NO.1 Your customer has created a custom transaction code ZFB10N by copying transaction FB10
and implementing a user exit.
How can you incorporate the customer enhancement into the global rule set so that it will be
available for Risk Analysis?
A. Update security permissions in all relevant authorization objects, maintain the custom program
name in all relevant functions, and generate the access rules.
B. Update all relevant functions with ZFB10N, maintain the permission values for all relevant
authorization objects, and generate the access rules.
C. Update all relevant functions with ZFB10N, maintain the permission values in the relevant
access risk, and generate the global rule set.
D. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions,
and generate the global rule set.
Answer: B
NO.2 Which of the following objects can you maintain in the "Maintain Paths" work area of MSMP workflow configuration? (Choose three)
A. Paths
B. Path versions
C. Rules for path mappings
D. Stage notification settings
E. Stages
Answer: A,D,E
NO.3 Which configuration parameters determine the content of the log generated by the SPM Log
Synch job? (Choose three)?
A. Enable Risk Change log (1002)
B. Enable Authorization Logging (1100)
C. Retrieve System log (4004)
D. Retrieve OS Command log (4006)
E. Retrieve Audit log (4005)
Answer: C,D,E
NO.4 Your customer wants to eliminate false positives from their risk analysis results.
How must you configure Access Control to include organizational value checks when performing a
risk analysis? (Choose two)?\
A. Configure organization rules for each relevant function.
B. Update the functions that contain each relevant action by activating the fields for the required
permissions and maintaining a value for each specific organization.
C. Configure organization rules for each relevant risk.
D. Update the functions that contain each relevant action by activating the fields for the required
permissions.
E. Configure organization level system parameters to incorporate all organization levels for each
relevant risk.
Answer: C,D
NO.5 What do you mitigate using Access Control?
A. Roles
B. Users
C. Risks
D. Functions
Answer: C
NO.6 Your customer wants a manager to fulfill both MSMP workflow agent purposes.
How do you configure this?
A. Maintain the manager agent twice, once for each purpose, using the same agent ID.
B. Maintain the manager agent once and assign both purposes to it without using an agent ID.
C. Maintain the manager agent twice, once for each purpose, using different agent IDs.
D. Maintain the manager agent once and assign both purposes to it using the same agent ID.
Answer: C
NO.7 You have identified some risks that need to be defined as cross-system risks. How do you
configure your system to enable cross-system risk analysis?
A. 1. Set the analysis scope of the function to cross-system.
2. Create cross-system type connectors.
3. Assign the corresponding connectors to the appropriate connector group.
4. Generate rules.
B. 1. Set the analysis scope of the risk to cross-system.
2. Create cross-system type connectors.
3. Assign the corresponding connectors to the appropriate connector group.
4. Generate rules.
C. 1. Set the analysis scope of the risk to cross-system.
2. Create a cross-system type connector group.
3. Assign the corresponding connectors to the connector group.
4. Generate rules.
D. 1. Set the analysis scope of the function to cross-system.
2. Create a cross-system type connector group.
3. Assign the corresponding connectors to the connector group.
4. Generate rules.
Answer: D
NO.8 What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to do?
A. Run a cross-system analysis.
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D
NO.9 Who approves the review of the periodic segregation of duties?
A. Mitigation monitors
B. Role owners
C. Mitigation approvers
D. Risk owners
Answer: D
NO.10 How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C
NO.8 What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to do?A. Run a cross-system analysis.?
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D
NO.9 Who approves the review of the periodic segregation of duties?
A. Mitigation monitors
B. Role owners
C. Mitigation approvers
D. Risk owners
Answer: D
NO.10 How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C
NO.11 Which periodic review process allows a role owner to remove roles from the users?
A. UAR Review
B. SoD Review
C. Firefighter Log Review
D. Role Certification Review
Answer:A
NO.12 You want to assign an owner when creating a mitigating control. However, you cannot find the user you want to assign as an owner in the list of available users. What could be the reason?
A. The user is already assigned as an owner to another mitigating control.
B. The workflow for creating a mitigating control has not yet been approved.
C. The user is locked.
D. The user has not been assigned as an owner in the organizational hierarchy.
Answer:D
NO.13 Which report types require the execution of batch risk analysis? (Choose two)?
A. Ad-hoc risk analysis reports
B. Offline risk analysis reports
C. User level simulation reports
D. Access rules detail reports
E. User and role analysis dashboards
Answer:B,E
NO.14 Where can you define a mitigating control? (Choose three)?
A. In the mitigating controls workset in Access Control
B. In the rule setup in Access Control
C. In the Access Control risk analysis result screen
D. In the central process hierarchy in Process Control
E. In the activity setup in Risk Management
Answer:A,C,D
NO.15 You have created a new end-user personalization (EUP) form. Where can you make use of this EUP form? (Choose two)?
A. In a stage configuration of a workflow
B. In an organizational assignment request
C. In a template-based request
D. In a model user request
E. Company 2
Answer: A, C
NO.16 You have maintained an end-user personalization (EUP) form and set a particular field as mandatory. Which additional field attribute settings are required? (Choose two)?
A. The field attribute Visible must be set to "Yes".
B. A default value must be maintained for the field.
C. The field attribute Editable must be set to "Yes".
D. The field attribute Visible must be set to "No".
E. The field attribute Editable must be set to "No".
Answer: A, C
NO 17.You want to maintain roles using Business Role Management. How do you import the roles from the back-end system?
A. Use an SAP transport.
B. Execute the Role Import background job directly in the back-end system.
C. Use the standard import template.
D. Execute the Role Repository Sync program
Answer: C
NO 18 Which activity can you perform when you use the Test and Generate options in transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
A. Generate and activate a BRFplus flat rule for workflow-related rules.
B. Create a rule type for workflow-related rules.
C. Create an MSMP process ID for workflow-related rules.
D. Generate and activate function modules for workflow-related rules.
Answer: D
NO 19 You want to assign an owner when creating a mitigating control. However, you cannot find the user you want to assign as an owner in the list of available users.
What could be the reason?
A. The user is already assigned as an owner to another mitigating control.
B. The workflow for creating a mitigating control has not yet been approved.
C. The user is locked.
D. The user has not been assigned as an owner in the organizational hierarchy.
Answer: D
