Term
How can you begin to leverage your Governance, Risk, and Compliance programs to optimize performance? Choose the correct answer(s). □ A Know your business □ B Know business-related risks □ C Know compliance and policy requirements □ D Know what reserves your company has for litigation |
|
Definition
Answer: A, B, C Knowledge of your business, related risks, and compliance and policy requirements are the starting point to leveraging your Governance, Risk, and Compliance programs to optimize performance. |
|
|
Term
Users can see all reports presented in the information architecture, regardless of their user authorization. Determine whether this statement is true or false. □ True □ False |
|
Definition
False Reports are presented in the information architecture based upon user authorization. |
|
|
Term
Which of the following reports might you find in the Master Data Work Center? Choose the correct answer(s). □ A Reports related to compliance structure □ B Reports related to user authorization analysis □ C Reports related to audit analysis □ D Reports related to access rule detail |
|
Definition
A, C Reports related to compliance structure and audit analysis can be found in the Master Data work center . Reports related to user authorization analysis and access rules share a target user function and can be found in the Reports and Analytics work center under Access Management. |
|
|
Term
Which transaction is executed in order to maintain view cluster VC_GRFNREPCUST? |
|
Definition
|
|
Term
Reports can be displayed in Crystal while leveraging built-in ABAP List Viewer (AL V) functionality . Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
SAP BusinessObjects GRC solutions are comprised of three main areas of capabillities: Choose the correct answer(s). □ A Avoid □ B Analyze □ C Monitor □ D Manage |
|
Definition
Answer: B, C, D Analyze, Manage, and Monitor are the three main areas of capabilities. |
|
|
Term
Continuous Transaction Monitoring helps you to confidently manage and reduce access risk enterprise-wide. Determine whether this statement is true or false. □ True □ False |
|
Definition
Answer: False The statement is false. Access Risk Management helps you to confidently manage and reduce access risk enterprise-wide |
|
|
Term
Continuous Transaction Monitoring provides protection against fraud, waste, misuse, and errors. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Compliance regulations can be specific to a particular region or country, or may be applicable to multiple regions. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Implementing policies and supporting regulatory mandates at the departmental level is an example of . Fill in the blanks to complete the sentence. |
|
Definition
Answer: fragmentation Implementing policies and supporting regulatory mandates at the departmental level is an example of fragmentation |
|
|
Term
The Enterprise Risk Management process allows management to prioritize scarce resources to mitigate the company's highest risk areas. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Which component in the SAP BusinessObjects GRC solution supports Compliance Management by providing documentation of compliance structures and related compliance initiatives? Choose the correct answer(s). □ A Risk Management □ B Access Control □ C Process Control □ D Global Trade Services |
|
Definition
Answer: C The correct answer is Process Control. |
|
|
Term
Which component in the SAP BusinessObjects GRC solution provides the ability to manage and monitor user privileges? Choose the correct answer(s). □ A Risk Management □ B Access Control □ C Process Control □ D Global Trade Services |
|
Definition
Answer: B The answer is Access Control |
|
|
Term
When it comes to managing governance, risk, and compliance efforts, GRC Convergence helps companies: Choose the correct answer(s). □ A Reduce costs and required resources □ B Reduce risk exposure □ C Reduce reporting requirements □ D Improve overall business performance |
|
Definition
Answer: A, B, D GRC Convergence helps companies reduce costs and required resources, reduce risk exposure, and improve overall business performance. |
|
|
Term
Enterprise GRC enables organizations to more efficiently manage across the disciplines of risk management, compliance management, audit management, policy management, and access management. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
The unified Risk Management, Access Control, and Process Control data model and technology platform enables optional sharing of selected risk and compliance data and functions because some customers prefer a silo approach. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Streamlined user navigation with shared work centers emphasizes each component rather than function. Determine whether this statement is true or false. □ True □ False |
|
Definition
Answer: False Streamlined user navigation with shared work centers emphasized function rather than component. |
|
|
Term
The Configurable User Interface allows configuration to determine: Choose the correct answer(s). □ A Field status by application components □ B Field status by regulation □ C A and B □ D None of the above; programming is required |
|
Definition
Answer: C The Configurable User Interface allows configuration to determine field status by application components and by regulation |
|
|
Term
Considering the business use and purpose of the Access Control solution, which of the following would be logical integrations? Choose the correct answer(s). □ A HR Triggers □ B SAP Issue Management □ C Identity Management □ D SAP Crystal Reports |
|
Definition
Answer: A, C, D HR Triggers, Identity Management, and SAP Crystal Reports are all logical integrations with the Access Control solution. |
|
|
Term
SoD Integration is between which solution components? Choose the correct answer(s). □ A Process Control and Risk Management □ B Access Control and Risk Management □ C Process Control and Access Control □ D Process Control, Access Control, and Risk Management |
|
Definition
Answer: C SoD Integration is between Process Control and Access Control |
|
|
Term
With a shared organization hierarchy, you can configure whether an organization view is used for one solution component or shared between all GRC components. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
The determines the presentation of user interface elements. Fill in the blanks to complete the sentence. |
|
Definition
Answer: information architecture |
|
|
Term
A key feature of the GRC 10.0 information architecture is: Choose the correct answer(s). □ A Separate work inboxes for each solution component □ B A single shared work inbox for all solution components □ C A single shared work inbox for Process Control and Risk Management □ D A single shared work inbox for Process Control and Access Control |
|
Definition
Answer: B A key feature of the GRC 10.0 information architecture is a single shared work inbox for all solution components |
|
|
Term
Users navigate the work centers based upon the tasks they need to perform or the data they need to access, not the product they wish to use. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
While authorization concepts are similar to prior releases, changes in GRC 10.0 solutions required enhancements to the engine. Fill in the blanks to complete the sentence |
|
Definition
|
|
Term
To access GRC 10.0 solutions, you must have at least the following: 1. Portal authorization or NWBC authorization; 2. Applicable PFCG base roles; and 3. PFCG role(s) relative to specific components (AC, PC, RM). Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
If you use Access Control 10.0 with other GRC solution components, you can leverage this functionality to: Choose the correct answer(s). □ A Create GRC users □ B Assign and manage PFCG roles used with GRC □ C Perform SoD analysis for PFCG role authorizations □ D Perform SoD analysis for entity-level authorization |
|
Definition
Answer: A, B, C SoD risk analysis cannot be performed for entity-level authorization |
|
|
Term
The locations of application folders and subordinate applications within the service map are controlled by the SAP NetWeaver LaunchPad application. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Which of the following determine what users see in the GRC 10.0 user interface? Choose the correct answer(s). □ A Product Licensing □ B User Interface Framework Configuration □ C Roles and Authorizations □ D Work Centers |
|
Definition
Answer: A, B, C Product licensing, the user interface framework configuration, and roles & authorizations determine what users see in the GRC 10.0 user interface |
|
|
Term
Work centers: Choose the correct answer(s). □ A Provide a central access point for GRC 10.0 □ B Are independent of customer licensing □ C Can be customized by a system administrator □ D Do not contained shared tasks across solution components |
|
Definition
Answer: A, C Work centers provide a central access point for GRC 10.0 and can be customized by a system administrator |
|
|
Term
The My Home work center is used as an entry point for any other work centers. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
The My Home work center allows you to: Choose the correct answer(s). □ A View, access, and perform workflow tasks, whether assigned to you or not □ B View completed reports scheduled by anyone □ C Perform document searches across all documents, including document content □ D Assign delegates to perform your tasks or activities |
|
Definition
Answer: C, D C and D are correct. The My Home work center also allows you to view, access, and perform workflow tasks that are assigned to you and view completed reports that were scheduled by you. |
|
|
Term
Assigning a delegate from the My Home work center does not apply to Access Control, which has its own delegation function. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Which of the following work centers is only used in Access Control? Choose the correct answer(s). □ A Rule Setup □ B Master Data □ C Assessments □ D Setup |
|
Definition
Answer: D The Setup work center is unique to Access Control |
|
|
Term
In the Rule Setup work center, a Control Owner for Process Control would be interested in seeing things like Data Sources, Business Rule Assignments for Continuous Monitoring, and KRI templates. Determine whether this statement is true or false. □ True □ False |
|
Definition
Answer: False The statement is false. A Risk Manager would be more interested in seeing KRI templates. |
|
|
Term
An Access Control user won't see the Continuous Monitoring section of the Rule Setup work center, but would see sections like Access Rule Maintenance and Critical Access Rules. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Users will only see those objects included in the assigned role. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
T o access the IMG, first log onto the ABAP client for GRC 10.0, then execute transaction SPRO. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
From the IMG, you can configure: Choose the correct answer(s). □ A General settings for Access Control, Process Control, or Risk Management □ B Shared master data settings □ C Reporting □ D Common component settings for those solution components in use. |
|
Definition
A, B, C, D All choices are correct. |
|
|
Term
Before beginning the functional implementation, you must activate BC sets, based upon customer requirements. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Documentation for IMG Customizing is contained within the IMG itself. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
IMG customizing is performed by users assigned the following roles: Choose the correct answer(s). □ A SAP_GRAC_SETUP □ B SAP_GRC_SAC_CUSTOMIZING □ C SAP_GRC_RM_CUSTOMIZING □ D SAP_GRC_SPC_CUSTOMIZING □ E SAP_GRPC_SETUP □ F SAP_GRC_PC_CUSTOMIZING |
|
Definition
A, C, D The correct answers are A, C, and D: SAP_GRAC_SETUP for AC, SAP_GRC_RM_CUSTOMIZING for Risk Management, and SAP_GRC_SPC_CUSTOMIZING for Process Control. |
|
|
Term
Business Users, such as Internal and External Auditors, are a subset of users that typically: Choose the correct answer(s). □ A Reference non-transactional activities □ B Use the software to collect and analyze data to support business decisions □ C Serve as first support for end users □ D Fulfill a training role for other end users |
|
Definition
A, B A and B are correct: Business Users reference non-transactional activities and use the software to collect and analyze data to support business decisions. |
|
|
Term
Which of the following are not part of the project team? Choose the correct answer(s). □ A Executives □ B Works Council □ C All end users □ D Power users |
|
Definition
C All end users are not included in the project team. |
|
|
Term
T echnical setup should be complete before beginning the functional implementation. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
A POC, prototype, or integration plan is typically developed during which phase? Choose the correct answer(s). □ A Implement □ B Configure □ C Optimize/Enhance □ D Design |
|
Definition
D The correct answer is the Design phase. |
|
|
Term
During the Install/Upgrade & Migrate phase, you do not have to preserve Pre-10.0 production system data or old log files. Determine whether this statement is true or false. □ True □ False |
|
Definition
False The statement is false; during this phase, it is important to ensure that the Pre-10.0 production system data is preserved for auditing purposes, including old log files. |
|
|
Term
Ad hoc issues are issues not associated with compliance evaluations, yet are associated with a variety of business entities, such as organizations, risk, regulations, and controls.. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Policy Management is a common function available to those companies licensing SAP BusinessObjects Process Control 10.0 or SAP BusinessObjects Risk Management 10.0. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Ad hoc issues management is a common function available to those companies licensing: Choose the correct answer(s). □ A Access Control □ B Risk Management □ C Process Control □ D Access Control and Process Control □ E Process Control and Risk Management □ F Risk Management and Access Control |
|
Definition
B, C, E B, C, and E are correct. Ad hoc issues management is a common function available to those companies licensing Process Control, Risk Management, or both. |
|
|
Term
The __________________________ function allows external content to be packaged and imported to the _____ repository . Fill in the blanks to complete the sentence. |
|
Definition
Content Lifecycle Management (CLM) , CLM The Content LIfecycle Management (CLM) function allows external content to be packaged and imported to the CLM repository . |
|
|
Term
Organization structures, process structures, and control structures can be shared across components in the GRC 10.0 solution. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Where SoD violations are identified, one or more mitigating controls are put in place or linked to controls already existing in Process Control. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
An automated control in the ______________solution monitors the status of access risks in the ________________solution to verify that access management is in place and operating effectively . Fill in the blanks to complete the sentence. |
|
Definition
Process Control , Access Control An automated control in the Process Control solution monitors the status of access risks in the Access Control solution to verify that access management is in place and operating effectively . |
|
|
Term
The User Interface Configuration Framework enables using a single user interface launch point for maintaining shared master data across: Choose the correct answer(s). □ A Applications only □ B Regulations only □ C Applications and regulations □ D None of the above |
|
Definition
C C is correct: Applications and regulations |
|
|
Term
The User Interface Configuration framework enables using common and centralized master data, while supporting entity attributes that can be specific to regulations. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
The User Interface Configuration Framework requires programming in order to configure which fields are relevant to each solution component (AC, PC, RM). Determine whether this statement is true or false. □ True □ False |
|
Definition
False The UCIF allows you to configure without programming which fields are relevant to each solution component. |
|
|
Term
Only those fields that exist in the control table GRFNFLDRGSP can be regulation-specific fields. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Regulation-specific fields relate to Access Control only . Determine whether this statement is true or false. □ True □ False |
|
Definition
False Regulation-specific fields relate to Process Control only . |
|
|
Term
Local Changes Allowed fields relate to Process Control only because these are dependent upon the method of assigning subprocesses to organizations. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Setting field status for applications or regulations is maintained in ___________. Fill in the blanks to complete the sentence. |
|
Definition
the IMG Setting field status for applications or regulations is maintained in the IMG. |
|
|
Term
Shared master data involves: Choose the correct answer(s). □ A Manual synchronization of data □ B Decreased risk of inconsistent master data □ C Redundant maintenance □ D Required sharing of organizations |
|
Definition
B Shared master data involves decreased risk of inconsistent master data. Sharing of organizations is optional, but not required. |
|
|
Term
Prior to GRC 10.0, master data for Access Control and Process Control were created once and shared by both solution components. Determine whether this statement is true or false. □ True □ False |
|
Definition
False The statement is false. Prior to GRC 10.0, master data for Access Control and Process Control were created separately in each product. |
|
|
Term
In GRC 10.0 control data can be shared by Access Control and Process Control, and only those fields relevant for the specific view are displayed. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Master data-related implementation considerations for organizations include: Choose the correct answer(s). □ A T o what extent will companies share harmonized structures □ B T o what extent does the company work in separate silos □ C Who is responsible for maintaining organization hierarchies □ D How does a company plan to evolve in the future |
|
Definition
A, B, C, D All choices are correct. |
|
|
Term
Organization hierarchy views are initially set up in the IMG. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|
Term
Each solution component can have one default view and multiple available views, which are used only for hierarchical organization display and reporting purposes. Determine whether this statement is true or false. □ True □ False |
|
Definition
|
|