Labour Day Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

Note! C2150-609 has been withdrawn.

C2150-609 Practice Exam Questions with Answers IBM Security Access Manager V9.0 Deployment Certification

Question # 6

A company has deployed an IBM Security Access Manager V9.0 solution with two Web reverse proxies and a load balancer in front them. The Web reverse proxy servers are configured with Distributed Session Cache (DSC).

Which two statements describe this deployment with respect to DSC? (Choose two.)

A.

It stores the last login timestamp.

B.

It provides controls over the maximum number of allowed concurrent sessions per user.

C.

It enables a standby Policy Server to be promoted to master if the primary Policy Server fails.

D.

It means that a user who has logged in to reverse proxy is not required to log in again if it fails and a load balancer routes the user's traffic to another reverse proxy.

E.

It forces all reverse proxies to perform authorization checks on the same protected object space,

which reduces the number of places where ACLs and POPs need to be specified.

Full Access
Question # 7

A company wants to accelerate cloud adoption by integrating with popular public SaaS applications. The IBM Security Access Manager V9.0 deployment professional has determined there are Quick Connectors available for the chosen SaaS applications.

Which task does the deployment professional need to perform?

A.

Develop custom mapping rules for the SaaS Application provider

B.

Create the ServiceProvider (SP) Federation on the ISAM appliance

C.

Synchronize users' enterprise credentials to the Saas Application provider

D.

Select a Partner Quick Connect partner template for the SaaS Application provider

Full Access
Question # 8

A company has deployed an IBM Security Access Manager V9.0 solution to protect web resources and now wants to secure access to enterprise resources from mobile devices. The security deployment professional needs to run a utility to configure the existing WebSEAL with the instance of the appliance that provides the authorization server for Advanced Access Control.

Which utility tool will perform this configuration?

A.

isamcfg

B.

pdadmin

C.

Web Administration Tool (WAT)

D.

Middleware Configuration Utility

Full Access
Question # 9

A deployment professional is configuring context based access for a protected resource junctioned by WebSEAL.

What must be explicitly set in order to invoke the runtime security services EAS to authorize a request?

A.

Trigger-url

B.

Authorization rule

C.

Protected Object Policy (POP)

D.

Policy Information Point (PIP)

Full Access
Question # 10

The customer requires high availability of its IBM Security Access Manager (ISAM) V9.0 WebSEAL infrastructure. The environment includes two WebSEAL appliances, two appliances for Policy Server and other ISAM services. All ISAM appliances are configured into a cluster which includes replicating the ISAM runtime and certificate files, the Policy Server, Runtime and Configuration databases, and the Distributed Session Cache. The complete LDAP configuration uses the embedded LDAP and externally federated IBM Security Directory Server (ISDS).

Which failover scenario is supported with this configuration?

A.

The embedded LDAP on the WebSEAL appliances is available in read-only mode if the Primary Policy Server is unavailable.

B.

Policy Server failover is automatic without manual intervention and the WebSEALs automatically detect the new active Policy Server.

C.

An LDAP federation implies high availability therefore the external ISDS is always available with no additional configuration.

D.

Distributed Session Cache (DSC) failover requires manual intervention at which point the WebSEALs automatically detect the new active DSC.

Full Access
Question # 11

Which method provides the ability to delete all support files from an IBM Security Access Manager V9.0 appliance?

A.

Use the delete command found under the logs menu in Command Line Interface (CLI)

B.

Use the purge command found under the support menu in Command Line Interface (CLI)

C.

Use the delete command found under the support menu in Command Line Interface (CLI)

D.

Use the deleteall command found under the support menu in Command Line Interface (CLI)

Full Access
Question # 12

An IBM Security Access Manager (ISAM) V9.0 environment is defined with multiple WebSEAL servers defined for high availability. They protect the same set of backend junctions.

Which parameter needs to be configured in each WebSEAL's configuration file to force all replicated WebSEAL servers to perform authorization checks against the same protected object space?

A.

host-name

B.

server-name

C.

domain-name

D.

virtual-host-name

Full Access
Question # 13

Which hypervisor supports hosting the IBM Security Access Manager (ISAM) 9.0 virtual appliance?

A.

QNX

B.

Hyper-V

C.

VMware ESX

D.

RHEL Workstation

Full Access
Question # 14

An IBM Security Access Manager (ISAM) V9.0 environment is configured with Primary and Secondary Master servers. The Primary master node becomes unavailable and ISAM deployment professional promotes the Secondary Master node to a Primary Master.

What happens to the original Primary Master when it becomes available and rejoins the network?

A.

It is automatically removed from the cluster.

B.

It is automatically demoted to the role of a non-master node.

C.

It is automatically promoted to the role of a Primary Master node.

D.

It is automatically demoted to the role of a Secondary Master node.

Full Access
Question # 15

A deployment professional needs to achieve single sign-on between Virtual Host Junctions https://abc.ibm.com and https://xyz.ibm.com which are on separate WebSEAL instances.

Which option requires the least amount of configuration and no changes to the application?

A.

Use the Distributed Session Cache

B.

Use Cross-Domain Single Sign-On (CDSSO)

C.

Use the option "use-same-session = yes"

D.

Use the option "shared-domain-cookie = xyz.ibm.com"

Full Access
Question # 16

In an organization's testing environment, the IBM Security Access Manager V9.0 deployment professional is required to deploy the virtual appliance on Amazon EC2 with a single reverse proxy instance with a single network interface.

How should the deployment professional configure the reverse proxy so that end-users can access the reverse proxy without specifying a non-standard port (other than 80 and 443)?

A.

Use port forwarding to map non-standard port to a standard port on appliance using LMI

B.

Use port forwarding to map non-standard port to a standard port on appliance using CLI

C.

Configure appliance management port to listen on non-standard port and set reverse proxy port to listen on standard port using LMI

D.

Configure appliance management port to listen on non-standard port and set reverse proxy port to listen on standard port using CLI

Full Access
Question # 17

A customer has deployed an IBM Security Access Manager V9.0 solution to protect web applications. After the initial authentication between the client and WebSEAL, WebSEAL can build a new Basic Authentication header and use the —b option to provide the authenticated Security Access Manager user name (client's original identity) together with a predefined static password across the junction to the back-end server.

Which configuration option will accomplish this?

A.

–b gso

B.

–b filter

C.

–b ignore

D.

–b supply

Full Access
Question # 18

The IBM Security Access Manager V9.0 Advanced Access Control module can perform Context-Based Authorization based on the contents of a POST parameter.

Which two configuration steps need to be performed to do this? (Choose two.)

A.

Attach an appropriate Access Control List to the required URL

B.

Attach an appropriate Access Control Policy to the required URL

C.

Attach an appropriate Protected Information Point to the required URL

D.

Add an entry to the [user-agents) stanza in the reverse proxy configuration file.

E.

Add an entry to the [user-attribute-definitions] stanza in the reverse proxy configuration file

Full Access
Question # 19

During testing of an application the deployment professional is receiving frequent alerts about high disk utilization.

What action can be taken to resolve this issue?

A.

Enable log rotation and compression

B.

Resize the virtual disk and extend the active partition

C.

Configure the appliance to store log and trace files on a remote server

D.

Enable the appliance background scheduler to clear unused log and trace files on a periodic basis

Full Access
Question # 20

A stateful junction /WebApp is added to a Web reverse proxy instance with two backend HTTP servers. When one of the backend server stops responding to the requests, the users are getting the "Third Party Not Responding” error message even though one of the backend server continues to respond.

Which parameter needs to be added to the configuration file so that "Third Party Not Responding" error page is not rendered and the user is connected to the backend server that is responding?

A.

use-same-session = yes

B.

use-new-stateful-on-error = yes

C.

failover-include-session-id = yes

D.

enable-failover-cookie-for-domain = yes

Full Access