IBM Security Access Manager V9.0 Deployment v1.0

Page:    1 / 10   
Exam contains 138 questions

The appliance dashboard Reverse Proxy Health widget indicates a problem with the /snoop junction on the Test instance.
Which log file can be examined to find product errors?

  • A. agent.log
  • B. referer.log
  • C. request.log
  • D. msg_webseald-test.log


Answer : C

A customer has configured the IBM Security Access Manager V9.0 appliance authentication to an external LDAP server. The customer wants to allow support staff with LDAP accounts that are members of the HelpDesk group to view appliance and audit logs.
Where should the deployment professional configure a new role and map it to the HelpDesk LDAP group for the support staff?

  • A. Manage System Settings-> Management Delegation
  • B. Manage System Settings-> Administrator Settings
  • C. Manage System Settings-> Management Authorization
  • D. Manage System Settings-> Management Authentication


Answer : B

An attacker has compromised the private key associated with a certificate.
Which two methods can be used to ensure that certificates have not been revoked by the Certification authority that issued it? (Choose two.)

  • A. Public Key Information
  • B. Online Status Certificate Protocol
  • C. Online Certificate Status Protocol
  • D. Certificate Rejection List located in LDAP
  • E. Certificate Revocation List located in LDAP


Answer : AE

A large bank has multiple applications protected by two identically configured WebSEAL servers. One junction supports a reporting application that frequently expenses performance issues which slows response time. The worst case results in the entire site becoming unresponsive when all WebSEAL worker threads on all WebSEAL instances are consumed on the junctions to this one reporting application.
Which configuration change will prevent this situation from occurring without impacting the behavior of any other application (junction), and keeping the entire site up?

  • A. Change worker-thread-hard-limit to 75 in WebSEAL configuration file on both WebSEAL servers.
  • B. Use the "throttle" option on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.
  • C. Use the ""L 75 and ""f options on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.
  • D. Create a third WebSEAL instance supporting only this one reporting application and load balance requests across all three WebSEAL instances.


Answer : C

A company has deployed an IBM Security Access Manager V9.0 solution for protecting web resources and has enabled auditing for monitoring purposes. A security deployment professional has observed that audit records are using large quantities of disk space due to the large number of audit events related to HTTP access.
Which two strategies will help to reduce the volume of audit events in above scenario? (Choose two.)

  • A. Generate audit records for specific groups only
  • B. Generate events for unsuccessful HTTP accesses only
  • C. Generating selective audit records using authorization rules
  • D. Reconfigure WebSEAL to use CARS auditing, instead of native auditing.
  • E. Selectively disable the generation of events by using attached protected object policies (POPs)


Answer : BE

Reference:
http://www-01.ibm.com/support/docview.wss?uid=swg27049642&aid=1
(15)

During testing of an application the deployment professional is receiving frequent alerts about high disk utilization.
What action can be taken to resolve this issue?

  • A. Enable log rotation and compression
  • B. Resize the virtual disk and extend the active partition
  • C. Configure the appliance to store log and trace to a remote server
  • D. Enable the appliance background scheduler to clear unused log and trace files on a periodic basis.


Answer : C

The Distributed Session Cache has been enabled to replace the Session Management Server in a recently migrated IBM Security Access Manager V9.0 environment. Several Reverse Proxies have not yet been migrated from ISAM V7.0.
The help desk is now receiving user complaints due to multiple logins required for applications protected by the ISAM V7.0 Reverse Proxies.
Which Distributed Session Cache option should be checked?

  • A. enable_sms-functionality
  • B. provide_700_attribute_ids
  • C. Replicate certificate databases
  • D. Support internal and external clients


Answer : C

In an organization"™s testing environment, the IBM Security Access Manager V9.0 deployment professional is required to deploy the virtual appliance on Amazon
EC2 with a single reverse proxy instance with a single network interface.
How should the deployment professional configure the reverse proxy so that end-users can access the reverse proxy without specifying a non-standard port (other than 80 and 443)?

  • A. Use port forwarding to map non-standard port to a standard port on appliance using LMI
  • B. Use port forwarding to map non-standard port to a standard port on appliance using CLI
  • C. Configure appliance management port to listen on non-standard port and set reverse proxy port to listen on standard port using LMI
  • D. Configure appliance management port to listen on non-standard port and set reverse proxy port to listen on standard port using CLI


Answer : C

A company has deployed an IBM Security Manager V9.0 solution to protect web resources and now wants to secure access to enterprise resources from mobile devices. The security deployment professional needs to run a utility to configure the existing WebSEAL with the instance of the appliance that provides the authorization server for Advanced Access Control.
Which utility tool will perform this configuration?

  • A. isamcfg
  • B. pdadmin
  • C. Web Administration Tool (WAT)
  • D. Middleware Configuration Utility


Answer : A

Reference:
https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.3/com.ibm.isam.doc/config/concept/con_isamcfg.html

A customer deployment consists of a large number of virtual host functions definitions. During a troubleshooting session the deployment professional realizes the
WebSEAL logs do not distinguish between requests to different virtual hosts.
How can this be remediated?

  • A. Customize the message log to include the relative URL
  • B. Customize the request log to include the relative URL
  • C. Customize the message log to include the absolute URL
  • D. Customize the request log to include the absolute URL


Answer : D

A company is upgrading its existing IBM Security Access Manager (ISAM) environment to ISAM 9.0. Based on the requirements for the upgrade, activation keys have been procured for different ISAM modules.
Which two features require an activation key? (Choose two.)

  • A. REST APIs
  • B. Web Reverse Proxy
  • C. Authorization Server
  • D. Local Management Interface
  • E. Distributed Session Cache


Answer : BE

Reference:
https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.0/com.ibm.isam.doc/admin/concept/con_activation_levels.html

Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.
What can the deployment professional do to meet this requirement?

  • A. Configure WebSEAL to use Server Name Indication
  • B. Configure separate WeSEAL instances for each hostname
  • C. Configure an additional interface in the WebSEAL configuration file, and add a "certificate-label" for each hostname
  • D. Enter multiple values for the "webseal-cert-keyfile-label" parameter in the [ssl] stanza of the WebSEAL configuration


Answer : A

Reference:
http://www-01.ibm.com/support/docview.wss?uid=swg27043085&aid=4
(352)

A customer"™s IBM Security Access Manager V9.0 deployment consists of a cluster with Primary and Secondary masters. The Primary master fails and becomes unavailable and prevents any policy updates.
Which action is required to ensure policy updates can be applied?

  • A. Promote the Secondary to Primary
  • B. Enable the Policy server in Secondary master
  • C. Set the policy DB in the secondary to read-write state
  • D. Restore a backed up master policy database to the secondary master


Answer : B

Reference:
https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.2/com.ibm.isam.doc/admin/concept/con_cluster_policy_svr_ha.html

Which action must be completed for an external high volume runtime database after upgrading a Security Access Manager appliance?

  • A. Drop the runtime database
  • B. Restart the external database
  • C. Recreate the configuration table
  • D. Run the Access Control update.sql files


Answer : B

Which settings"™ default value needs to be changed to prevent loss of data when using a SolidDB external database for the runtime?

  • A. Driver Type
  • B. Cluster Config
  • C. Durability Level
  • D. Tuning Parameters


Answer : C

Reference:
https://www.ibm.com/support/knowledgecenter/en/SSELE6_8.0.0/com.ibm.ammob.doc_8.0/task/tsk_deploy_extnl_hvdb.html

Page:    1 / 10   
Exam contains 138 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.