C2150-198 - IBM Security Access Manager V7.0 Implementation Exam
Go back to IBM
What is the default port number of LDAP traffic encrypted using SSL?
Which statement is true when referencing WebSEAL Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) support?
WebSEAL supports CRL and OCSP for client certificate authentication and for SSL junctioned server authentication.
What HTTP header field is used by an external authentication interface (EAI) server to provide to WebSEAL the user identity?
Which hypervisor is supported with IBM Security Access Manger Web Gateway Virtual Appliance?
Which command is used to synchronize the configuration data between the two Webseal Servers? ? web1-Webseald-abc.ibm.com server (data extracted) ?web2-Webseald-xyz.ibm.com (target)
server task web2-webseald.xyz.ibm.com server synch web1-Webseald-abc.ibm.com
Which two aspects of logging event activity can be controlled? (Choose two.)
How large each log file can be for each event class
Where to direct the output for each event class
Which utility provides backup, restore, and extract capabilities for Security Access Manager data?
What are two supported Single Sign-On methods used for WebSphere Application Server? (Choose two.)
Trusted Association Interceptor
Lightweight Third Party Association
Which statement is true when using the WGA with the internal LDAP?
The internal LDAP cannot be tuned.
Which registry is NOT supported by ISAM 7?
What two conditions affect content caching configuration in a WebSEAL environment? (Choose two.)
The content caching mechanism does not cache responses to requests containing query strings.
The content caching mechanism does not cache responses to requests over junctions configured with the -c and -C options.
Which file contains the configuration information for the Security Access Manager plug-on for Web Servers?
What is the default credential to log on to ISAM 7 WGA command-line interface?
When using the IBM Security Access Manager, which ISAM component needs to be installed first?
IBM Security Utilities.
In an ISAM 7.0 solution, in which network zone should the WebSEAL Server component for internet access reside?
Within the firewall, in the DMZ zone
Which two can be used to manage the SSL certificates on the Web Gateway Appliance? (Choose two.)
The WGA LMI.
The web service.
Which configuration enables the day time error page?
[acnt-mgt]client-notify-tod = yes
What would the command "ldapsearch -p 389 -D cn=root -w ? -b cn=connections,cn=monitor -s base objectclass=*" return?
The current established client connections.
After an authorization rule is evaluated, which two identifiers can be returned? (Choose two.)
Recently the Risk Officer of your organization discovered that all key databases containing web certificates in the organization are protected with a very weak password. You are assigned to change the password on every key database into a more complex one. How can this be accomplished?
Open iKeyman, open the appropriate key database, enter the current password, and select "Change Password".
How can the audit trail facility be enabled for WebSEAL?
enter logaudit=yes in the WebSEAL configuration file
What POP attribute is necessary to require SSL encryption to access a particular resource?
quality of protection set to 'privacy'
What pdbackup command restores the contents of an Access Manger archived file on a Windows operating system to a specific folder?
pdbackup -a extract
Which two are supported operating systems for IBM Security Access Manager v7.0? (Choose two.)
Linux on System z?Linux on System z
Which external component is NOT required to use IBM Security Access Manger Web Gateway Appliance?
Common Auditing and Reporting Service
Statistical reporting can be enabled dynamically, making it possible to overrule the static configuration. How can this be achieved?
Using the pdadmin-statement 'stats on'
What is the default Runtime environment routing file on a UNIX-based system?
When configuring a Standby Policy Server environment for Security Access Manager environment on AIX, what two conditions apply? (Choose two.)
The policy database and the configuration files that are used by the policy server must be on a shared disk array.
Both the primary and standby policy servers must be on separate AIX systems that are part of a High Availability Cluster Multi-Processing(PowerHA) environment.
Given a default setup of ISAM, ITDS and a Microsoft SharePoint backend. A Web environment is experiencing performance issues. In order to analyze tracing is temporary switched on using the following commands. server task web04-webseald-unix08 trace set pdweb.debug 2 file path=/tmp/trace.log server task web04-webseald-unix08 trace set pdweb.debug 0 During analysis of the trace.log various common occurrences appear, the following trace.log extract displays only the lines important for this question. 2013-05-26-22:08:01.681+02:00I ----------------- Browser ===> PD ----------------- 2013-05-26- 22:08:01.684+02:00I ----------------- Browser <=== PD ----------------- 2013-05-26- 22:08:09.283+02:00I ----------------- Browser ===> PD ----------------- 2013-05-26- 22:08:16.682+02:00I ----------------- PD ===> BackEnd ----------------- 2013-05-26- 22:08:17.049+02:00I ----------------- PD <=== BackEnd ----------------- 2013-05-26- 22:08:17.051+02:00I ----------------- Browser <=== PD ----------------- What can be concluded by analyzing this trace excerpt?
This excerpt indicates that ITDS has a performance issue.
Which statement is true for the Local Management Interface (LMI)?
LMI cannot be used to stop, start and restart a web application configured with a web reverse proxy instances.
How do you configure two different external authentication interface (EAI) servers that use different HTTP header fields for their results?
Use two different WebSEAL instances, which can be on the same computer, and put different field names in the [eai] stanza of the instanceconfiguration file.
Which statement describes the core components of IBM Security Access Manager infrastructure?
A user registry and an authorization service.
How are ISAM users and groups logically separated within a single policy server?
By creating multiple secure domains.
What are two advantages of using persistent connections between WebSEAL and a junctioned backend server? (Choose two.)
Faster response time for the request.
Less CPU usage for both the WebSEAL and the junction application server.
When using the pdbackup utility, when would the "amwebbackup-default.lst" file need to be updated?
if additional data needs to be backed up
How do you avoid an unreliable back-end causing problems with other junctions?
Use -L 60
What WebSEAL functionality is supported by the IBM Security Access Manger Web Gateway Appliance?
HTTP Reverse Proxy feature.
How would you supply the user identifier from WebSEAL to a custom web application in the HTTP header, without requiring base64 to be used in the application?
Which statement regarding WebSEAL gateway appliance junction backend servers is true?
Multiple backend servers do not require an external load balancer.
If someone tries to gain access to a user's account by carrying out a dictionary attack but fails, which report will show an attack to an environment?
Failed Authentication History Report
What command will list all components that are available to gather and report statistics for the given WebSEAL instance 'internet'?
Server task internet-webseald-www.ibm.com stats list
Your organization has changed their preferred Certificate Authority (CA) recently. Currently you are finishing the configuration of a new set of WebSEAL instances for the new production website. You already created a certificate request and now much insert the response of the CA. During the import of the CA response in iKeyman, what could cause an error message to be displayed?
Another iKeyman instance is used, not the one where the certificate request has been made.
What command is used to apply necessary ACLs to an ldap suffix in order for Security Access Manager to be able to manage user and group information within that suffix?
For an existing junction on the WebSEAL Gateway Appliance, what method should be used to add an additional backend server?
The "Servers" tab in the junction management page.
If a user's account was compromised and the password was immediately changed by an unauthorized user, which report details all events executed for a specific period in time?
Audit Event History by User Report
What is the correct archive file If pdbackup -a backup -list C:\Program Files\Tivoli\Policy Director\etc\pdbackup.lst is executed using ISAM on a Windows Server?
C:\Program Files\Tivoli\Policy Director\pdbackup\pdbackup.lst_30aug2013.11_30.dar
Which policy can be set for Security Access Manager user accounts?
What displays logon forms from an external authentication interface (EAI) server?
An organization is facing the following challenge: Customers authenticate using a username and password, Business Partners are using a certificate to authenticate, and employees are using a token device. Within the WebSEAL architecture, how can this be achieved?
Define three WebSEAL instances and configure each with a different authentication mechanism and a different URL.
When using step-up authentication, where is the authentication level from the EAI authentication specified?
The HTTP header of the response from the EAI server