https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444431#M211161 <HTML><HEAD></HEAD><BODY><P>Questions that i encountered based on R/3 46C:</P><P></P><P>1. How frequent do you perform transport migration?</P><P>2. Understanding of Composite role, Derived Roles, Single Roles</P><P>3. Knowledge of SU01, PFCG</P><P>4. CUA</P></BODY></HTML> Tue, 25 Jul 2006 06:19:24 GMT Former Member 2006-07-25T06:19:24Z https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444430#M211160 <HTML><HEAD></HEAD><BODY><P>Hi Everyone,</P><P> I just wanted to know what are the questions(in general)to be expected in R3 Security interview(4.6c)</P><P>as i am expecting an interview in couple of days..</P><P>Thank you in advance</P><P>shabana</P></BODY></HTML> Mon, 24 Jul 2006 17:24:07 GMT https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444430#M211160 Former Member 2006-07-24T17:24:07Z https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444431#M211161 <HTML><HEAD></HEAD><BODY><P>Questions that i encountered based on R/3 46C:</P><P></P><P>1. How frequent do you perform transport migration?</P><P>2. Understanding of Composite role, Derived Roles, Single Roles</P><P>3. Knowledge of SU01, PFCG</P><P>4. CUA</P></BODY></HTML> Tue, 25 Jul 2006 06:19:24 GMT https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444431#M211161 Former Member 2006-07-25T06:19:24Z https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444432#M211162 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>these are a few quick thoughts:</P><P></P><P>IT-Infrastructure Security, SAP Landscape:</P><P>- Network layout and firewalling between systems</P><P>- Remote administration, backup, archiving procedures</P><P>- Hardening procedures for new systems, new clients, system or client copies</P><P> - examples are locking, unlocking, password changes of users, setting system wide password rules, SM59 configuration, SICF configuration</P><P>- Use of cryptographic mechanisms (SNC, SSL)</P><P></P><P>Authorizations:</P><P>- Does a documented authorization concept exist?</P><P>- Of course: Are there SAP_ALL, SAP_NEW users (or any equivalent sort of SAP_ALL)</P><P>- How are authorizations of communication / system users managed?</P><P>- What kind of functional roles are used (Task roles, job roles, etc.)?</P><P>- What kind of technical roles are used (single, composite, derived)?</P><P>- Are check indicators used (SU24)?</P><P> - Are there many "manual" authorization objects? (this would indicate that SU24 is not correctly used.)</P><P>- Are risky transactions (SU01, PFCG, SM59, SA38, ...) and risky transaction combinations (vendor creation / change and payment processing) known and documented?</P><P>- Are procedures in place that control / mitigate the execution of these risks?</P><P>- How is user and authorizations management regulated?</P><P></P><P>Regards,</P><P>Christian</P></BODY></HTML> Tue, 25 Jul 2006 07:13:12 GMT https://community.sap.com/t5/application-development-and-automation-discussions/general-interview-questions-in-security-r3/m-p/1444432#M211162 christian_wippermann 2006-07-25T07:13:12Z