Shared Flashcard Set

Details

GRC 100
SAP GRC 100
67
Other
Intermediate
03/23/2016

Additional Other Flashcards

 


 

Cards

Term
How can you begin to leverage your Governance, Risk, and Compliance
programs to optimize performance?
Choose the correct answer(s).
□ A Know your business
□ B Know business-related risks
□ C Know compliance and policy requirements
□ D Know what reserves your company has for litigation
Definition
Answer: A, B, C
Knowledge of your business, related risks, and compliance and policy
requirements are the starting point to leveraging your Governance, Risk, and
Compliance programs to optimize performance.
Term
Users can see all reports presented in the information architecture, regardless
of their user authorization.
Determine whether this statement is true or false.
□ True
□ False
Definition
False
Reports are presented in the information architecture based upon user
authorization.
Term
Which of the following reports might you find in the Master Data Work
Center?
Choose the correct answer(s).
□ A Reports related to compliance structure
□ B Reports related to user authorization analysis
□ C Reports related to audit analysis
□ D Reports related to access rule detail
Definition
A, C
Reports related to compliance structure and audit analysis can be found in
the Master Data work center . Reports related to user authorization analysis
and access rules share a target user function and can be found in the Reports
and Analytics work center under Access Management.
Term
Which transaction is executed in order to maintain view cluster
VC_GRFNREPCUST?
Definition
SM34
Term
Reports can be displayed in Crystal while leveraging built-in ABAP List
Viewer (AL V) functionality .
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
SAP BusinessObjects GRC solutions are comprised of three main areas
of capabillities:
Choose the correct answer(s).
□ A Avoid
□ B Analyze
□ C Monitor
□ D Manage
Definition
Answer: B, C, D
Analyze, Manage, and Monitor are the three main areas of capabilities.
Term
Continuous Transaction Monitoring helps you to confidently manage and
reduce access risk enterprise-wide.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: False
The statement is false. Access Risk Management helps you to confidently
manage and reduce access risk enterprise-wide
Term
Continuous Transaction Monitoring provides protection against fraud, waste,
misuse, and errors.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Compliance regulations can be specific to a particular region or country, or
may be applicable to multiple regions.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Implementing policies and supporting regulatory mandates at the
departmental level is an example of .
Fill in the blanks to complete the sentence.
Definition
Answer: fragmentation
Implementing policies and supporting regulatory mandates at the
departmental level is an example of fragmentation
Term
The Enterprise Risk Management process allows management to prioritize
scarce resources to mitigate the company's highest risk areas.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Which component in the SAP BusinessObjects GRC solution supports
Compliance Management by providing documentation of compliance
structures and related compliance initiatives?
Choose the correct answer(s).
□ A Risk Management
□ B Access Control
□ C Process Control
□ D Global Trade Services
Definition
Answer: C
The correct answer is Process Control.
Term
Which component in the SAP BusinessObjects GRC solution provides the
ability to manage and monitor user privileges?
Choose the correct answer(s).
□ A Risk Management
□ B Access Control
□ C Process Control
□ D Global Trade Services
Definition
Answer: B
The answer is Access Control
Term
When it comes to managing governance, risk, and compliance efforts, GRC
Convergence helps companies:
Choose the correct answer(s).
□ A Reduce costs and required resources
□ B Reduce risk exposure
□ C Reduce reporting requirements
□ D Improve overall business performance
Definition
Answer: A, B, D
GRC Convergence helps companies reduce costs and required resources,
reduce risk exposure, and improve overall business performance.
Term
Enterprise GRC enables organizations to more efficiently manage across the
disciplines of risk management, compliance management, audit management,
policy management, and access management.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
The unified Risk Management, Access Control, and Process Control data
model and technology platform enables optional sharing of selected risk
and compliance data and functions because some customers prefer a silo
approach.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Streamlined user navigation with shared work centers emphasizes each
component rather than function.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: False
Streamlined user navigation with shared work centers emphasized function
rather than component.
Term
The Configurable User Interface allows configuration to determine:
Choose the correct answer(s).
□ A Field status by application components
□ B Field status by regulation
□ C A and B
□ D None of the above; programming is required
Definition
Answer: C
The Configurable User Interface allows configuration to determine field
status by application components and by regulation
Term
Considering the business use and purpose of the Access Control solution,
which of the following would be logical integrations?
Choose the correct answer(s).
□ A HR Triggers
□ B SAP Issue Management
□ C Identity Management
□ D SAP Crystal Reports
Definition
Answer: A, C, D
HR Triggers, Identity Management, and SAP Crystal Reports are all logical
integrations with the Access Control solution.
Term
SoD Integration is between which solution components?
Choose the correct answer(s).
□ A Process Control and Risk Management
□ B Access Control and Risk Management
□ C Process Control and Access Control
□ D Process Control, Access Control, and Risk Management
Definition
Answer: C
SoD Integration is between Process Control and Access Control
Term
With a shared organization hierarchy, you can configure whether an
organization view is used for one solution component or shared between
all GRC components.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
The determines the
presentation of user interface elements.
Fill in the blanks to complete the sentence.
Definition
Answer: information architecture
Term
A key feature of the GRC 10.0 information architecture is:
Choose the correct answer(s).
□ A Separate work inboxes for each solution component
□ B A single shared work inbox for all solution components
□ C A single shared work inbox for Process Control and Risk
Management
□ D A single shared work inbox for Process Control and Access
Control
Definition
Answer: B
A key feature of the GRC 10.0 information architecture is a single shared
work inbox for all solution components
Term
Users navigate the work centers based upon the tasks they need to perform or
the data they need to access, not the product they wish to use.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
While authorization concepts are similar to prior releases,
changes in GRC 10.0 solutions required enhancements to the engine.
Fill in the blanks to complete the sentence
Definition
Answer: authorization
Term
To access GRC 10.0 solutions, you must have at least the following: 1. Portal
authorization or NWBC authorization; 2. Applicable PFCG base roles; and
3. PFCG role(s) relative to specific components (AC, PC, RM).
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
If you use Access Control 10.0 with other GRC solution components, you
can leverage this functionality to:
Choose the correct answer(s).
□ A Create GRC users
□ B Assign and manage PFCG roles used with GRC
□ C Perform SoD analysis for PFCG role authorizations
□ D Perform SoD analysis for entity-level authorization
Definition
Answer: A, B, C
SoD risk analysis cannot be performed for entity-level authorization
Term
The locations of application folders and subordinate applications within the
service map are controlled by the SAP NetWeaver LaunchPad application.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Which of the following determine what users see in the GRC 10.0 user
interface?
Choose the correct answer(s).
□ A Product Licensing
□ B User Interface Framework Configuration
□ C Roles and Authorizations
□ D Work Centers
Definition
Answer: A, B, C
Product licensing, the user interface framework configuration, and roles &
authorizations determine what users see in the GRC 10.0 user interface
Term
Work centers:
Choose the correct answer(s).
□ A Provide a central access point for GRC 10.0
□ B Are independent of customer licensing
□ C Can be customized by a system administrator
□ D Do not contained shared tasks across solution components
Definition
Answer: A, C
Work centers provide a central access point for GRC 10.0 and can be
customized by a system administrator
Term
The My Home work center is used as an entry point for any other work
centers.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: False
Term
The My Home work center allows you to:
Choose the correct answer(s).
□ A View, access, and perform workflow tasks, whether assigned to
you or not
□ B View completed reports scheduled by anyone
□ C Perform document searches across all documents, including
document content
□ D Assign delegates to perform your tasks or activities
Definition
Answer: C, D
C and D are correct. The My Home work center also allows you to view,
access, and perform workflow tasks that are assigned to you and view
completed reports that were scheduled by you.
Term
Assigning a delegate from the My Home work center does not apply to
Access Control, which has its own delegation function.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Which of the following work centers is only used in Access Control?
Choose the correct answer(s).
□ A Rule Setup
□ B Master Data
□ C Assessments
□ D Setup
Definition
Answer: D
The Setup work center is unique to Access Control
Term
In the Rule Setup work center, a Control Owner for Process Control would
be interested in seeing things like Data Sources, Business Rule Assignments
for Continuous Monitoring, and KRI templates.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: False
The statement is false. A Risk Manager would be more interested in seeing
KRI templates.
Term
An Access Control user won't see the Continuous Monitoring section
of the Rule Setup work center, but would see sections like Access Rule
Maintenance and Critical Access Rules.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
Users will only see those objects included in the assigned role.
Determine whether this statement is true or false.
□ True
□ False
Definition
Answer: True
Term
T o access the IMG, first log onto the ABAP client for GRC 10.0, then
execute transaction SPRO.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
From the IMG, you can configure:
Choose the correct answer(s).
□ A General settings for Access Control, Process Control, or Risk
Management
□ B Shared master data settings
□ C Reporting
□ D Common component settings for those solution components in
use.
Definition
A, B, C, D
All choices are correct.
Term
Before beginning the functional implementation, you must activate BC sets,
based upon customer requirements.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Documentation for IMG Customizing is contained within the IMG itself.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
IMG customizing is performed by users assigned the following roles:
Choose the correct answer(s).
□ A SAP_GRAC_SETUP
□ B SAP_GRC_SAC_CUSTOMIZING
□ C SAP_GRC_RM_CUSTOMIZING
□ D SAP_GRC_SPC_CUSTOMIZING
□ E SAP_GRPC_SETUP
□ F SAP_GRC_PC_CUSTOMIZING
Definition
A, C, D
The correct answers are A, C, and D: SAP_GRAC_SETUP for
AC, SAP_GRC_RM_CUSTOMIZING for Risk Management, and
SAP_GRC_SPC_CUSTOMIZING for Process Control.
Term
Business Users, such as Internal and External Auditors, are a subset of users
that typically:
Choose the correct answer(s).
□ A Reference non-transactional activities
□ B Use the software to collect and analyze data to support business
decisions
□ C Serve as first support for end users
□ D Fulfill a training role for other end users
Definition
A, B
A and B are correct: Business Users reference non-transactional activities
and use the software to collect and analyze data to support business decisions.
Term
Which of the following are not part of the project team?
Choose the correct answer(s).
□ A Executives
□ B Works Council
□ C All end users
□ D Power users
Definition
C
All end users are not included in the project team.
Term
T echnical setup should be complete before beginning the functional
implementation.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
A POC, prototype, or integration plan is typically developed during which
phase?
Choose the correct answer(s).
□ A Implement
□ B Configure
□ C Optimize/Enhance
□ D Design
Definition
D
The correct answer is the Design phase.
Term
During the Install/Upgrade & Migrate phase, you do not have to preserve
Pre-10.0 production system data or old log files.
Determine whether this statement is true or false.
□ True
□ False
Definition
False
The statement is false; during this phase, it is important to ensure that
the Pre-10.0 production system data is preserved for auditing purposes,
including old log files.
Term
Ad hoc issues are issues not associated with compliance evaluations, yet are
associated with a variety of business entities, such as organizations, risk,
regulations, and controls..
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Policy Management is a common function available to those companies
licensing SAP BusinessObjects Process Control 10.0 or SAP BusinessObjects
Risk Management 10.0.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Ad hoc issues management is a common function available to those
companies licensing:
Choose the correct answer(s).
□ A Access Control
□ B Risk Management
□ C Process Control
□ D Access Control and Process Control
□ E Process Control and Risk Management
□ F Risk Management and Access Control
Definition
B, C, E
B, C, and E are correct. Ad hoc issues management is a common function
available to those companies licensing Process Control, Risk Management,
or both.
Term
The __________________________ function
allows external content to be packaged and imported to the _____ repository .
Fill in the blanks to complete the sentence.
Definition
Content Lifecycle Management (CLM) , CLM
The Content LIfecycle Management (CLM) function allows external content
to be packaged and imported to the CLM repository .
Term
Organization structures, process structures, and control structures can be
shared across components in the GRC 10.0 solution.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Where SoD violations are identified, one or more mitigating controls are put
in place or linked to controls already existing in Process Control.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
An automated control in the ______________solution monitors the status of access risks in the ________________solution
to verify that access management is in place and operating effectively .
Fill in the blanks to complete the sentence.
Definition
Process Control , Access Control
An automated control in the Process Control solution monitors the status of
access risks in the Access Control solution to verify that access management
is in place and operating effectively .
Term
The User Interface Configuration Framework enables using a single user
interface launch point for maintaining shared master data across:
Choose the correct answer(s).
□ A Applications only
□ B Regulations only
□ C Applications and regulations
□ D None of the above
Definition
C
C is correct: Applications and regulations
Term
The User Interface Configuration framework enables using common and
centralized master data, while supporting entity attributes that can be specific
to regulations.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
The User Interface Configuration Framework requires programming in order
to configure which fields are relevant to each solution component (AC, PC,
RM).
Determine whether this statement is true or false.
□ True
□ False
Definition
False
The UCIF allows you to configure without programming which fields are
relevant to each solution component.
Term
Only those fields that exist in the control table GRFNFLDRGSP can be
regulation-specific fields.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Regulation-specific fields relate to Access Control only .
Determine whether this statement is true or false.
□ True
□ False
Definition
False
Regulation-specific fields relate to Process Control only .
Term
Local Changes Allowed fields relate to Process Control only because these
are dependent upon the method of assigning subprocesses to organizations.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Setting field status for applications or regulations is maintained in ___________.
Fill in the blanks to complete the sentence.
Definition
the IMG
Setting field status for applications or regulations is maintained in the IMG.
Term
Shared master data involves:
Choose the correct answer(s).
□ A Manual synchronization of data
□ B Decreased risk of inconsistent master data
□ C Redundant maintenance
□ D Required sharing of organizations
Definition
B
Shared master data involves decreased risk of inconsistent master data.
Sharing of organizations is optional, but not required.
Term
Prior to GRC 10.0, master data for Access Control and Process Control were
created once and shared by both solution components.
Determine whether this statement is true or false.
□ True
□ False
Definition
False
The statement is false. Prior to GRC 10.0, master data for Access Control
and Process Control were created separately in each product.
Term
In GRC 10.0 control data can be shared by Access Control and Process
Control, and only those fields relevant for the specific view are displayed.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Master data-related implementation considerations for organizations include:
Choose the correct answer(s).
□ A T o what extent will companies share harmonized structures
□ B T o what extent does the company work in separate silos
□ C Who is responsible for maintaining organization hierarchies
□ D How does a company plan to evolve in the future
Definition
A, B, C, D
All choices are correct.
Term
Organization hierarchy views are initially set up in the IMG.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Term
Each solution component can have one default view and multiple available
views, which are used only for hierarchical organization display and
reporting purposes.
Determine whether this statement is true or false.
□ True
□ False
Definition
True
Supporting users have an ad free experience!