- Barajar
ActivarDesactivar
- Alphabetizar
ActivarDesactivar
- Frente Primero
ActivarDesactivar
- Ambos lados
ActivarDesactivar
- Leer
ActivarDesactivar
Leyendo...
Cómo estudiar sus tarjetas
Teclas de Derecha/Izquierda: Navegar entre tarjetas.tecla derechatecla izquierda
Teclas Arriba/Abajo: Colvea la carta entre frente y dorso.tecla abajotecla arriba
Tecla H: Muestra pista (3er lado).tecla h
Tecla N: Lea el texto en voz.tecla n
Boton play
Boton play
39 Cartas en este set
- Frente
- Atrás
|
List the main minimum system requirements for Guardium appliances.
|
4 CPUS (AMD o intel), 64 BIT
24 GB RAM 300GB HDD 1 DVD DRIVE 1 GBIT o 10 GBIT port nic |
|
Data Sources Supported for IBM Guardium v10.5
|
ORA,MSSQL,IBM-IMS-DATAsets, SAPSYBASEASE-IQ-HANA,CLOUDER-ASTER-CASS-COUCH,GREENplum-HW,MAMEMONGO.HP-Vertica-FTP
|
|
Platforms Supported for IBM Guardium v10.5
|
AIX-Z/OS,HPUX,RH-SUSE,SOLARIS-WIN,IBMUBUNTOPENSSL,CENTOS-TLS
|
|
Supported Data source platforms for IBM Guardium Vulnerability Assessment (VA)
|
O,MI,IBM,MY,SAP,POS,TERA,ASTER-MON,AZ-RDS
|
|
The IBM Security Guardium solution is available as a...
|
• Hardware offering - fully configured physical appliance provided by IBM.
• Software offering - software images deployed on customer hardware either directly or as virtual appliances |
|
The Guardium unit type can be changed from a Collector to an Aggregator from a cli command or similar??
|
NO
The Unit must be rebuilt from scratch and the correct unit type specified |
|
Qué es un S-TAP failover?
|
An S-TAP can be configured to fail over (start communicating with) to a
secondary or tertiary collector if the primary collector is unreachable. When the primary collector is reachable, the S-TAP reverts to it --The S-TAP also uses a limited memory buffer (spill file on the z/OS) to temporarily buffer data that is in transit to the collector |
|
Qué es un S-TAP Mirroring?
|
If a collector fails, the data since the last daily export or archive is lost. To
avoid any loss, the S-TAP can be configured to mirror its transmission to two collectors, so each collector receives the same copy of the data |
|
Qué es un Collector?
|
In Database Activity Monitoring or Vulnerability Assessment, the collectors monitor
and analyze database activity to provide continuous fine-grained auditing and reporting, realtime policy-based alerting and database access controls |
|
Qué es un Central Manager/Aggregator?
|
The Central Manager is a single point of management for the
entire IBM InfoSphere Guardium deployment. --With the Central Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and generate enterprise-level reports. |
|
Sizing: Number of collectors for Vulnerability Assessment Solution??
|
One collector for every 255 database instances
The Vulnerability Assessment solution scans the databases in scope one by one. This solution does not analyze database traffic and does not require as many resources as Database Activity Monitoring |
|
Sizing: Number of Aggregators???
|
1 aggregator for every 8 collectors.
|
|
Que es un Guardium Appliance?
|
The physical or virtual Guardium box; can be either a “collector” or an
“aggregator” (with or without central management) |
|
Que es Guardium Unit?
|
lo mismo del Appliance
|
|
Que es Manager Unit?
|
An appliance configured as Central Manager
|
|
Que es Managed Unit ?
|
An appliance managed by the Central Manger
|
|
Que es Standalone Unit?
|
An appliance not in a Central Manager environment
|
|
Que es Purge?
|
For the best performance, purge all data that is not needed. Purge to free disk space.
|
|
Que es Archive?
|
Compress the data of a single day into an encrypted file and send it to the
aggregator. |
|
Que es Hierarchical Aggregation??
|
Guardium also supports hierarchical aggregation, where multiple
aggregation appliances merge upwards to a higher-level, central aggregation appliance. This is useful for multi-level views. |
|
Para que es usado el system shared secret ?
|
is used for archive/restore operations, and for Central Management
and Aggregation operations. When used, its value must be the same for all units that will communicate |
|
Cuando es usado el system shared secret?
|
• When secure connections are being established between a Central Manager and a
managed unit. • When an aggregated unit signs and encrypts data for export to the aggregator. • When any unit signs and encrypts data for archiving. • When an aggregator imports data from an aggregated unit. • When any unit restores archived data. |
|
Que hace Orphan cleanup en los aggregators?
|
When the aggregator includes restored data, orphans cleanup
related to the restored data will be set to run according to the expiration date set when data was first restored |
|
Que se hace para restaurar los archivos?
|
To restore archives, you must copy the appropriate file(s) back to the
Guardium system on which the data is to be restored. There is a separate file for each day of data. DO NOT change the names of archived files. If a generated file name is changed, the restore operation will not work. |
|
Pasos para restaurar los archivos (restoring)
|
1. Click Manage > Data Management > Data Restore to open Data Restore.
2. Enter a date in the From box, to specify the earliest date for which you want data. 3. Enter a date in the To box, to specify the latest date for which you want data. 4. In the Host Name box, optionally enter the name of the Guardium appliance from which the archive originated. 5. Click Search. 6. In the Search Results panel, mark the Select box for each archive you want to restore. 7. In the Don't purge restored data for at least box, enter the number of days that you want to retain the restored data on the appliance. 8. Click Restore. 9. Click Done when you are finished. |
|
Troubleshooting en el restoring, que procede?
|
On an escalation to technical support, please supply a detailed log from the
time when the problem occurred. Navigate to Manage > Reports > Data Management > Aggregation/Archive Log |
|
Para que se usa Central Manager Redundancy or Backup Central Manager (CM)?
|
to configure a secondary or
backup CM in case the Primary CM becomes unavailable. |
|
To list status of cm_sync_file(s) on
Backup CM, use the CLI command..... |
show local_cm_sync_file
|
|
To list the value of Backup CM IP for each managed unit, use the GuardAPI command
|
grdapi show_backup_cm_ip
(this API command can only run on a Central Manager) |
|
Que pasa When you install an S-TAP client?
|
the installation program checks whether the guardium group
exists. If the group does not exist, the installation program creates it. |
|
Locations de los logs de instalacion del stap
|
Locations include /var/tmp, /tmp, and
/var/log |
|
Lista la inicializacion del s-tap en los diversos SO
|
-inittab ----- En AIX,HP-UX y RHEL hasta el 5 y el SUSE 11 y ubuntu 10.04
-upstart ----- En RHEL 6 en todas las arquitecturas y ubuntu 12 y 14 -systemd---- en RHEL 7 y SUSE 12 y ubuntu 16 -service en los solaris |
|
iniciar/parar los servisios del s-tap, listalos
|
start/stop utap
start/stop gim start/stop gsvr |
|
Pa checar el status de los productos del guardium en el sistema
|
initctl list
status utap |
|
LIsta los componentes del S-TAP
|
• K-TAP
• A-TAP • PCAP • TEE • Discovery Agent |
|
Que se logra con combining Guardium's real-time security alerts and correlation analysis with SIEM and log management products, y que es lo que hace que las companies can enhance their ability to...
|
• Proactively identify and mitigate risks from external attacks, trusted insiders, and
compliance breaches; • Implement automated controls from Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS), and data privacy regulations; • Manage system and network events alongside critical logs and events from the core of their data centers |
|
This Guardium SIEM (Security Incident Event Manager) integration can be done in one
of the following ways: (enlistalo) |
• Syslog forwarding (the most common method for alerts and events)
• Using the CLI command, store remotelog, to specify the Syslog forwarding to facility/priority, and host (destination). • Using Guardium templates for ArcSight, Envision, and QRadar • SCP/FTP (CSV or CEF Files sent to an external repository and the SIEM system must upload and parse from this external repository.) |
|
CEF is only used for.....
|
ArcSight
|
|
Guardium appliance Types
|
Managed Unit
Standalone Unit Central Manager Aggregator Backup Central Manager |
