P_ADM_SEC_70 P_ADM_SEC_70 P_ADM_SEC_70 www.it-pruefungen.de
Prüfungsnummer : P_ADM_SEC_70
Prüfungsname : SAP Certified Technology Professional – Security with SAP NetWeaver 7.0
Version : Demo
QUESTION NO: 1
Which of the following statements regarding SSO and SAP Logon Tickets are true?
Note: There are 3 correct answers to this question.
A. Users have the same user ID and password in all of the systems they access using
SAP Logon Tickets.
B. The end users’ Web browsers accept cookies (SAP GUI not in use).
C. The clocks for the accepting systems are synchronized with the ticket-issuing system.
D. The SSO ticket is issued after successful login to the SAP NetWeaver AS Java.
E. The cookie is stored in the temporary folder of the local GUI.
Answer: B,C,D
P_ADM_SEC_70 P_ADM_SEC_70 P_ADM_SEC_70 www.it-pruefungen.de
QUESTION NO: 2
Which of the following authentication mechanisms are available for SAP NetWeaver AS Java?
Note: There are 3 correct answers to this question.
A. Security session IDs for Single Sign-On between applications
B. SAP Logon Tickets for Single Sign-On
C. SAML Assertions for Single Sign-On
D. Web Dynpro for Single Sign-On
E. Kerberos Authentication for Single Sign-On
Answer: A,B,C
P_ADM_SEC_70 P_ADM_SEC_70 P_ADM_SEC_70 www.it-pruefungen.de
QUESTION NO: 3
Which of the following authentication mechanisms is not accepted by SAP NetWeaver Portal 7.0?
A. SAML Assertions
B. User ID / password
C. X.509 client certificates
D. SNC based authentication
E. Web Access Management (WAM) products
Answer: D
P_ADM_SEC_70 P_ADM_SEC_70 P_ADM_SEC_70 www.it-pruefungen.de
QUESTION NO: 4
A customer uses an LDAP (Lightweight Directory Access Protocol ) enabled directory server. To
simplify the administration of SAP users, Central User Administration (CUA) was introduced. Now
there are plans to synchronize the LDAP enabled directory server with the CUA. Which of the
following statements are true?
Note: There are 2 correct answers to this question.
A. The SAP user field: BNAME is already a standard for most of the LDAP enabled directory
server. Therefore the field mappings can be easily customized.
B. The synchronization of fields can be controlled via a mapping transaction in SAP ABAP.
C. A prerequisite for the communication between the CUA and the LDAP enabled directory server
is to open the LDAP(s) port in the firewall environment, if a firewall is used.
D. The communication between LDAP and the CUA is based on PI 7.1. Therefore, SAP specific PI
adapter ports must be open in the firewall environment.
E. A SAPROUTER must be used to establish the proper connection between the SAP CUA and
the LDAP provider.
Answer: B,C
P_ADM_SEC_70 P_ADM_SEC_70 P_ADM_SEC_70 www.it-pruefungen.de
QUESTION NO: 5
Which of the following statements regarding load balancers are true?
Note: There are 2 correct answers to this question.
A. With a reverse proxy, you can route incoming requests to different services based on the URL
path.
B. The SAP Web Dispatcher is a full-fledged reverse proxy.
C. The SAP Web Dispatcher uses SAP Logon Groups in Enterprise Portal scenarios.
D. You can administer the SAP Web Dispatcher using transaction: WEBDISP.
E. You can combine the SAP Web Dispatcher and web switches in the demilitarized zone (DMZ).
Answer: A,E