Download ADM950-Flashcards.pdf PDF

TitleADM950-Flashcards.pdf
File Size136.3 KB
Total Pages33
Document Text Contents
Page 1

ADM950 – SAP Security consultant certification flashcards – [email protected]

1

The security policies are created by the security
team in isolation from the business team.

Determine whether this statement is true or false.

False

SAP offers many types of systems and applications.
Each type of SAP system (mySAP CRM, SAP BW,
SAP R/3, mySAP SRM, SAP APO) is so varied that
the systems do not share security tools or security
services.

Determine whether this statement is true or false

False

The following tools are available for conducting
thorough system security audits.
A Role maintenance tool
B System audit log
C CCMS security alert
D System trace tools
E Users and Authorizations information systems
F All of the above

Answer: F

The Audit Information System is intended for
external audits only.

False

All of the menu roles for the Audit Information
System start with . The authorization
roles start with .

SAP_AUDITOR – SAP_CA_AUDITOR

Page 2

ADM950 – SAP Security consultant certification flashcards – [email protected]

2

Configuring the Audit Information System requires
downloading a specific support package.

False

To use the Audit Information System, you must use
transaction SECR.



Answer: False



The instance parameters that relate to the audit log
include rsau parameters?

Determine whether this statement is true or false

Answer: True

The security audit log only logs user connections
made by RFC connections.

Determine whether this statement is true or false

False

Which of the following are benefits of creating a
custom t-code to link SE16 to a specific table?
A You no longer need to grant access to transaction code SE16.
B With your custom transaction code, you can look at any table.
C With your custom transaction code, you can look only at the
table specified in the transaction code.
D Custom transaction codes can be easily created, without
requiring any programming.

Answer: A, C, D

Page 16

ADM950 – SAP Security consultant certification flashcards – [email protected]

16

What is the transaction to view the change
document for an object

SCDO

What is the structure of the change document?

Change document header
Change document item (old and new values of a field)
- U(pdate) . Data was changed.
- I(nsert)
- D(elete) . Data was deleted
Change document number

What are for example the transactions to review
change documents for MM and SD?

MM04 for material changes and VD04 for customer
changes.

Each application has its own transaction to review
change documents

Which transaction displays the table change log? SCU3

In which table are the table change logged? DBTABPRT

Page 17

ADM950 – SAP Security consultant certification flashcards – [email protected]

17

What is the configuration required in order to use the
table change log?

rec/client parameter: = ALL (logs all clients), = 000 [,...]
(logs the specified clients), = OFF (turns logging off).

In the technical settings (use transaction SE13, SE12),
set the Log data changes flag for those tables that you
want to have logged.

What does the transport system log record?
A transport system log monitors all changes that are
migrated from development to production.

Which transactions allow you to view the transport
system log?

SE09 and SE10

What does the user and authorization log records?
User and authorization logs record all changes that
occur to users, authorizations, and profiles.

Which transaction allows you to read the HR
Reports logs in order to see each time the report is
started?

RPUPROTD (Log of report status)

Page 32

ADM950 – SAP Security consultant certification flashcards – [email protected]

32

What are the 3 fields of the authorization object
S_RFC?

- Type of RFC object to be protected
- Name of RFC to be protected
- Activity

Which profile parameter can you use in order to
specify the use of S_RFC?

auth/rfc_authority_check

How is the authentication done when an RFC
destination has no user Id provided and the current
user field is selected?

When this RFC destination is invoked, the user ID that
will be used is the ID of the person who invoked this
RFC destination.

What are the values possibilities for the profile
parameter auth/rfc_authority_check?

0 = No authorization check
1 = Authorization check active (no check for same user,
no check for same user context and SRFC-FUGR).
2 = Authorization check active (no check for SRFC-
FUGR)
9 = Authorization check active (SRFC-FUGR checked)

What is the default Communication RFC user set up
for the transport management?

TMSADM

Page 33

ADM950 – SAP Security consultant certification flashcards – [email protected]

33

How is the system called to set up a trusted
relationship and allow user logging based on this
trusted relationship for transport?

TMS Trusted Services

Which authorization object gives access to many
administration functions?

S_ADMI_FCD

Similer Documents