P_SECAUTH_21 – SAP Certified Technology Professional – System Security Architect (80 Questions)

The SAP System Security Architect Certification Exam attests to the candidate’s fundamental expertise and demonstrated abilities in the field. This exam verifies that the applicant has a thorough understanding of the consultant profile and is capable of applying that information realistically to projects while being guided by a more veteran consultant. Let’s have a look.

Topic Areas

Please see below the list of topics that may be covered within this certification and the courses that cover them. Its accuracy does not constitute a legitimate claim; SAP reserves the right to update the exam content (topics, items, weighting) at any time. 

Get any SAP Training Videos here 

Exam details:

Here is the List of MCQs (Multiple Choice Questions):

1. Which of the following features are provided by the SAP Fiori Launchpad Content Manager?
Note: There are 3 correct answers to this question.
A. Activate 0 Data Services
B. Create and Configure Groups
C. Display role assignments for Catalogs*
D. Display the issue with SAP Fiori Launchpad Content*
E Create and Configure Catalogs*

2. In SAP NetWeaver AS Java, the User Management Engine (UME) supports which of the following data sources for storing user data? Note: There are 3 correct answers to this question.
A. Java system database*
B. Directory/usr/sap
C. UDDI provider
D. ABAP-based sap system*
E. LDAP Directory*

3. What is the main purpose of SAP Access Control, as an enterprise software solution?
A. Manage corporate social media presence
B. Secure authentication for cloud and on-premise
C. Deployment of encryption services
D.Identify security risks and document compliance*

4. Which values are permitted for the S_BTCH_JOB authorization object? Note: There are 3 the correct answer to this question.
A. SHOW*
B. 01 (Create)
C. RELE*
D. DELE*
E. 02 (Change)

5. You want to limit an authorization administrator so that they can only assign certain authorizations. Which authorization object should you use?
A. S_USER_AGR*
B. S_USER_VAL
C. S_USER_ADM
D. S_USER_TCD

6. Which of the following functionalities are supported by SAP Information Lifecycle Management (ILM)? Note: There are 3 correct answers to this question.
A. Data Archiving
B. Data Logging
C. Data retention*
D. Alert Notification
E. Data Destruction*

7. Which of the following accurately describes a Composite Role? Note: There are 2 correct answers to this question.
A. Transaction cannot be deleted from the menu with authorizations retained
B. User assignment is maintained at the Composite Role level*
C. Menus cannot be adjusted as required
D. Authorization is maintained on a Single Role level*

8. Which of the following accurately describes Solution Manager Functionality? Note: There are 3 correct answers to this question.
A. Configuration validation can check if security policies were applied.
B. Configuration validation helps to standardize and harmonize security-related configuration items for ABAP systems only.
C. SAP EWA provides the most comprehensive security check.*
D. SAP SOS self-service is a convenient entry point to introduce security monitoring.*
E. A system recommendation provides a worklist of potentially relevant security notes.*

9. Which archiving object can you use for archiving change documents related to changes with authorizations assigned to the user?
A. US_PROF
B. US_AUTH*
C. US_PASS
D. USJJSER

10. When building a PFCG role for SAP Fiori access on an embedded front-end server configuration, which of the following item should be provided? Note: There are 3 correct answers to this question.
A. SAP Favorites
B. Catalog for the Start Authorization*
C. UI access to the Apps*
D. Start Authorizations for 0 Data Services*
E. WAPA Business Server Pages

11. A PFCG role can be linked to an SAP Organizational Management structure by which object types? Note: There are 3 correct answers to this question.
A. Job*
B. Person
C. Organizational Unit*
D. Task
E. Position*

12. Which of the following are system security threats? Note: There are 3 correct answers to this question.
A. Authority Violation*
B. Nonrepudiation
C. Code Injection*
D. System Penetration*
E. Availability

13. Which configuration options apply to the usage of VCLIENT in the parameter icm/server_port_<xx>? Note: There are 3 correct answers to this question.
A. VCLIENT default value is 0
B. VCLIENT value must be specified if SSL configuration is defined by SSLCONFIG
C. VCLIENT default value is 1*
D. VCLIENT = 0, which notifies the SSL server that no SSL client verification is needed*
E. VCLIENT = 1 the server asks the client to transfer a certificate*

14. Which of the following phases in the SAP AUDIT MANAGEMENT auditing process? Note: There are 3 correct answers to this question.
A. Mitigation Review
B. Engagement Planning
C. Remediation Analysis*
D. Communication Results*
E. Monitoring Progress*

15. Which of the following are used in SAP Enterprise Threat Detection ( ETD) architecture?
Note: There are 2 correct answers to this question.
A. SAP HANA Smart Data Streaming*
B. SAP IQ
C. Forensic Lab*
D. SAP ASE

16. You are Configuring authorizations to secure access to table data using transaction SM31 and you encounter authorization object S_TABU_DIS and field DICBERCLS. How can this field be used to secure access?
A. It allows you to specify access to tables associated with a specific authorization group*
B. It allows you specific access to specific client-dependent table
C. It allows you specific access to a specific client-independent table
D. It allows you specific access to tables referenced by a specific program group

17. Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?
A. S_TCODE
B. S_START
C. S_SERVICE*
D. S_PERSONAS

18. The report “Search for Application in Role Menu” can be called via which of the following options?
Note: There are 2 correct answers to this question.
A. Transaction SUIM (menu node “Roles”)*
B. Transaction RSUSR_ROLE_MENU*
C. Transaction RSUSR_START_APPL
D. Transaction SUIM, (Menu node ” Change
Documents”)

19. Which transaction codes are relevant to enable SNC between the ABAP system? Note: There are 3 correct answers to this question.
A. RZ10
B. SNCO*
C. STRUST*
D. PFCG
E. SU01*

20. What information can be provided by an Audit Class? Note: There are 3 correct answers to this question.
A. Dialog Logon*
B. RFC/CPIC Logon*
C. Transaction Start*
D. User Roles
E. User Authorizations

21. Which application allows a role developer to perform the mass maintenance of the menu options from selected SAP Fiori Title Catalogs?
A. PRGN_PRINT_AGR_MENU
B. PRGN_COMPARE_ROLE_MENU
C. PRGN_CREATE_FIORI_FRONTENDROLE*
D. PRGN_CREATE_FIORI_BACKENDROLES

22. Which of the following are used in SAP Enterprise Threat Detection ( ETD) architecture?
Note: There are 2 correct answers to this question.
A. SAP HANA Smart Data Streaming*
B. SAP IQ
C. Forensic Lab*
D. SAP ASE

23. A PFCG role can be linked to an SAP Organizational Management structure by which object types?
Note: There are 3 correct answers to this question.
A. A.Job*
B B.Person
C C.Organizational Unit*
D D.Task
E Position*

24. Which of the following app-specific types of entities do users need to use SAP Fiori apps?
Note: There are 2 correct answers to this question.
A. a) Master Data
B. b) UI*
C. c) Authorizations
D. d) Parameters*

25. Which of the following conditions apply when merging authorizations for the same object?
Note: There are 2 correct answers to this question.
A. a) Changed authorizations can be merged with manual authorizations, even if the activation status is different
B. b) Changed authorizations can be merged with manual authorizations, as long as the
activation status is the same*
C. c) Both the activation status and maintenance
status of the authorizations match*
D. d) Both the activation status and maintenance status of the authorizations does not match

26. Which of the following objects allows you to restrict which users can distribute a role to another system using an RFC destination?
A. a) S_USER_AGR
B. b) S_USER_SYS*
C. c) S_USER_AUT
D. d) S_USER_STA

27. During maintenance of the role you notice that the status text for an authorization object indicates the status “Changed New” What does this status text mean?
A. The authorization object was used to create a new authorization because the value contained in SU24 differs from the SAP standard contained in SU25
B. The authorization object must be maintained again
C. This authorization object has been flagged as a critical object
D. The authorization object was used to create a new authorization because the
initial configuration of the role change a default value maintained in SU24*

28. Which of the following describes the behavior of a reference used when assigned to a user master record?
Note: There are 2 correct answers to this question.
A. The reference user roles are directly assigned to the user master record.
B. The roles of the reference user are always hidden.
C. The roles of the reference user can be shown.*
D. The user master record references the role and authorizations assigned to the
reference user.*

29. Which of the following accurately describes Solution Manager Functionality?
Note: There are 3 correct answers to this question.
A. SAP SOS self-service is a convenient entry point to introduce security monitoring.*
B. A system recommendation provides a worklist of potentially relevant security notes.*
C. Configuration validation can check if security policies were applied.
D. SAP EWA provides the most comprehensive security check.*
E. Configuration validation helps to standardize and harmonize security-related configuration items for ABAP systems only.

30. Which authorization is required to modify authorization data of derived roles?
A. S_USER_AGR*
B. S_USER_SYS
C. S_USER_AUT
D. S_USER_VAL

Want to know more about our SAP Courses? Click here

31. Which transaction code allows you to configure the SAP System Audit Log?
A. SM20
B. SM19*
C. SM18
D. SUIM

32. Which TADIR Service Object type includes business functional authorization objects used within the OData execution?
A IWSG*
B IWSC
C OSOD
D IWSV

33. Which of the following are system security threats? Note: There are 3 correct answers to this question.
A. Authority Violation*
B. Nonrepudiation
C. Code Injection*
D. System Penetration*
E. Availability

34. Which UCON phase blocks access to RFC Function Modules without an assigned Communication Assembly?
A. Configuration
B. Logging
C. Activation
D. Evaluation*

35. You want to limit an authorization administrator so that they can only assign certain authorizations. Which authorization object should you use?
A. S_USER_VAL
B. S_USER_ADM
C. S_USER_AGR*
D. S_USER_TCD

36. Which of the following illustrates the simplification of users and role maintenance on SAP Cloud? Note: There are 2 correct answers to this question.
A. Business roles are automatically provisioned.
B. Business users have business roles.*
C. Templates are provided for role derivation.
D. Read and write access can be restricted

37. Which ABAP transaction codes are relevant for SNC parameter configuration? Note: There are 2 correct answers to this question.
A. SNCWIZARD*
B. STRUST
C. SNCCONFIG*
D. SNCO

38. Which of the following describes an Authorization Object Class?
A. It defines a logical grouping of authorization objects*
B. It defines authorizations for different authorization objects
C. It defines a group of 1 to 10 authorization fields together
D. It defines the smallest unit against which an authorization check can be run

39. Which CDS- related repository object types are provided with ABAP CDS? Note: There are 3 correct answers to this question.
A. SQL View
B. Data Definition*
C. Metadata Extensions*
D. CDS View Entity
E. Access Control*

40. Which of the following phases in the SAP AUDIT MANAGEMENT auditing process? Note: There are 3 correct answers to this question.
A. Mitigation Review
B. Engagement Planning*
C. Remediation Analysis
D. Communication Results*
E. Monitoring Progress*

41. When you are troubleshooting an application start issue, what does the Search Startable Application in Roles report helps you determine?
Note: There are 2 correct answers to this question.
A. If the PFCG roles contain all the start authorizations required for the application*
B. If the PFCG menu contains SAP Fiori Tile Group
C. If there is an application start lock*
D. If the PFCG roles are assigned to end user

42. What content can be shared between SAP Access Control and SAP Cloud Identity and Access Governance products? Note: There are 3 correct answers to this question.
A. Mitigations*
B. Process Hierarchy
C. Mitigation Control*
D. Risk Library*
E. Emergency Access

43. What is the purpose of SAP Notes listed by the SAP Solution Manager System Recommendations? Note: There are 2 correct answers to this question.
A. To recommend SAP Hot News Notes (priority 1 and 2)
B. To recommend Legal Change Notes related to SAP innovations
C. To recommend Performance Notes to improve system response*
D. To recommend SAP Security Notes for evaluation*

44. Which protocols can be used to establish secure communication? Note: There are 3 correct answers to this question.
A. From Secure Login Server to LDAP Server: HTTPS (SSL)*
B. From Secure Login Server to SAP Netweaver: RFC (SNC)*
C. From Business Explorer to SAP Netweaver: DIAG/RFC (SNC), HTTPS (SSL)
D. From Secure Login Client to Secure Login Server: DIAG/RFC (SNC), HTTPS, RADIUS
E. From SAP GUI to SAP Netweaver: DIAG/RFC (SNC)*

45. You want to adjust check indicator values for certain authorization objects delivered by SAP. In which of the following tables should your adjustments be recorded?
A. USOBX_C*
B. USOBT_C
C. USOBHASH
D. USOBX

46. Which configuration options apply to the usage of VCLIENT in the parameter icm/server_port_<xx>? Note: There are 3 correct answers to this question.
A. VCLIENT default value is 0
B. VCLIENT value must be specified if SSL configuration is defined by SSLCONFIG
C. VCLIENT default value is 1*
D. VCLIENT = 0, which notifies the SSL server that no SSL client verification is needed*
E. VCLIENT = 1 the server asks the client to transfer a certificate*

47. Which of the following defines “Phishing”?
A. Overloading an application with a request
B. Acquiring sensitive information by masquerading as a trustworthy entity*
C. Modifying an IP address of the source of the TCP/IP packet
D. Pretending to be another user

48. What is the main purpose of SAP Access Control, as an enterprise software solution?
A. Manage corporate social media presence
B. Secure authentication for cloud and on-premise
C. Identify security risks and document compliance*
D. Deployment of encryption services

49. The report “Search for Application in Role Menu” can be called via which of the following options? Note: There are 2 correct answers to this question.
A. Transaction SUIM (menu node “Roles”)*
B. Transaction RSUSR_ROLE_MENU*
C. Transaction RSUSR_START_APPL
D. Transaction SUIM, (Menu node ” Change Documents”)

Click here to join our SAP Linkedin Learner Community 

50. How can you protect a system when you do not want the user assignments for a role to be transported?
A. Restrict access to the user assignment tab in PFCG in the target system
B. Restrict import of users in table PRGN_CUST in the target system*
C. Restrict import of users in table PRGN_CUST in the development system
D. Restrict access to the user assignment tab in PFCG in the Development system

51. Which of the following features are provided by the SAP Fiori Launchpad Content Manager?
Note: There are 3 correct answers to this question.
A. Activate 0 Data Services
B. Create and Configure Groups
C. Create and Configure Catalogs*
D. Display the issue with SAP Fiori Launchpad Content*
E. Display role assignments for Catalogs*

52. Which of the following authorization objects are used to secure the execution of External Commands when defining a background job step? Note: There are 2 correct answers to this question.
A. S_LOG_COM*
B. S_PROGRAM*
C. S_BTCH_EXT
D. S_RZL_ADM

53. Which feature is available in the CommonCryptoLib Scenario provided by SAP Security Library?
A. Hardware Security Model (HSM)
B. SPNEGO/ABAP
C. SSL/TLS
D. Secure Store and Forward(SSF)*

54. Your company uses derived roles. During maintenance of the Plant Manager imparting role, you add a new transaction to the Menu tab, introducing a new organizational level that will be unique for each of your 150 plants. How will the new organization level be maintained in the derived roles?
A. Automatically using the Copy Data button during maintenance of the imparting role
B. All at once using transaction PFCGMASSVAL
C. Automatically after generating the profiles of the imparting role and adjusting the derived roles
D. Manually by maintaining each derived role individually*

55. Which of the following actions correctly describes the usage of Back Channel Single Sign-On based on (SAML) 2.0?
A. The service provider gets the authentication request from the identity
provider over a SOAP channel.
B. The service provider queries the user for
authentication credentials.
C. The identity provider gets the authentication response from the service provider over a SOAP channel.
D. The service provider redirects the user to an identity provider and includes a SAML artifact referring to an authentication request.*

56. Which of the following items are addressed by Configuration Validation? Note: There are 3 correct answers to this question.
A. Database Parameters*
B. Critical Roles
C. Failed Transport
D. Software Packages*
E. RFC Logins*

57. What information can be provided by an Audit Class? Note: There are 3 correct answers to this question.
A. Dialog Logon*
B. RFC/CPIC Logon*
C. Transaction Start*
D. User Roles
E. User Authorizations

58. What is the purpose of securing sensitive business data? Note: There are 3 correct answers to this question.
A. Reduction of Training Cost
B. Protection of Intellectual property*
C. Correctness of Data
D. Disruption of software deployment*
E. Protection Image*

59. Where you can enable Read Access Logging tools?
A. SICF*
B. SPRO
C. SWI5
D. SUIM

60. Which archiving object can you use for archiving change documents related to changes with authorizations assigned to the user?
A. US_PROF
B. US_AUTH*
C. US_PASS
D. USJJSER

61. You are responsible for determining the reason why you need personal data and how this data is processed or stored. What key role do you play under GDPR in relation to personal data?
A. Data Steward
B. Data Controller*
C. Data Subject
D. Data Processor

62. Which of the following accurately describes the role/profile SAP_NEW? Note: There are 2 correct answers to this question.
A. The SAP_NEW must be generated in accordance with the system environment using the report REGENERATE_SAP_NEW*
B. The profile SAP_NEW provides authorizations to all new objects and objects change by release*
C. The role SAP_NEW does not guarantee backward capability for all scenarios
D. Organizational levels to be maintained in profile SAP_NEW

63. Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?
A. S_TCODE
B. S_START
C. S_SERVICE*
D. S_PERSONAS

64. In SAP S/4Hana Cloud authorization objects are grouped into which item?
A. Groups
B. Privileges
C. Single technical roles.
D. Business Roles*

65. What is the frequency of SAP Patch Day?
A. Monthly*
B. Yearly
C. Weekly
D. Quarterly

66. Which of the following actions correctly describes the usage of Front Channel Single Sign-On based on (SAML) 2.0? Note: There are 2 correct answers to this question.
A. The identity provider queries the user for authentication credentials*
B. The identity provider presents the requested resource to the user
C. The identity provider returns the user to service providers with an authentication request*
D. The service provider queries the user for authentication credentials

67. Which of the following core principle of GDPR? Note: There are 3 correct answers to this question.
A. Data Quality
B. Lawfulness, Fairness, and Transparency*
C. Data Archiving
D. Data Minimization*
E. Storage limitation*

68. Which of the following transaction allows you to define role assignments for 0 Data Services that are available on multiple back-end systems? Note: There are 2 correct answers to this question.
A. /IWFND/MAINT_SERVICE*
B. /IWFND/GW_SYS_ALIAS
C. /IWFND/GW_CLIENT
D. /UI2/GW_MAINT_SRV*

69. Your company uses derived roles. During maintenance of the Plant Manager imparting role, you add a new transaction to the Menu tab, introducing a new organizational level that will be unique for each of your 150 plants. How will the new organization level be maintained in the derived roles?
A. Automatically using the Copy Data button during maintenance of the imparting role
B. All at once using a transaction PFCGMASSVAL
C. Automatically after generating the profiles of the imparting role and adjusting the derived roles
D. Manually by maintaining each derived role individually*

70. During maintenance of the role you notice that the status text for an authorization object indicates the status “Changed New” What does this status text mean?
A. The authorization object was used to create a new authorization because the value contained in SU24 differs from the SAP standard contained in SU25
B. The authorization object must be maintained again
C. This authorization object has been flagged as a critical object
D. The authorization object was used to create a new authorization because the
initial configuration of the role change a default value maintained in SU24*

71. Which of the following are examples of personal data under the GDPR? Note: There are 3 correct answers to this question.
A. IP Address*
B. Email Address*
C. GPS data from Cellular phone*
D. Age Group
E. Aggregated statistics on the use of a product

Click here to get more information About our Courses

72. Which of the following allows you to improve the quality of your enterprise data assets with consistent data validation rules, data profiling, and metadata management?
A. SAP Information Steward
B. SAP Process Control
C. SAP Information LifeCycle Management
D. SAP Data Services*

73. Which transaction codes are relevant to enable SNC between the ABAP systems? Note: There are 3 correct answers to this question.
A. RZ10
B. SNCO*
C. STRUST*
D. PFCG
E. SU01*

74. Which of the following accurately describes Solution Manager Functionality? Note: There are 3 correct answers to this question.
A. SAP SOS self-service is a convenient entry point to introduce security monitoring.*
B. A system recommendation provides a worklist of potentially relevant security
notes.*
C. Configuration validation can check if security policies were applied.
D. SAP EWA provides the most comprehensive security check.*
E. Configuration validation helps to standardize and harmonize security
related configuration items for ABAP systems only.

75. Which of the following are SAP UI5 Fiori application types? Note: There are 2 correct answers to this question.
A. Legacy
B. Transactional*
C. Analytical*
D. Web Dynpro

76. In the case of missing OData authorizations, why is it not recommended to maintain S_SERVICE manually within an SAP Fiori Authorization Role? Note: There are 2 correct answers to this question.
A. The SRV_NAME Value of the S_SERVICE authorization object is the hash value of an OData service*
B. The SRV_NAME Value of the S_SERVICE authorization object is the name of an
OData service
C. Both front-end and back-end entries are generating the same S_SERVICE
authorization object with different authorization values*
D. Both front-end and back-end entries are generating the same S_SERVICE
authorization object with the same authorization values

77. You want to limit an authorization administrator so that they can only assign specific authorizations. Which authorization object should you use?
A. S_USER_VAL
B. S_USER_ADM
C. S_USER_AGR*
D. S_USER_TCD

78. The DBMS tab in transaction SU01 allows you to manage database privilege assignments for which of the following scenarios? Note: There are 2 correct answers to this question.
A. When users need to use reporting authorizations on SAP BW
B. When a user needs to run applications that access the database directly*
C. When users need 1:1 user mapping to map analytical privileges of the database to the virtual analysis of authorization on SAP BW*
D When a user needs to execute CDS Views

79. What content can be shared between SAP Access Control and SAP Cloud Identity and Access Governance products?
Note: There are 3 correct answers to this question.
A. Mitigations*
B. Process Hierarchy
C. Mitigation Control*
D. Risk Library*
E. Emergency Access

80. Which of the following authorization objects would be required to allow back-end server access to a Web Dynpro application using the SAP Fiori Launchpad?
A. S_TCODE
B. S_START
C. S_SERVICE*
D. S_PERSONAS

Hope this MCQ will help you to crack the interviews. For more information, Visit our website. and click here, you will get more information about our courses. and if you want to get any SAP training videos, Click here.

Click here to join our SAP Linkedin Learner Community

Keep learning & Innovating!