Security & Compliance

What are the three encryption methods, and how does SSL/TLS combine them?

How does the SAP virus scan interface work, and where are approved providers listed?

What is Read Access Logging (RAL), and which transaction configures it?

What is the biggest risk in the SAP Web Dispatcher, and how should it be protected?

Which transaction wizard sets up Secure Network Communication (SNC), and what does it configure?

How is table logging enabled, and what does the rec/client parameter control?

What are the core building blocks shared by any SSO solution?

What is the recommended way to handle the SAP* user, and which parameter disables its fallback?

How does a multiclient architecture protect data, and which data is shared across clients?

What is the Security Audit Log and what kinds of events does it record?

How are critical transactions locked, and what's the difference between SM01_DEV and SM01_CUS?

Which parameter separates internal and external message server communication, and why does that help security?

Which parameter activates the security audit log, and which transactions replaced the old SM18/SM19/SM20?

Why are all ICF services inactive after installation, and what's the security recommendation?

What does the ICM parameter icm/HTTPS/verify_client control across its values 0, 1, and 2?

What is a security policy (SECPOL) and how does it relate to profile parameters?

What are the standard SAP users delivered with a system, and the key risk they pose?

Which library provides SAP's cryptographic functions, and how do you check its installed version?

Why is the gateway process a security risk, and which parameter enables RFC authorization checks?

What is the SAP Web Dispatcher and what are its main functions?

How is access to the ICM restricted, and how is the ACL activated?

What do the three Client Copier protection levels (0/1/2) mean in SCC4?

Which ICM parameter enables Server Name Indication (SNI), and why does it matter?

When does SAP release security fixes, and where can administrators find them?

In Kerberos/SPNEGO SSO, what is each protocol's role and what is a key limitation?

Why does SAP recommend against logon tickets for SSO despite their being straightforward to set up?

Which transactions and PSE files are involved in maintaining SSL/TLS certificates in an SAP system?

How can you list all users holding critical authorizations for an audit?

What is the purpose of the gateway secinfo and reginfo files?

What is the role of a Certificate Authority (CA) and PKI in trusted communication?

What is the difference in scope between SAP Single Sign-On and SAP Cloud Identity Services?

Where are blacklisted (illegal) passwords stored, and how are wildcards used?

Why is the message server a security-critical component, and which parameter restricts its monitoring tools?

Which parameter blocks logon by user name and password entirely, forcing SSO/SNC?

Which SCC4 setting is recommended for production to protect client-specific and cross-client objects?

What is cryptography's role in securing communication, and what three things must a trusted connection establish?

What are the three recording targets for the security audit log, and where is the database-stored log kept?