You are on page 1of 35

SAP GRC Certification CODE: C_GRCAC_10

What is the type of connector between GRC and back end system?
What are the actions in BRM, which should be mapped to connector?
What are the commonly used objects between AC, PC and RM?
If you have developed a custom t-code and how do you make this t-code available for
risk analysis?
What do you mitigate with mitigation controls?
You have maintained some options in maintain path settings tab and some options in
modify task settings for path, which one will be taken/used by default for as part of
workflow
How many initiator rules can be used by one process id?
What do you compare using role mining
When you make changes in role pfcg(back end), how the back end role changes can be
synchronized to BRM?
Can you update multiple authorization objects at once in multiple roles using mass
maintenance in ERM?
Who will monitor the FF logs?
Where do you maintain the reason codes in NWBC?
What is the special feature of EAM in AC10, compared with older version of GRC 5.3
(SPM)
Under which tab NWBC, owner/controller and FF assignments will be done?
What is the t-code to view back ground jobs?
To access GRC 10.0 solutions, you must have either Portal or NWBC? True/false?
Which of the Integration scenarios apply to Access Control?
Identify the order in which synchronization jobs should be completed?
Which Start Condition must be selected in order to schedule periodic jobs
Where do customize the settings in GRC? (SPRO)
In which t-code template can be customized? (SE61)
What are the common component settings in SPRO?
What is the use of activating the BC set?
What do you activate in BRF plus rules (application/function/decision table)?
Advantage with BRF plus flat rules compared with BRF plus roles?
What is the framework for the rule conditions and result?
What are the ways to create a mitigating control in GRC 10.0
Which of the following can be viewed in a Change Log report?
Is defining Methodology is mandatory for role creation process?

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Who will remove the roles to users based on the SOD?


List out which is the common attribute that is been used in condition column header
and the line items?
What are the mandatory attributes that are defined for creating the roles in BRM
What are the jobs used in EAM for generating the logs? Os logs, system logs and audit
logs
What might be possible reason for not been able to assign the owner to mitigation
control id (he might not be mapped to org unit)
What is the use of having same logical group name, as that of the connector group
name?
What are the different types of provisioning
Where do you use the EUP template apart from request creation using the template
When do you activate the MSMP process id?
What can be returned in BRF plus agent rule?
What are the different BRF plus rule types those can be used in MSMP?
What can be copied while using the copy user request option while submitting the
request?
What can be seen in Myhome work item?
Use of log collection job?

And also the below FAQs have come in the exam:

1) which of the following statements are true with respect to Defining Role
Methodology and Steps?

Choose the correct answers.

A. Actions are fixed.

B. When a new step is created, it does not need to be associated with a pre-defined
action.

C. The phase is the label that will be displayed when a role is created.

D. Process steps must be associated to the methodology process.

2) Which of the following statements are true about role creation?

Choose the correct answers.

A. Methodology steps allow you to see which phase of the role creation process a
role is in

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

B. The role methodology guides you through the process of defining, generating, and
testing a role

C. Organizations can enforce risk analysis for roles that belong to a particular
business process

D. Organizations can enforce risk analysis for delivered, but not custom, roles

3) Which of the following statements are true with respect to Defining Role
Methodology and Steps?

Choose the correct answers.

A. Actions are fixed.

B. When a new step is created, it does not need to be associated with a pre-defined
action.

C. The phase is the label that will be displayed when a role is created.

D. Process steps must be associated to the methodology process.

4) Role Comparison allows you to:

Choose the correct answers.

A. Compare role definitions between Access Control and the back end system

B. Synchronize authorization data between Access Control and the back end system

C. Compare roles at the Action and Permission level

D. View results for Common Actions, but not for Unique Actions

E. Synchronize only in the background, but not in the foreground

5) Arrange the following configuration steps in the correct sequence.

Match items from 1st column to the corresponding item in 2nd column.

Configure common component settings

Perform post-installation tasks

Configure Access Control-Specific Settings

Activate Rule Set BC Sets for Access Risk Analysis

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

1) Continuous compliance involves maintaing compliance and segregation of duties in an


ongoing fashion.

Determine the statement is true or false.

a) True b) False

2) Which of the following common components are shared with Process Control and Risk
Management?

Choose the correct answers.

A. Master Data B. Workflow

C. Role Mining D. Superuser Access Management

E. Reports and Dashboards

3) To access GRC 10.0 solutions, you must have either Portal or NWBC Authorization.

Determine whether this statement is true or false.

a) True b) False

4) Which of the following Integration scenarios apply to Access Control?

Choose the correct answers.

A. AUTH B. PROV

C. RISKMG D. ROLMG

E. SUPMG

5) In Business Role Management, which of the following actions are associated with the
four phases for which you need to assign a connector?

Choose the correct answers.

A. Role Generation B. Role Risk Analysis

C. Authorization Maintenance D. Provisioning

E. Superuser Designation F. HR Triggers

6)

7) Identify the order in which synchronization jobs should be completed.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Match items from 1st column to the corresponding item in 2nd column.

Action Usage Sync

Repository Object Sync

Role Usage Sync

PFCG Authorization Sync

8) Which of the following programs are included in Repository Object Sync?

Choose the correct answers.

A. GRAC_ROLEREP_PROFILE_SYNC B. GRAC_ROLEREP_ROLE_SYNC

C. GRAC_ROLEREP_OWNR_SYNC D. GRAC_ROLEREP_USER_SYNC

A,B,D

9) Which Start Condition must be selected in order to schedule periodic jobs?

Choose the correct answers.

A. Immediate B. Date/Time C. After Job D. After Event

10) BRFplus is a Business Rules Management System for ABAP applications.

Determine whether this statement is true or false.

a) True b) False

11) To begin setting up a workflow-related MSMP rule, first create the decision table and
then create the BRFplus objects.

Determine whether this statement is true or false.

a) True b) False

12) The Top Expression is the framework for the rule conditions and result.

Determine whether this statement is true or false.

a) True b) False

13) Although the work areas for customizing MSMP workflow are numbered, they do not
need to be performed in sequential order.

Determine whether this statement is true or false.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

a) True b) False

14) Rules determine results that are to be utilized during the execution of the workflow.

Determine whether this statement is true or false.

a) True b) False

15) Which of the following statements are true about maintaining Notification Variables
and Templates?

Choose the correct answers.

A. Maintain templates by choosing work area 4: Variables & Templates

B. Add a notification template by executing transaction SE61

C. Maintain message variables in work area 4: Variables & Templates

D. The document class for notification templates is Special Text

16) Which of the following statements are true about route mapping for MSMP workflow?

Choose the correct answers.

A. Route mapping connects the Rule ID and Rule Result Value to the Path ID that is
to be executed

B. Initiator or Routing rules must already be listed in work area 2: Maintain Rules

C. Detours are only available for a limited number of conditions and cannot be based
on request or line items

D. No routing rules are delivered in the BC set; all must be created

17) Which application components can share a common organization hierarchy?

Choose the correct answers.

A. Access Control and Process Control only

B. Access Control and Risk Management only

C. Process Control and Risk Management only

D. Access Control, Process Control, and Risk Management

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

18) Which of the following are ways to create a mitigating control within GRC 10.0?

Choose the correct answers.

A. Directly within Access Control

B. When you execute a User Risk Analysis

C. From the User Risk Analysis result view

D. From Process Control within Business Processes

E. From Process Control within Rule Setup

19) Which of the following are allowable actions when managing SoD rules?

Choose the correct answers.

A. Generate SoD rules B. Delete SoD rules

C. Segregate SoD rules D. Transport SoD rules

20) Which of the following can be viewed in a Change Log report?

Choose the correct answers.

A. Old and New values

B. The person who made the changes

C. The date the changes were made

D. Configuration parameters for component tracking

21) In which order should you perform the following remediation steps?

Match items from 1st column to the corresponding item in 2nd column.

Analyze access rights for individual users

Identify risks in composite roles

Identify risks in single roles

22) With system-specific mitigation, if User 1 is mitigated for Risk A in three systems,
then User 2 must be mitigated for Risk A in the same three systems.

Determine whether this statement is true or false.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

A) TRUE B)FALSE

23) Match the term and its correct description.

Match items from 1st column to the corresponding item in 2nd column.

a. Firefighter 1. A user ID with elevated privileges

b. Firefighter ID 2. A user reponsible for a Firefighter ID and


the assignment of controllers and firefighters

c. Owner 3. A user that reviews and approves log files

d. Controller 4. A user requiring emergency access

24) In ID Based scenarios, firefighters must logon to individual client systems to do


firefighting.

Determine whether this statement is true or false.

A) TrueB) False

25) It is mandatory for a Firefighter ID /Firefighter Role to be assigned to the owner before
further assignments are made, such as for Firefighter Controller.

Determine whether this statement is true or false.

A) TrueB) False

26) Where do you maintain reason codes?

Choose the correct answers.

A. In the Setup work center under Superuser Maintenance

B. In the ABAP client

C. In the Setup work center under Superuser Assignment

D. In the remote client system

27) Match the report type to its purpose.

Match items from 1st column to the corresponding item in 2nd column.

a. System Log 1. Provides information based on logs from


the remote system

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

b. Consolidated Log Report 2. Provides details of all users who are either
expired, locked, or deleted

c. Invalid Superuser Report 3. Provides session details logged by the


firefighter in the remote system for the ID
Based application

d. Firefighter Log Summary 4. Captures Debug & Replace information


from transaction SM21

e. SoD Conflict Report for Firefighter ID 5. Provides transactions performed with a


FFID that violate access risk rules in the
remote system

28) The Log Collection job must be executed in the background.

Determine whether this statement is true or false.

A) TrueB) False

29) Which of the following statements are true about role creation?

Choose the correct answers.

A. Methodology steps allow you to see which phase of the role creation process a
role is in

B. The role methodology guides you through the process of defining, generating, and
testing a role

C. Organizations can enforce risk analysis for roles that belong to a particular
business process

D. Organizations can enforce risk analysis for delivered, but not custom, roles

30) Naming conventions are specific to a system landscape and role type.

Determine whether this statement is true or false.

A) TrueB) False

31) The Application name and BRFplus Function name values must be entered manually
in the Assign Condition Group to BRFplus Rules configuration.

Determine whether this statement is true or false.

A) TrueB) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

32) Which of the following statements are true with respect to Defining Role
Methodology and Steps?

Choose the correct answers.

A. Actions are fixed.

B. When a new step is created, it does not need to be associated with a pre-defined
action.

C. The phase is the label that will be displayed when a role is created.

D. Process steps must be associated to the methodology process.

33) You can map roles to a single role and then provision them all together.

Determine whether this statement is true or false.

A) TrueB) False

34) Which of the following statements are true about role authorizations?

Choose the correct answers.

A. You can synchronize authorization data from PFCG into Access Control, but you
cannot push role authorization data from Access Control to the back end system

B. Authorizations are read-only in the Role Management application

C. Authorizations changed at the Master Role cannot be propagated into the derived
role

D. The system used for authorization is defined in the IMG

35) Role Comparison allows you to:

Choose the correct answers.

A. Compare role definitions between Access Control and the back end system

B. Synchronize authorization data between Access Control and the back end system

C. Compare roles at the Action and Permission level

D. View results for Common Actions, but not for Unique Actions

E. Synchronize only in the background, but not in the foreground

36) Role Certification attributes are defined in the Properties section of the Role
Maintenance Details screen.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Determine whether this statement is true or false.

A) TrueB) False

37) You can create access requests for user access and organizational assignments.

Determine whether this statement is true or false.

A) TrueB) False

38) You cannot use custom field values when creating a request from a template.

Determine whether this statement is true or false

A) TrueB) False

39) Match the type of provisioning to its best description.

Match items from 1st column to the corresponding item in 2nd column.

a. Global Configuration 1. One of the most important provisioning


options

b. Direct Provisioning 2. SAP HR system carries out the provisioning

c. Field Mapping Configuration 3. Provisioning is carried out on the SAP User


Master Record via transaction SU01

d. Indirect Provisioning 4. . Assign actions to a connector group and


then choose a default connector for each
group

e. Manual Provisioning 5. Used in case system level configuration is


not defined for a system

40) All workflow stages are configured together and share the same configuration
settings.

Determine whether this statement is true or false.

A) TrueB) False

41) Before you can assign reviewer coordinator mapping, you must set a request type and
priority for User Access Review Requests in configuration and set Admin Review Required to
YES

Determine whether this statement is true or false.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

A) TrueB) False

42) Which of the following statements are true about Role Reaffirm?

Choose the correct answers.

A. Roles must be reaffirmed after a specific period of time

B. You must notify users as part of the review process

C. Maintain the Role Reaffirm period in Access Request Management

D. An automatic periodic requet is generated

43) Which of the groups below may be included on a typical project team?

Choose the correct answers.

A. Business Process Experts B. End Users

C. Security Experts D. Senior Management

44) If previous Access Control versions are involved in a migration/upgrade for multiple
solutions, when must Access Control be migrated?

Choose the correct answers.

A. First

B. Last

C. Before Process Control, but after Risk Management

D. After Process Control, but before Risk Management

45) At what point do you move from Realization to Final Preparation?

Choose the correct answers.

A. When you conduct the Business Process Definition workshop

B. After you test the implementation

C. When you load the rule set

D. When you promote the solution design from development to testing

46) SAP BusinessObjects GRC solutions are comprised of three main areas

of capabillities:

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Choose the correct answer(s).

A. Avoid B. Analyze C. Monitor D. Manage

47) Compliance regulations can be specific to a particular region or country, or

may be applicable to multiple regions

Determine whether this statement is true or false.

A) TrueB) False

48) Which component in the SAP BusinessObjects GRC solution supports

Compliance Management by providing documentation of compliance

structures and related compliance initiatives?

Choose the correct answer(s).

A. Risk Management B. Access Control

C. Process Control D. Global Trade Services

49) When it comes to managing governance, risk, and compliance efforts, GRC

Convergence helps companies:

Choose the correct answer(s).

A. Reduce costs and required resources

B. Reduce risk exposure

C. Reduce reporting requirements

D. Improve overall business performance

50) Streamlined user navigation with shared work centers emphasizes each

component rather than function.

Determine whether this statement is true or false.

A) TrueB) False

51) SoD Integration is between which solution components?

Choose the correct answer(s).

A. Process Control and Risk Management

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

B. Access Control and Risk Management

C. Process Control and Access Control

D. Process Control, Access Control, and Risk Management

52) The ______________________ determines the presentation of user interface


elements.

Fill in the blanks to complete the sentence.

53) To access GRC 10.0 solutions, you must have at least the following: 1. Portal

authorization or NWBC authorization; 2. Applicable PFCG base roles; and

3. PFCG role(s) relative to specific components (AC, PC, RM).

Determine whether this statement is true or false.

A) TrueB) False

54) Which of the following determine what users see in the GRC 10.0 user

interface?

Choose the correct answer(s).

A. Product Licensing B. User Interface Framework Configuration

C. Roles and Authorizations D. Work Centers

55) The My Home work center allows you to:

Choose the correct answer(s).

A. View, access, and perform workflow tasks, whether assigned to you or not

B. View completed reports scheduled by anyone

C. Perform document searches across all documents, including document content

D. Assign delegates to perform your tasks or activities

56) In the Rule Setup work center, a Control Owner for Process Control would be
interested in seeing things like Data Sources, Business Rule Assignments for
Continuous Monitoring, and KRI templates.

Determine whether this statement is true or false.

A) TrueB) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

57) Ad hoc issues are issues not associated with compliance evaluations, yet are associated
with a variety of business entities, such as organizations, risk, regulations, and controls..

Determine whether this statement is true or false.

A) TrueB) False

58) The _____________________ function allows external content to be packaged and

imported to the ______________ repository.

Fill in the blanks to complete the sentence.

59) An automated control in the ______________ solution monitors the status of


access risks in the solution _____________ to verify that access management is in
place and operating effectively.

Fill in the blanks to complete the sentence.

60) Only those fields that exist in the control table GRFNFLDRGSP can be regulation-
specific fields.

Determine whether this statement is true or false.

A) TrueB) False

61) Setting field status for applications or regulations is maintained in __________.

Fill in the blanks to complete the sentence.

62) In GRC 10.0 control data can be shared by Access Control and Process Control, and only
those fields relevant for the specific view are displayed.

Determine whether this statement is true or false.

A) TrueB) False

63) Each solution component can have one default view and multiple available views, which
are used only for hierarchical organization display and reporting purposes.

Determine whether this statement is true or false.

A) TrueB) False

64) Before beginning the functional implementation, you must activate BC sets, based upon
customer requirements.

Determine whether this statement is true or false.

A) TrueB) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

65) Business Users, such as Internal and External Auditors, are a subset of users that

typically:

Choose the correct answer(s).

A. Reference non-transactional activities

B. Use the software to collect and analyze data to support business decisions

C. Serve as first support for end users

D. Fulfill a training role for other end users

66) A POC, prototype, or integration plan is typically developed during which phase?

Choose the correct answer(s).

A. Implement B. Configure C. Optimize/Enhance D. Design

67) Which of the following reports might you find in the Master Data Work Center?

Choose the correct answer(s).

A. Reports related to compliance structure

B. Reports related to user authorization analysis

C. Reports related to audit analysis

D. Reports related to access rule detail

68) As an organization increases its collaboration with partners and suppliers, the
consequences of organizational fragmentation diminish.

Determine whether this statement is true or false.

A) TrueB) False

69) Which of the following statements are true?

Choose the correct answers.

A. Analyze and Manage Risk can utilize workflow for changes to control master data
and control assignments

B. Access Request Management and Business Role Management use different tables
for role information

C. Access Request Management will allow for a user to be assigned to a mitigation


for a risk

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

D .Emergency Access Management can utilize Analyze and Manage Risk to show where
a firefighter may have completed both sides of a SoD risk

70) The information architecture leverages the same work centers and navigation across
the GRC solution rather than to completely separate the components.

Determine whether this statement is true or false.

A) TrueB) False

71) Uncontrolled assignment of excessive authorizations can result in users being able to
initiate fraud.

Determine whether this statement is true or false.

A) TrueB) False

72) Bettina has the system authorizations to create anad approve a purchase order and issues
payments to vendors. Does this constitute a risk?

Choose the correct answers.

A) TrueB) False

73) Match the term to the closest description.

Match items from 1st column to the corresponding item in 2nd column.

a. Business Process 1. Allows a user to perform a particular


activity in a system

b. Function 2. Create Purchase Order

c. Risk 3. A grouping of one or more related actions


or permissions

d. Action 4. An opportunity for process disruption or


productivity loss

e. Permission 5. Business area categories

f. System 6. Where risk analysis is performed

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

1) It is recommended to generate each BRFplus Rule ID (Function) to its own unique


BRFplus application.

Determine whether this statement is true or false.

A) Trueb) False

2) If you select the Agent Type PFCG Roles, this means that all users who have the PFCG
role in their user buffer will be the agent.

Determine whether this statement is true or false.

A) Trueb) False

3) Which of the following are ways to create a mitigating control within GRC 10.0?

Choose the correct answers.

A. Directly within Access Control

B. When you execute a User Risk Analysis

C. From the User Risk Analysis result view

D. From Process Control within Business Processes

E. From Process Control within Rule Setup

4) The purpose of remediation is to correct or eliminate SoD violations.

Determine whether this statement is true or false.

A) Trueb) False

5) In which order must the following steps be performed to configure a Firefighter ID?

Match items from 1st column to the corresponding item in 2nd column.

Create Reason Codes

Maintain Access Control Owners

Assign a Firefighter ID to Controllers and Firefighters

Assign an owner to a Firefighter ID

6) The Log Collection job must be executed in the background.

Determine whether this statement is true or false.

A) Trueb) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

7) The Condition Group Type is assigned in the front end of the Access Control application.

Determine whether this statement is true or false.

A) Trueb) False

8) Before creating a business role, a role methodology and workflow approval must be
created and configured, if these are to be enforced.

Determine whether this statement is true or false.

A) Trueb) False

9) You cannot use custom field values when creating a request from a template.

Determine whether this statement is true or false.

A) Trueb) False

10) Where can you find the access requests that you are supposed to review?

Choose the correct answers.

A. In the Access Management work center

B. In the Master Data work center

C. In the My Home work center

D. In the Reports and Analytics work center

11) Arrange the following configuration steps in the correct sequence.

Match items from 1st column to the corresponding item in 2nd column.

Configure common component settings

Perform post-installation tasks

Configure Access Control-Specific Settings

Activate Rule Set BC Sets for Access Risk Analysis

12) Which component in the SAP BusinessObjects GRC solution supports

Compliance Management by providing documentation of compliance

structures and related compliance initiatives?

Choose the correct answer(s).

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

A. Risk Management B. Access Control

C. Process Control D. Global Trade Services

13) The ______________________ determines the presentation of user interface


elements.

Fill in the blanks to complete the sentence.

14) The My Home work center allows you to:

Choose the correct answer(s).

A. View, access, and perform workflow tasks, whether assigned to you or not

B. View completed reports scheduled by anyone

C. Perform document searches across all documents, including document content

D. Assign delegates to perform your tasks or activities

15) Organization structures, process structures, and control structures can be shared across
components in the GRC 10.0 solution.

Determine whether this statement is true or false.

A) Trueb) False

16) Shared master data involves:

Choose the correct answer(s).

A. Manual synchronization of data

B. Decreased risk of inconsistent master data

C. Redundant maintenance

D. Required sharing of organizations

17) IMG customizing is performed by users assigned the following roles:

Choose the correct answer(s).

A. SAP_GRAC_SETUP

B. SAP_GRC_SAC_CUSTOMIZING

C. SAP_GRC_RM_CUSTOMIZING

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

D. SAP_GRC_SPC_CUSTOMIZING

E. SAP_GRPC_SETUP

F. SAP_GRC_PC_CUSTOMIZING

18) As an organization increases its collaboration with partners and suppliers, the
consequences of organizational fragmentation diminish.

Determine whether this statement is true or false.

A) Trueb) False

19) Which of the following sets of activities should be segregated?

Choose the correct answers.

A. Modify payroll master data and process payroll

B. Change employee HR benefits and process payroll

C. Enter time data and print salary statements to a secured printer

D. Modify time data and modify salary information

20) You can only access the GRC front end via the NetWeaver Business Client 3.0
(NWBC).

Determine whether this statement is true or false.

A) Trueb) False

21) In Business Role Management, which of the following actions are associated wth the
four phases for which you need to assign a connector?

Choose the correct answers.

A. Role Generation B. Role Risk Analysis

C. Authorization Maintenance D. Provisioning

E. Superuser Designation F. HR Triggers

22) Which of the following programs are included in Repository Object Sync?

Choose the correct answers.

A. GRAC_ROLEREP_PROFILE_SYNC B. GRAC_ROLEREP_ROLE_SYNC

C. GRAC_ROLEREP_OWNR_SYNC D. GRAC_ROLEREP_USER_SYNC

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

23) Reports can be displayed in Crystal while leveraging built-in ABAP List Viewer (ALV)

functionality.

Determine whether this statement is true or false.

A) Trueb) False

24) Documentation for IMG Customizing is contained within the IMG itself.

Determine whether this statement is true or false.

A) Trueb) False

25) Setting field status for applications or regulations is maintained in __________.

Fill in the blanks to complete the sentence.

26) The _____________________ function allows external content to be packaged and

imported to the ______________ repository.

Fill in the blanks to complete the sentence.

27) The My Home work center is used as an entry point for any other work

centers.

Determine whether this statement is true or false.

A) Trueb) False

28) With a shared organization hierarchy, you can configure whether an

organization view is used for one solution component or shared between

all GRC components.

Determine whether this statement is true or false.

A) Trueb) False

29) The Enterprise Risk Management process allows management to prioritize

scarce resources to mitigate the company's highest risk areas.

Determine whether this statement is true or false.

A) Trueb) False

30) Match the term on the left with the best description on the right.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Match items from 1st column to the corresponding item in 2nd column.

a. Upgrade 1. Moves data from one platform to another

b. Migration 2. No previous data will be preserved

c. New Implementation 3. Previous data is preserved

d. Upgrade/Migration 4. Does not touch the data within the


database tables

31) Before you can assign reviewer coordinator mapping, you must set a request type and
priority for User Access Review Requests in configuration and set Admin Review Required to
YES

Determine whether this statement is true or false.

A) Trueb) False

32) What does it mean to create an access request with a model user?

Choose the correct answers.

A. Use the current access request creation process to model a new custom process

B. Create a request with reference to another user

C. Use an existing user's access to model access for a new user

D. Use the generic model user delivered with Access Control as a basis for creating
access for new users

33) Which of the following statements are true about business roles?

Choose the correct answers.

A. One or more business roles can be included in a technical role.

B. A business role represents a job function in an organization.

C. If you include multiple single roles in a business role, you must still assign each
single role individually.

D. Risk analysis can be executed at the business role level.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

34) The Application name and BRFplus Function name values must be entered manually
in the Assign Condition Group to BRFplus Rules configuration.

Determine whether this statement is true or false.

A) Trueb) False

35) Log Collector fetches data from the remote client system.

Determine whether this statement is true or false.

A) Trueb) False

36) Before firefighters can do centralized firefighting, EAM must be configured in the IMG
with an Application Type of 1 for Parameter 4000.

Determine whether this statement is true or false.

A) Trueb) False

37) In which order should you perform the following remediation steps?

Match items from 1st column to the corresponding item in 2nd column.

Analyze access rights for individual users

Identify risks in composite roles

Identify risks in single roles

38) Mitigating controls are stored in separate locations for Access Control, Process
Control, and Risk Management.

Determine whether this statement is true or false.

A) Trueb) False

39) Defining Approvers in the Maintain Agents work area means that:

Choose the correct answers.

A. The approver can then be assigned to any workflow stage as an approver

B. The approver can then be assigned to one particular stage as an approver

C. The approver can then be assigned to any workflow stage as someone to be


notified in the specific Process ID

D. The approver can then be assigned to any workflow stage as someone to be


notified in any Process ID

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

40) To begin setting up a workflow-related MSMP rule, first create the decision table and
then create the BRFplus objects.

Determine whether this statement is true or false.

A) Trueb) False

41) In which of the following modes can the program GRAC_REPOSITORY_OBJECT_SYNC


be executed?

Choose the correct answers.

A. Full Sync Mode B. Partial Sync Mode

C. Incremental Sync Mode D. Sequential Sync Mode

42) RFC is an interface for communication between SAP client and server to external
programs and data, and can enable function calls to SAP systems or external
systems.

Choose the correct answers.

A) Trueb) False

43) Which of the following statements are true about the GRC 10.0 Architecture and
landscape?

Choose the correct answers.

A. Access Control, Process Control and Risk Management are contained in one ABAP
add-on called GRCFND_A

B. Access Control, Process Control and Risk Management are contained in three ABAP
add-ons called GRCFND_A, GRCFND_R, and GRCFND_P

C. Content Lifecycle Management (CLM) contains functions for transporting GRC


business data, for example AC Rules or PC Controls

D. GRC configuration/customizing is transported using the standard ABAP transport


system

44) Uncontrolled assignment of excessive authorizations can result in users being able to
initiate fraud.

Determine whether this statement is true or false.

A) Trueb) False

45) The unified compliance platform allows complete management of all risks and controls
from a single environment.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Determine whether this statement is true or false.

A) Trueb) False

46) Which of the following items combine to form a rule?

Choose the correct answers.

A. Rule Set B. Functions

C. Business Rules D. Risks

47) To access GRC 10.0 solutions, you must have either Portal or NWBC authorization.

Determine whether this statement is true or false.

A) Trueb) False

50) Which of the following are maintained in the Process Global Settings activities?

Choose the correct answers.

A. Identify paths and stages for the Process ID

B. Selection of the Process ID

C. Submission and closing notifications

D. Escape routes for the specific Process ID

51) Which of the following statements are true about route mapping for MSMP workflow?

Choose the correct answers.

A. Route mapping connects the Rule ID and Rule Result Value to the Path ID that is
to be executed

B. Initiator or Routing rules must already be listed in work area 2: Maintain Rules

C. Detours are only available for a limited number of conditions and cannot be based
on request or line items

D. No routing rules are delivered in the BC set; all must be created

52) Functions are the building blocks for risks, so any changes in functions will have a direct
effect on the access rule set.

Determine whether this statement is true or false.

A) Trueb) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

53) A wild card (*) in the System field means that the mitigation assignment applies to all
systems.

Determine whether this statement is true or false.

A) Trueb) False

54) Where do you maintain reason codes?

Choose the correct answers.

A. In the Setup work center under Superuser Maintenance

B. In the ABAP client

C. In the Setup work center under Superuser Assignment

D. In the remote client system

55) You must define required attributes, but not the methodology steps, before defining
a role methodology process.

Determine whether this statement is true or false.

A) Trueb) False

56) Which of the following statements are true about technical role definition?

Choose the correct answers.

A. Defining attributes like Business Process and Subprocess is a prerquisie to role


definition

B. "Go to Phase" allows users to jump to a specific step in the methodology

C. The Provisioning Allowed flag allows the role to be provisioned through access
request

D. To derive a role, organization levels must be set and assigned to the master role

57) Role Certification attributes are defined in the Properties section of the Role
Maintenance Details screen.

Determine whether this statement is true or false.

A) Trueb) False

58) Which of the following statements are true about access aproval requests?

Choose the correct answers.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

A. An access request triggers a pre-defined workflow

B. Depending on the configuration, requestors can modify the workflow path

C. The access request must be provisioned before sign-off at each stage

D. Approvers can be specifically named, or open-ended based on job role

59) Put the following steps related to creating custom fields in the correct sequence.

Match items from 1st column to the corresponding item in 2nd column.

Create a data type

Create the custom fields

Assign custom fields to access requests and roles

Create a domain

60) SAP BusinessObjects GRC solutions are comprised of three main areas

of capabillities:

Choose the correct answer(s).

A. Avoid B. Analyze C. Monitor D. Manage

61) The unified Risk Management, Access Control, and Process Control data model and

technology platform enables optional sharing of selected risk and compliance data
and functions because some customers prefer a silo approach.

Determine whether this statement is true or false.

A) Trueb) False

62) To access GRC 10.0 solutions, you must have at least the following: 1. Portal

authorization or NWBC authorization; 2. Applicable PFCG base roles; and

3. PFCG role(s) relative to specific components (AC, PC, RM).

Determine whether this statement is true or false.

A) Trueb) False

63) An Access Control user won't see the Continuous Monitoring section of the Rule Setup
work center, but would see sections like Access Rule Maintenance and Critical Access Rules.

Determine whether this statement is true or false.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

A) Trueb) False

64) The User Interface Configuration framework enables using common and centralized

master data, while supporting entity attributes that can be specific to regulations.

Determine whether this statement is true or false.

A) Trueb) False

65) Organization hierarchy views are initially set up in the IMG.

Determine whether this statement is true or false.

A) Trueb) False

66) To access the IMG, first log onto the ABAP client for GRC 10.0, then execute transaction
SPRO.

Determine whether this statement is true or false.

A) Trueb) False

67) Regulation-specific fields relate to Access Control only

Determine whether this statement is true or false.

A) Trueb) False

68) Users will only see those objects included in the assigned role.

Determine whether this statement is true or false.

A) Trueb) False

69) During the Run phase, you assess operation standards in order to optimize solution
operation and system performance.

Determine whether this statement is true or false.

A) Trueb) False

70) The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set.

Determine whether this statement is true or false.

A) Trueb) False

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

1. Your customer has created a custom transaction code ZFB10N by copying transaction FB10
and implementing a user exit.
How can you incorporate the customer enhancement into the global rule set so that it will be
available for Risk Analysis?

A. Update security permissions in all relevant authorization objects, maintain the custom
program
name in all relevant functions, and generate the access rules.
B. Update all relevant functions with ZFB10N, maintain the permission values for all relevant
authorization objects, and generate the access rules.
C. Update all relevant functions with ZFB10N, maintain the permission values in the relevant
access risk, and generate the global rule set.
D. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions,
and generate the global rule set.
Answer: B

2. Which of the following objects can you maintain in the "Maintain Paths" work area of
MSMP workflow configuration? (Choose three)
A. Paths
B. Path versions
C. Rules for path mappings
D. Stage notification settings
E. Stages
Answer: A,D,E

3. Which configuration parameters determine the content of the log generated by the SPM
Log
Synch job? (Choose three)?
A. Enable Risk Change log (1002)
B. Enable Authorization Logging (1100)
C. Retrieve System log (4004)
D. Retrieve OS Command log (4006)
E. Retrieve Audit log (4005)
Answer: C,D,E

4. Your customer wants to eliminate false positives from their risk analysis results.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

How must you configure Access Control to include organizational value checks when
performing a
risk analysis? (Choose two)

A. Configure organization rules for each relevant function.


B. Update the functions that contain each relevant action by activating the fields for the
required
permissions and maintaining a value for each specific organization.
C. Configure organization rules for each relevant risk.
D. Update the functions that contain each relevant action by activating the fields for the
required
permissions.
E. Configure organization level system parameters to incorporate all organization levels for
each
relevant risk.

Answer: C,D

5. What do you mitigate using Access Control?


A. Roles
B. Users
C. Risks
D. Functions
Answer: C

6. Your customer wants a manager to fulfill both MSMP workflow agent purposes.
How do you configure this?

A. Maintain the manager agent twice, once for each purpose, using the same agent ID.
B. Maintain the manager agent once and assign both purposes to it without using an agent ID.
C. Maintain the manager agent twice, once for each purpose, using different agent IDs.
D. Maintain the manager agent once and assign both purposes to it using the same agent ID.
Answer: C

7. You have identified some risks that need to be defined as cross-system risks. How do you
configure your system to enable cross-system risk analysis?
A. 1. Set the analysis scope of the function to cross-system.
2. Create cross-system type connectors.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

3. Assign the corresponding connectors to the appropriate connector group.


4. Generate rules.
B. 1. Set the analysis scope of the risk to cross-system.
2. Create cross-system type connectors.
3. Assign the corresponding connectors to the appropriate connector group.
4. Generate rules.
C. 1. Set the analysis scope of the risk to cross-system.
2. Create a cross-system type connector group.
3. Assign the corresponding connectors to the connector group.
4. Generate rules.
D. 1. Set the analysis scope of the function to cross-system.
2. Create a cross-system type connector group.
3. Assign the corresponding connectors to the connector group.
4. Generate rules.
Answer: D

8. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to
do?
A. Run a cross-system analysis.
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D

9. Who approves the review of the periodic segregation of duties?


A. Mitigation monitors
B. Role owners
C. Mitigation approvers
D. Risk owners
Answer: D

10. How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

11. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you to
do?A. Run a cross-system analysis.?
B. Use the connector group for transports to the target system.
C. Monitor the target system.
D. Use the connector group as a business role management landscape.
Answer: D

12. Who approves the review of the periodic segregation of duties?


A. Mitigation monitors
B. Role owners
C. Mitigation approvers
D. Risk owners
Answer: D

13. How are lines and columns linked in a BRFplus initiator decision table?
A. A column to a column through a logical OR
B. A column to a line through a logical OR
C. A column to a column through a logical AND
D. A line to a line through a logical AND
Answer: C

14. Which periodic review process allows a role owner to remove roles from the users?

A. UAR Review
B. SoD Review
C. Firefighter Log Review
D. Role Certification Review

Answer:A

15. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users. What could be the
reason?

A. The user is already assigned as an owner to another mitigating control.


B. The workflow for creating a mitigating control has not yet been approved.
C. The user is locked.
D. The user has not been assigned as an owner in the organizational hierarchy.

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Answer:D

16.Which report types require the execution of batch risk analysis? (Choose two)?
A. Ad-hoc risk analysis reports
B. Offline risk analysis reports
C. User level simulation reports
D. Access rules detail reports
E. User and role analysis dashboards

Answer:B,E

17. Where can you define a mitigating control? (Choose three)?

A. In the mitigating controls workset in Access Control


B. In the rule setup in Access Control
C. In the Access Control risk analysis result screen
D. In the central process hierarchy in Process Control
E. In the activity setup in Risk Management

Answer:A,C,D
18. You have created a new end-user personalization (EUP) form. Where can you make use of
this EUP form? (Choose two)?
A. In a stage configuration of a workflow
B. In an organizational assignment request
C. In a template-based request
D. In a model user request
E. Company 2

Answer: A, C

19. You have maintained an end-user personalization (EUP) form and set a particular field as
mandatory. Which additional field attribute settings are required? (Choose two)?
A. The field attribute Visible must be set to "Yes".
B. A default value must be maintained for the field.
C. The field attribute Editable must be set to "Yes".
D. The field attribute Visible must be set to "No".
E. The field attribute Editable must be set to "No".

BAITHI SRINIVAS
SAP GRC Certification CODE: C_GRCAC_10

Answer: A, C

20.You want to maintain roles using Business Role Management. How do you import the
roles from the back-end system?
A. Use an SAP transport.
B. Execute the Role Import background job directly in the back-end system.
C. Use the standard import template.
D. Execute the Role Repository Sync program

Answer: C

21. Which activity can you perform when you use the Test and Generate options in
transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
A. Generate and activate a BRFplus flat rule for workflow-related rules.
B. Create a rule type for workflow-related rules.
C. Create an MSMP process ID for workflow-related rules.
D. Generate and activate function modules for workflow-related rules.

Answer: D

22. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users.
What could be the reason?
A. The user is already assigned as an owner to another mitigating control.
B. The workflow for creating a mitigating control has not yet been approved.
C. The user is locked.
D. The user has not been assigned as an owner in the organizational hierarchy.

Answer: D

The above questions are gathered from certified people and websites from google

All the best for certification and for next job.

BAITHI SRINIVAS

You might also like