Add office photos
Filter interviews by
PwC SAP GRC and Security Consultant Interview Questions, Process, and Tips
PwC SAP GRC and Security Consultant Interview Experiences
1 interview found
Selected
I applied via Naukri.com and was interviewed before Aug 2023. There were 2 interview rounds.
(2 Questions)
- Q1. Tcode for decentralized EAM
- Ans.
The Tcode for decentralized EAM is IW39
Tcode IW39 is used for decentralized EAM in SAP
It allows users to view and manage maintenance orders in a decentralized manner
- Q2. Types of risks in SAP
- Ans.
Types of risks in SAP include unauthorized access, data breaches, fraud, and compliance violations.
Unauthorized access to sensitive data
Data breaches leading to loss of confidential information
Fraudulent activities such as financial manipulation
Non-compliance with regulations and industry standards
Inadequate segregation of duties leading to internal fraud
Lack of proper security controls exposing system vulnerabilities
(2 Questions)
- Q1. Did you work on automating the Scripts
- Ans.
Yes, I have experience automating scripts for SAP GRC and Security.
Yes, I have automated scripts for user provisioning and deprovisioning in SAP GRC.
Used tools like SAP GRC Access Control and SAP Identity Management for automation.
Automated security monitoring scripts to detect and respond to security incidents.
Implemented automated compliance checks to ensure adherence to regulatory requirements.
- Q2. Any Idea on GRC PC ?
- Ans.
GRC PC stands for Governance, Risk, and Compliance Process Control.
GRC PC is a module within SAP GRC that focuses on automating and monitoring internal controls.
It helps organizations ensure compliance with regulations and policies.
GRC PC allows for continuous monitoring of key controls and helps in identifying and mitigating risks.
Examples of GRC PC functionalities include access control monitoring, segregation of dut
Skills evaluated in this interview
Interview questions from similar companies
SAP GRC and Security Consultant Interview Questions & Answers
Deloitte
Anonymous
posted on 12 Jul 2024
I applied via Naukri.com and was interviewed in Jan 2024. There were 2 interview rounds.
(2 Questions)
- Q1. SAP security basics and fiori
- Q2. Fiori related questions
(2 Questions)
- Q1. Roles and authorizations.
- Q2. Implementation, fiori catalog , fiori group
Interview Preparation Tips
- SAP Security
- Sap fiori
- SAP GRC
I applied via campus placement at Guru Nanak Dev University (GNDU) and was interviewed in Apr 2024. There were 3 interview rounds.
Asked about Reasoning, English, Computer networks, Database Management system, Electronics
15 min discussion on any topic given on the spot, 1 min for thinking
(3 Questions)
- Q1. What do you know about Cloud Computing?
- Ans.
Cloud computing is the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and intelligence.
Cloud computing allows users to access and store data and applications on remote servers instead of on their local devices.
It offers scalability, flexibility, cost-effectiveness, and the ability to access resources from anywhere with an internet connection.
Exa...
- Q2. OOPs concepts and examples
- Ans.
OOPs concepts refer to Object-Oriented Programming principles like inheritance, encapsulation, polymorphism, and abstraction.
Inheritance: Allows a class to inherit properties and behavior from another class.
Encapsulation: Bundling data and methods that operate on the data into a single unit.
Polymorphism: Ability to present the same interface for different data types.
Abstraction: Hiding the complex implementation detail
- Q3. SQL queries like Joins and Selection
Interview Preparation Tips
- DSA
- Cloud Computing
- Network Security
- OOPS
Skills evaluated in this interview
I applied via Naukri.com and was interviewed before Nov 2021. There were 3 interview rounds.
(6 Questions)
- Q1. What is xss and how it's can be exploited?
- Ans.
XSS is a type of web vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
XSS stands for Cross-Site Scripting.
Attackers can exploit XSS vulnerabilities by injecting malicious scripts into web pages viewed by other users.
These scripts can steal sensitive information, such as login credentials or personal data, from the victim's browser.
XSS attacks can be prevented by prope...
- Q2. What is csrf and how it can be exploited?
- Ans.
CSRF is a type of attack where a malicious website tricks a user into performing an action on a different website.
CSRF stands for Cross-Site Request Forgery
It can be exploited by tricking a user into clicking a link or button on a malicious website that sends a request to a different website where the user is logged in
The request can perform actions on behalf of the user without their knowledge or consent
To prevent CSR...
- Q3. What is sast and dast and why it is performed?
- Ans.
SAST and DAST are security testing techniques used to identify vulnerabilities in software applications.
SAST (Static Application Security Testing) is performed on the source code of an application to identify security vulnerabilities before the application is compiled and deployed.
DAST (Dynamic Application Security Testing) is performed on a running application to identify vulnerabilities in real-time.
SAST is useful fo...
- Q4. What is httpsOnly and secure flag is used for?
- Ans.
httpsOnly and secure flag are used for securing web traffic and preventing attacks.
httpsOnly ensures that all traffic to a website is encrypted and cannot be intercepted by attackers.
Secure flag ensures that cookies are only sent over encrypted connections, preventing session hijacking attacks.
Both are important security measures for protecting sensitive information and preventing attacks.
Examples of websites that use ...
- Q5. What are the security headers used in an application?
- Ans.
Security headers are used to enhance the security of web applications by providing additional protection against attacks.
Common security headers include Content-Security-Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and Strict-Transport-Security (HSTS)
CSP helps prevent cross-site scripting (XSS) attacks by specifying which sources of content are allowed to be loaded
X-XSS-Protection helps prev...
- Q6. How cache control is implemented?
- Ans.
Cache control is implemented through HTTP headers to specify how long a resource should be cached.
Cache-Control header is used to specify caching directives
Expires header is used to specify an expiration date for the resource
Max-Age header is used to specify the maximum age of the resource in seconds
Pragma header is used for backwards compatibility with HTTP/1.0
Examples: Cache-Control: max-age=3600, Expires: Wed, 21 Oc
(2 Questions)
- Q1. Application and api security questions?
- Q2. Work experience and questions related to work performed in previous organization?
Interview Preparation Tips
Skills evaluated in this interview
Interview Questionnaire
1 Question
- Q1. All security related
Interview Preparation Tips
I applied via Naukri.com and was interviewed in Oct 2024. There was 1 interview round.
(2 Questions)
- Q1. Risky user investigation and defination
- Q2. Mitre attack frame work
I applied via Naukri.com and was interviewed in Sep 2024. There were 2 interview rounds.
They ask questions based on security
(2 Questions)
- Q1. What is injection
- Ans.
Injection is a technique used to introduce code or data into a computer program or system.
Injection is commonly used in cyber attacks to exploit vulnerabilities in software.
Types of injection include SQL injection, cross-site scripting (XSS), and command injection.
Injection attacks can lead to unauthorized access, data theft, and system compromise.
- Q2. Type of injection
- Ans.
SQL injection is a type of injection attack that allows an attacker to execute malicious SQL statements.
SQL injection involves inserting malicious SQL code into input fields of a web application
Attackers can manipulate databases, steal data, and even delete or modify records
Examples include entering ' OR '1'='1' into a login form to bypass authentication
About a rat that can exfoliate the system and also mirte attack
Assembly language with little python
Interview Preparation Tips
I applied via Campus Placement and was interviewed in Aug 2023. There were 2 interview rounds.
There was group of 5 people in the gd and the topic was Electric Vehicles
20 minutes were given to conclude the gd
(2 Questions)
- Q1. This was a one to one technical round they ask about your project. what are your three strengths?
- Q2. How will you lead your team?
I applied via Referral and was interviewed in Jan 2024. There was 1 interview round.
(2 Questions)
- Q1. Questions related to DKIM, SPF
- Q2. Different ports and example of UDP port
- Ans.
Different ports are used for communication in networking. UDP port 53 is used for DNS.
Ports are used to identify different services or processes on a network
UDP port 53 is used for DNS (Domain Name System)
Other common UDP ports include 67 (DHCP), 161 (SNMP), and 123 (NTP)
Skills evaluated in this interview
PwC Interview FAQs
Tell us how to improve this page.
PwC Interviews By Designations
- PwC Associate Interview Questions
- PwC Senior Associate Interview Questions
- PwC Consultant Interview Questions
- PwC Associate2 Interview Questions
- PwC Associate Consultant Interview Questions
- PwC Manager Interview Questions
- PwC Senior Consultant Interview Questions
- PwC Technology Consultant Interview Questions
- Show more
Interview Questions for Popular Designations
- Security Officer Interview Questions
- Security Analyst Interview Questions
- Security Supervisor Interview Questions
- Cyber Security Analyst Interview Questions
- Security Engineer Interview Questions
- Security Guard Interview Questions
- Network Security Engineer Interview Questions
- Security Manager Interview Questions
- Show more
Interview Questions from Similar Companies
Fast track your campus placements
PwC SAP GRC and Security Consultant Reviews and Ratings
based on 1 review
Rating in categories
|
Senior Associate
14.8k
salaries
|  ₹8 L/yr - ₹30 L/yr |
|
Associate
12.7k
salaries
| ₹4.7 L/yr - ₹17 L/yr |
|
Manager
6.7k
salaries
| ₹13.8 L/yr - ₹44 L/yr |
|
Senior Consultant
4.4k
salaries
| ₹9 L/yr - ₹32 L/yr |
|
Associate2
4.2k
salaries
| ₹4.6 L/yr - ₹16.6 L/yr |
Deloitte
Ernst & Young
Accenture
TCS
- Home >
- Interviews >
- PwC Interview Questions >
- PwC SAP GRC and Security Consultant Interview Questions
