100+ Free SAP Security Admin Practice Questions

Pass your SAP Certified Associate — SAP Security Administration (C_SEC) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

100+ Questions

100% Free

1 / 10

Question 1

Score: 0/0

In SAP, what is the PRIMARY tool for creating and maintaining roles and authorization profiles?

Transaction SE38 (ABAP Editor)

Transaction PFCG (Profile Generator)

Transaction SM21 (System Log)

Transaction ST22 (ABAP Dump Analysis)

to track

2026 Statistics

Key Facts: SAP Security Admin Exam

Exam Questions

180-minute time limit

63%

Passing Score

~51 correct answers

$562

Exam Fee

SAP certification

25%

Role/Authorization Weight

Largest exam section

Exam Attempts

Allowed per certification

C_SEC covers SAP security administration from user management to GRC compliance. The exam has 80 questions with a 180-minute time limit and 63% passing score. It tests PFCG role design (single, composite, derived roles), authorization objects and the ACTVT field, password policy parameters, Security Audit Log (SM19/SM20), GRC Access Control SoD analysis, HANA privileges, and Fiori/ICF security.

Sample SAP Security Admin Practice Questions

Try these sample questions to test your SAP Security Admin exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1In SAP, what is the PRIMARY tool for creating and maintaining roles and authorization profiles?

A.Transaction SE38 (ABAP Editor)

B.Transaction PFCG (Profile Generator)

C.Transaction SM21 (System Log)

D.Transaction ST22 (ABAP Dump Analysis)

Explanation: Transaction PFCG (Profile Generator) is the primary tool for creating and maintaining roles in SAP. It allows administrators to define single roles and composite roles, assign menu items and authorization objects, generate authorization profiles, and assign roles to users. PFCG automates much of the authorization profile creation process.

2Which transaction is used to create, modify, and manage user master records in SAP?

A.Transaction PFCG

B.Transaction SU01 (User Maintenance)

C.Transaction SM37 (Job Overview)

D.Transaction SE16 (Data Browser)

Explanation: Transaction SU01 is used to create, display, modify, lock, unlock, and delete user master records in SAP. The user master record contains the user's personal data, logon data (password, validity period), authentication methods, assigned roles, profiles, and parameters. Mass user management is available through SU10.

3What is an authorization object in SAP?

A.A physical hardware component

B.A grouping of up to 10 authorization fields that are checked together to determine if a user has permission to perform a specific action

C.A type of database table

D.A user interface element

Explanation: An authorization object is a grouping of authorization fields (up to 10 fields) that are checked together during an authorization check. For example, authorization object S_TCODE checks the TCD field (transaction code), and F_BKPF_BUK checks activity (ACTVT) and company code (BUKRS) for financial document access. Objects are defined in SU21.

4Which user type in SAP is intended for background processing and cannot log on interactively through the SAP GUI?

A.Dialog user

B.Communication user

C.System user

D.Service user

Explanation: A System user (type B) is intended for background processing, RFC communication between systems, and internal processes. System users cannot log on interactively through SAP GUI, their passwords never expire, and multiple logons are permitted. Dialog users (type A) are for interactive logons, Communication users (type C) are for RFC/CPIC, and Service users (type S) are for multiple anonymous logons.

5What is the purpose of the Security Audit Log (SAL) in SAP?

A.To track financial transactions only

B.To record security-relevant events such as logon attempts, transaction starts, RFC calls, and changes to user master records for audit and compliance purposes

C.To manage printer queues

D.To schedule background jobs

Explanation: The Security Audit Log (SAL) records security-relevant events including successful and failed logon attempts, transaction starts, RFC function module calls, changes to user master records, and authorization failures. It is configured through transaction SM19 (filter setup) and viewed through SM20 (log analysis). SAL is essential for security monitoring and compliance audits.

6In SAP role design, what is the difference between a single role and a composite role?

A.There is no difference

B.A single role contains authorization data and menu items; a composite role is a collection of single roles assigned together, with no authorization data of its own

C.A composite role has more authorization fields

D.Single roles are for administrators only

Explanation: A single role contains actual authorization data (authorization objects and values), menu items, and can be generated into an authorization profile. A composite role is a container that groups multiple single roles together for easier assignment — it contains no authorization data itself. When a composite role is assigned to a user, all contained single roles and their profiles are applied.

7Which SAP password policy parameter controls the minimum password length?

A.login/min_password_lng

B.login/password_expiration_time

C.login/fails_to_user_lock

D.login/min_password_letters

Explanation: The profile parameter login/min_password_lng controls the minimum required password length in SAP. It can be set from 3 to 40 characters (default is 8). Password policies are configured through profile parameters and can include requirements for minimum letters (login/min_password_letters), digits (login/min_password_digits), special characters (login/min_password_specials), and mixed case.

8What does the SAP authorization check AUTHORITY-CHECK OBJECT do in an ABAP program?

A.It creates a new authorization object

B.It verifies whether the current user has the required authorization values in their user buffer for a specified authorization object

C.It deletes user roles

D.It generates new passwords

Explanation: The AUTHORITY-CHECK OBJECT statement in ABAP verifies whether the current user has the required authorization field values for a specific authorization object in their user buffer. If the check fails (sy-subrc <> 0), the program should deny the action. This is how SAP enforces authorization at the application level, ensuring users can only perform permitted actions.

9Which transaction is used to perform Segregation of Duties (SoD) analysis within SAP GRC Access Control?

A.SU01

B.PFCG

C.NWBC (GRC Access Control — Access Risk Analysis)

D.SM21

Explanation: SAP GRC Access Control provides SoD analysis through the Access Risk Analysis (ARA) component, typically accessed through NWBC or Fiori apps. ARA evaluates user access against a defined SoD rule set to identify conflicting authorizations. It supports user-level, role-level, and profile-level analysis, generating reports of SoD violations for remediation.

10What is the purpose of the user buffer in SAP security?

A.To store temporary files

B.To hold the complete set of authorization values from all assigned roles and profiles for a logged-in user, enabling fast authorization checks

C.To cache web page content

D.To store database query results

Explanation: The user buffer contains the complete, flattened set of authorization values from all roles and profiles assigned to a user. When an AUTHORITY-CHECK is performed, SAP checks against the user buffer rather than re-reading role definitions each time. The buffer is loaded at logon and can be refreshed with transaction SU56 (for viewing) or automatically upon role changes.

About the SAP Security Admin Exam

The SAP Security Administration (C_SEC) certification validates expertise in SAP system security including user management, role and authorization design with PFCG, authorization objects, Security Audit Log, GRC Access Control for SoD analysis, SNC and SSO configuration, identity management, SAP HANA security, Fiori security, and transport security.

Questions

100 scored questions

Time Limit

3 hours

Passing Score

63%

Exam Fee

$562 (SAP (Pearson VUE proctored))

SAP Security Admin Exam Content Outline

25%

Role and Authorization Concept

PFCG role design, single/composite/derived roles, authorization objects, activity field, organizational levels, profile generation

20%

User Administration

SU01/SU10, user types, password policies, account lockout, session management, service accounts, default user security

20%

Security Audit and Compliance

Security Audit Log (SM19/SM20), SUIM reporting, critical authorizations, change documents, SOX compliance, security baseline

15%

GRC Access Control and Identity

SoD analysis, emergency access, access request management, user access reviews, SAP IdM, Cloud Identity Services

20%

HANA, Fiori, Network, and Transport Security

HANA privileges and encryption, Fiori catalog/OData security, SNC, SAML/SSO, ICF services, Gateway security, transport authorization

How to Pass the SAP Security Admin Exam

What You Need to Know

Passing score: 63%
Exam length: 100 questions
Time limit: 3 hours
Exam fee: $562

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

SAP Security Admin Study Tips from Top Performers

1Master PFCG role concepts — single vs composite vs derived roles, organizational levels, profile generation, and user comparison

2Know all user types (Dialog, System, Communication, Service, Reference) and their security characteristics

3Study password policy parameters: login/min_password_lng, login/password_expiration_time, login/fails_to_user_lock, and login/password_history_size

4Understand SAP HANA privilege types: system privileges, object privileges, and analytic privileges (row-level security)

5Learn GRC Access Control components: Access Risk Analysis (SoD rules), Emergency Access Management (firefighter), and Access Request Management

Frequently Asked Questions

What is the SAP Security Administration (C_SEC) certification?

C_SEC is SAP's Associate-level certification for security administrators. It validates knowledge of user management, role-based access control using PFCG, authorization object concepts, Security Audit Log configuration, GRC Access Control for Segregation of Duties, SSO technologies, HANA database security, Fiori security, and transport management security.

What is the passing score for the C_SEC exam?

The passing score for C_SEC is 63%. With 80 questions and a 180-minute time limit, you need approximately 51 correct answers. The exam tests practical knowledge of SAP security concepts including PFCG role design, authorization objects, and security monitoring.

How should I prepare for the SAP Security Admin exam?

Focus on PFCG role design (single, composite, derived roles), authorization objects and the ACTVT field, password policy parameters, Security Audit Log configuration, GRC Access Control concepts, and HANA security privileges. Hands-on experience with SAP system administration is essential. SAP Learning Hub and practice in a sandbox system are recommended.

What career opportunities does C_SEC open?

C_SEC certification qualifies you for SAP Security Administrator, SAP Basis/Security Consultant, SAP GRC Consultant, and SAP Security Architect roles. Demand is strong as every SAP implementation requires security expertise. It pairs well with SAP Basis administration and GRC specializations.