C2150-609 Online Practice Questions and Answers

An IBM Security Access Manager V9.0 deployment professional is charged with monitoring request response times from WebSEAL to the backend. The deployment professional wants the flexibility to see response times per request, per junction, per HTTP return code, or other criteria that may come up in the future.

What action will generate the required data for this analysis?

A. Customize the request.log to include response times

B. Run pdadmin "stats get pdweb.jct" on all junctions on a regular basis

C. Run pdadmin stats get pdweb.https" and "stats get pdweb.http" on a regular basis

D. Write a REST API script to pull "application interface statistics" on a regular basis

There is an SSL connectivity issue between the IBM Security Access Manager V9.0 Reverse Proxy and the backend business application.

Which Two troubleshooting commands under Tools in the application SSH interface can be used to validate the Reverse Proxy can successfully connect to the backend host: secure-port? (Choose two.)

A. Ping

B. Session

C. Connect

D. Traceout

E. Connections

Which action must be completed for an external high volume runtime database after upgrading a Security Access Manager appliance?

A. Drop the runtime database

B. Restart the external database

C. Recreate the configuration table

D. Run the Access Control update.sql files

Which settings' default value needs to be changed to prevent loss of data when using a SolidDB external database for the runtime?

A. Driver Type

B. Cluster Config

C. Durability Level

D. Tuning Parameters

A deployment professional creates a support file on an IBM Security Access Manager V9.0 appliance.

What is the purpose?

A. For backup and recovery

B. To re-image the appliance

C. To help troubleshoot problems with the appliance

D. To capture a snapshot of the appliance configuration

A part of installing a fixpack a deployment professional wants to back up the appliance configuration. How is this done?

A. Click on the Create Backup link of the active partition

B. Select the active partition, select the Backup option form the Edit menu

C. Create a new snapshot, download the snapshot to the deployment professional's workstation, install the fixpack.

D. Install the fixpack. The installation will copy the configuration and install the fixpack to the inactive partition, set it active and restart.

A deployment professional has created a new SAML 2.0 Service Provider federation and added an Identity Provider partner.

What will be the next step to allow users to single sign-on to the service?

A. Configure trigger URL

B. Upload a mapping rule

C. Import Identity Provider metadata

D. Create a certificate to sign SAML messages

The SSL connection from browser to the IBM Security Access Manager V9.0 Reverse Proxy is broken and the deployment professional suspects an expired certificate.

In which location will the "Certificate expired" warning message that contains additional information to isolate the issue be seen?

A. LMI Home Dashboard

B. Systems message log

C. pdweb.debug trace file

D. Reverse proxy request log

The customer directory environment includes two Active Directory (AD) Domain Controllers (DC) managing separate suffixes (one for corporate users, one for field offices), and one occurrence of Oracle Directory Server (ODS). The business requirement states the AD for corporate users in optional and the environment should remain available even if this DC is down. There are no duplicate users across these directories.

After configuring all directories in the Secure Web Settings -> Runtime Component -> Manage -> Federated Directories, how can this requirement be achieved?

A. Edit the resulting ldap.conf and add the "ignore-if-down = yes" to the AD for the corporate.

B. Ensure the "Required" checkbox is checked for both the field office AD and the ODS server.

C. Edit the resulting ldap.conf and add the "max-server-connections = 0" to the AD for the corporate.

D. Edit the resulting ldap.conf and add the "ignore-if-down = yes" to the AD for the field offices and ODS server.

What method can be used to upload firmware to an IBM Security Access Manager V9.0 virtual appliance?

A. USB

B. SCP

C. FTP

D. VMware tools

The customer requires high availability of its IBM Security Access Manager (ISAM) V9.0 WebSEAL infrastructure. The environment includes two WebSEAL appliances, two appliances for Policy Server and other ISAM services. All ISAM appliances are configured into a cluster which includes replicating the ISAM runtime and certificate files, the Policy Server, Runtime and Configuration databases, and the Distributed Session Cache. The complete LDAP configuration uses the embedded LDAP and externally federated IBM Security Directory Server (ISDS).

Which failover scenario is supported with this configuration?

A. The embedded LDAP on the WebSEAL appliances is available in read-only mode if the Primary Policy Server is unavailable

B. Policy Server failover is automatic without manual intervention and the WebSEALs automatically detect the new active Policy Server

C. An LDAP federation implies high availability therefore the external ISDS is always available with no additional configuration

D. Distributed Session Cache (DSC) failover requires manual intervention at which point the WebSEALs automatically detect the new active DSC.

A deployment professional has created an Access Control Policy to protect sensitive business information, but is not obtaining the desired result.

Considering the rule precedence, which decision is returned for a user with a risk score of 40 and an ipAddress not considered malware?

A. Deny

B. Permit

C. Deny after Authentication One-Time-Password

D. Permit after Authentication One-Time-Password

A company wants to accelerate cloud adoption by integrating with popular public SaaS applications. The IBM Security Access Manager V9.0 deployment professional has determined there are Quick Connectors available for the chosen SaaS applications.

Which task does the deployment professional need to perform?

A. Develop custom mapping rules for the SaaS Application provider

B. Create the ServiceProvider (SP) Federation on the ISAM appliance

C. Synchronize users' enterprise credentials to the SaaS Application provider

D. Select a Partner Quick Connect partner template for the SaaS Application provider

The IBM Security Access Manager (ISAM) V9.0 deployment professional is attempting to strike the correct balance between ease of administration/configuration and security, and wants to limit where in the environment security policy can be changed.

On which ISAM component is the Secure Web Settings -> Policy Administration tool automatically disabled?

A. Runtime cluster restricted node

B. Master External Reference Entity

C. Distributed Session Cache primary node

D. Runtime cluster Standby Policy Server node

The IBM Security Access Manager V9.0 system deployment professional is about to make a significant change to the system configuration and plans to take an appliance snapshot to protect against problems occurring as a result of the change.

Which two statements are correct regarding appliance snapshots? (Choose two.)

A. Snapshot files contain the contents of the internal user registry.

B. Appliance snapshots are supported only on virtual appliances running under VMware ESXi.

C. The purpose of snapshots is to restore prior configuration and policy settings to an appliance.

D. Snapshot files contain all the `must get' data required to be sent to IBM Support in the event of a PMR being raised.

E. An appliance snapshot can be restored on any appliance that has the same firmware level as the snapshot and the same network infrastructure.