Professional Documents
Culture Documents
What is the type of connector between GRC and back end system?
What are the actions in BRM, which should be mapped to connector?
What are the commonly used objects between AC, PC and RM?
If you have developed a custom t-code and how do you make this t-code available for
risk analysis?
What do you mitigate with mitigation controls?
You have maintained some options in maintain path settings tab and some options in
modify task settings for path, which one will be taken/used by default for as part of
workflow
How many initiator rules can be used by one process id?
What do you compare using role mining
When you make changes in role pfcg(back end), how the back end role changes can be
synchronized to BRM?
Can you update multiple authorization objects at once in multiple roles using mass
maintenance in ERM?
Who will monitor the FF logs?
Where do you maintain the reason codes in NWBC?
What is the special feature of EAM in AC10, compared with older version of GRC 5.3
(SPM)
Under which tab NWBC, owner/controller and FF assignments will be done?
What is the t-code to view back ground jobs?
To access GRC 10.0 solutions, you must have either Portal or NWBC? True/false?
Which of the Integration scenarios apply to Access Control?
Identify the order in which synchronization jobs should be completed?
Which Start Condition must be selected in order to schedule periodic jobs
Where do customize the settings in GRC? (SPRO)
In which t-code template can be customized? (SE61)
What are the common component settings in SPRO?
What is the use of activating the BC set?
What do you activate in BRF plus rules (application/function/decision table)?
Advantage with BRF plus flat rules compared with BRF plus roles?
What is the framework for the rule conditions and result?
What are the ways to create a mitigating control in GRC 10.0
Which of the following can be viewed in a Change Log report?
Is defining Methodology is mandatory for role creation process?
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
1) which of the following statements are true with respect to Defining Role
Methodology and Steps?
B. When a new step is created, it does not need to be associated with a pre-defined
action.
C. The phase is the label that will be displayed when a role is created.
A. Methodology steps allow you to see which phase of the role creation process a
role is in
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
B. The role methodology guides you through the process of defining, generating, and
testing a role
C. Organizations can enforce risk analysis for roles that belong to a particular
business process
D. Organizations can enforce risk analysis for delivered, but not custom, roles
3) Which of the following statements are true with respect to Defining Role
Methodology and Steps?
B. When a new step is created, it does not need to be associated with a pre-defined
action.
C. The phase is the label that will be displayed when a role is created.
A. Compare role definitions between Access Control and the back end system
B. Synchronize authorization data between Access Control and the back end system
D. View results for Common Actions, but not for Unique Actions
Match items from 1st column to the corresponding item in 2nd column.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
a) True b) False
2) Which of the following common components are shared with Process Control and Risk
Management?
3) To access GRC 10.0 solutions, you must have either Portal or NWBC Authorization.
a) True b) False
A. AUTH B. PROV
C. RISKMG D. ROLMG
E. SUPMG
5) In Business Role Management, which of the following actions are associated with the
four phases for which you need to assign a connector?
6)
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
Match items from 1st column to the corresponding item in 2nd column.
A. GRAC_ROLEREP_PROFILE_SYNC B. GRAC_ROLEREP_ROLE_SYNC
C. GRAC_ROLEREP_OWNR_SYNC D. GRAC_ROLEREP_USER_SYNC
A,B,D
a) True b) False
11) To begin setting up a workflow-related MSMP rule, first create the decision table and
then create the BRFplus objects.
a) True b) False
12) The Top Expression is the framework for the rule conditions and result.
a) True b) False
13) Although the work areas for customizing MSMP workflow are numbered, they do not
need to be performed in sequential order.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
a) True b) False
14) Rules determine results that are to be utilized during the execution of the workflow.
a) True b) False
15) Which of the following statements are true about maintaining Notification Variables
and Templates?
16) Which of the following statements are true about route mapping for MSMP workflow?
A. Route mapping connects the Rule ID and Rule Result Value to the Path ID that is
to be executed
B. Initiator or Routing rules must already be listed in work area 2: Maintain Rules
C. Detours are only available for a limited number of conditions and cannot be based
on request or line items
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
18) Which of the following are ways to create a mitigating control within GRC 10.0?
19) Which of the following are allowable actions when managing SoD rules?
21) In which order should you perform the following remediation steps?
Match items from 1st column to the corresponding item in 2nd column.
22) With system-specific mitigation, if User 1 is mitigated for Risk A in three systems,
then User 2 must be mitigated for Risk A in the same three systems.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) TRUE B)FALSE
Match items from 1st column to the corresponding item in 2nd column.
A) TrueB) False
25) It is mandatory for a Firefighter ID /Firefighter Role to be assigned to the owner before
further assignments are made, such as for Firefighter Controller.
A) TrueB) False
Match items from 1st column to the corresponding item in 2nd column.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
b. Consolidated Log Report 2. Provides details of all users who are either
expired, locked, or deleted
A) TrueB) False
29) Which of the following statements are true about role creation?
A. Methodology steps allow you to see which phase of the role creation process a
role is in
B. The role methodology guides you through the process of defining, generating, and
testing a role
C. Organizations can enforce risk analysis for roles that belong to a particular
business process
D. Organizations can enforce risk analysis for delivered, but not custom, roles
30) Naming conventions are specific to a system landscape and role type.
A) TrueB) False
31) The Application name and BRFplus Function name values must be entered manually
in the Assign Condition Group to BRFplus Rules configuration.
A) TrueB) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
32) Which of the following statements are true with respect to Defining Role
Methodology and Steps?
B. When a new step is created, it does not need to be associated with a pre-defined
action.
C. The phase is the label that will be displayed when a role is created.
33) You can map roles to a single role and then provision them all together.
A) TrueB) False
34) Which of the following statements are true about role authorizations?
A. You can synchronize authorization data from PFCG into Access Control, but you
cannot push role authorization data from Access Control to the back end system
C. Authorizations changed at the Master Role cannot be propagated into the derived
role
A. Compare role definitions between Access Control and the back end system
B. Synchronize authorization data between Access Control and the back end system
D. View results for Common Actions, but not for Unique Actions
36) Role Certification attributes are defined in the Properties section of the Role
Maintenance Details screen.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) TrueB) False
37) You can create access requests for user access and organizational assignments.
A) TrueB) False
38) You cannot use custom field values when creating a request from a template.
A) TrueB) False
Match items from 1st column to the corresponding item in 2nd column.
40) All workflow stages are configured together and share the same configuration
settings.
A) TrueB) False
41) Before you can assign reviewer coordinator mapping, you must set a request type and
priority for User Access Review Requests in configuration and set Admin Review Required to
YES
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) TrueB) False
42) Which of the following statements are true about Role Reaffirm?
43) Which of the groups below may be included on a typical project team?
44) If previous Access Control versions are involved in a migration/upgrade for multiple
solutions, when must Access Control be migrated?
A. First
B. Last
46) SAP BusinessObjects GRC solutions are comprised of three main areas
of capabillities:
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) TrueB) False
49) When it comes to managing governance, risk, and compliance efforts, GRC
50) Streamlined user navigation with shared work centers emphasizes each
A) TrueB) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
53) To access GRC 10.0 solutions, you must have at least the following: 1. Portal
A) TrueB) False
54) Which of the following determine what users see in the GRC 10.0 user
interface?
A. View, access, and perform workflow tasks, whether assigned to you or not
56) In the Rule Setup work center, a Control Owner for Process Control would be
interested in seeing things like Data Sources, Business Rule Assignments for
Continuous Monitoring, and KRI templates.
A) TrueB) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
57) Ad hoc issues are issues not associated with compliance evaluations, yet are associated
with a variety of business entities, such as organizations, risk, regulations, and controls..
A) TrueB) False
60) Only those fields that exist in the control table GRFNFLDRGSP can be regulation-
specific fields.
A) TrueB) False
62) In GRC 10.0 control data can be shared by Access Control and Process Control, and only
those fields relevant for the specific view are displayed.
A) TrueB) False
63) Each solution component can have one default view and multiple available views, which
are used only for hierarchical organization display and reporting purposes.
A) TrueB) False
64) Before beginning the functional implementation, you must activate BC sets, based upon
customer requirements.
A) TrueB) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
65) Business Users, such as Internal and External Auditors, are a subset of users that
typically:
B. Use the software to collect and analyze data to support business decisions
66) A POC, prototype, or integration plan is typically developed during which phase?
67) Which of the following reports might you find in the Master Data Work Center?
68) As an organization increases its collaboration with partners and suppliers, the
consequences of organizational fragmentation diminish.
A) TrueB) False
A. Analyze and Manage Risk can utilize workflow for changes to control master data
and control assignments
B. Access Request Management and Business Role Management use different tables
for role information
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
D .Emergency Access Management can utilize Analyze and Manage Risk to show where
a firefighter may have completed both sides of a SoD risk
70) The information architecture leverages the same work centers and navigation across
the GRC solution rather than to completely separate the components.
A) TrueB) False
71) Uncontrolled assignment of excessive authorizations can result in users being able to
initiate fraud.
A) TrueB) False
72) Bettina has the system authorizations to create anad approve a purchase order and issues
payments to vendors. Does this constitute a risk?
A) TrueB) False
Match items from 1st column to the corresponding item in 2nd column.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) Trueb) False
2) If you select the Agent Type PFCG Roles, this means that all users who have the PFCG
role in their user buffer will be the agent.
A) Trueb) False
3) Which of the following are ways to create a mitigating control within GRC 10.0?
A) Trueb) False
5) In which order must the following steps be performed to configure a Firefighter ID?
Match items from 1st column to the corresponding item in 2nd column.
A) Trueb) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
7) The Condition Group Type is assigned in the front end of the Access Control application.
A) Trueb) False
8) Before creating a business role, a role methodology and workflow approval must be
created and configured, if these are to be enforced.
A) Trueb) False
9) You cannot use custom field values when creating a request from a template.
A) Trueb) False
10) Where can you find the access requests that you are supposed to review?
Match items from 1st column to the corresponding item in 2nd column.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A. View, access, and perform workflow tasks, whether assigned to you or not
15) Organization structures, process structures, and control structures can be shared across
components in the GRC 10.0 solution.
A) Trueb) False
C. Redundant maintenance
A. SAP_GRAC_SETUP
B. SAP_GRC_SAC_CUSTOMIZING
C. SAP_GRC_RM_CUSTOMIZING
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
D. SAP_GRC_SPC_CUSTOMIZING
E. SAP_GRPC_SETUP
F. SAP_GRC_PC_CUSTOMIZING
18) As an organization increases its collaboration with partners and suppliers, the
consequences of organizational fragmentation diminish.
A) Trueb) False
20) You can only access the GRC front end via the NetWeaver Business Client 3.0
(NWBC).
A) Trueb) False
21) In Business Role Management, which of the following actions are associated wth the
four phases for which you need to assign a connector?
22) Which of the following programs are included in Repository Object Sync?
A. GRAC_ROLEREP_PROFILE_SYNC B. GRAC_ROLEREP_ROLE_SYNC
C. GRAC_ROLEREP_OWNR_SYNC D. GRAC_ROLEREP_USER_SYNC
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
23) Reports can be displayed in Crystal while leveraging built-in ABAP List Viewer (ALV)
functionality.
A) Trueb) False
24) Documentation for IMG Customizing is contained within the IMG itself.
A) Trueb) False
27) The My Home work center is used as an entry point for any other work
centers.
A) Trueb) False
A) Trueb) False
A) Trueb) False
30) Match the term on the left with the best description on the right.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
Match items from 1st column to the corresponding item in 2nd column.
31) Before you can assign reviewer coordinator mapping, you must set a request type and
priority for User Access Review Requests in configuration and set Admin Review Required to
YES
A) Trueb) False
32) What does it mean to create an access request with a model user?
A. Use the current access request creation process to model a new custom process
D. Use the generic model user delivered with Access Control as a basis for creating
access for new users
33) Which of the following statements are true about business roles?
C. If you include multiple single roles in a business role, you must still assign each
single role individually.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
34) The Application name and BRFplus Function name values must be entered manually
in the Assign Condition Group to BRFplus Rules configuration.
A) Trueb) False
35) Log Collector fetches data from the remote client system.
A) Trueb) False
36) Before firefighters can do centralized firefighting, EAM must be configured in the IMG
with an Application Type of 1 for Parameter 4000.
A) Trueb) False
37) In which order should you perform the following remediation steps?
Match items from 1st column to the corresponding item in 2nd column.
38) Mitigating controls are stored in separate locations for Access Control, Process
Control, and Risk Management.
A) Trueb) False
39) Defining Approvers in the Maintain Agents work area means that:
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
40) To begin setting up a workflow-related MSMP rule, first create the decision table and
then create the BRFplus objects.
A) Trueb) False
42) RFC is an interface for communication between SAP client and server to external
programs and data, and can enable function calls to SAP systems or external
systems.
A) Trueb) False
43) Which of the following statements are true about the GRC 10.0 Architecture and
landscape?
A. Access Control, Process Control and Risk Management are contained in one ABAP
add-on called GRCFND_A
B. Access Control, Process Control and Risk Management are contained in three ABAP
add-ons called GRCFND_A, GRCFND_R, and GRCFND_P
44) Uncontrolled assignment of excessive authorizations can result in users being able to
initiate fraud.
A) Trueb) False
45) The unified compliance platform allows complete management of all risks and controls
from a single environment.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) Trueb) False
47) To access GRC 10.0 solutions, you must have either Portal or NWBC authorization.
A) Trueb) False
50) Which of the following are maintained in the Process Global Settings activities?
51) Which of the following statements are true about route mapping for MSMP workflow?
A. Route mapping connects the Rule ID and Rule Result Value to the Path ID that is
to be executed
B. Initiator or Routing rules must already be listed in work area 2: Maintain Rules
C. Detours are only available for a limited number of conditions and cannot be based
on request or line items
52) Functions are the building blocks for risks, so any changes in functions will have a direct
effect on the access rule set.
A) Trueb) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
53) A wild card (*) in the System field means that the mitigation assignment applies to all
systems.
A) Trueb) False
55) You must define required attributes, but not the methodology steps, before defining
a role methodology process.
A) Trueb) False
56) Which of the following statements are true about technical role definition?
C. The Provisioning Allowed flag allows the role to be provisioned through access
request
D. To derive a role, organization levels must be set and assigned to the master role
57) Role Certification attributes are defined in the Properties section of the Role
Maintenance Details screen.
A) Trueb) False
58) Which of the following statements are true about access aproval requests?
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
59) Put the following steps related to creating custom fields in the correct sequence.
Match items from 1st column to the corresponding item in 2nd column.
Create a domain
60) SAP BusinessObjects GRC solutions are comprised of three main areas
of capabillities:
61) The unified Risk Management, Access Control, and Process Control data model and
technology platform enables optional sharing of selected risk and compliance data
and functions because some customers prefer a silo approach.
A) Trueb) False
62) To access GRC 10.0 solutions, you must have at least the following: 1. Portal
A) Trueb) False
63) An Access Control user won't see the Continuous Monitoring section of the Rule Setup
work center, but would see sections like Access Rule Maintenance and Critical Access Rules.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
A) Trueb) False
64) The User Interface Configuration framework enables using common and centralized
master data, while supporting entity attributes that can be specific to regulations.
A) Trueb) False
A) Trueb) False
66) To access the IMG, first log onto the ABAP client for GRC 10.0, then execute transaction
SPRO.
A) Trueb) False
A) Trueb) False
68) Users will only see those objects included in the assigned role.
A) Trueb) False
69) During the Run phase, you assess operation standards in order to optimize solution
operation and system performance.
A) Trueb) False
70) The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set.
A) Trueb) False
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
1. Your customer has created a custom transaction code ZFB10N by copying transaction FB10
and implementing a user exit.
How can you incorporate the customer enhancement into the global rule set so that it will be
available for Risk Analysis?
A. Update security permissions in all relevant authorization objects, maintain the custom
program
name in all relevant functions, and generate the access rules.
B. Update all relevant functions with ZFB10N, maintain the permission values for all relevant
authorization objects, and generate the access rules.
C. Update all relevant functions with ZFB10N, maintain the permission values in the relevant
access risk, and generate the global rule set.
D. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions,
and generate the global rule set.
Answer: B
2. Which of the following objects can you maintain in the "Maintain Paths" work area of
MSMP workflow configuration? (Choose three)
A. Paths
B. Path versions
C. Rules for path mappings
D. Stage notification settings
E. Stages
Answer: A,D,E
3. Which configuration parameters determine the content of the log generated by the SPM
Log
Synch job? (Choose three)?
A. Enable Risk Change log (1002)
B. Enable Authorization Logging (1100)
C. Retrieve System log (4004)
D. Retrieve OS Command log (4006)
E. Retrieve Audit log (4005)
Answer: C,D,E
4. Your customer wants to eliminate false positives from their risk analysis results.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
How must you configure Access Control to include organizational value checks when
performing a
risk analysis? (Choose two)
Answer: C,D
6. Your customer wants a manager to fulfill both MSMP workflow agent purposes.
How do you configure this?
A. Maintain the manager agent twice, once for each purpose, using the same agent ID.
B. Maintain the manager agent once and assign both purposes to it without using an agent ID.
C. Maintain the manager agent twice, once for each purpose, using different agent IDs.
D. Maintain the manager agent once and assign both purposes to it using the same agent ID.
Answer: C
7. You have identified some risks that need to be defined as cross-system risks. How do you
configure your system to enable cross-system risk analysis?
A. 1. Set the analysis scope of the function to cross-system.
2. Create cross-system type connectors.
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
8. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to
do?
A. Run a cross-system analysis.
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D
10. How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
11. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to
do?A. Run a cross-system analysis.?
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D
13. How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C
14. Which periodic review process allows a role owner to remove roles from the users?
A. UAR Review
B. SoD Review
C. Firefighter Log Review
D. Role Certification Review
Answer:A
15. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users. What could be the
reason?
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
Answer:D
16.Which report types require the execution of batch risk analysis? (Choose two)?
A. Ad-hoc risk analysis reports
B. Offline risk analysis reports
C. User level simulation reports
D. Access rules detail reports
E. User and role analysis dashboards
Answer:B,E
Answer:A,C,D
18. You have created a new end-user personalization (EUP) form. Where can you make use of
this EUP form? (Choose two)?
A. In a stage configuration of a workflow
B. In an organizational assignment request
C. In a template-based request
D. In a model user request
E. Company 2
Answer: A, C
19. You have maintained an end-user personalization (EUP) form and set a particular field as
mandatory. Which additional field attribute settings are required? (Choose two)?
A. The field attribute Visible must be set to "Yes".
B. A default value must be maintained for the field.
C. The field attribute Editable must be set to "Yes".
D. The field attribute Visible must be set to "No".
E. The field attribute Editable must be set to "No".
BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10
Answer: A, C
20.You want to maintain roles using Business Role Management. How do you import the
roles from the back-end system?
A. Use an SAP transport.
B. Execute the Role Import background job directly in the back-end system.
C. Use the standard import template.
D. Execute the Role Repository Sync program
Answer: C
21. Which activity can you perform when you use the Test and Generate options in
transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
A. Generate and activate a BRFplus flat rule for workflow-related rules.
B. Create a rule type for workflow-related rules.
C. Create an MSMP process ID for workflow-related rules.
D. Generate and activate function modules for workflow-related rules.
Answer: D
22. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users.
What could be the reason?
A. The user is already assigned as an owner to another mitigating control.
B. The workflow for creating a mitigating control has not yet been approved.
C. The user is locked.
D. The user has not been assigned as an owner in the organizational hierarchy.
Answer: D
The above questions are gathered from certified people and websites from google
BAITHI SRINIVAS