IBM InfoSphere Guardium Technical Mastery Test v2 v6.0

Page:    1 / 3   
Exam contains 43 questions

How is authentication and encryption implemented between collectors, aggregators and the
Central Policy Manager in a multi-tier Guardium environment?

  • A. Using an encrypted file containing the system password that must be copied to the Central Policy Manager and collectors.
  • B. A System Shared Secret is specified through the GUI for each collector and the Central Policy Manager.
  • C. The Central Policy Manager scans the network for Guardium collectors and performs a security handshake with each appliance.
  • D. The communication between collectors and the Central Policy Manager is based on unsecured network packets.


Answer : B

Which of the following best describes the role of the aggregator in a Guardium environment?

  • A. The aggregator is a Guardium appliance that collects and consolidates information from multiple collectors to a single Aggregation Server, allowing for reporting across the enterprise.
  • B. The aggregator is the Guardium appliance that communicates with mainframes.
  • C. The aggregator is a Guardium appliance that allows a collector and a Central Policy Manager to communicate and is required in multi-collector environments.
  • D. The aggregator is another name for the Central Policy Manager.


Answer : A

Which of the following items cannot be identified using database auto-discovery?

  • A. IP address of servers with a database instance.
  • B. Port(s) on which a database is communicating on each server.
  • C. List of databases for each database instance.
  • D. Type of database running on each server.


Answer : C

What is the purpose of Guardium's Application Events API?

  • A. Adding application event data, such as user ID, event type and number, to the SQL statements executed between an API no-op call and its release signal.
  • B. Being part of the pattern matching engine that evaluates statements for membership in a specific security policy.
  • C. Enabling non-supported database engines to be used with Guardium.
  • D. The Application Events API is used to increase the speed at which Guardium processes statements.


Answer : A

Which of the following is often required to ensure that Guardium can identify a user's credentials through the Stored Procedure Monitoring feature?

  • A. A database system-specific plug-in that attaches on to the collector's engine.
  • B. A well-configured custom identification procedure mapping.
  • C. A credential replication routine available for free from Guardium.
  • D. Reconfiguring the security policy so the appliance knows all the application servers that contact the data server.


Answer : B

Which of the following cannot be monitored using CAS?

  • A. Environment variables.
  • B. Database configurations.
  • C. SQL activity.
  • D. File permissions.


Answer : C

A database known to contain the medical records of a foreign head of state is accessed at
1:30 AM. No security mechanism is installed and so this highly sensitive information is leaked to the media. Could this breach have been detected by running a Guardium vulnerability assessment without creating any custom assessment tests?

  • A. No, this type of test is not included with Guardium.
  • B. Yes, but only if the appliance includes Guardium's Database Protection Subscription service.
  • C. Yes, after hours login detection is one of the standard behavioral vulnerability tests included with Guardium.
  • D. Yes, however this particular test is only available for IBM DB2 and Informix servers.


Answer : C

What is Guardium's primary storage mechanism for logs and audit information?

  • A. Data can only be stored in flat files on the collector (one file per S-TAP).
  • B. Data storage can only be managed individually by each S-TAP, with audit data stored locally on the data server in flat files.
  • C. Data is stored on the collector in a normalized relational database.
  • D. Data is stored locally on each server with an S-TAP but is managed centrally through the collector.


Answer : C

Which of the following is true about applying CAS templates to CAS hosts?

  • A. Each CAS Template can only be applied to one CAS host.
  • B. Instance-level changes can be made to the template items so that the same template may be applied with different parameters (ie. run frequency) to many CAS hosts.
  • C. Applying CAS Templates will require the database management system on the CAS host to be restarted.
  • D. CAS Templates are applied to collectors, which act as CAS hosts.


Answer : B

Which of the following native SQL commands is required to link external data to internal data?

  • A. IMPORT
  • B. JOIN
  • C. ALTER
  • D. LINK


Answer : B

How would a DBA or developer notify Guardium using the Application User API that an application user has taken or given up control of a data server connection?

  • A. By importing the GuardUtils library and issuing calls through it from the application.
  • B. By creating a wrapper solution that sends HTTP requests to Guardium's service- oriented API whenever an event like this happens.
  • C. By registering the application's connection pool with Guardium.
  • D. By using the GuardAppUser call in the form of a SQL SELECT statement to indicate that a new application user has taken control of the connection.


Answer : D

Which of the following is a valid use case for scheduled database auto-discovery?

  • A. Database auto-discovery cannot be scheduled because the user must specify a series of IP addresses and port ranges every time prior to running the process.
  • B. Automating the cataloging of new database instances so the administrator does not have to perform this task manually.
  • C. Ensuring that S-TAP instances have the latest database configuration for all the databases that are being monitored.
  • D. Identifying new or rogue databases across environments, as well as new instances that may have been created within existing, already discovered database services.


Answer : D

Which of the following steps must be taken before a custom table can be defined on the
Guardium appliance?

  • A. The Guardium API must be used to notify the engine that a custom table is going to be defined.
  • B. All other users of the Guardium user interface must be logged off since there can only be one active session when the custom table is being defined.
  • C. A test provided by Guardium must be run on the data server to make sure no malicious data is found in the table to be queried.
  • D. Data in the existing database must be verified to make sure that the different data types are supported by Guardium's custom tables.


Answer : D

In a Guardium environment where data servers can talk to the collector, what is the relationship between the S-TAP and the collector appliance?

  • A. There is no relationship since the S-TAP and the collector are incompatible Guardium entities.
  • B. The S-TAP reports database activity to the collector for policy management and auditing.
  • C. A collector can only interact with one S-TAP for policy management and auditing.
  • D. The collector sends the S-TAP information about its policies so it knows what traffic to intercept.


Answer : B

Which of the following actions is NOT a known benefit of using correlation alerts?

  • A. Real time database traffic analysis and security policy inspection.
  • B. Monitoring database usage and pinpointing suspicious activity.
  • C. Automatically alerting users when established behavioral baselines are exceeded.
  • D. Saving time in alerting and analyzing versus manually doing so.


Answer : A

Page:    1 / 3   
Exam contains 43 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.