IBM Information Management Data Security & Privacy Sales Mastery v1 v6.0

Page:    1 / 1   
Exam contains 15 questions

Your customer deals with a lot of FOIA (Freedom of Information Act) requests and need to keep some information confidential. Which solution should you immediately recommend to him/her?

  • A. Guardium Data Activity Monitor
  • B. Optim Data Masking
  • C. Guardium Data Redaction
  • D. Guardium Encryption Expert


Answer : C

Explanation: * InfoSphere Guardium Data Redaction is a product aimed at achieving a balance between openness and privacy. Often, the same regulations require organizations to share their documents with regulators, business partners, or customers, and at the same time to protect sensitive information which may be buried in these documents
*


Which of the following regulations does Guardium NOT help address?

  • A. PCI-DSS
  • B. SOX
  • C. Volker Rule
  • D. HIPAA


Answer : C

Explanation: InfoSphere Guardium is used by over 400 organizations world-wide to automate the controls associated with a variety of mandates including:
Financial regulations, such as the Sarbanes-Oxley Act (SOX), FIEL and C-SOX
Data Privacy regulations including the EU Data Privacy Directive, PIPEDA, Garante della
Privacy and the German Federal Data Protection Act
PCI DSS (Payment Card Industry Data Security Standard), providing support for capabilities specified in sections 2,3,6,7, 8,10, 11 and 12

HIPAA -

Which of the following is qualifying question you should ask the first time you speak to a new prospect/client about IBM's Infosphere Privacy and Security Solutions?

  • A. Have you worked with S-TAPs before?
  • B. Do you know where does your sensitive or privacy data reside across and outside the enterprise? If so, where?
  • C. How fast are your Production databases growing?
  • D. What has your organization done to speed application development?


Answer : B

Explanation: * IBM InfoSphere Data Privacy and Security for Data Warehousing enables organizations to reduce risk and cost associated with protecting sensitive data. The solution provides a complete set of capabilities to mask or redact data, monitor and audit data activity and maintain sensitive data definitions within select data warehousing environments.

An S-TAP is:

  • A. A hardware probe
  • B. A software probe installed on the database server.
  • C. A software probe sitting on the network
  • D. An appliance.


Answer : B

Explanation: You must install InfoSphere Guardium S-TAP on each database server that you plan to use for capturing or replaying workloads. InfoSphere Guardium S-TAP is a lightweight software agent that monitors database traffic and forwards information about that traffic to an InfoSphere Guardium appliance.

Which is a benefit of using Guardium DAM instead of Database Logging?

  • A. Guardium DAM is less expensive that Database logging
  • B. Turning Database Logging on will cause a performance hit to the Database
  • C. Database Logging is used for providing results in real time
  • D. There is no benefit


Answer : B

Explanation: IBM InfoSphere Guardium Data Activity Monitor (DAM) prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats.
Continuous monitoring and real time security policies protect data across the enterprise without changes to databases or applications or performance impact.

The customer needs to provide PCI compliance controls to encrypt the PCI PAN data inside of DB2, Oracle and SQL Server. Which product do you recommend to the customer?

  • A. Guardium Data Encryption
  • B. Guardium Database Activity Monitoring
  • C. Guardium Vulnerability Assessment
  • D. Guardium Data Redaction


Answer : B

Explanation: The need:
Prevent users from inappropriately accessing or jeopardizing the integrity of enterprise data. Protect financial and transactional data including: payment card primary account numbers (PAN data), automatic cleansing house (ACH) transaction data and human resources (HR) data. Comply with Sarbanes-Oxley,
Payment Card Industry Data Security Standard (PCI-DSS) and other financial privacy and audit regulations.
The solution: Implement BIM InfoSphere Guardium Database Activity Monitor.

When is data masking in the test environment NOT an important consideration?

  • A. Testers/Developers typically have access to live sensitive data
  • B. Outsourced applications testing requires typically requires live sensitive test data being sent to outside locations/environments
  • C. Testers/Developers may perform testing on laptops which can be stolen/misplaced
  • D. Client does not have sensitive data


Answer : D

Explanation: * Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is not required.

Home grown solutions are typically costly and ineffective when compared to Guardium
Database Activity Monitor. The following are all reasons for this except:

  • A. No automation or enterprise-wide policies
  • B. High expertise to implement and maintain
  • C. No separation of duties
  • D. Insufficient testing of these solutions prior to implementation


Answer : B

What are the overall main business drivers for the Infosphere Security and Privacy
Solutions?

  • A. Security, Privacy, and Compliance
  • B. Audit, discovery, and Data breach
  • C. Fines, penalties, and negative reputation
  • D. None of the above


Answer : A

Explanation: * Database Activity Monitoring: Three Key Business Drivers
1. Prevent data breaches
Mitigate external and internal threats
2. Ensure data integrity
Prevent unauthorized
changes to sensitive data
3. Reduce cost of compliance
Automate and centralize controls
Across DBMS platforms and applications
Across SOX, PCI, SAS70,
Simplify processes

If the customer asks an IBM sales rep if Guardium supports the following items: "Dynamic
Profiling", "User Rights Management", and "SCUBA", what is the most likely competitor is in the account?

  • A. Oracle
  • B. McAfee
  • C. Application Security (AppSec)
  • D. Imperva


Answer : D

Explanation: * Dynamic Profiling, which is the core of Imperva's dynamic white list security model, enables SecureSphere to detect any changes in application or database usage.
* Scuba: A Free Database Vulnerability Scanner
A free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels.

The Infosphere Data Security and Privacy Solutions Value Proposition includes:

  • A. Helping to prevent data breaches
  • B. Ensure the integrity of Sensitive Data
  • C. CPU acceleration
  • D. All of the above


Answer : B

Explanation: IBM InfoSphere Data Privacy and Security for Data Warehousing enables organizations to reduce risk and cost associated with protecting sensitive data.

Your customer does a lot of testing and development overseas. Which solution should you immediately recommend to him/her:

  • A. Guardium Data Activity Monitor
  • B. Optim Data Masking
  • C. Guardium Data Redaction
  • D. Guardium Encryption Expert


Answer : B

Explanation: Many organizations use production data to populate their test environments.
The problem with this is that if there is sensitive data in your production environment, then you are exposing that data to software developers and testers. IBM offers the following two solutions to solve this problem: The InfoSphere Optim Data Masking option for Test
Data Management, and the InfoSphere DataStage Pack for Data Masking. Both mask data and depersonalize it while still maintaining it's realism.

Your customer tells you that they have already have a security solution and they do not need to buy another one. What do you tell them?

  • A. Other solutions are single purpose and don't scale with business growth or across databases, data types and computing models. They can't be managed centrally or build defense in depth.
  • B. Other solutions are of lower quality and do not provide the premier functionality of IBM products
  • C. Disengage from the client
  • D. Ask them to discuss Guardium with their current security vendor


Answer : A

Infosphere Guardium Data Encryption (GDE) addresses compliance at the files system level through?

  • A. File and Volume Encryption
  • B. Database Encryption
  • C. Policy Based Access Control to Encrypted Data
  • D. All of them


Answer : B

Explanation: InfoSphere Guardium Data Encryption encrypts databases and files in place and avoids the need to re-architect databases, files, or storage networks. Inserted above the file system and/or logical volume layers, InfoSphere Guardium Data Encryption is transparent to users, applications, databases and storage subsystems. It requires no coding, no modification to applications or databases, and consequently deployments can be managed in weeks rather than months.

The most compromised assets of an enterprise by percent of breaches for Web/application servers and Database Servers is small, but yet remain the most important to protect. Why is that?

  • A. These servers contain the companies email system
  • B. These servers contain the clients most valuable information
  • C. These servers contain high volumes of structured data
  • D. Both B and C


Answer : B,C

Explanation: Database Servers Are The Primary Source of Breached Data because:
* Database servers contain your most valuable information
Financial records
Customer information
Credit card and other account records
Personally identifiable information
* High volumes of structured data

Easy to access -

Page:    1 / 1   
Exam contains 15 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.