Add office photos
i
Deloitte
CompareProud winner of ABECA 2024 - AmbitionBox Employee Choice Awards
Filter interviews by
Deloitte SAP GRC and Security Consultant Interview Questions and Answers
Deloitte SAP GRC and Security Consultant Interview Experiences
1 interview found
Anonymous
I applied via Naukri.com and was interviewed in Jan 2024. There were 2 interview rounds.
(2 Questions)
- Q1. SAP security basics and fiori
- Q2. Fiori related questions
(2 Questions)
- Q1. Roles and authorizations.
- Q2. Implementation, fiori catalog , fiori group
Interview Preparation Tips
- SAP Security
- Sap fiori
- SAP GRC
Interview questions from similar companies
Selected
I applied via Naukri.com and was interviewed before Aug 2023. There were 2 interview rounds.
(2 Questions)
- Q1. Tcode for decentralized EAM
- Ans.
The Tcode for decentralized EAM is IW39
Tcode IW39 is used for decentralized EAM in SAP
It allows users to view and manage maintenance orders in a decentralized manner
- Q2. Types of risks in SAP
- Ans.
Types of risks in SAP include unauthorized access, data breaches, fraud, and compliance violations.
Unauthorized access to sensitive data
Data breaches leading to loss of confidential information
Fraudulent activities such as financial manipulation
Non-compliance with regulations and industry standards
Inadequate segregation of duties leading to internal fraud
Lack of proper security controls exposing system vulnerabilities
(2 Questions)
- Q1. Did you work on automating the Scripts
- Ans.
Yes, I have experience automating scripts for SAP GRC and Security.
Yes, I have automated scripts for user provisioning and deprovisioning in SAP GRC.
Used tools like SAP GRC Access Control and SAP Identity Management for automation.
Automated security monitoring scripts to detect and respond to security incidents.
Implemented automated compliance checks to ensure adherence to regulatory requirements.
- Q2. Any Idea on GRC PC ?
- Ans.
GRC PC stands for Governance, Risk, and Compliance Process Control.
GRC PC is a module within SAP GRC that focuses on automating and monitoring internal controls.
It helps organizations ensure compliance with regulations and policies.
GRC PC allows for continuous monitoring of key controls and helps in identifying and mitigating risks.
Examples of GRC PC functionalities include access control monitoring, segregation of dut
Skills evaluated in this interview
I applied via campus placement at Guru Nanak Dev University (GNDU) and was interviewed in Apr 2024. There were 3 interview rounds.
Asked about Reasoning, English, Computer networks, Database Management system, Electronics
15 min discussion on any topic given on the spot, 1 min for thinking
(3 Questions)
- Q1. What do you know about Cloud Computing?
- Ans.
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.
It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.
Exa...
- Q2. OOPs concepts and examples
- Ans.
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
Inheritance: Allows a class to inherit properties and behavior from another class.
Encapsulation: Bundling data and methods that operate on the data into a single unit.
Polymorphism: Ability to present the same interface for different data types.
Abstraction: Hiding the complex implementation detail
- Q3. SQL queries like Joins and Selection
Interview Preparation Tips
- DSA
- Cloud Computing
- Network Security
- OOPS
Skills evaluated in this interview
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
Interview Questionnaire
1 Question
- Q1. All security related
Interview Preparation Tips
(1 Question)
- Q1. Technical questions on build and operations
(1 Question)
- Q1. Managerial question and communication skills
I applied via Naukri.com and was interviewed in Sep 2024. There were 2 interview rounds.
They ask questions based on security
(2 Questions)
- Q1. What is injection
- Ans.
Injection is a technique used to introduce code or data into a computer program or system.
Injection is commonly used in cyber attacks to exploit vulnerabilities in software.
Types of injection include SQL injection, cross-site scripting (XSS), and command injection.
Injection attacks can lead to unauthorized access, data theft, and system compromise.
- Q2. Type of injection
- Ans.
SQL injection is a type of injection attack that allows an attacker to execute malicious SQL statements.
SQL injection involves inserting malicious SQL code into input fields of a web application
Attackers can manipulate databases, steal data, and even delete or modify records
Examples include entering ' OR '1'='1' into a login form to bypass authentication
(2 Questions)
- Q1. Explain interesting incident you handled
- Q2. Log sources - to hunt for threats
- Ans.
Log sources are essential for hunting threats in a network environment.
Collect logs from network devices such as firewalls, routers, and switches.
Utilize logs from endpoint security solutions like antivirus and EDR tools.
Incorporate logs from servers, including authentication logs and system logs.
Monitor logs from cloud services and applications for any suspicious activities.
Analyze logs from SIEM solutions to correlat
Interview Preparation Tips
I applied via Campus Placement and was interviewed in Aug 2023. There were 2 interview rounds.
There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd
(2 Questions)
- Q1. This was a one to one technical round they ask about your project. what are your three strengths?
- Q2. How will you lead your team?
Selected
I applied via Campus Placement and was interviewed in Dec 2023. There were 2 interview rounds.
2 hours, basic dsa questions, cyber security related mcqs
(4 Questions)
- Q1. What is normalization in dbms
- Ans.
Normalization in DBMS is the process of organizing data in a database to reduce redundancy and improve data integrity.
Normalization involves breaking down a database into smaller, more manageable tables and defining relationships between them.
It helps in reducing data redundancy by storing data in a structured and organized manner.
Normalization also helps in improving data integrity by ensuring that data is consistent ...
- Q2. Difference between truncate and delete
- Ans.
Truncate is a DDL command that removes all records from a table, while delete is a DML command that removes specific records.
Truncate is faster than delete as it does not log individual row deletions.
Truncate resets identity columns, while delete does not.
Truncate cannot be rolled back, while delete can be rolled back using a transaction.
Truncate does not fire triggers, while delete does.
- Q3. How will your protect your digital data
- Ans.
I will protect my digital data by implementing strong encryption, regular backups, and strict access controls.
Implement strong encryption algorithms to secure data in transit and at rest
Regularly backup data to prevent loss in case of cyber attacks or hardware failures
Enforce strict access controls by using multi-factor authentication and least privilege principle
- Q4. Some types of cyber attacks
- Ans.
Some types of cyber attacks include phishing, malware, ransomware, DDoS attacks, and social engineering.
Phishing: fraudulent emails or messages to trick individuals into revealing sensitive information
Malware: malicious software designed to damage or gain unauthorized access to a computer system
Ransomware: encrypts files on a victim's system and demands payment for decryption
DDoS attacks: overwhelming a system with a f...
Skills evaluated in this interview
Deloitte Interview FAQs
Tell us how to improve this page.
Deloitte Interviews By Designations
- Deloitte Consultant Interview Questions
- Deloitte Analyst Interview Questions
- Deloitte Senior Consultant Interview Questions
- Deloitte Associate Analyst Interview Questions
- Deloitte Assistant Manager Interview Questions
- Deloitte Tax Consultant Interview Questions
- Deloitte Business Analyst Interview Questions
- Deloitte Business Technology Analyst Interview Questions
- Show more
Interview Questions for Popular Designations
- Security Officer Interview Questions
- Security Analyst Interview Questions
- Security Supervisor Interview Questions
- Cyber Security Analyst Interview Questions
- Security Engineer Interview Questions
- Security Guard Interview Questions
- Network Security Engineer Interview Questions
- Information Security Analyst Interview Questions
- Show more
Interview Questions from Similar Companies
Fast track your campus placements
|
Consultant
33k
salaries
|  ₹6.3 L/yr - ₹23 L/yr |
|
Senior Consultant
20.7k
salaries
| ₹11 L/yr - ₹35 L/yr |
|
Analyst
14k
salaries
| ₹3.6 L/yr - ₹12.4 L/yr |
|
Assistant Manager
10k
salaries
| ₹7.8 L/yr - ₹24 L/yr |
|
Manager
7k
salaries
| ₹15.7 L/yr - ₹52 L/yr |
Accenture
PwC
Ernst & Young
Cognizant
- Home >
- Interviews >
- Deloitte Interview Questions >
- Deloitte SAP GRC and Security Consultant Interview Questions
