Top 26 SAP Security Interview Questions & Answers
Top 26 SAP Security Interview Questions & Answers
Top 26 SAP Security Interview Questions & Answers
3) Explain how you can lock all the users at a time in SAP?
By executing EWZ5 t-code in SAP, all the user can be locked at the same time in SAP.
4) Mention what are the pre-requisites that should be taken before assigning
Sap_all to a user even there is an approval from authorization controllers?
Pre-requisites follows like
6) Explain how you can delete multiple roles from QA, DEV and Production
System?
To delete multiple roles from QA, DEV and Production System, you have to follow below steps
7) Explain what things you have to take care before executing Run System Trace?
If you are tracing batch user ID or CPIC, then before executing the Run System Trace, you have
to ensure that the id should have been assigned to SAP_ALL and SAP_NEW. It enables the user
to execute the job without any authorization check failure.
10) What is the t-code used for locking the transaction from execution?
For locking the transaction from execution t-code SM01, is used.
11) Mention what is the main difference between the derived role and a single
role?
For the single role, we can add or delete the t-codes while for a derived role you cannot do that.
15) By which parameter number of entries are controlled in the user buffer?
In user buffer number of entries are controlled by the profile
parameter “Auth/auth_number_in_userbuffer”.
16) How many transactions codes can be assigned to a role?
To a role maximum of 14000 transaction codes can be assigned.
Description: The tab is used to describe the changes made like details related to the
role, addition or removal of t-codes, the authorization object, etc.
Menu: It is used for designing user menus like addition of t-codes
Authorization: Used for maintaining authorization data and authorization profile
User: It is used for adjusting user master records and for assigning users to the role
21) Which t-code can be used to delete old security audit logs?
SM18 t-code is used to delete the old security audit logs.
Download PDF
Save my name, email, and website in this browser for the next time I comment.
Post Comment
1.
Defender says:
24) Which transaction code is used to display the user buffer?
Reply
o
Admin says:
Error Fixed! Thanks
Reply
2.
Rohit says:
9) Mention what is the maximum number of profiles in a role and maximum number of object in a role?
Maximum number of profiles in a role is 312, and maximum number of object in a role is 150.
Answer is: Maximum number of profiles in a role is 312, and maximum number of object in a role is 170.
Reply
o
Admin says:
Error Fixed! Thanks
Reply
3.
Ponmani says:
can any tell me
if a tcode is assigned to 5000 users then how would you
find out who never uses this tcode? and the steps
Reply
These questions and answers are collected from web and friends who is preparing for GRC 10.0
certification exam to help people who is preparing for GRC certification.
1. Your customer has created a custom transaction code ZFB10N by copying transaction
FB10
and implementing a user exit.
How can you incorporate the customer enhancement into the global rule set so that it will
be
available for Risk Analysis?
A. Update security permissions in all relevant authorization objects, maintain the custom
program
name in all relevant functions, and generate the access rules
B. Update all relevant functions with ZFB10N, maintain the permission values for all relevant
authorization objects, and generate the access rules
C. Update all relevant functions with ZFB10N, maintain the permission values in the relevant
access risk, and generate the global rule set
D. Update the relevant access risk with ZFB10N, maintain access rules in all relevant functions,
and generate the global rule set
Answer: B
2. Which of the following objects can you maintain in the "Maintain Paths" work area of
MSMP workflow configuration? (Choose three)
A. Paths
B. Path versions
C. Rules for path mappings
D. Stage notification settings
E. Stages
Answer: A,D,E
3. Which configuration parameters determine the content of the log generated by the SPM
Log
Synch job? (Choose three)?
A. Enable Risk Change log (1002)
B. Enable Authorization Logging (1100)
C. Retrieve System log (4004)
D. Retrieve OS Command log (4006)
E. Retrieve Audit log (4005)
Answer: C,D,E
4. Your customer wants to eliminate false positives from their risk analysis results.
How must you configure Access Control to include organizational value checks when
performing a
risk analysis? (Choose two)?
Answer: C,D
6. Your customer wants a manager to fulfil both MSMP workflow agent purposes.
How do you configure this?
A. Maintain the manager agent twice, once for each purpose, using the same agent ID
B. Maintain the manager agent once and assign both purposes to it without using an agent ID
C. Maintain the manager agent twice, once for each purpose, using different agent IDs
D. Maintain the manager agent once and assign both purposes to it using the same agent ID
Answer: C
7. You have identified some risks that need to be defined as cross-system risks. How do you
configure your system to enable cross-system risk analysis?
A. 1. Set the analysis scope of the function to cross-system
2. Create cross-system type connectors
3. Assign the corresponding connectors to the appropriate connector group
4. Generate rules
8. What does assigning the Logical Group (SOD-LOG) type to a connector group allow you
to do?
A. Run a cross-system analysis
B. Use the connector group for transports to the target system
C. Monitor the target system
D. Use the connector group as a business role management landscape
Answer: D
11. Which periodic review process allows a role owner to remove roles from the users?
A. UAR Review
B. SOD Review
C. Firefighter Log Review
D. Role Certification Review
Answer:A
12. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users. What could be
the reason?
13. Which report types require the execution of batch risk analysis? (Choose two)?
A. Ad-hoc risk analysis reports
B. Offline risk analysis reports
C. User level simulation reports
D. Access rules detail reports
E. User and role analysis dashboards
Answer:B,E
16. You have maintained an end-user personalization (EUP) form and set a particular field
as mandatory. Which additional field attribute settings are required? (Choose two)?
17.You want to maintain roles using Business Role Management. How do you import the
roles from the back-end system?
18. Which activity can you perform when you use the Test and Generate options in
transaction MSMP Rule Generation/Testing (GRFNMW_DEV_RULES)?
A. Generate and activate a BRF plus flat rule for workflow-related rules
B. Create a rule type for workflow-related rules
C. Create an MSMP process ID for workflow-related rules
D. Generate and activate function modules for workflow-related rules
Answer: D
19. You want to assign an owner when creating a mitigating control. However, you cannot
find the user you want to assign as an owner in the list of available users.
What could be the reason?
List of Topics
Hockey Champions
Hockey Variants
Hockey Penalties
Hockey How to Play Hockey?
Hockey Players and their Roles
Hockey Terms
Hockey Equipment
Hockey Playing Environment
Read More
Interview Questions
Bearing Interview Questions
Prototype JavaScript Framework Interview Questions
Foundation Framework Interview Questions
Electron Framework Interview Questions
W3 Css Interview Questions
RTI Interview Questions
CLion Interview Questions
BizTalk HL7 Interview Questions
Read More