OP PRODUCTS Flashcards
In the old UI
protect,
detect, and
respond
are known as what in the new UI?
Protect ~ Control
Detect ~ Defend
Respond ~ Alarm
How do you defined the network location?
By IP address
What is the function of the Defend product, what are it’s 3 Key features, and what does it integrate with?
Continuous threat monitoring
- Real time attack alerts
- Monitor for exploits, user activity/transactions, privilege misuse.
- Alert for dangerous program executions
Integration with Siena:
SPLUNK, ArcSight, Radar, Exabeam
What is an Assess policy job on the OP Platform?
A set of checks for system vulnerabilities or audit compliance.
*0P has a dedicated policy for each specific type of system such as SAP or Oracle EBS
What criteria must be met for OP to generate an issue occurrence?
Issue occurrence equal issue plus asset plus scope scope maybe system, connector, or application server
What is the difference between assess and comply?
A compliance Audit determines if your assets and here to industry regulations and internal standards. And audit contains one policy, and a policy contains a set of checks called modules that are run to assess compliance at a granular level. There are two policy types:
Standard policy provided by Onapsis, standard policies contain a set a predefined module specific to an industry standard or government mandate. You cannot modified standard policies, although you can’t clone a standard policy to create a custom policy.
Custom policy policies created by your organization. Custom policies can contain predefined modules provided by Onapsis and/or custom modules to create.
Unlike assess, which enables recurring holistic security health checks, comply is designed to give insight into how systems meet specific regulatory requirements.
What can you do in the integrations tab
Configure connections with third-party tools. Requires OP (old name OSP) add-on installation to third-party tools and connection from OP to third-party tools
What is the three lines of defense model?
First Line = Management Responsibility for operations
Second Line = Management Responsibility for Risk Management and compliance
How do you check assets for compliance?
You create and run comply jobs. Comply jobs run comply policies on assets.
Where can I find configuration guides like for the ABAP add on, for the HANA role, for the SAP SuccessFactors configuration and user guide and more?
Onapsis platform help section > PDFs
What does an exclusion group do?
Exclusion groups are used when creating custom policies and custom modules to exclude Specific criteria that would cause a control point to fill for example excluding security administrators from a control point for users accessing SU01.
What does CAGR mean?
This is a good question do the research starting with markets and markets.com question comes from a slide in the boot camp assist deep dive one relating to the annual market for vulnerability management was 12.5 billion in 2020 and is expected to increase.
What are the top three Onapsis competitors for vulnerability management and How does Onapsis vulnerability management compare with the top vulnerability management vendors?
Good question do the research. Top VM competitor =
1) QUALYS
2) TENABLE
3) RAPID7
How much do organization spend annually on vulnerability management
1.4 M
What is ioT and how is it creating vulnerabilities in the market
ioT means “Internet of things” do you research on how this is really impacting and creating vulnerabilities in the market
