Configurable Security Fundamentals

Question 1

Which report would you use to see which security policy the Print Payslip task is secured to?

A. View Security for Securable Item
B. Security Analysis for Securable Item and Account
C. Domain Security Policies for Functional Area
D. Payment Printing business process security policy

Answer 1

A. View Security for Securable Item

Question 2

True or false? You can change which delivered items are in a given domain.

Answer 2

False

Question 3

True or false? You can only send a business process approval step to security groups permitted for approvals in the business process security policy.

Answer 3

True

Question 4

How can you find which security groups are permitted to initiate a given business process? (e.g., Hire, Accounting Journal Event)

A. Run the Functional Areas report.
B. View the business process definition initiation step.
C. View the business process security policy - Who Can Start section.
D. All users, by default, can initiate a business process.

Answer 4

C. View the business process security policy - Who Can Start section.

Question 5

True or False? A domain security policy can inherit permissions from a parent domain or override parent permissions and have its own permissions.

Answer 5

True

Question 6

True or false? If there are three delivered reports in a given domain, you can configure access so that a security group can only access one of the three reports.

Answer 6

False

Question 7

Which report would you use to see a hierarchical view of all the domains in a given functional area?

A. Functional Areas
B. Maintain Functional Areas
C. Domain Security Policies for Functional Area
D. Business Process Security Policies for Functional Area

Answer 7

C. Domain Security Policies for Functional Area

Question 8

Which security groups are Workday-owned (i.e., Workday-assigned)? (Select two correct answers.)

A. HR Administrator
B. IT Workers
C. Employee As Self
D. All Employees

Answer 8

C. Employee As Self
D. All Employees

Question 9

True or false? Workday determines the tasks that employees can perform “as self” and they cannot be changed.

Answer 9

False

Question 10

True or false? A Security Administrator can manually remove all security groups from a user’s Workday account.

Answer 10

False

Question 11

Which reports can be used to view the security access of a user? (Select two correct answers.)

A. View Security for Securable Item
B. View Security Groups for User
C. Security Analysis for Workday Account
D. Action Summary for Security Group

Answer 11

B. View Security Groups for User
C. Security Analysis for Workday Account

Question 12

True or false? Workday-assigned security groups like All Users and All Employees typically provide access to public items that should be visible to everyone.

Answer 12

True

Question 13

True or False? The Activate Pending Security Policy Changes task activates all pending domain or business process policy changes in the tenant since last activation.

Answer 13

True

Question 14

True or False? When you change the membership in security groups, you must run the Activate Pending Security Policy Changes task.

Answer 14

False

Question 15

The Activate Previous Security Timestamp task initiates which type of change?

A. Security group membership reverts to a prior point in time.
B. Security group definitions revert to a prior point in time.
C. Security policy permissions revert to a prior point in time.
D. All security related changes (membership, definitions, permissions) revert to a prior point in time.

Answer 15

C. Security policy permissions revert to a prior point in time.

Question 16

Which domain allows users to edit domain and business process security policies?

A. Security Configuration
B. Security Activation
C. Security Administration
D. All Workday Accounts

Answer 16

Security Configuration

Question 17

Which domain allows users to run the Activate Pending Security Policy Changes task?

A. Security Configuration
B. Security Activation
C. Security Administration
D. All Workday Accounts
Configurable

Answer 17

B. Security Activation

Question 18

True or False? If a worker changes jobs, their user-based security group assignments will remain on their account unless manually removed.

Answer 18

True

Question 19

True or False? If you want to give a user access to run a task or report, but only for certain target instances, you should use a user-based security group.

Answer 19

False

Question 20

Which task allows you to configure domain security policy permissions for a security group without having to edit each policy individually?

A. Domain Security Policies for Functional Area
B. Edit Security Group
C. Maintain Permissions for Security Group
D. Assign Users to User-Based Security Group

Answer 20

C. Maintain Permissions for Security Group

Question 21

Which report shows who is a member of a user-based security group and the permissions the security group has in the system?

A. Assign User-Based Security Groups for Person
B. Assign User-Based Security Group to Users
C. Maintain Permissions for Security Group
D. View Security Group

Answer 21

D. View Security Group

Question 22

What determines which target data a security group member sees when accessing a secured item?

A. The security policy restrictions
B. The secured item permission required
C. The security group context type
D. The functional area
Configurable

Answer 22

C. The security group context type

Question 23

Which report shows the roles assigned to a given worker?

A. View Assignable Roles
B. Role Assignments for Worker Position
C. Roles for Organization and Subordinates
D. Role Assignment Permissions

Answer 23

B. Role Assignments for Worker Position

Question 24

How does a worker become a member of a role-based security group?

A. Based on the organization the worker is currently in.
B. The worker must be manually added to the role-based security group.
C. Based on the job profile the worker is currently in.
D. Via a role assignment.

Answer 24

D. Via a role assignment.

Question 25

When a worker changes jobs, how can you ensure that role assignments are reviewed?

A. Add the role assignments manually after the job change has occurred.
B. Add the Assign Roles for Worker action step to the Change Job business process definition.
C. Add the Assign Roles - Change Assignments action step to the Change Job business process definition.
D. Role assignments will automatically follow the worker from one job to the next and must be reviewed after the fact.

Answer 25

C. Add the Assign Roles - Change Assignments action step to the Change Job business process definition.

Question 26

Which method of assigning roles does not involve a business process?

A. From an organization’s Related Actions, select Roles > Assign Roles.
B. From a worker’s Related Actions, select Assign Roles > Add/Remove.
C. From a worker’s Related Actions, select Assign Roles > Change Assignments.
D. Using the Assign Roles web service operation.

Answer 26

A. From an organization’s Related Actions, select Roles > Assign Roles.

Question 27

True or False? To remove a member from a role-based security group, you must remove the role assignment for the assignable role used in the group.

Answer 27

True