Календарь на Май 2024 года: calendar2008.ru/2024/may/
Навигация
 Главная »  Windows 

Экзамен Tivoli 876: IBM Tivoli Access Manager for e-business V6.0 Implementation


Разделы экзамена: 

Раздел 1 - Planning

1.1 Given a Security Analysis Document, produce product deployment recommendations that meet security requirements as verified via review cycles.

With emphasis on performing the following steps:

    • Interview administrators, users, and security team.
    • Determine the type of user registry used for secure domain.
    • Determine authentication mechanisms -- user IDs/passwords (basic or forms-based), certificates, SecurID tokens, or custom authentication mechanisms.
    • Identify customization requirements such as External Authorization Services, External Authentication C API, Policies etc).
    • Identify auditing and logging requirements.
    • Determine account and password management rules.
1.2 Given Access Manager for e-business (AMeB) deployment recommendations and the customer's current network configuration, define an AMeB system layout and produce a deployment document containing a network topology diagram with placement of AMeB user registry and servers.

With emphasis on performing the following steps:

    • Identify capacity requirements (number of users, concurrent users, junctioned Web servers, ACLs required).
    • Identify Reliability and Serviceability (RAS) requirements (24 hours x 7 days, throughput and recovery capability).
    • Identify current network and security aspects (geography of LANs, firewalls, Internet, intranet, DMZ, etc.).
    • Create logical configuration (number and type of Access Manager for e-business servers, number of load balancers, replicated Web servers, secure domains) and integrate with other applications.
    • Create physical configuration (location of Access Manager for e-business servers, location of load balancers, and relationship to firewalls).
    • Determine number and location of user registries.
1.3 Given an existing Access Manager for e-business environment, define a migration strategy to maintain user data as well as security policy data.

With emphasis on performing the following steps:

    • Create roadmap defining the migration strategy.
    • Identify required user registry migration or upgrade procedures.
    • Identify migration and backup utilities required to perform migration.
    • Identify Access Manager for e-business security policy data to be migrated and determine procedures to perform.
Раздел 2 - Installation

2.1 Given a PKI product, configure a valid client-side certificate so that a user can successfully authenticate to Access Manager for e-business.

With emphasis on performing the following steps:

    • Load Certificate Authority (CA) root certificate(s) into WebSEAL (CA root comes from PKI product).
    • Enable client-side certificate authentication.
    • Configure client-side certificates.
2.2 Given the Access Manager for e-business packages and necessary hardware, perform the AMeB installation to produce a working AMeB system.

With emphasis on performing the following steps:

    • Install Access Manager for e-business user registry if not installed.
    • Complete Access Manager for e-business user registry customization.
    • Install LDAP clients on the computers to be used for Access Manager for e-business servers.
    • Install the Access Manager for e-business server components.
    • Complete advanced Access Manager for e-business customization.
2.3 Given user account information, create a registry useable by Access Manager for e-business.

With emphasis on performing the following steps:

    • Identify existing user registries.
    • Determine integration options and benefits/pitfalls.
    • Determine migration options and benefits/pitfalls.
    • Decide user registry approach.
    • If integration: Design and code External Authentication C API (& SYNC process), decide 1-1 or n-1, and validate results.
    • If migration: Identify sources of information, build and run the migration tool, and validate results.
2.4 Given an existing Access Manager for e-business environment, perform basic system tests to validate the environment is functioning correctly.

With emphasis on performing the following steps:

    • Check all processes are running.
    • Perform logon and user/group ACL template creation administrative tasks.
    • Verify WebSEAL works by attaching an ACL template to an HTML file and validate using a browser.
Раздел 3 - Configuration and Customization

3.1 Given a firewall environment, create the proper rule setup so that a user can access Access Manager for e-business through the firewall.

With emphasis on performing the following steps:

    • Identify where to install/configure Access Manager for e-business in a firewall environment.
    • Identify firewall changes for user registry and HTTP/HTTPS, and SSL Access Manager for e-business traffic.
    • Install/configure Access Manager for e-business in a firewall environment.
3.2 Given security requirements, define a security namespace that includes all objects to be protected.

With emphasis on performing the following steps:

    • Identify resources to be protected and identify explicit and default ACLs.
    • Identify replication semantics.
    • Identify non-static Web resources (JAVA, servlets, ActiveX).
    • Identify how to apply protected object policies (POPs).
    • Identify how to apply authorization rules.
3.3 Given an organization's security policy, complete each task so that the policy database is configured successfully.

With emphasis on performing the following steps:

    • Create extended ACL permissions and action groups.
    • Create Protected Object Policies (POPs).
    • Identify how to apply protected object policies (POPs).
    • Create authorization rules.
    • Create secure domains.
    • Create policy templates.
    • Attach policy template to protected resource.
    • Implement Delegated User Administration requirements.
3.4 Given a completed Access Manager for e-business deployment document containing password rules, set up all AMeB administrators and users and configure the password rules for each.

With emphasis on performing the following steps:

    • Define password policy options, including delegation of password reset.
    • Configure the Access Manager for e-business password policies.
3.5 Given a Security Analysis Document and a Web application, configure Access Manager for e-business to achieve a secure, working solution.

With emphasis on performing the following steps:

    • Analyze application characteristics, plug-ins, applets, user registry, ACLs, JavaScript, absolute URLs, roles in use.
    • Identify and analyze application security requirements.
    • Design junctions (TCP, replication, encrypted, proxy, mutually authenticated, tag value, portal, transparent, virtual host) and required options.
    • Design SSO (FSSO, GSO, LTPA, EAI, TAI).
    • Describe junction mapping table usage.
    • Populate namespace (query contents, DYNURLs, application objects).
    • Design and create application security policy (EAS, ACLs, delegation, authorization rules).
3.6 Given a business requirement to supplement the standard authorization process, implement external authorization services to impose additional authorization controls and conditions.

With emphasis on performing the following steps:

    • Register the EAS server with the Access Manager for e-business authorization service.
    • Configure the attribute retrieval service plug-ins for connection to external sources.
3.7 Given a deployment plan and details document, implement Web single sign-on such that cross domain and single domain requirements are met.

With emphasis on performing the following steps:

    • Ensure that e-community, cross domain and/or Web single sign-on has been configured in Access Manager for e-business.
    • Create appropriate junctions to the candidate Web servers.
    • Add GSO resources and/or GSO resource groups.
    • Implement LTPA SSO for WebSphere and Domino targets.
    • Implement TAI SSO for WebSphere.
    • Implement FSSO and EAI.
    • Implement Windows SPNEGO SSO for IIS or WebSEAL.
    • Populate each user's resource credential information.
    • Test Web SSO function (browser-to-Access Manager for e-business-to-Web server).
    • Test resource credential and change password via admin console and via end user.
3.8 Given a requirement for dynamic URLs, configure dynamic URL control to protect Web content.

With emphasis on performing the following steps:

    • Create a single static protected object file for dynamic URLs.
    • Map ACL namespace objects to dynamic URLs.
    • Update WebSEAL or Plug-ins for dynamic URLs.
3.9 Given a requirement for container level integration, configure IBM Access Manager for WebSphere Application Server (AMWAS) to manage J2EE role-based security.

With emphasis on performing the following steps:

    • Migrate EAR files from WebSphere Application Server to Access Manager for e-business environment.
    • Install and configure AMWAS under WebSphere Application Server.
    • Administer J2EE roles using AMWAS.
3.10 Given an existing Tivoli Access Manager for e-business environment with WebSphere Application Server, perform steps to validate that Common Audit and Reporting Service (CARS) server and client are functioning correctly.

With emphasis on performing the following steps:

    • Examine directories for cached files.
    • Check that required processes are running.
    • Check that appropriate applications are running in the WebSphere Application Server.
    • Test connection from DB2 client to DB2 server.
    • Establish connection with DB2 and query for event records.
    • Perform administrative tasks in pdadmin to enable auditing.
    • Create events that will be reported by CARS.
    • Stage reports into tables.
    • Create a report using any reporting utility that is able to query DB2.
    • Verify configuration logs.
3.11 Given an existing Tivoli Access Manager for e-business environment with Session Management Server (SMS) installed, gather requirements necessary for the configuration of an SMS environment.

With emphasis on performing the following steps:

    • Gather system information necessary for configuration of participating servers.
    • Define configuration strategy (number and type of WebSEAL servers, number of load balancers, replicated Web servers, network information, physical and logical location of servers).
    • Design replica sets and session realms.
    • Define configuration parameters.
    • Determine what roles will be delegate to specific users.
    • Configure and test the configuration.
Раздел 4 - Programming

4.1 Given an existing Access Manager for e-business environment with WebSEAL, configure external authentication C API to meet customer requirements.

With emphasis on performing the following steps:

    • Configure WebSEAL to use external authentication C API.
4.2 Given a custom application that requires specific authorization checking, evaluate and explain the authorization programming options via the TAMe authorization APIs available to the development team, so they can design their application security architecture.

With emphasis on performing the following steps:

    • Identify the application level resources needing protection.
    • Define and use the application namespace.
    • Identify available programming tools (such as Java2/JAAS and aznAPI).
    • Describe entitlement services.
    • Decide how to obtain optimum performance.
    • Decide how the credential inside the application will be obtained.
4.3 Given requirements to programmatically manipulate the Access Manager user and policy repositories, design, code, and deploy an application using the administration API so that business requirements are met.

With emphasis on performing the following steps:

    • Identify APIs by function.
    • Identify types of TAMeb objects which can be maintained using the administration APIs.
    • Identify the components of the administration API.
4.4 Given custom password requirements that exceed build-in functionality, design, code, and deploy a password strength module so that the custom password requirements are met.

With emphasis on performing the following steps:

    • ldentify the APIs by function.
    • Configure password strength module to be used during authentication.
4.5 Given a deployment plan and details document, implement a secure external authentication interface (EAI) to WebSEAL such that additional authorization controls and conditions are met.

With emphasis on performing the following steps:

    • Enabling and configuring the EAI authentication mechanism in WebSEAL
    • Initiating the authentication process
    • Error handling
    • Writing the EAI authentication module
Раздел 5 - Maintenance and Troubleshooting

5.1 Given user and organization audit requirements, set up and configure auditing so that log files are produced for events and authorizations.

With emphasis on performing the following steps:

    • Structure and enable the Access Manager for e-business audit processes.
    • Manage the size of audit files.
    • Capture audit and statistical data with information gathering tool.
    • Analyze and interpret log and audit reports.
5.2 Given user and organization logging requirements, set up and configure logging so that log file entries are produced for events and authorizations.

With emphasis on performing the following steps:

    • Structure and enable Access Manager for e-business logging functions -- tailor events logged.
    • Manage the size of Access Manager for e-business log files.
    • Capture log data with information gathering tool.
    • Analyze log reports.
    • Enable remote logging function.
5.3 Given a valid Access Manager for e-business problem, perform troubleshooting tasks so that a successful problem resolution or workaround is found.

With emphasis on performing the following steps:

    • Qualify the problem.
    • Collect debug information using TAMe trace facilities.
    • Isolate problem.
    • Consult knowledge base.
    • Solve problem (if possible).
5.4 Given an existing Access Manager for e-business environment, use command-line utilities to perform backup and recovery tasks.

With emphasis on performing the following steps:

    • commands and options for restoring data from an archive.
    • commands and options for backup up data to an archive.
    • information and files collected by the default backup configurations.
Подготовка к экзамену: 

Курсы с преподавателем:

Course title: IBM Tivoli Access Manager for e-business 6.0 Deployment and System Administration
Course duration: Four (4) days
Course number: Course numbers vary depending on the education delivery arm used in each geography. Please refer to the Web site below to find the appropriate course number according to the education delivery vendor chosen.
Geo education page: Worldwide schedules available at Tivoli software education.
IBM PartnerWorld "You Pass We Pay": YPWP is available for this course. Please check with IBM PartnerWorld.
Abstract: This is a classroom course with hands-on labs for IBM Tivoli Access Manager for e-business 6.0 product. IBM Tivoli Access Manager is an authentication and authorization solution for corporate Web, client/server, and existing applications.This product allows customers to control user access to protected information and resources by providing a centralized, flexible, and scalable access control solution. This course is targeted for System Administrators, Security Architects, Application Programmers, and Identity Developers who are responsible for maintaining large numbers of users, groups, and access to specific information resources.

Course title: IBM Tivoli Access Manager for e-business 6.0 Customization
Course duration: Four (4) days
Course number: Course numbers vary depending on the education delivery arm used in each geography. Please refer to the Web site below to find the appropriate course number according to the education delivery vendor chosen.
Geo education page: Worldwide schedules available at Tivoli software education.
IBM PartnerWorld "You Pass We Pay": YPWP is available for this course. Please check with IBM PartnerWorld.
Abstract: This course will be available in Q2 2006. This instructor-led course will focus on the Access Manager for e-business customization topics.

For information on pricing, scheduling and course registration: Course names and/or course numbers vary depending on the education delivery arm used in each geography. Please refer to the Tivoli software education Web site to find the appropriate course and education delivery vendor for each geography. 

General training information can also be found at: IBM IT Training 

Литература: 

Publication title: Certification Guide Series - IBM Tivoli Access Manager for e-business V6.0
Publication order number: SG24-7202-00 (IBM Form Number); 0738496030 (ISBN)
Abstract: This IBM Redbook is a study guide for the IBM Certified Deployment Professional - IBM Tivoli Access Manager V6.0 certification exam, Test 876 , and is meant for those who want to achieve IBM Certifications for this specific product. The IBM Certified Deployment Professional - Tivoli Access Manager for e-business V6.0 certification, offered through the Professional Certification Program from IBM, is designed to validate the skills required of technical professionals who work in the implementation of the IBM Tivoli Access Manager Version 6.0 product. This book provides a combination of theory and practical experience needed for a general understanding of the subject matter by discussing the planning, installation, configuration and customization, programming, auditing and troubleshooting of Access Manager for e-business solutions. It also provides sample questions that will help in the evaluation of personal progress and provide familiarity with the types of questions that will be encountered in the exam. This publication does not replace practical experience, nor is it designed to be a stand-alone guide for any subject. Instead, it is an effective tool that, when combined with education activities and experience, can be a very useful preparation guide for the exam.

To order publication access IBM Publications Center on the Web or by phone: (note publication order number):

IBM Publications Center 

or call IBM Direct Publications: 1-800-879-2755 (US) 1-800-426-4968 (Canada) or from any non-IBM bookstore 

Самостоятельная подготовка: 

Self-study: IBM Tivoli Access Manager for e-business V6.0 Product Information and Related Links
Order number: n/a
Abstract: IBM Tivoli Access Manager for e-business helps manage growth and complexity, controls escalating management costs and addresses the difficulties of implementing security policies across a wide range of Web and application resources. IBM Tivoli Access Manager for e-business integrates with e-business applications out-of-the-box to deliver a secure, unified and personalized e-business experience. By providing authentication and authorization APIs and integration with application platforms such as J2EE, Tivoli Access Manager for e-business helps secure access to business-critical applications and data spread across the entended enterprise.

IBM Tivoli Access Manager for e-business V6.0 

Практический тест 

Примечание: Этот тест разработан с целью дать кандидату представление о содержании и формате вопросов сертификационного экзамена. Данный тест не является оценочным тестом. Выполнение его не гарантирует выполнение сертификационного теста.

1.       Which registry server suffix is required by IBM Tivoli Access Manager for e-business?

A.      cn=root

B.      o=tivoli,c=us

C.      secAuthority=Default

D.      cn=secAuthority,o=tivoli

2.       Which two are prerequisites for installing the WebSEAL ADK? (Choose two).

A.      GSKit

B.      WebSphere fix pack 2

C.      IBM Tivoli Access Manager for e-business (TAMeb) ADK

D.      TAMeb authorization server

E.       IBM Tivoli Directory Server SDK

3.       Which command is used to list the status of the IBM Tivoli Access Manager for e-business processes on UNIX machines?

A.      iv_status

B.      am_status

C.      pd_status

D.      pd_start status

4.       Which three entries are defined by default in the ACL of the IBM Tivoli Directory Server suffix in order to manage users and groups from IBM Tivoli Access Manager for e-business? (Choose three.)

A.      default-webseal

B.      cn=SecurityGroup,secAuthority=Default

C.      cn=management,cn=SecurityGroup,secAuthority=Default

D.      cn=users/groups,cn=SecurityGroup,secAuthority=Default

E.       cn=ivacld-servers,cn=SecurityGroup,secAuthority=Default

F.       cn=remote-acl-users,cn=SecurityGroup,secAuthority=Default

5.       What is the default listening port for the authorization server?

A.      7135

B.      7136

C.      7234

D.      7235

6.       Which syntax would prevent a user from logging in to pdadmin from outside of the company network?

A.      acl modify testacl set any-other Tr

B.      acl modify testacl set any-other unauthenticated

C.      pop modify testpop set ipauth add 9.0.0.0 255.0.0.0 0

D.      pop modify testpop set ipauth anyothernw deny 9.0.0.0 255.0.0.0 0

7.       Which two end-user authentication methods are supported by WebSEAL to its junctioned Web servers for web SSO? (Choose two.)

A.      basic authentication

B.      kerberos authentication

C.      SPNEGO authentication

D.      forms-based authentication

E.       SecurID token-based authentication

8.       Which HTTP header value is passed by default to a back-end web server?

A.      iv-user

B.      iv-creds

C.      iv-groups

D.      iv-server-name

9.       What occurs if the aznapi-configuration stanza of the IBM Tivoli Access Manager for e-business WebSEAL configuration file contains the following entry: logsize=-1?

A.      No records are logged.

B.      A configuration error message is displayed.

C.      No rollovers are performed and the log grows indefinitely.

D.      A new file is created each time the logging process starts and every 24 hours thereafter.

10.   Given an IBM Tivoli Access Manager for e-business error message number, which command returns the associated message text?

A.      pdadmin errnum

B.      pdadmin errtext

C.      pdadmin server errnum

D.      pdadmin server errtext

Answer Key:

5.      C

6.      AC

7.      D

8.      BEF

9.      B

10.  C

11.  AD

12.  D

13.  D

14.  B



 

 Драйверы: Intel Graphics Media Accelerator Driver 14.33/15.8, JMicron JMB36X RAID Driver 1.17.32 (download).
 Новые версии прошивок, драйверов и фирменных утилит с 17 по 30 марта 2008 года (download).
 Interface Ltd. начала поставки Gupta Team Developer 2005.
 Компания Gupta начинает программу бета тестирования для Team Developer 2005.1.
 Изучаем безопасность Windows 2003: Настройка защиты на основе прав доступа кода.


Главная »  Windows 
© 2024 Team.Furia.Ru.
Частичное копирование материалов разрешено.