P2090-739 - IBM InfoSphere Guardium Technical Mastery Test v2
Go back to IBM
Which of the following best describes the role of the aggregator in a Guardium environment?
The aggregator is a Guardium appliance that collects and consolidates information from multiple collectors to a single Aggregation Server, allowing for reporting across the enterprise.
An audit administrator wants to track database changes performed by database administrators and reconcile these changes with an existing change tracking database. Which Guardium features can be used to implement this scenario?
Application Events API and External Data Correlation.
Which of the following actions is NOT a known benefit of using correlation alerts?
Real time database traffic analysis and security policy inspection.
What is the effect of enabling the Log Policy Violation option when creating a new correlation alert?
A policy violation is logged when this alert is triggered, so it may be viewed alongside real-time alerts in the Policy Violations domain.
On a Big Data environment protected by Guardium, which scenario is invalid?
When someone logins with a mistyped password, will generate an exception that will notbe caught by the corresponding S-TAP
Which of the following is not a valid termination action for an extrusion rule?
Which of the following steps must be taken before a custom table can be defined on the Guardium appliance?
Data in the existing database must be verified to make sure that the different data types are supported by Guardium's custom tables.
How is authentication and encryption implemented between collectors, aggregators and the Central Policy Manager in a multi-tier Guardium environment?
A System Shared Secret is specified through the GUI for each collector and the Central Policy Manager.
What is a security policy?
A Guardium object containing an ordered set of rules that are applied to the observedtraffic between clients and data servers.
What are the four types of tests that can be used in a Guardium vulnerability assessment?
User defined, observed behavioral, database configuration and server configuration.
A developer has recently created a temporary database to test her new human resources management application. To test it in a production-like environment she copies the MANAGERS table from the production server into her test database. This table includes sensitive personal information. Which of the following will help the database auditor identify this new database?
The database auditor can be notified by e-mail using Guardium's scheduled database auto-discovery feature.
What is the purpose of Guardium's Application Events API?
Adding application event data, such as user ID, event type and number, to the SQL statements executed between an API no-op call and its release signal.
Which of the following components collects and parses the live database traffic used to trigger a real- time alert when a security policy rule is broken?
The Inspection Engine
How does Guardium handle correlation alerts?
The Anomaly Detection Engine runs queries that correlate exceptions or policy rule violations on a scheduled basis.
Which of the following is often required to ensure that Guardium can identify a user's credentials through the Stored Procedure Monitoring feature?
A well-configured custom identification procedure mapping.
Which of the following cannot be monitored using CAS?
Which of the following is true about Guardium's entitlement reports?
Guardium includes a set of built-in entitlement report definitions for all supporteddatabases.
Which of the following is true about applying CAS templates to CAS hosts?
Instance-level changes can be made to the template items so that the same template maybe applied with different parameters (ie. run frequency) to many CAS hosts.
Which of the following is a valid use case for scheduled database auto-discovery?
Identifying new or rogue databases across environments, as well as new instances that may have been created within existing, already discovered database services.
Which of the following problems is the Application User Translation feature designed to help with?
The inability to relate a database action to a specific application user when a pool of database connections is used by an application.
When the S-TAP is in open mode, what would you need to configure to enforce a termination without any data leaking?
Using an S-GATE Attach action to put the session inclosed mode when the session isinitiated, and using a rule with an S-GATE Terminate action to terminate the activity.
Data is collected through a security policy using non-selective audit trail that only consists of rules with alert action. Which of the following cannot be viewed when reporting on these data?
In a Guardium environment where data servers can talk to the collector, what is the relationship between the S-TAP and the collector appliance?
The S-TAP reports database activity to the collector for policy management and auditing.
What is the name of the software-based Guardium probe that can be configured on a supported application server to capture web credentials?
A database known to contain the medical records of a foreign head of state is accessed at 1:30 AM. No security mechanism is installed and so this highly sensitive information is leaked to the media. Could this breach have been detected by running a Guardium vulnerability assessment without creating any custom assessment tests?
Yes,after hours login detection is one of the standard behavioral vulnerability tests included with Guardium.
What does "Auditing" mean in Guardium?
The process of logging monitored database activity as defined by the installed securitypolicy, creation of reports from logged data based on audit requirements, and review of the reportas part of an audit process.
Which of the following Big Data environments are supported by Guardium?
MongoDB, Cassandra, Exadata, BigInsights
What are the different types of rules available to be used with Guardium policies?
Access, Extrusion and Exception.
The query builder contains all of the following panes except for:
The Query ID Selector.
Which termination mechanism is most suitable for monitoring privileged users where preventing data leaks is much more important than latency?
Which of the following native SQL commands is required to link external data to internal data?
How would a DBA or developer notify Guardium using the Application User API that an application user has taken or given up control of a data server connection?
By using the GuardAppUser call in the form of a SQL SELECT statement to indicate that a new application user has taken control of the connection.