(2023) PASS P-SECAUTH-21 exam with SAP P-SECAUTH-21 Real Exam Questions [Q28-Q49] : Exams Labs Braindumps : http://blog.examslabs.com

Q28. For which purpose do you use instance Secure Storage File System (SSFS) in an SAP HANA system? Note: There are 2 correct answers to this question.

To protect the password of the root key backup

To store root keys for data volume encryption

To store the secure single sign-on configuration

To protect the X.509 public key infrastructure certificates

Q29. Under which group can you find the “System Recommendations” file in the Solution Manager launchpad?

IT Service Management

Technical Administration

Change Management

Root Cause Analysis

Q30. You have configured a Gateway SSO authentication using X.509 client certificates. The configuration of the dual trust relationship between client (browser) and SAP Web Dispatcher as well as the configuration of the SAP Web Dispatcher to accept and forward client certificates were done. Users complain that they can’t log in to the back-end system. How can you check the cause?

Run back-end transaction SMICM and open the trace file

Run back-end system trace using ST12

Run gateway transaction /IWFND/TRACES

Run gateway transaction /IWFND/ ERRORJ.OG

Q31. Which measures should we implement to protect the PSEs? Note: There are 2 correct answers to this question.

Review the usage of the S_ADMI_FCD object

Encrypt the files with the transaction SNC0

Review the usage of the S_DATASET object

Restrict access to the operating system users

Q32. How can you describe the hierarchical relationships between technical entities in the Cloud Foundry?

A global account can have one or many subaccounts

A SaaS tenant acts as one provider account.

A SaaS tenant acts as one Cloud Foundry Organization.

A subscription is a PaaS tenant.

Q33. To prevent session fixation and session hijacking attacks, SAP’s HTTP security session management is highly recommended. What are the characteristics of HTTP security session management? Note: There are 2 correct answers to this question.

It uses URLs containing sap-context d to identify the security session

The system is checking the logon credentials again for every request

The security sessions are created during logon and deleted during logoff.

The session identifier is a reference to the session context transmitted through a cookie.

Q34. How is the role concept applied for modeled authorizations based on Core Data Services (CDS) views?

CDS roles are defined for the CDS views and implicitly applied to each user

CDS roles are mapped to the CDS view in the access rules

CDS roles are defined in the WHERE clause when calling a CDS view in Open SQL

CDS roles are defined for CDS views in Object Navigator

Q35. What authorization objects do we need to create job steps with external commands in a background job? Note: There are 2 correct answers to this question.

S_ADMI_FCD

S_LOG_COM

S_RZL_ADM

S_BTCH_EXT

Q36. Which communication protocols are supported by the SAP Cloud Connector? Note: There are 2 correct answers to this question

NNTP

LDAP

SNA

RFC

Q37. SAP GRC Access Control provides risk analysis for which of the following? Note: There are 2 correct answers to this question.

Business Role Management

Access Request Managment

Business Rule Framework

Password Self-Service

Q38. What authorization objects do we need to create job steps with external commands in a background job? Note:
There are 2 correct answers to this question.

S_BTCH_EXT

S_BTCH_ADM

S_RZL_ADM

S_LOG_COM

Q39. You have a load balancer in a DMZ network zone (called natl.mydomain.com) in front of 2 SAP NetWeaver AS systems (hostl.mydomain.com, host2.mydomain.com). What is the recommended common name part of the distinguished name on the SSL Server’s PSE?

It should be a combined DNS alias for host 1.mydomain.com and host2.mydomain.com and nat1.mydomain.com

It should be host 1.mydomain.com, host2.mydornain.com individually for each PSE

It should be natl.mydomain.com

It should be *.mydomain.com (wildcard) names

Q40. You want to create a role to provide users the ability to display and change an HR table’s content based on the country groupings. Which of the steps would you take to accomplish these requirements? Note: There are 2 correct answers to this question.

Maintain the authorization object S_TABU_LIN

Create an authorization group with appropriate authorization fields for the table

Maintain the authorization object S_TABU_NAM

Define an organization criterion through transaction SPRO

Q41. Which tools can you use to troubleshoot an authorization issue with a Fiori application? Note:
There are 2 correct answers to this question.

/IWFND/ERROR_LOG

/UI2/FLC

/UI2/GW_APPS_LOG

/IWBEP/ERROR_LOG

Q42. Which features does SAProuter provide?
Note: There are 2 correct answers to this question

HTTP conversion into HTTPS connections

Load-balanced RFC connections

Filtered and logged network connections

Password-protected connections

Q43. A security consultant has activated a trace via ST01 and is analyzing the authorization error with Return Code 12. What does the Return Code 12 signify?

“Objects not contained in User Buffer”

“No authorizations and does NOT have authorization object in their buffer”

“No authorizations but does have authorization object in their buffer”

“Too many parameters for authorization checks”

Q44. A user reports an issue with data not showing up in the visualization of the SAP Fiori tiles. You want to verify the target mapping. At what level are you going to check the target mapping?

O At the catalog level in the SAP Fiori front-end server

O At the group level in the SAP Fiori front-end server

O At the group level in the SAP Fiori Launchpad

O At the application level in the Web IDE

Q45. You are evaluating the “Cross-client object change” option using transaction SCC4 for your Unit Test Client in the development environment. Which setting do you recommend?

No changes to repository and cross-client customizing objects

No changes to cross-client customizing objects

Changes to repository and cross-client customizing allowed

No changes to repository objects

Q46. In addition to the authorization /UI2/LAUNCHPAD, which other authorizations are required to assign to an SAP Fiori Launchpad user? Note: There are 2 correct answers to this question.

/U12/INTEROP

/UI2JPAGE_BUILDER_CUST

/UI2/FLC

/U12JPAGE_BUILDER_PERS

Q47. How are assertion tickets used?

They are used for user-to-system trusted login.

They are used for encrypting Web service communication.

They are used for system-to-system encryption.

They are used for system-to-system communication.

Q48. Which of the following function can be used to troubleshoot authorization errors for ABAP CDS views with Authorization based on Access Control?

E2E TRACE ANALYSIS

ABAP TRACE

REPORT RSUSR008_009

STAUTHTRACE

Q49. The SAP HANA database is installed with multi database container (MDC) mode with multiple tenant databases configured. What are the required activities to enable access between tenants? Note: There are 2 correct answers to this question.

Create user mapping between local and remote tenant databases

Configure smart data access (SDA) between the relevant HANA tenants

Set whitelist of cross-tenant database communication channel

Decrease the level of isolation mode on all MDC tenants