Foundation
What feature of IBM Security Access Manager would be utilized in a scenario where the user is
authenticated by a third party but accessing the Organization's applications?
A. Federation
B. Client Side Certificate
C. Step-up Authentication
D. Username and Password
What is A. Federation?
A deployment professional in charge of a large deployment with replicated reverse proxy instances needs to keep junctions, template files, and configuration settings in sync between the instances. How can this be done?
A. Setup appliance clustering and issue server sync all
B. Setup appliance clustering and issue server cluster sync
C. Setup a master reverse proxy instance and issue server task source-instance sync target-instance
D. Setup a master reverse proxy instance and issue server task target-instance sync source-instance
What are
A. Setup appliance clustering and issue server sync all
and
B. Setup appliance clustering and issue server cluster sync ?
The IBM Security Access Manager (ISAM) V9.0 LMI SSL certificate is auto-generated by default.
When the LMI certificate is due to expire, how is it renewed?
A . The ISAM Appliance will renew LMI certificate automatically.
B . The ISAM deployment professional must issue reset_lmi_cert using command line interface.
C . The ISAM deployment professional must re-generate it using LMI Manage System Settings-> SSL panels.
D . The ISAM deployment professional must create a new self sign certificate using LMI Manage System Settings-> SSL panels.
What is D. The ISAM deployment professional must create a new self sign certificate using LMI Manage System Settings-> SSL panels.
An IBM Security Access Manager V9.0 Reverse Proxy has a stateful junction to a Portal application called “/wps” There is no web server in front of Portal. This junction has three Portal servers defined behind it. The Portal team needs to do maintenance on each of the three servers. The team wants to accomplish with least impact to end users.
Which pdadmin “server task” based steps will accomplish this?
A . Stop a server, have Portal team apply maintenance, bring server online-repeat for the other two servers.
B . Delete a server, have Portal team apply maintenance then add server back-repeat for the other two servers.
C . Take a server offline, have Portal team apply maintenance, bring server online- repeat for the other two servers.
D . Throttle a server, ensure activity has ceased for that server, have Portal team apply maintenance, bring server online-repeat for the other two servers.
What is C. Take a server offline, have Portal team apply maintenance, bring server online- repeat for the other two servers ?
What planet is closest in size to our moon?
What is Mercury?
What are some of the benefits of using the Federation feature of IBM Security Access Manager(ISAM)? (Choose 2)
A. Users gain more security by having multiple accounts.
B. Identity Providers can offer more services to the users.
C. Identity Providers loosen the relationship with the user.
D. Service Providers do not have to manage the user accounts.
E. Service Providers gain large amounts of information about the users.
What are
B. Identity Providers can offer more services to the users.
and
D. Service Providers do not have to manage the user accounts?
The IBM Security Access Manager (ISAM) V9.0 deployment professional tries to login to the LMI and discovers user "admin" no longer works, even though the correct password is also provided. The ISAM deployment professional must use "admin@local”.
What ISAM application configuration change has occurred to cause this behavior?
A. The LMI certificate has expired.
B. The LMI Dashboard was incorrectly configured.
C. Management Authorization has been configured.
D. Management Authentication has been configured.
What is B. The LMI Dashboard was incorrectly configured ?
Due to regulatory statues, the customer must limit a user to one session.
Which IBM Security Access Manager V9.0 capability is required to address this customer requirement?
A . Authorization Server
B . Advanced Access Control
C . Distributed Session Cache
D . Session Management Server
What is C . Distributed Session Cache ?
A company is using the embedded LDAP server to store IBM Security Access Manager V9.0 user data. However, there is a requirement to create another suffix to hold a set of user data.
Which two suffix elements are supported when creating a top level entry for the suffix? (Choose two.)
A . c
B . l
C . dn
D . st
E . cn
What are A and B?
A . c
B . l
What unit of electrical power is equal to one joule per second?
What is the Watt?
What happens when a backend repository of the Federated Directory Service becomes inaccessible?
A. The Federated Directory Service fails.
B. The Federated Directory Service continues to function.
C. The Federated Directory Service's performance increases.
D. The Federated Directory Service becomes partly inaccessible.
What is B. The Federated Directory Service continues to function?
A deployment professional attempts to log into an appliance which is part of a cluster to run pdadmin commands and receives the following message:
pdadmin> login-a sec_master Cp password 2016-03-03-02:04:38:.683-06:001 —0x1354A420 pdadmin ERROR ivc socket mtsclient.cpp 2376 0x7fc2b7b0c720 HPDCO1056E Could not connect to the server 192.168.254.11, on port 7135. Error: Could not connect to the server. (status 0x1354a426)
What should the deployment professional check concerning the login target?
A . Login was attempted on a special node
B . Login was attempted on a restricted node
C . Login was attempted on a secondary master that has not been promoted to the primary
D . Login was attempted on a non-primary master of a cluster and the primary policy server is down.
What is c. Login was attempted on a secondary master that has not been promoted to the primary
A deployment professional creates a support file on an IBM Security Access Manager V9.0 appliance.
What is the purpose?
A . For backup and recovery
B . To re-image the appliance
C . To help troubleshoot problems with the appliance
D . To capture a snapshot of the appliance configuration
What is D . To capture a snapshot of the appliance configuration ?
An attacker has compromised the private key associated with a certificate.
Which two methods can be used to ensure that certificates have not been revoked by the Certification
authority that issued it? (Choose two.)
A . Public Key Information
B . Online Status Certificate Protocol
C . Online Certificate Status Protocol
D . Certificate Rejection List located in LDAP
E . Certificate Revocation List located in LDAP
What are A & E?
A . Public Key Information
E . Certificate Revocation List located in LDAP
What sea creature can have an eye measuring 16 inches across, the largest in the animal kingdom?
What is a Squid?
How should the disk space occupied by the several large support files be reduced?
A. Configure automatic roll over of support files using the LMI
B. Download the support files and delete them from the appliance
C. Download the support files which will also delete them from the appliance
D. Configure support file retention policy using the LMI to restrict, such that files older than a certain date are purged
What is A. Configure automatic roll over of support files using the LMI ?
A customer’s IBM Security Access Manager V9.0 deployment consists of a cluster with Primary and Secondary masters. The Primary master fails and becomes unavailable and prevents any policy updates.
Which action is required to ensure policy updates can be applied?
A . Promote the Secondary to Primary
B . Enable the Policy server in Secondary master
C . Set the policy DB in the secondary to read-write state
D . Restore a backed up master policy database to the secondary master
What is B. A customer’s IBM Security Access Manager V9.0 deployment consists of a cluster with Primary and Secondary masters. The Primary master fails and becomes unavailable and prevents any policy updates.
Which action is required to ensure policy updates can be applied?
A . Promote the Secondary to Primary
B . Enable the Policy server in Secondary master
C . Set the policy DB in the secondary to read-write state
D . Restore a backed up master policy database to the secondary master
During installation WebSEAL provides a default certificate key database that is used to authenticate both clients and junctioned servers.
Which stanza entry of the WebSEAL configuration file points to the default certificate key database (i.e. kdb file)?
A . ssl-keyfile
B . jct-cert-keyfile
C . webseal-cert-keyfile
D . webseal-cert-keyfile-label
What is C . webseal-cert-keyfile
The appliance dashboard Reverse Proxy Health widget indicates a problem with the /snoop junction on the Test instance.
Which log file can be examined to find product errors?
A . agent.log
B . referer.log
C . request.log
D . msg_webseald-test.log
What is C. request.log ?
What is the shoulder blade called in a human?
What is the scapula?
A deployment professional has configured Federated Single Sign-On using IBM Security Access Manager V9.0 with WebSEAL as point of contact.
Which two things need to be configured to achieve Single Log Out (SLO) in the SAML 2.0 Federation?(Choose two.)
A. The page displayed after pkmslogout is called (logout.html)
B. The creation of user session ID's ([session] user-session-ids = yes)
C. The passing of session cookies to junctioned servers (-k option in the junction creation)
D. The URIs that receive a single signoff request ([acnt-mgt] single-signoff-uri = /applications/sign off)
E. The appropriate extended attribute to the Federation junction (HTTP-Tag-Value user_session_id=user_session_id)
What are
C. The passing of session cookies to junctioned servers (-k option in the junction creation)
and
D. The URIs that receive a single signoff request ([acnt-mgt] single-signoff-uri = /applications/sign off) ?
The IBM Security Access Manager V9.0 deployment professional has enabled the Reverse proxy pdweb, sescache statistic to troubleshoot a problem.
What is the problem?
A . HTTP sessions are being timed our prematurely.
B . HTTP requests are taking longer than expected.
C . User sessions are terminated sooner than expected.
D . Document caching is not as effective as anticipated.
What is B . HTTP requests are taking longer than expected.
Which action must be completed for an external high volume runtime database after upgrading a Security Access Manager appliance?
A . Drop the runtime database
B . Restart the external database
C . Recreate the configuration table
D . Run the Access Control update.sql files
What is B. Restart the external database ?
A stateful junction /WebApp is added to a Web reverse proxy instance with two backend HTTP servers. When one of the backend server stops responding to the requests, the users are getting the “Third Party Not Responding” error message even though one of the backend server continues to respond.
Which parameter needs to be added to the configuration file so that “Third Party Not Responding” error page is not rendered and the user is connected to the backend server that is responding?
A . Use-same-session = yes
B . Use-new-stateful-on-error=yes
C . Failover-include-session-id= yes
D . Enable-failover-cookie-for-domain = yes
What is B. Use-new-stateful-on-error=yes ?
What physicist remarked: "God is subtle, but he is not malicious"?
Who is Albert Einstein?