ADM950 Flashcards PDF

ADM950SAPSecurityconsultantcertificationflashcardsjulien.moix@gmail.
com
The security policies are created by the security team in isolation from the business team. Determine whether this statement is true or false.
False
SAP offers many types of systems and applications. Each type of SAP system (mySAP CRM, SAP BW, SAP R/3, mySAP SRM, SAP APO) is so varied that the systems do not share security tools or security services. Determine whether this statement is true or false The following tools are available for conducting thorough system security audits.
A Role maintenance tool B System audit log C CCMS security alert D System trace tools E Users and Authorizations information systems F All of the above
False
Answer: F
The Audit Information System is intended for external audits only.
False
All of the menu roles for the Audit Information System start with . The authorization roles start with .
SAP_AUDITOR SAP_CA_AUDITOR
ADM950SAPSecurityconsultantcertificationflashcardsjulien.moix@gmail.com
Configuring the Audit Information System requires downloading a specific support package.
False
To use the Audit Information System, you must use transaction SECR.
Answer: False
The instance parameters that relate to the audit log include rsau parameters? Determine whether this statement is true or false
Answer: True
The security audit log only logs user connections made by RFC connections. Determine whether this statement is true or false
False
Which of the following are benefits of creating a custom t-code to link SE16 to a specific table?
A You no longer need to grant access to transaction code SE16. B With your custom transaction code, you can look at any table. C With your custom transaction code, you can look only at the table specified in the transaction code. D Custom transaction codes can be easily created, without requiring any programming.
Answer: A, C, D
Which authorization objects can you examine to determine if security is administered centrally or regionally? A S_USER_GRP B S_TCD_GRP C S_USER_AGR D S_USER_ADD
Answer: A, C
Which of the authorization objects protect transaction code execution? A S_TCODE B P_TCODE C Q_TCODE D X_TCODE
Answer: A, B, C
SAP recommends that each custom report and each custom program be linked to a custom transaction code. Determine whether this statement is true or false
Answer: True
S_PROGRAM is an authorization object that protects program execution. Determine whether this statement is true or false
Answer: True
is a program that assigns authorization groups to ABAP programs.
Answer: RSCSAUTH
You should be careful with the authorization object because it can enable someone to enter DEBUG mode in production.
Answer: S_DEVELOP
Once a user is changed, there is no way to see who changed the user. Determine whether this statement is true or false
Answer: False
The Authorization Group field is used only for protecting reports and tables. Determine whether this statement is true or false
Answer: False
Which of the following are logs that exist in an SAP system? (More than one answer is correct).
A Webflowlogs B Application logs C Change documents logs D User and authorization change logs E None of the above
Answer: A, B, C, D
SU24 must be set up before implementing any roles. Answer: False (Optional feature) Determine whether this statement is true or false
SU24 requires programming changes to make the default values occur. Determine whether this statement is true or false
Answer: False
The following logon parameters can be used to ensure your system is adequately secured. A logon/fails_to_user_lock B logon/min_password_specials C logon/min_password_diff D logon/named_super_user
Answer: A, B, C
SAP recommends that you separate your system from your system.
Answer: Devlopment Production
Which of the following are security advantages to a three-tier landscape?

A Ensure changes occur only on development system. B Ensure changes occur only on your production system. C Developers do not have access to production data. D You control when changes are moved into production. E You can test changes in a QA system.
Answer: A, C, D, E
What type of approval does SAP recommend before moving changes into production?
SAP QA approval procedure that formalize the approval and review workflow
SAP recommends a three-tier system landscape including development, quality assurance, and production. Determine whether this statement is true or false
Answer: True
Client change options should always be set to No changes allowed. Determine whether this statement is true or false
Answer: False
SAP does not provide a QA approval procedure for changes being moved into production. Determine whether this statement is true or false
Answer: False
The user ID used in the RFC destination should be a dialog user. Determine whether this statement is true or false
Answer: False
Authorization object is used to protect what names job steps are scheduled to run under.
Answer: S_BTCH_NAM
User authentication (Password rules, Monitoring) Authorization protection Auditing and logging (AIS, Security audit log, ) Integrity protection Privacy protection Proof of obligation (non-repudiation)
6 aspects that might be considered in a security policy
7 questions that a security policy should address?
Who is responsible for your IT security? What needs to be protected? Who is attacking? What is the risk? Which protection mechanisms are required? Which procedures are to be enforced? How much protection can you afford?
6 tools available to help provide answers to the questions that arise during a system security audit:
Audit Information System Authorization Information System System Audit Log Computer Center Management System Alerts Trace tools Role maintenance tool (PFCG)
menu What are the 3 major components of the Role maintenance tool (PFCG)? authorizations users
What are the 2 types of roles implementation strategy?
Menu roles Authorization roles
What are the 2 major categories of the AIS
- system audit (general system, users and authorizations, repository and tables) - business audit (accounting, customer, vendors, asset, tax)
What was the transaction used by SAP in the past to access the AIS
In the past, the Audit Information System existed in a single transaction code, SECR
What are the two major groups of SAP Standards roles defined for the Audit Information System
Menu roles (SAP_AUDITOR*) (only menu items; no authorizations) Authorization roles (SAP_CA_AUDITOR*) (only authorizations, no menu items listed)
What is the SAP standard composite menu and authorization Role which contains every role in the AIS?
The menu roles: SAP_AUDITOR The authorization roles: SAP_CA_AUDITOR
What are the 4 steps required to set-up the AIS
Copy the SAP roles to your own naming convention Update the roles (as needed) Create a user for the auditor Assign the roles you created to the audit user
Which SAP Standard role allow you to set-up the AIS?
SAP_AUDITOR_ADMIN
What is the audit logs main objective? (3 points)
Security-related changes to the SAP system (changes to user master records) Higher level of transparency (successful and unsuccessful logon attempts) Enables the reconstruction of a series of events (successful or unsuccessful transaction starts)
Which 7 information types can be recorded with the Security audit log?
Successful and unsuccessful dialog logon attempts Successful and unsuccessful RFC logon attempts Remote function calls (RFCs) to function modules Successful and unsuccessful transaction starts Successful and unsuccessful report starts Changes to user master records Changes to the audit configuration
SAP systems maintain their audit logs on a daily basis. The system does not delete or overwrite audit files from previous days; it keeps them until you manually delete them. Which transaction is used in order to archive or delete the audit files?
SM18
How do you define the audit file name and location?
You define the name and location of the files in a profile parameter, rsau/local/file.
Event identifier (a three-character code) SAP user ID and client Terminal name, Transaction code Report name, Time and date when the event occurred Process ID, Session number Miscellaneous information
What are the information (9) contained in an audit record
How do you define the maximal size of the audit file?
You define the maximum size of the audit file in the profile parameter rsau/max_diskspace/local. The default value is 1 megabyte (MB) or 1000000bytes
What happened if the maximal size of the audit file is reached?
If the maximum size is reached, the auditing process stops.
What are the 4 major filters available for the security audit log?
Client, User, Audit class: Dialog logon, RFC/CPIC logon, Remote function call (RFC), Transaction start, Report start, User master change Weight of events to audit: Audit only critical, Audit important and critical, Audit all events (non-critical)
Create and save filters permanently in the database

(all the application servers use identical filters, define filters only once, you must restart the instance, define different profiles that you can alternatively activate)
What are the 2 main options to create and save audit filters?
Change filters dynamically (changes distributed to all

active application servers, do not have to restart the instance, not saved for reuse after system stops/starts)
10
What are the profile parameters that you need to specify in order to create and save filters permanently in the database?
rsau/enable: enable the SAL rsau/local/file: file location rsau/max_diskspace/local: max space to allocate rsau/selection_slots: number of filter to allow
What are the profile parameters that you need to specify in order to change filters dynamically on one or more application servers?
rsau/local/file: file location rsau/max_diskspace/local: max space to allocate rsau/selection_slots: number of filter to allow
With which transaction can you assess the security audit log?
SM20 or SM20n
What are the four main sections of the audit analysis report?
Introductory information Audit data Statistical analysis Contents
What are the 4 main functions of the Computing Center Management System (CCMS) monitor?
Performs detailed monitoring Creates alerts and displays them with colour values Provides analysis and auto-reaction methods (sms, emails with threshold ) Allows you to view current alerts and the history of alerts
11
What is the transaction to access the CCMS alert monitor
RZ20
What are the 5 majors authorisation objects used to protect which transaction codes a user can access and for which product are they meant to be?
S_TCODE used in every SAP system for every module P_TCODE used for Human Resources Q_TCODE used for Quality Maintenance I_TCODE used for Plant Maintenance L_TCODE used for Warehouse Management
Which authorithation object determines what table someone can look at with the transactions SE16, SE16N, or SE17; SM30 or SM31; and SE12
S_TABU_DIS is checked anytime someone looks at data in a table directly (with one of these transactions: SE16/SE16N, SE17, SM30, SM31. or the Implementation Guide).
Which transaction should be used when access to a table and why?
When access is required, use transaction code SM30 because an interface exist and no direct access to the table.
What are the 2 fields of the authorization object S_TABU_DIS
Activity and Authorization Group. The Authorization Group field is mapped to which tables a user can access.
12
Which table maps the Authorization Group to a list of tables?
TDDAT
Which authorization object control the authorization to execute a program
the authorization object S_PROGRAM
Which fields use the authorization object S_PROGRAM
User Action: start the program or schedule it to run in batch mode or if you use variants. Authorization Group: which programs you can execute.
What should be set up in order for the authorization object S_PROGRAM to be effective?
For this authorization object to be effective, ABAP programs must have an authorization group assigned to them in the attributes of the program.
What program allows you to assign an authorization group to all executable programs or to individual programs or program group?
RSCSAUTH
13
What are the accesses required in order to run transaction SA38?
Authorization object: S_PROGRAM User action: SUBMIT Authorization group: No value required
2 options to secure the use of SA38 -
Include an Authorization Group on the program for all custom reports/programs developed. Use report RSCSAUTH to assign Authorization Group values to programs/reports Request all custom reports/programs to include at least one AUTHORITY-CHECK inside the code.
For what is the Authorization Group field used?
Check access to tables Check access to program Used in varying ways throughout SAP applications, like e.g. FS00
Which authorizations object do you use to grant access to all ABAP Workbench components
S_DEVELOP is the general authorization object for ABAP Workbench objects
6 ABAP Workbench components that are protected with S_DEVELOP
ABAP development tools ABAP Dictionary and Data Modeler Screen Painter and Menu Painter Function Builder Repository Browser and Info System SAP Smart Forms
14
Application logging Logging workflow execution / webflow Logging using change documents Logging changes to table data Logging changes made using transport system Logging changes made to user and authorization
What are the 6 types of logs?
Which transactions are used to maintain and analyze the application log?
SLG1, display SLG0, define entries for your own application
What does the application log trace?
The log traces application events and tasks, and reports on their activity (for example, transfer of data from SAP R/3 to SAP APO).
Which activities are logged in the webflow log?
The webflow log (or workflow log) includes all activities that have occurred due to workflows executing.
Which transactions allow you to analyze the webflow?
SWI5, SWI2_FREQ and SWI1
15
What is the transaction to view the change document for an object
SCDO
What is the structure of the change document?
Change document header Change document item (old and new values of a field) - U(pdate) . Data was changed. - I(nsert) - D(elete) . Data was deleted Change document number
What are for example the transactions to review change documents for MM and SD?
MM04 for material changes and VD04 for customer changes. Each application has its own transaction to review change documents
Which transaction displays the table change log?
SCU3
In which table are the table change logged?
DBTABPRT
16
rec/client parameter: = ALL (logs all clients), = 000 [,...] (logs the specified clients), = OFF (turns logging off). What is the configuration required in order to use the table change log? In the technical settings (use transaction SE13, SE12), set the Log data changes flag for those tables that you want to have logged.
What does the transport system log record?
A transport system log monitors all changes that are migrated from development to production.
Which transactions allow you to view the transport system log?
SE09 and SE10
What does the user and authorization log records?
User and authorization logs record all changes that occur to users, authorizations, and profiles.
Which transaction allows you to read the HR Reports logs in order to see each time the report is started?
RPUPROTD (Log of report status)
17
Correct authorization objects that are not linked to transaction codes correctly Correct authorization objects that have unacceptable default values Change default values to ones that will always be appropriate
3 situations where the security administrator might want to use the transaction SU24 (maintain tables that assign which authorization objects go with which transaction codes)?
How to find out who made a change with the transaction su24?
1. Start transaction SE16. 2. Enter USOTB_C in the Table Name field. 3. Use values in the Modifier, ModDate, and ModTime fields
What are the 4 check indicators?
CM = Check/Maintain C = Check N = No Check U = Unmaintained.
What are the properties of the check indicator CM = Check/Maintain
Authorization check is carried out against this object. PFCG creates an authorization for this object Field values are displayed for changing. Default values for this authorization can be maintained.
What are the properties of the check indicator C = Check
Authorization check is carried out against this object. PFCG does not create an authorization for this object. Field values are not displayed. No default values for this authorization can be maintained.
18
What are the properties of the check indicator N = No Check
Authorization check against this object is disabled. PFCG does not create an authorization for this object. Field values are not displayed. No default values for this authorization can be maintained.
What are the property of the check indicator U = Unmaintained
No check indicator is set. Authorization check is always carried out against this object. PFCG does not create an authorization for this object, Field values are not displayed.
Can the checked for the authorization objects from the Basis (S*) and HR management (P_*, PLOG*) be changed?
Authorization objects from the basis (S*) and Human Resources management applications (P_*, PLOG) cannot be excluded from checking because the field values for these objects must always get checked.
What are the 10 components of the User information system (SUIM)?
Overview of Users, Users, Roles, Profiles Authorizations, Authorization object Transactions Comparisons (of users) Where-Used list (for authorization) Change documents (for users, auth and profiles)
What is the difference between centralized and decentralized security administration?
In a centralized security environment, one group is responsible for all security tasks: creating users, creating roles, and assigning roles to users. In a decentralized security environment, multiple groups work on security (physical location, based on division, based on product line, or based on company code).
19
What are the 3 different administrator types in a decentralized security administration?
User administrator (create user, assign roles) Authorization administrator (create roles) Profile administrator (generate role).
Which authorization object is provided to create and maintain users and assignments in a decentralized fashion with user groups?
S_USER_GRP
Which authorization object helps you to enforce the role naming convention in restricting the allowed roles names?
S_USER_AGR
Which authorization object ensure that the decentralized admin only add authorized t-codes to roles
S_USER_TCD
Which authorization object can be used to ensure the security administrator only add value for a specific company code?
S_USER_VAL
20
Which authorization enforces that one person can create the menu portion of the role, but someone else updates the authorizations?
S_USER_AUT
Which authorization object enforces that one person can create the role, but another person must generate the role?
S_USER_PRO
What is the transaction for the system trace tool?
ST01
SAP* What are the 2 special users defined in client 000? DIDIC
How can you deactivate the user SAP*?
Define the profile parameter logon/no_automatic_user_sapstar, with the value 0 Create a user master record for SAP* Give this user no roles or profiles. Give him a new password
21
In which client is the user Earlywatch delivered?
Earlywatch is delivered in the client 066
What is the default password of the special user EarlyWatch?
SUPPORT
To prohibit the use of a password, enter it in table USR40. There are two wildcard characters: How can you prohibit the use of certain passwords? ? stands for a single character * stands for a sequence of any combination characters of any length
Which transaction allows you to maintain the profile parameters?
RZ11
What are the 5 profiles parameters that enforce the minimum requirement that a password must fulfil?
logon/min_password_lng: min length logon/min_password_digits: min number of digits logon/min_password_letters: min number of letters logon/min_password_specials: min number of special characters logon/min_password_diff: how many characters in the new password must be different from the old password
22
What are the 3 profiles parameters that enforce the validity period of a password?
logon/password_expiration_time logon/password_max_new_valid: Validity period of passwords for newly created users logon/password_max_reset_valid: Defines the validity period of reset passwords
What are the 3 profile parameters that enforce the multi logon for a user?
logon/disable_multi_gui_logon: Controls the deactivation of multiple dialog logons logon/disable_multi_rfc_logon: Controls the deactivation of multiple RFC logons logon/multi_logon_users: List of excepted users (multiple logon)
What are the 3 profile parameters that enforce the number of unsuccessful logon attempts?
logon/fails_to_session_end: number of unsuccessful logon attempts before the system does not allow any more logon attempts logon/fails_to_user_lock: number of unsuccessful logon attempts before the system locks the user. logon/failed_user_auto_unlock: Defines whether user locks due to unsuccessful logon attempts should be automatically removed at midnight
Which 2 profile parameter controls the deactivation of password-based logon for users or for groups?
logon/disable_password_logon logon/password_logon_usergroup
Which profile parameter specifies the default client that is automatically filled in on the system logon screen?
logon/system_client
23
Which profile parameter specifies the exactness of the logon timestamp?
logon/update_logon_timestamp
Which profile parameters specifies the number of seconds until an inactive user is automatically logged out?
rdisp/gui_auto_logout
6 security advantages that a three-tier system landscape can offer?
Changes take place in only one location Developers do not have access to production data. Test in a QA system before they take effect in prod. Control the point in time when changes take effect Reduce accidental or unauthorized changes Keep a record of changes for auditing purposes
Which transaction allows you to see if the TMS Quality Assurance approval procedure has been set up?
STMS
What are the 3 standards approval steps and their authorization object, value and default value?
By request owner Default: inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: TADM and TQAS By user department. Inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: QTEA or TADM and TQAS By system administrator. Default: inactive. Values of S_CTS_ADMI: CTS_ADMFCT Value: TADM and TQAS
24
Which transaction allows you to approve a transport request?
STMS
At which level is it possible to enforce the changes?
System and client level
What defines the transport routes?
Transport routes define where changes are made, and how the changes migrate through the system landscape after they have been released.
In which transaction can you release the change request to transport?
SE09 or SE10
What are the 5 steps of a transport
1. Release the change request 2. Review the log files 3. Import the SAP system objects into the target system. 4. Review the log files created by the Workbench Organizer. 5. Test your imports thoroughly
25
Team members: Releasing their own Project leader: Verifying the contents of a change request prior to release Transport administrator: Execute the transport tasks Quality Assurance (QA) team: tests the entire functionality and integration
4 roles and responsibilities in the transport process
3 security checks to consider before the development work are moved to production?
- Link custom programs to custom transaction codes - Include AUTHORITY-CHECK statements for all programs - Ensure proper controls are in place if this custom program (or function module) accesses critical tables
What are the authorization object and their fields that allow you to work with transport?
S_TRANSPRT is the authorization object for the Transport Organizer. Fields: Activity, Request type CUST: Customizing requests DTRA: Workbench requests TASK: Tasks (repair or correction
Which authorization object and its field enforce the administration function in the change and transport system?
S_CTS_ADMI, field: CTS_ADMFCT TABL: Maintain transport routes, call certain tools INIT: Set system change option IMPA: Import all transport requests IMPS: Import individual requests TADD: Perform an add to buffer
What are the predefined authorizations in SAP systems that apply to the 5 various roles for the transport process?
Quality Assurance (QA) team: not defined Administrator (transport super user): S_CTS_ALL Project leader: S_CTS_PROJEC Team members and developers: S_CTS_DEVELO End users: S_CTS_SHOW
26
What is the table for maintaining system clients?
T000
What do the values of the table TMSTCRI prevent?
You can protect certain objects from being changed by imports by defining a set of security-critical objects in table TMSTCRI. You are then warned of changes to these objects in transport requests.
What are the four primary authorization objects used in background processing?
S_BTCH_JOB: Job Operations, Values DELE, RELE (release), SHOW, PROT (Display job logs) S_BTCH_NAM: protects what user IDs can execute S_BTCH_ADM: Value Y for the Background admin S_RZL_ADM: Field Name, 01 (Create), 03 (Display) if the background job executes an external cmd.
What are the transactions to create and monitor background jobs?
SM36: create background jobs. SM37: monitor background jobs.
4 reasons to use specific System user IDs for background jobs
User ID is stable; the user never changes jobs The password does not have to be reset. No one can log on Facilitates security administration and maintenance of background schedule.
27
Which authorizations are needed to allow a user to have a look only at their spool request?
Give them S_TCODE with SM37 and SP02 No other authorization objects are required to view spool
Which SAP standard roles gives access required to administer background jobs
SAP_BC_BATCH_ADMIN
What 3 kind of job steps can be executed when creating a background job?
ABAP program External command: from the operating system are executed from SAP External program: at the operating system (Ex: file read)
Which 2 authorizations are needed in order to create background job with external program job steps?
You must have activity 01 for the authorization object S_RZL_ADM (maintain) and access to S_LOG_COM (execute)
Which authorization object define which printers you can print to?
S_SPO_DEV
28
Which authorization object enforce actions you can take with spool requests (Admin) and enforce access to a spool request that does not belong to you?
S_SPO_ACT
Which authorization object enforces administering the spool system (Admin)? Values SP01, SP0R, SPAA, SPAB, SPAC, SPAD, SPAM, SPAR, SPTD, SPTR
S_ADMI_FCD
Which authorization object limit the number of pages a user can print to a specific printer?
S_SPO_PAGE
What is the SAP standard role for spool administration?
SAP_BC_SPOOL_ADMIN
4 examples of external commands executed within SAP?
- Database backup tools such as brbackup - Operating system environment commands - List directories and space available at the operating system - Execute sap router
29
What are the 3 ways to execute external commands?
- External commands can be executed either with - Transaction SM49 (SM69 to create) - ABAP programs - In background job steps
How is the external command defined in the SAP system?
An external command is an alias defined in the SAP system that represents an operating system command.
What are the authorizations needed to create and maintain an external command?
SM69, S_RZL_ADM with the value 01,03(Activity field)
What are the 3 different fields of the S_LOG_COM authorization object?
Command (name of external command) Opsystem (operating system for the command) Host (symbolic host name of target system)
Standard list download What are the 2 ways in use to download lists? Application-specific implementations for downloading (Excel for ex)
30
Which authorization object protects the standard list download?
S_GUI
Which authorization objects protect the file access?
Authorizations object S_DATASET. The minimum activities required are 33 (normal file read) and A6 (read file with filter).
What are the 2 user types that should be used for RFC communication?
User IDs in RFC destinations should be set up as communication or system users: someone cannot log on with the userID the passwords normally do not expire
Which transaction lists each RFC destination and the user involved?
RSRFCCHK
Which authorization object is checked when a user invokes a RFC?
object S_RFC
31
What are the 3 fields of the authorization object S_RFC?
- Type of RFC object to be protected - Name of RFC to be protected - Activity
Which profile parameter can you use in order to specify the use of S_RFC?
auth/rfc_authority_check
How is the authentication done when an RFC destination has no user Id provided and the current user field is selected?
When this RFC destination is invoked, the user ID that will be used is the ID of the person who invoked this RFC destination.
What are the values possibilities for the profile parameter auth/rfc_authority_check?
0 = No authorization check 1 = Authorization check active (no check for same user, no check for same user context and SRFC-FUGR). 2 = Authorization check active (no check for SRFCFUGR) 9 = Authorization check active (SRFC-FUGR checked)
What is the default Communication RFC user set up for the transport management?
TMSADM
32
How is the system called to set up a trusted relationship and allow user logging based on this trusted relationship for transport?
TMS Trusted Services
Which authorization object gives access to many administration functions?
S_ADMI_FCD
33

ADM950 Flashcards PDF

Uploaded by

Copyright:

Available Formats

ADM950 Flashcards PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ADM950 Flashcards PDF

Uploaded by

Copyright:

Available Formats

ADM950SAPSecurityconsultantcertificationflashcardsjulien.moix@gmail.

The Audit Information System is intended for external audits only.

is a program that assigns authorization groups to ABAP programs.

Answer: Devlopment Production

Which of the following are security advantages to a three-tier landscape?

6 aspects that might be considered in a security policy

7 questions that a security policy should address?

What are the 2 types of roles implementation strategy?

Menu roles Authorization roles

What are the 2 major categories of the AIS

The menu roles: SAP_AUDITOR The authorization roles: SAP_CA_AUDITOR

What are the 4 steps required to set-up the AIS

Which SAP Standard role allow you to set-up the AIS?

What is the audit logs main objective? (3 points)

How do you define the audit file name and location?

What are the information (9) contained in an audit record

How do you define the maximal size of the audit file?

What happened if the maximal size of the audit file is reached?

If the maximum size is reached, the auditing process stops.

Create and save filters permanently in the database

Change filters dynamically (changes distributed to all

Introductory information Audit data Statistical analysis Contents

What is the transaction to access the CCMS alert monitor

Which transaction should be used when access to a table and why?

What are the 2 fields of the authorization object S_TABU_DIS

Which table maps the Authorization Group to a list of tables?

Which authorization object control the authorization to execute a program

the authorization object S_PROGRAM

Which fields use the authorization object S_PROGRAM

What are the accesses required in order to run transaction SA38?

2 options to secure the use of SA38 -

For what is the Authorization Group field used?

S_DEVELOP is the general authorization object for ABAP Workbench objects

6 ABAP Workbench components that are protected with S_DEVELOP

What are the 6 types of logs?

SLG1, display SLG0, define entries for your own application

What does the application log trace?

Which activities are logged in the webflow log?

Which transactions allow you to analyze the webflow?

SWI5, SWI2_FREQ and SWI1

What is the transaction to view the change document for an object

What is the structure of the change document?

Which transaction displays the table change log?

In which table are the table change logged?

What does the transport system log record?

Which transactions allow you to view the transport system log?

SE09 and SE10

What does the user and authorization log records?

RPUPROTD (Log of report status)

What are the 4 check indicators?

CM = Check/Maintain C = Check N = No Check U = Unmaintained.

What are the properties of the check indicator CM = Check/Maintain

What are the properties of the check indicator C = Check

What are the properties of the check indicator N = No Check

What are the property of the check indicator U = Unmaintained

What are the 10 components of the User information system (SUIM)?

What is the difference between centralized and decentralized security administration?

What are the 3 different administrator types in a decentralized security administration?