000-891考试指南及题库分享.doc

最新活动：Testinside考题大师权威Microsoft、Cisco、SUN、CIW、IBM、Nortel、HP、Oracle等各大IT认证题库，最新考题售价仅180元起。（时间有限！）机会不容错过！需要的朋友一定要抓住这个机会！下面开始我们的正文！000-891 ExamIBM Tivoli Federated Identity Manager V6.1科目编号：000-891 科目名称：IBM Tivoli Federated Identity Manager V6.1相关分类：IBM certifications I题目数量：70考试时间以分钟为单位：105所需的及格分数：61000-891 考试是 IBM 公司的 IBM Tivoli Federated Identity Manager V6.1 认证考试官方代号，IBM Tivoli Federated Identity Manager V6.1 认证作为全球IT领域专家 IBM 热门认证之一，是许多大中IT企业选择人才标准的必备条件。必备技能：评估客户的架构和解决方案设计文件。分析部署环境。协助制定项目计划。应用联合管理概念（联合身份管理，Web服务安全管理，联邦供应）。的（IBM的Tivoli目录集成，LDAP/DB2时，WebSphere Application Server V6.0中，IBM公司的Tivoli访问管理器）应用程序执行的基本设施的先决条件。描述了IBM Tivoli联合身份管理器V6.1的功能和组件。配置产品的集成点（IBM的Tivoli目录集成时，WebSphere Application Server V6.0中，共同的审计和报告服务（汽车），IBM公司的Tivoli访问管理的电子商务V5.1/V6.0）。安装和配置联合单点登录，Web服务安全管理，联邦供应服务。联邦确定关键组件的单一登录协议。示范工作的IBM Tivoli联合身份管理子系统的知识。部署IBM Tivoli联合身份管理器的客户解决方案凭借其联合单点登录，Web服务安全管理，联邦供应服务组合。疑难解答IBM公司的Tivoli联合身份管理器V6.1的服务。基本网页开发基础知识（包括安全问题）。工作知识操作系统。工作知识服务器的硬件和网络技术。经验和知识与TCP / IP网络的原则，包括使用SSL。工作知识系统的UNIX，Windows或Linux操作系统的管理。安全概念的一般知识，包括主要管理和PKI基础。工作知识XML术语和概念，包括XSLT，XML的DSig和XML加密。SOAP的工作条件和概念，包括知识的安全，但信托，WSDL和Web服务的部署。工作知识的LDAP（IBM的Tivoli目录服务器）。工作知识基本编辑器如vi。工作经验的WebSphere应用服务器（管理控制台，集群）。工作经验的IBM Tivoli Directory Integrator和JavaScript的。编程和脚本的经验，包括：JSP中，ActiveX控件，Java的。工作经验的IBM Tivoli Access Manager的电子业务。安全策略管理的概念。联邦工作知识单一登录协议（SAML的，是联邦，自由）。工作知识的Web服务应用程序的部署。联邦供应工作的认识。共同审计工作经验报告服务（汽车）。 工作知识第三方XML防火墙/网关。与其他层的协议栈和熟悉相关的无线协议：WTLS的，WML和WAP的。熟悉网络服务，如RAD数据通信公司，WSAD的应用工具。与工作环境变量：局部变量，出口变数，家庭，路径，子shell。熟悉的wsadmin和Jython脚本。 熟悉WebSphere应用服务器动态缓存。熟悉TCPMon。熟悉数据中心术语，概念和方法：负载平衡，防火墙，交换和路由（2级，Level3的）。熟悉公共事件基础设施。考试大纲：Section 1 - Planning for FederationGiven a set of architecture documents, review the scenario described, review the customers use cases, identify IBM Tivoli Federated Identity Manager V6.1 (ITFIM)function, and identify role of customer in Federation so that a valid use case and scenario document is prepared which details the ITFIM function and protocols in relation to the customers role in the Federation.With emphasis on performing the following steps:Review scenario described.Review use cases.Identify ITFIM function.Identify customer role (identity provider/service provider).Given a valid use case and scenario document which describes the customers roles and customers usage requirements (for example: performance requirements), identify how the IBM Tivoli Federated Identity Manager V6.1 (ITFIM) components map to the customers environment so that the details of the customer environment are qualified and required platforms are listed.With emphasis on performing the following steps:Identify authentication service (HTTP, direct).Identify session management (HTTP).Identify authorization services.Identify alias service.Identify Federated Single Sign-On identity services.Identify Identity manager providing endpoints.Determine platforms.Identify point of contact (SOAP) for mobile, what WAP gateway, LECP/ECP.Given the output of the mapping of the customer requirements to IBM Tivoli Federated Identity Manager V6.1 (ITFIM) Services and a list of the required platforms, determine the number of machines (and if any additional) so that a list of target machines is produced.With emphasis on performing the following steps:Get permission to install.Determine machine numbers and specs.Reconcile, determine additional platforms.Given the customers security policy, determine audit and reports methodology (CARS or audit log), Federated Single Sign-On, Web Services Provisioning, and Web Services Security Management security policies so that audit log configuration is defined and high security level policy is outlined detailing signed components, encryption, authorization, authentication, and transport security for each ITFIM function.With emphasis on performing the following steps:Determine audit/log policy.Determine Federated Single Sign-On security requirements.Determine WS Provisioning security requirements.Determine Web Services Security Management security policy.Given the customers use cases, selected partner identities, and target number of partners, determine partner functionality, evaluate partners requirements, and define test environment so that a matrix of partner by functionality and requirements is created and generate a test plan.With emphasis on performing the following steps:Determine partner functionality.Evaluate partners security policy.Determine partner ID map requirements.For Web Services Security Management, determine WS trust names pace.Define customer-partner test environment.Build test drivers.Given a matrix of partner by functionality and requirements, list of target machines, and details of customer environment, map IBM Tivoli Federated Identity Manager V6.1 (ITFIM) function to ITFIM components to target machines so that an installation plan is created.With emphasis on performing the following step:Identify ITFIM function, ITFIM component and target match.Given a list of federation partners with security policy and a matrix of partner by functionality, define the federations so that each partner is assigned to a federation and the function of each federation is listed.With emphasis on performing the following steps:Map partners to Federations.Create new Federations if required.Section 2 - Planning for Federated Single Sign-OnGiven a mapping of Federated Single Sign-On partners to Federations, a definition of each Federation, the Federated Single Sign-On customer-partner security policy, and the additional attributes require in the Federated Single Sign-On tokens, refine the Federated Single Sign-On details so that the parameters for the customers self-configuration and high level mapping of attributes requirements are documented for each Federated Single Sign-On Federation.With emphasis on performing the following steps:Define/determine encrypt and signing requirements for messages.Determine encryption requirements for messages.(If required) determine token types.Determine token security parameters.Determine message parameters: lifetime, nonce, etc.Define protocol/Federation specific endpoints.Determine ID mapping rules (high level).Section 3 - Planning for Web Services Security ManagementGiven a description of the Web Services Environment and applications, define the Web Services point of contact, type of services, login method for each application is identified so that a list of applications to be deployed in Web Services Security Management is generated.With emphasis on performing the following steps:Identify Web Services point of contact (i.e.: XML framework, WSGW, etc.).Identify type of Web Service (i.e.: SOAP/HTTP, SCAP/JMS, RMI/IIOP, etc.).Identify if Web Service endpoint or intermediary.Determine list of applications to be deployed with Web Services Security Management.If endpoint, login required?If intermediary, token exchange?Given a list of Web Services Security Management (WSSM) partners, the customer-partner WSSM security policy, and the information required to be in the incoming token (included with partners web services request), determine the requirements for authentication and authorization for each application and for each partner and identify the applications the partner can access so that the parameters of the local configuration of the WSSM Federation, application side and partner side of WSSM, and high level mapping of the requirements and rules are defined.With emphasis on performing the following steps:If required, determine applications token type vs. login.Determine requirements for encrypting message by applicationDefine/determine requirements for signing messages by application.If required, determine requirements for encrypt/sign output tokens.Determine authorization required by application.Define applications available to partners.Define ID mapping rules (high level) by partner.Determine requirements for encryption input tokens by partner.Determine requirements for signing input tokens by partner.If required, determine partners output token type.Section 4 - Install Infrastructure and Components for Federated Single Sign-On, Web Services Security Management, Federated ProvisioningGiven the WebSphere Application Server (WAS) deployment strategy, WAS install media, WAS cluster info, and architecture document, run the WAS installation, crate the application server profile, create the deployment manager profile, a WAS cluster, a replication domain, and add the application server to the cluster so that WAS is installed and configured for ITFIM.With emphasis on performing the following steps:Install WAS.Create an application server profile.If using clustering, create deployment manager profile.Create a profile.If clustering, create cluster.If clustering, add other servers to cluster.Given the architecture document, directory information, IBM Tivoli Access Manager installation (ITAM), SSL keys, and proper access, install patches, GSKit, Access Manager Runtime Environment (AMRTE) filesets, and run pdconfig with the correct information so that WebSEAL is successfully installed and configured into ITAM domain.With emphasis on performing the following steps:Identify OS patches to install.Install OS patches.Install GSKit.Install AMRTE.Install file sets.Configure WebSEAL into ITAM domain.Given ISC install media, verify that LDAP server is running and run the ISC install so that ISC is property installed and configured.With emphasis on performing the following steps:Verify that LDAP server is running.Install ITFIM Console.Given IBM Tivoli Federated Identity Manager V6.1 (ITFIM) media, ISC is installed and configured, and WebSphere Application Server (WAS) V6.1 server is running, run install program for ITFIM Console and ITFIM Runtime so that ITFIM Console and Runtime are successfully installed.With emphasis on performing the following steps:Verify that LDAP is running.Install ITFIM Runtime.Create domain.Deploy ITFIM Runtime.Given the installation media, install the filesets to successfully perform an IDI installation.With emphasis on performing the following step:Install filesets.Given the architecture document, the WAS ND install media, and the required patches, install WAS ND and apply the required patches to create a new WAS application profile and install the server integration business web services components to create a configured Web Services Gateway.With emphasis on performing the following steps:Install WAS ND.Create a new application profile.Install patches.Install the Service Integration Business Web Services components.Given the need for Common Audi Reporting Services (CARS) and the installation media, confirm all prerequisites have been met, run CARS install, so that CARS is installed.With emphasis on performing the following steps:Install DB2Configure DB2 InstanceInstall and Configure CARS ServerConfigure Common Event Infrastructure in WASInstall CARS ClientConfigure TAM for CARSVerify event data within DB2Install and Configure Crystal Reports(including prebuilt TAM reports)Generate TAM reports via Crystal ReportsSection 5 - Configure Federated Single Sign-On, Web Services Security Management, Federated ProvisioningGiven LDAP access information and the name of the new alias service and suffix, add the new suffix and restart WebSphere Application Server (WAS) to have LDAP configured for IBM Tivoli Federated Identity Manager V6.1 (ITFIM).With emphasis on performing the following steps:Stop LDAP.Add LDAP suffix for alias service.Start LDAP.Given attribute requirements for applications, role, user of group definitions, attribute schema, and XSLT authoring tool, use XSLT tool to successfully write and run a mapping rule.With emphasis on performing the following steps:Write XSLT (mapping) rule.Run XSLT (mapping) tool.Given the WebSEAL information, company information, protocol, role, token requirement, protocol specific configuration, and defined mapping rules, successfully create and configure a Federation.With emphasis on performing the following steps:Log in to Integrated Solutions Console (ISC) and click on Create FederationFollow Federation Creation wizard and input appropriate data.Send meta data to Federation partner.Given partner meta data and partner specific configuration, log in to console, define a partner and enable a partner for a configured working partner.With emphasis on performing the following steps:Log in to Integrated Solutions Console (ISC), select Federation, click on Add Partner.Follow the Add Partner wizard.Enable partner.Given partner client certificate configuration, certificate authority certification for HTTPS connection, security requirements for WebSEAL to WAS communication, WebSphere Port info, role, Federation name, ITFIM FSSO endpoint, and user attribute info, configure WebSEAL for ITFIM so that a working WebSeal configuration for a specific Federation is created.With emphasis on performing the following steps:Configure tag value.Using the TFIMCFG tool a junction, configure EAI, assign ACLs.If role is service provider, modify login.html page to point to Single Sign-On endpoint.Configure single logout endpoint.Import partner client certificates into WebSEAL keystore.Increase WebSEAL POST cache size.Basic authentication user provisioning - create users as ITAM users at identity provider side.Given architecture document, IBM Tivoli Federated Identity Manager Application Developer Kit (ITFIM ADK) and Java Development Tool, write, test and install the code, so that custom code is successfully created to meet the customers requirements.With emphasis on performing the following steps:Write code.Test code.Install code.Given architecture requirements, write, test and install custom token module, so that support is provided for a custom token type.With emphasis on performing the following steps:Write custom token code.Test custom token code.Install custom code.Given the required token types, attributes required, partner keys, self keys and configured mapping rules, log in to the console and add a WSSM partner. Follow the wizard and input the required data, so that a configured WSSM partner is created.With emphasis on performing the following steps:Log in to console and click on Add WSSM Partner.Follow Add WSSM Partner wizard and input required data.Given the trust service endpoint info, the application WSDL, the required application token types, the customer application, required WAS patches and the WSDL2TFIM and WSDL2TAM tools, configure ITFIM WSSM in WAS to create a deployed application secured by WSSM.With emphasis on performing the following steps:Configure a JAAS login module for SAML.Create WebSphere shared library for WSSM classes.Configure WSSM PDJRTE.Deploy customer application.Run WSDL2TFIM and WSDL2TAM tools.Configure TAM policy.Apply WAS patches.Given architecture document, registry info, and IDI Toolkit, write, test and install code for a successful development of custom code.With emphasis on performing the following steps:Write Federated Provisioning/IDI code.Test Federated Provisioning/IDI code.Install Federated Provisioning/IDI code.Given the ITAM and WebSphere environment information and editor, update the assembly line properties and the Provisioning Service endpoint to successfully update the Provisioning Configuration.With emphasis on performing the following steps:Update provisioning service endpoint custom property.Update assembly line properties and constraints.Given attribute requirements for application, role, user and group definition, attributes schema, create and enable a Custom Mapping Module, so that the users identity is successfully mapped.With emphasis on performing the following steps:Given ITFIM and CARS are installed, configure ITFIM to send audit events to the CARS server, so that CARs can be used by ITFIM.With emphasis on performing the following steps:The CARS server root signer certificate must be imported to the IBM Tivoli Federated Identity Manager keystore.Navigate to Domain Management and click on Auditing in the console to display Audit Settings.Select the enable audit checkboxSelect the Tivoli Common Audit and Report Server radio button.Type the address for the Common Audit and Report Server in the Web Service URL field.Click Web Service Security SettingsSetup SSL keystore by selecting key. (CARS root signer certificate).Select the type of authentication. Basic Authentication or None. For Basic Authentication, the user id specified must belong to the EventSource role on the CARS server.Click on OK to save the configuration.Section 6 - Test Federated Single Sign-On, Web Services Security Management, FederatedGiven a configured IBM Tivoli Federated Identity Manager V6.1(ITFIM) environment with Federated Single Sign-On (FSSO), authenticate with the Identity Provider, and connect to the linked account at the Service Provider, so that there is a working IBM Tivoli Federated Identity Manager environment with FSSO.With emphasis on performing the following steps:Authenticate with the identity provider.Connect to linked account at service provider.Test/verify Single Sign-On + account federation (Liberty, SAML 2.0).Test/verify Single Sign-On (push, pull).Test/verify HTTP-redirect, SOAP-HTTP profiles.Test/verify liberty RNI/FT, Name NIM profiles.Test/verify where are you from?.Test/verify Single Logout (local, global).Given a WSSM installed and configured environment and a deployed Web Services application with WS Security turned on, run the Web