May 31, 2016

SAP SECURITY INTERVIEW QUESTIONS & ANSWERS -12



SAP SECURITY  INTERVIEW QUESTIONS & ANSWERS


Q) What is the difference between VIRSA Tool and GRC, and does VIRSA tool support to ECC6.0? & what is GRC? & what is SAP VIRSA Tool ?

Governance, Risk, and Compliance (GRC). The goal of GRC is to help a company efficiently put policies and controls in place to address all its compliance obligations while at the same time gathering information that helps proactively run the business. This means Ethical Business Process should comply with Effective Process controls as per the related industry Business Process and accounting Process and Govt Policy .This GRC process finally Can Concluded with respect to Govt Organizations and Public Organization which are Registered in Local Stock Markets are accountable to have Effective Governance and Process Controls to Protect the Share holder rights and Prevent Organized Corporate Frauds and scams. GRC Tools and IT applications
There are many GRC AUDIT tools in the Market to Facilitate Internal and External Audit of the Companies.

Q) What is SAP VIRSA Tool ?

 1) Access controls, 2) Process Controls.
It Has 4 Sections to Audit the system.
1. Compliance Calibrator
2. Role Expert
3. Firefighter
4. Access enforcer.
VIRSA system is now taken over by SAP AG. It has been a part of Netwever and add on now.
VIRSA produced a number of tools, most commonly used was Compliance Calibrator.
SAP acquired VIRSA and integrated their tools into its GRC suite of products which have a wider span than the VIRSA products.
You can use the VIRSA tools in ECC6.  As the company no longer sells these products it is an easy way to tell if a candidate does not understand the GRC topic by them referring to when they mean SAP GRC.
GRC as a subject has been hijacked by SAP's use of the term, real GRC is much wider than a set of tools which can automate part of the GRC process

Q) What is FireFighter ? When we are using FireFighter ?

If you have implemented VIRSA/GRC FireFighter is also a normal user ID but having some specific access [Say SU01 or SAP_ALL] as per the needs. User type is kept as "service user' Ex: In your project you are security administrator who does not have access to direct SU01 but you need the access urgently.
Then FFID owner/administrator assigns you a FFID for limited period so that you can perform the task from your login ID and pwd, using t-code /n/VIRSA/VFAT and login with that FFID.
While logging you will be prompted to give business reason for access. Everything you perform in that period [Using FFID] gets recorded for auditing.

Q) What is the difference between SoX & SoD ? What kind of work SoX do as well SoD do ? What is VIRSA ?

SoX - refer to Sarbanes OXley act in the earlier 2000+-.Where it impact all US companies either they operated in US or outside (on other countries). Some people think this act is significant, after fall down of big companies such as Enron etc..
SoD - refer to Segregation of Duties. Basically one person cannot have access to the whole process. The task needs to be segregated so that there is check and balance.
VIRSA - is one of third party tools used to check for SoX compliance in a company. Other than this, there are also other product such as APPROVA and SecurInfo. Nowadays VIRSA have been brought by SAP, and rebrand it as GRC (Governance, Risk and Control).


Q) What is the use of Detour path ? How Fork path differs from Detour path ?

If a WF fulfills a certain condition e.g. SOD violation the original WF ends and takes a predefined alternative route (detour). This workflow can contain other stages and additional approvers.
Fork is a way to split up a workflow from a single initiator between sap and non-sap systems

Q) What is the name of background job in FF that is responsible for sending notification and logs to FF id controller ?

/VIRSA/ZVFATBAK or /n/VIRSA/VFATBAK

Q) What is the Rule Set in GRC ?

Collection of rules is nothing but Rule Set. There is a default Rule Set in GRC called Global Rule Set.

Q) How can you assign FireFighter id’s from one FireFighter Admin to another FireFighter Admin if current Admin leaves from organization without told to anybody ?

Take the UserId of the left over the company person and, go to SE16 T-code and, type table name /VIRSA/zffusers and execute.
In the second column enter the UserId of the left over person and execute and it will give the list of assigned FF_ID'S to that user, note that FF_ID'S and run /n/VIRSA/VFAT T-code and, go to maintain FF_ID's table and replace it with the new person User ID.







22 comments:

  1. It’s really amazing that we can record what our visitors do on our site. Thanks for sharing this awesome guide. I’m happy that I came across with your site this article is on point,thanks again and have a great day. Keep update more information..

    Digital marketing company in Chennai

    ReplyDelete

  2. What an awesome post, I just read it from start to end. Learned something new after a long time.


    SAP MM training in Chennai

    ReplyDelete
  3. we are the leading oracle fusion trainers in Hyderabad. we have our services online also. we have globally recognized the platform is http://www.erptree.com where people come and subscribe for various oracle related courses. we provide free instance access for our subscribers.
    for more details please visit our site erptree.com thank you


    Oracle Fusion HCM Training Institute

    ReplyDelete
  4. I believe that there will be good opportunities for the people who looked into your site, Thanks for sharing please do keep updating us...
    Best Online Software Training Institute | SharePoint Training

    ReplyDelete
  5. Very good information about SAP Course. I really amazed by seeing your site. I got valuable information from you. Keep updating like this!!!
    Best Selenium Training Institute In Hyderabad | Online Selenium Training

    ReplyDelete
  6. I wish to show thanks to you just for bailing me out of this particular trouble.As a result of checking through the net and meeting techniques that were not productive, I thought my life was done.
    Digital Marketing Training in Chennai

    Digital Marketing Training in Bangalore
    Digital Marketing Training in Pune

    ReplyDelete
  7. Your new valuable key points imply much a person like me and extremely more to my office workers. With thanks from every one of us.

    Best AWS Training in Chennai | Amazon Web Services Training in Chennai

    ReplyDelete
  8. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
    Click here:
    angularjs training in chennai
    Click here:
    angularjs2 training in chennai
    Click here:
    angularjs4 Training in Chennai
    Click here:
    angularjs5 Training in Chennai

    ReplyDelete
  9. It has been simply incredibly generous with you to provide openly what exactly many indivduals would’ve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.
    digital marketing training in marathahalli

    digital marketing training in rajajinagar

    Digital Marketing online training

    full stack developer training in pune

    ReplyDelete
  10. Great post! I am actually getting ready to across this information, It’s very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.

    Data Science Training in Chennai
    Data science training in bangalore
    Data science online training
    Data science training in pune
    Data science training in kalyan nagar
    Data science training in Bangalore
    Data science training in tambaram

    ReplyDelete
  11. I have been meaning to write something like this on my website and you have given me an idea. Cheers.
    Click here:
    python training in tambaram
    Click here:
    python training in annanagar

    ReplyDelete
  12. This comment has been removed by the author.

    ReplyDelete
  13. Awesome blog. It was very informative. I would like to appreciate you. Keep updated like this best selenium training institute in hyderabad

    ReplyDelete
  14. Its really an Excellent post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog. Thanks for sharing....
    Blueprism online training

    Blue Prism Training in Pune

    Blueprism training in tambaram

    ReplyDelete
  15. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.

    Data Science Training in Chennai
    Data science training in bangalore
    Data science online training
    Data science training in pune

    ReplyDelete