Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. SAP
  5. P_SECAUTH_21

SAP P_SECAUTH_21 Exam Questions
SAP Certified Technology Professional - System Security Architect (Page 2 )

Updated On: 21-Feb-2026
Page 2 of 17
PDF with 80 Questions

User1 grants role 1 to user2. Who can revoke role 1 role from user2?

  1. The system OBA user
  2. The owner of role 1
  3. Only User1
  4. Any user with the 'ROLE ADMIN' database role

Answer(s): D



Why should you create multiple dispatchers in SAP Identity Management? Note: There are 2 correct answers to this question.

  1. To accommodate scalability
  2. To support fail-over scenarios
  3. To handle password provisioning
  4. To handle special network access requirements

Answer(s): A,D



What is required when you configure the PFCG role for an end-user on the front-end server? Note: There are 2 correct answers to this question.

  1. The catalog assignment for the start authorization
  2. The S_RFC authorization object for the OData access
  3. The Fiori Launchpad designer assignment
  4. The group assignment to display it in the Fiori Launchpad

Answer(s): A,D



In your system, you have a program which calls transaction A. Users with access to this program can still execute transaction A without explicit authorizations given to this transaction. How do you prevent the access of users to the transaction A from within the program?

  1. Make sure you do NOT assign transact on A to the authorization object S_TCODE in the role that you assign to the unauthorized users.
  2. Maintain SE93 with authorization objects for transact on A.
  3. Maintain the check indicator in table TCDCOUPLES
  4. Ensure that transact on A is NOT assigned into the same program authorization group

Answer(s): B



The SSO authentication using X.509 client certificates is configured. Users complain that they can't log in to the back-end system. The trace file shows the following error message: "HTTP request [2/5/9] Reject untrusted forwarded certificate". What is missing in the configuration? Note: There are 2 correct answers to this question.

  1. On the back-end, the profile parameter icm/HTTPS/verify client must NOT be set to 0
  2. On the web-dispatcher, the SAPSSLS.pse must be signed by a trusted certification authority
  3. On the web-dispatcher, the profile parameter icm/HTTPS/verify_client must be set to 0
  4. The web dispatcher's SAPSSLC.PSE certificate must be added to the trusted reverse proxies list in icm/trusted_reverse_proxy_<xx>

Answer(s): A,B






Post your Comments and Discuss SAP P_SECAUTH_21 exam dumps with other Community members:

Join the P_SECAUTH_21 Discussion