SAP Certified Technology Professional – System Security Architect
Sub-solution: Administration
Delivery Methods: SAP Certification
Level: Professional
Exam: 80 questions
Sample Questions: View more
Cut Score: 66%
Duration: 180 mins
Languages: English
Description
The “SAP Certified Technology Professional – System Security Architect” certification exam verifies that the candidate possesses the depth of knowledge required in the areas of SAP System Security and Authorization. This certificate proves that the candidate has an advanced understanding within the Technology Consultant profile and is able to apply these skills practically and provide guidance in SAP project implementations in the role of a SAP Security Architect. Furthermore, the holder of this certification is capable to review and evaluate the security level of complex on-premise, cloud and hybrid system architectures.
Notes
To ensure success, SAP recommends combining education courses and hands-on experience to prepare for your certification exam.
You are not allowed to use any reference materials during the certification test and there will be no access to online documentation or to any SAP system.
Topic Areas
Please see below the list of topics that may be covered within this certification and the courses that cover them. Its accuracy does not constitute a legitimate claim; SAP reserves the right to update the exam content (topics, items, weighting) at any time.
Examkingdom SAP P_SECAUTH_21 Exam pdf,
Best SAP P_SECAUTH_21 Free downloads , SAP P_SECAUTH_21 Dumps at Certkingdom.com
Authorization Concept for SAP S/4HANA > 12%
Describe and implement the authorization concept for SAP S/4HANA
ADM945
—– OR —–
TSEC10
Authorization, Security and Scenarios in SAP HANA > 12%
Explain authorization, security and scenarios in SAP HANA
HA940 (SAP HANA 2.0 SPS05)
SAP Netweaver Application Server and Infrastructure Security > 12%
Describe and implement security in a SAP NetWeaver Application Server and related infrastructure components
ADM900
ADM960 (SAP NETWEAVER 7.55)
—– OR —–
TSEC10
ADM960 (SAP NETWEAVER 7.55)
Security Monitoring and Security Auditing > 12%
Monitor security and troubleshoot security issues using Solution Manager, security audits, traces and logs.
ADM900
ADM950 (SEE COURSE DETAIL)
ADM960 (SAP NETWEAVER 7.55)
—– OR —–
TSEC10
ADM960 (SAP NETWEAVER 7.55)
Authorization Concept for SAP Business Suite 8% – 12%
Describe and implement the authorization concept for SAP Business Suite
ADM940 (SAP S/4HANA 1909)
—– OR —–
TSEC10
Secure an SAP System 8% – 12%
Explain how to secure an SAP system and conduct security checks
ADM900
ADM950 (SEE COURSE DETAIL)
ADM960 (SAP NETWEAVER 7.55)
—– OR —–
TSEC10
ADM960 (SAP NETWEAVER 7.55)
SAP Cloud Platform Security 8% – 12%
Explain security and scenarios in SAP Cloud platform
SECCL1 (SAP S/4HANA 2020)
Access Governance and Compliance in SAP < 8%
Describe the security goals, data privacy goverance, access goverance solutions and tools in SAP.
ADM900
ADM910 (SAP S/4HANA 1909)
—– OR —–
TSEC10
User Administration and Identity Lifecycle Management in SAP < 8%
Manage users in SAP systems
ADM900
ADM940 (SAP S/4HANA 1909)
ADM910 (SAP S/4HANA 1909)
—– OR —–
TSEC10
General Information
Exam Preparation
All SAP consultant certifications are available as Cloud Certifications in the Certification Hub and can be booked with product code CER006. With CER006 – SAP Certification in the Cloud, you can take up to six exams attempts of your choice in one year – from wherever and whenever it suits you! Test dates can be chosen and booked individually.
Each specific certification comes with its own set of preparation tactics. We define them as “Topic Areas” and they can be found on each exam description. You can find the number of questions, the duration of the exam, what areas you will be tested on, and recommended course work and content you can reference.
Certification exams might contain unscored items that are being tested for upcoming releases of the exam. These unscored items are randomly distributed across the certification topics and are not counted towards the final score. The total number of items of an examination as advertised in the Training Shop is never exceeded when unscored items are used.
Please be aware that the professional- level certification also requires several years of practical on-the-job experience and addresses real-life scenarios.
For more information refer to our SAP Certification FAQs.
Safeguarding the Value of Certification
SAP Education has worked hard together with the Certification & Enablement Influence Council to enhance the value of certification and improve the exams. An increasing number of customers and partners are now looking towards certification as a reliable benchmark to safeguard their investments. Unfortunately, the increased demand for certification has brought with it a growing number of people who to try and attain SAP certification through unfair means. This ongoing issue has prompted SAP Education to place a new focus on test security. Please take a look at our post to understand what you can do to help to protect the credibility of your certification status.
Our Certification Test Security Guidelines will help you as test taker to understand the testing experience.
QUESTION 1
User1 grants role 1 to user2. Who can revoke role 1 role from user2?
A. The system OBA user
B. The owner of role 1
C. Only User1
D. Any user with the ‘ROLE ADMIN’ database role
Answer: D
QUESTION 2
Why should you create multiple dispatchers in SAP Identity Management? Note: There are 2 correct answers to this question.
A. To accommodate scalability
B. To support fail-over scenarios
C. To handle password provisioning
D. To handle special network access requirements
Answer: A, D
QUESTION 3
What is required when you configure the PFCG role for an end-user on the front-end server?
Note: There are 2 correct answers to this question.
A. The catalog assignment for the start authorization
B. The S_RFC authorization object for the OData access
C. The Fiori Launchpad designer assignment
D. The group assignment to display it in the Fiori Launchpad
Answer: A, D
QUESTION 4
In your system, you have a program which calls transaction
A. Users with access to this program can still execute transaction A without explicit authorizations
given to this transaction. How do you prevent the access of users to the transaction A from within the program?
A. Make sure you do NOT assign transact on A to the authorization object S_TCODE in the role that you assign to the unauthorized users.
B. Maintain SE93 with authorization objects for transact on A.
C. Maintain the check indicator in table TCDCOUPLES
D. Ensure that transact on A is NOT assigned into the same program authorization group
Answer: B
QUESTION 5
The SSO authentication using X.509 client certificates is configured. Users complain that they can’t
log in to the back-end system. The trace file shows the following error message: “HTTP request
[2] Reject untrusted forwarded certificate”. What is missing in the configuration? Note: There are
2 correct answers to this question.
A. On the back-end, the profile parameter icm/HTTPS/verify client must NOT be set to 0
B. On the web-dispatcher, the SAPSSLS.pse must be signed by a trusted certification authority
C. On the web-dispatcher, the profile parameter icm/HTTPS/verify_client must be set to 0
D. The web dispatcher’s SAPSSLC.PSE certificate must be added to the trusted reverse proxies list in icm/trusted_reverse_proxy_<xx>
Answer: A, B
