SAP GRC Access Controls Questions and Answers

 SAP GRC Access Controls Questions and Answers

1. What is SAP GRC?

Governance, Risk and Compliance id the full form of GRC. It provides a solution that enables organizations to maintain regulations and compliance and remove any risks in maintaining organizations key operations.

2. How many modules present in GRC?

a. Access Control (AC)
b. Process Control (PC)
c. Risk Management (RM)
d. Environment, Health and Safety (EHS)
e. Global Trade Services (GTS)

3. What is the software of GRC Financial compliance?

GRCFND_A

4. What is the plugin used for HR backend?

GRCPIERP – Used for HR function

5. What is the plugin used for NHR backend?

GRCPINW – Used for Non-HR functions

6. What is the periodic process that allows role owner to remove roles from the users?

UAR Review

7. Where can you define a mitigating control?

a. Mitigating controls workset in Access Control
b. Access Control risk analysis result screen
c. Central process hierarchy in process control

8. What is the process of  importing roles from back-end system for role maintenance using BRM?

Roles can be imported by using the standard import template.

9. What is the purpose of role mining?

Role mining is used to consolidate roles by taking actions after running comparisons.

10. Which attributes are mandatory when creating business role definition details in BRM?

a. Landscape
b. Project release
c. Application type

11. What information contains in the audit trail log for access rules?

When the change was made and who made the changes

12. What is the purpose of organizational value mapping?

Organizational value mapping is used to maintain derived roles with organizational units.

13. Which RFC connection type is used for the establishment of a connection between GRC and SAP ERP backend system?

ABAP Connection type

14. Which of the role provisioning types does Access Control user provisioning support?

a. Direct
b. Indirect
c. Combined

15. For user Access review which users are selected using AC config parameter 2006?

Manager
Role Owner

16. In MSMP workflow what rule types are available?

a. ABAP Class-based rule
b. Function module-based rule
c. BRFplus rule

17. What does an agent rule determine?

The approvers/recipients for the workflow

18. Which type of rule is used when creating an access request workflow for a role assignment that will have two or more approval steps?

BRFplus Flat rule

19. After a workflow has been initiated, how to enable stage configurations changes to get effective?

Activate the Runtime Configuration Changes OK indicator

20. Which indirect provisioning types are supported in user provisioning?

a. Organization type
b. Job
c. Position

21. Which agent purposes are available in MSMP workflow?

Approval
Notification

22. What are business configuration (BC) sets for Access Control?

It is a collection of configuration settings designed to populate SAP tables with content.
It is a set of predefined customizing settings.

23. What are the actions in BRM require a connection to a target system?

a. Generation
b. Authorization maintenance (Actions and Permissions)
c. Risk analysis

24. What transaction code is used to monitor the background jobs in access control repository sync?

SM37 (Overview of job selection)

25. Which background job is used to synchronize the Firefighter ids and their role assignments in AC?

GRAC_REPOSITORY_OBJECT_SYNC

26. What are the integration scenarios available in AC?

a. Provisioning (PROV)
b. Superuser Privilege Management (SUPMG)
c. Authorization Management (AUTH)

27. Which auto provisioning options are available in the global provisioning configuration?

a. Manual Provisioning
b. Auto-provisioning at the End of Request
c. No Provisioning

28. What data is synchronized when GRAC_REPOSITORY_OBJECT_SYNC job run?

a. Profiles
b. Roles
c. Users

29. What is the sequence of executing the sync jobs to synchronize the Access Control repository with data from different clients?

a. PFCG Authorization sync
b. Repository object sync (Profile, Role, User)
c. Action usage sync
d. Role usage sync

30. What are the application types in EAM (Emergency Access Management)?

ID based Firefighting: In this concept each Firefighter ID contains own user master record and roles are directly assigned to the Firefighter ID. The advantage is that one Firefighter ID can be used by multiple users.

Role based Firefighting: In this scenario each Firefighter role can be assigned directly to a user. User doesn’t require a separate ID to use Firefighter access.
The advantage is transactions and change histories are logged with users own ID. 
One application type can be possible to configured at a given time.

31. What users are created in EAM?

In the AC system:
Firefighter User  - SAP_GRAC_SUPER_USER_MGMT_USER
Firefighter Owner - SAP_GRAC_SUPER_USER_MGMT_OWNER
Firefighter Controller - SAP_GRAC_SUPER_USER_MGMT_CNTLR

In the target system:
Firefighter ID - SAP_GRAC_SPM_FFID

32. What is the log collecting background job in EAM?

The background job for log collection is GRAC_SPM_LOG_SYNC_UPDATE. This Job is scheduled via SM36 transaction code on a periodic basis.

33. What is the BC set related to EAM?

GRAC_SPM_CRITICALITY_LEVEL

34. What are the steps required to configure Firefighter ID?

a. Maintain Access Control Owners
b. Assign an Owner to a Firefighter ID
c. Firefighter ID is assigned to Controllers and Firefighters
d. Create the Reason Codes

35. What are the important parameters in configuring EAM?

4000 – Application Type
4001 – Default Firefighter ID validity period(in days)
4003 – Retrieve change log
4005 – Retrieve audit log
4010 – Firefighter ID role name

36. What is the most critical module in GRC?

Access Risk Analysis (ARA) is the most critical module in GRC, because It contains the “RuleSet” which is used for risk analysis.

Watch below video for more SAP GRC Security questions and answers



Location: Chicago, IL, USA

Comments

Post a Comment

Popular posts from this blog

SAP Security: Critical Authorization Objects

SAP Security: Critical Authorization Objects 1. S_TABU_DIS: This authorization object enables authorization check for displaying or modifying the table content. For accessing the table data, users use SE16, SM30 or SM31 transaction codes. This object contains two fields, DICBERCLS (authorization group) and ACTCT. 2. S_RFC: This authorization object enables authorization check for remote function call to access program modules (function modules). This authorization object contains three fields, RFC_TYPE, RFC_NAME and ACTCT. 3. S_DATASET: This authorization object enable file access at operating system level. This gives permission to access files from ABAP programs. This object contains three fields, File name, Program and Activity. 4. S_ADMI_FCD: This authorization objects enable access to various administrator activities like system monitoring, spool administration, client creations, update administration etc. This object contains one field, system administration functions. 5. S_DE
Read more

SAP Security: How to set auto Logoff for Inactive users in SAP

Image
How to set auto Logoff for Inactive users in SAP SAP provides an options for logging of inactive users in SAP automatically. Inactive means if there is no activity for a specific period of time. By setting the auto logoff improves the security in the SAP system. The auto logoff options is not active in the system by default. This needs to be activated using the profile parameter called rdisp/gui_auto_logout. The value for this parameter should be set in the form of seconds. The inactive users are logout of the system after the specific time period that is set in the parameter. The SAP system doesn't save the data before auto logoff and it does not popup any prompt before auto logoff. Procedure to set the value in the Profile parameter: Execute transaction code RZ10 Select the DEFAULT profile from the selection menu. Select the Extended maintenance and click on change icon. Click on the create parameter icon as shown below. Enter the new parameter name as rdisp/gui_auto_logout and c
Read more

SAP GRC Security Consultant Roles and Responsibilities

SAP GRC Security Consultant Roles and Responsibilities 1. SAP GRC Consultant should have a knowledge on Governance, Risk and Compliance products. 2. Should have a thorough knowledge as well as experience in relation between ERP and GRC systems. 3. Should have an experience in configuring and supporting of GRC components like ARA, ARM, BRM and EAM. 4. GRC consultant should be having good understanding of GRC architecture. 5. Should be having hands on experience in user provisioning, role management, risk analysis, emergency access management and monitoring. 6. Should have experience in pre installation, post installation, connector settings, rule building and MSMP workflows and BRF+ in the ARM and BRM components. 7. Should have experience in end to end implementation of GRC Access Controls. 8. Should have experience in designing and developing the SAP business process. 9. Should be able to gather business requirements and implement the same in the GRC AC modules like ARA, ARM, BRM and E
Read more