*
d. Maintain the manager agent once and assign both purposes to it using the same agent ID.

66. Which of the following is a feature of centralized Emergency Access Management?
a. Reason codes are defined once and assigned per system.*
b. The Firefighter is required to log on to each target system to perform Firefighter activities.
c. The Firefighter IDs are created centrally in Access Control.
d. Administration, reporting, and Firefighter logon are performed on target systems.

67. You have added a new stage to an existing path and set the approval type to “Any One Approver” (A in the attached screenshot). Now you set the approval type to “All Approvers” in the default stage details of the new stage (B in the attached screenshot).
Which approval type will become effective?
a. A and B
b. None
c. A*
d. B

68. You maintain rules in the BRFplus framework.
For which rule kind can you activate the “Return all matches found” option for the decision table?
a. GRC API rule
b. Agent rule*
c. Routing rule
d. Initiator rule

69. Which objects must you activate when you create a BRFplus Routing rule? (Choose three.)
a. Initiator Flat Rule
b. Function*
c. Application*
d. Decision Table*
e. Result Column

Join SAP Learner Community on Linkedin –https://www.linkedin.com/showcase/sap-learner-community

70. You want to update two authorizations that are shared across multiple roles. How do you accomplish this most efficiently?
a. Update each authorization in all roles in two mass role update sessions.*
b. Update each authorization in one role in multiple mass role update sessions.
c. Update both authorizations in all roles in one mass role update session.
d. Update both authorizations in one role in multiple mass role update sessions.

71. You want to make Risk Analysis mandatory before an approver submits a request. How do you enable this in Access Control?
a. Activate “Exclude objects for batch risk analysis” in the IMG.
b. Set “Show all objects in risk analysis” (parameter ID 1036) to YES.
c. Set “Enable risk analysis on form submission” (parameter ID 1071) to YES.
d. Activate the corresponding MSMP stage task setting.*

72. Your customer wants to eliminate false positives from their risk analysis results.
How must you configure Access Control to include organizational value checks when performing a risk analysis? (Choose two.)
a. Configure organization rules for each relevant function.
b. Update the functions that contain each relevant action by activating the fields for the required permissions and maintaining a value for each specific organization.*
c. Configure organization rules for each relevant risk.*
d. Configure organization-level system parameters to incorporate all organization levels for each relevant risk.

73. You have maintained an end-user personalization (EUP) form and set a particular field as mandatory.
Which additional field attribute settings are required? (Choose two.)
a. The field attribute Visible must be set to “Yes”.*
b. A default value must be maintained for the field.
c. The field attribute Editable must be set to “Yes”.*
d. The field attribute Visible must be set to “No”.
e. The field attribute Editable must be set to “No”.

74. You want to maintain roles using Business Role Management. How do you import the roles from the back-end system?
a. Use an SAP transport.
b. Execute the Role Import background job directly in the back-end system.
c. Use the standard import template.*
d. Execute the Role Repository Sync program.

75. Which configuration parameters determine the content of the log generated by the SPM Log Synch job? (Choose three.)
a. Enable Risk Change log (1002)
b. Enable Authorization Logging (1100)
c. Retrieve System log (4004)*
d. Retrieve OS Command log (4006)*
e. Retrieve Audit log (4005)*

76. Which activity can you perform when you use the Test and Generate options in transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
a. Generate and activate a BRFplus flat rule for workflow-related rules.
b. Create a rule type for workflow-related rules.
c. Create an MSMP process ID for workflow-related rules.
d. Generate and activate function modules for workflow-related rules.*

Join SAP Learner Community on Linkedin – https://www.linkedin.com/showcase/sap-learner-community

77. How does SAP deliver updates to the standard rule set for Access Control?
a. As BC sets in a Support Package that must be activated in the target system by the system administrator
b. As attachments in an SAP Note that must be entered manually by the system administrator*
c. As XML files in an SAP Note that need to be uploaded by the system administrator
d. As BC sets in a Support Package that are automatically activated when the Support Package is deployed

78. For which IMG object can you activate the password self-service (PSS) in Access Control?
a. Logical system
b. Connector*
c. Cross system
d. Condition group

79. You are building a BRFplus Flat rule decision table for use with role provisioning and you want your result set to be derived using the role line item data. You must therefore configure the results column value for the LINE _ITEM_KEY key field.
Which field from the context query do you select to achieve this?
a. ROLE_TYP
b. ITEMNUM*
c. CRITLVL
d. ROLE_NAME

80. Which connection type do you use for the RFC destination to establish a connection between GRC and an SAP ERP back-end system?
a. Logical connection
b. TCP/IP connection
c. ABAP connection*
d. ABAP driver connection

81. Which of the following role provisioning types does Access Control user provisioning support? (Choose three.)
a. Direct*
b. Indirect*
c. Auto-provisioning at end of request
d. No provisioning
e. Combined*

82. For which of the following scenarios would you activate the end-user logon function?
a. A user has no access to the Access Control system and needs to submit a request for access.*
b. A user has been promoted to manager and needs to log on to the Access Control system to approve a pending request.
c. A user has successfully completed validation testing.
d. A user has signed a non-disclosure agreement (NDA).

83. You need to create an access request workflow for a role assignment that will have two or three approval steps, depending on the role critically level.
Which type of rule do you use?
a. BRFplus Flat rule*
b. MSMP Notification rule
c. MSMP Agent rule
d. BRFplus rule

84. You have activated the MSMP workflow Business Configuration (BC) Sets delivered by SAP. However, your customer requires a four-stage workflow for the Access Request process to include approval by the system owner.
How do you achieve this?
a. Define a custom notification template and assign it to the corresponding BRFplus Flat rule.
b. Deactivate the standard BC Set and create a custom BC Set.
c. Create an additional stage and define the appropriate agent rule.*
d. Use an existing agent rule and remove one stage.

85. How do you enable stage configuration changes to become effective after a workflow has been initiated?
a. Activate the Path Reroute indicator.
b. Activate the Path Override Assignment Type indicator.
c. Activate the Path Reval New Role (Revaluation) indicator.
d. Activate the Runtime Configuration Changes OK indicator.*

86. You have created an agent rule in BRFplus.
Which additional configurations do you have to perform to use this agent rule in a workflow? (Choose two.)
a. Define agents and their purposes.*
b. Maintain workflow route mappings.
c. Link the rule to the appropriate process ID.*
d. Define notification variables.

87. You want to create a connector for an SAP ERP client. You must therefore define the technical parameters for the Remote Function Call (RFC) destination.
What does SAP recommend regarding the name of the RFC destination?
a. The RFC destination name must begin with the prefix “GRC”.
b. The RFC destination name must be the same as the logical system name.*
c. The RFC destination name must include the installation number of the destination system.
d. The RFC destination name must include the IP address of the target destination.

88. What are Business Configuration (BC) Sets for Access Control? (Choose two.)
a. A collection of configuration settings designed to populate SAP tables with content*
b. A set of system parameter settings
c. A collection of configuration settings designed to populate custom-defined tables with content
d. A set of predefined Customizing settings*

89. What must you define in order to analyze user access for a critical transaction?
a. A critical mitigation control
b. A critical role
c. A critical profile
d. A critical access rule*

90. Which prerequisites must be fulfilled if you want to create a technical role using Business Role Management? (Choose two.)
a. The role methodology must be defined.*
b. Organizational level mapping must be created.
c. Role attributes such as business process and subprocess must be defined.*
d. The workflow approval path and relevant approvers must be defined.
e. Access risk rules must be generated.

91. Which of the following actions in Business Role Management require a connection to a target system? (Choose three.)
a. Generation*
b. Authorization maintenance (actions and permissions)*
c. Risk analysis*
d. Approval
e. Testing

Hope these MCQs will help you with your SAP certification.

Good Luck!!

Get any SAP video course – https://zarantech.teachable.com/courses/category/sap      

Join SAP Learner Community on Linkedin – https://www.linkedin.com/showcase/sap-learner-community

Visit our website – https://wwwzarantech.com

Keep learning & innovating!

Here is some other SAP Certification MCQ’s for your reference:   

P_SECAUTH_21 – SAP Certified Technology Professional – System Security Architect (80 Questions)

P_TSEC10_75 – SAP Certified Technology Professional – System Security Architect (252 Questions)