Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

C2150-609 Questions and Answers

Note! Following C2150-609 Exam is Retired now. Please select the alternative replacement for your Exam Certification.

C2150-609 Questions and Answers

Question # 6

An Access Manager environment utilizing failover cookies was recently upgraded from TAM 6.1.1 to IBM Security Access Manager (ISAM) V9.0. The deployment professional wants to take advantage of the Distributed Session Cache.

What are two advantages of the DSC verses failover cookies? (Choose two.)

A.

Utilizes SHA2 encryption keys

B.

Central administration of sessions

C.

Concurrent session policy enforcement

D.

Additional session cookie increasing security

E.

Extra attributes passed in the session cookie

Full Access
Question # 7

An IBM Security Access Manager V9.0 deployment professional needs to create the HTTP-Tag-Value attribute to pass values to a backend server as headers.

How can this be done?

A.

By creating an HTTP rule which is attached to the ACL

B.

By creating an AuthzRule which pulls the header from the ADI

C.

By creating an extended attribute on a POP protecting the junction

D.

By creating an extended attribute on the junction protected object

Full Access
Question # 8

Which web resource should be used to keep up to date on support flashes, fixpack announcements, and other product related issues?

A.

The IBM Support Portal

B.

The IBM Security twitter account

C.

The LinkedIn IBM Security Access Manager V9.0 Group

D.

The IBM devWorks IBM Security Access Manager V9.0 Forum

Full Access
Question # 9

A deployment professional creates a support file on an IBM Security Access Manager V9.0 appliance.

What is its purpose?

A.

For backup and recovery

B.

To re-image the appliance

C.

To help troubleshoot problems with the appliance

D.

To capture a snapshot of the appliance configuration

Full Access
Question # 10

A customer requirement stipulates the use of a second factor authentication to access certain resources.

Which two policy constructs can be used to implement two-factor authentication using IBM Security Access Manager V9.0 Advanced Access Control? (Choose two.)

A.

Permit

B.

Deny with Obligation DC. Permit with Obligation

C.

Permit with Authentication

D.

Permit with Risk Based Access

Full Access
Question # 11

Which hypervisor supports hosting the IBM Security Access Manager (ISAM) 9.0 virtual appliance?

A.

QNX

B.

Hyper-V

C.

VMware ESX

D.

RHEL Workstation

Full Access
Question # 12

The IBM Security Access Manager V9.0 system deployment professional is about to make a significant change to the system configuration and plans to take an appliance snapshot to protect against problems occurring as a result of the change.

Which two statements are correct regarding appliance snapshots? (Choose two.)

A.

Snapshot files contain the contents of the internal user registry.

B.

Appliance snapshots are supported only on virtual appliances running under VMware ESXi.

C.

The purpose of snapshots is to restore prior configuration and policy settings to an appliance.

D.

Snapshot files contain all the 'must get' data required to be sent to IBM Support in the event of a PMR being raised.

E.

An appliance snapshot can be restored on any appliance that has the same firmware level as the snapshot and the same network infrastructure.

Full Access
Question # 13

An OAuth client intermittently receives an error related to maximum number of tokens exceeded. What property should be adjusted to prevent this error?

A.

Set the strictjimit to variable

B.

Set least_recently_used to true

C.

Increase limit_oauth_tokens_per user_per_client

D.

Increase max_oauth_tokens_per_user_per_client

Full Access
Question # 14

A deployment professional has a requirement to configure an OpenID provider which does not expose tokens to the end user.

Which grant type should be enabled when creating the federation?

A.

SAML

B.

Explicit

C.

Refresh Token

D.

Authorization Code

Full Access
Question # 15

A customer's IBM Security Access Manager (ISAM) V9.0 environment consists of the appliance embedded LDAP as the Primary LDAP, and a federated Active Directory (AD) which contains all user/group information. The embedded LDAP will only contain information about default ISAM components and a limited number of AD groups. Users will be required to change their own passwords via ISAM.

Which Idap.conf configuration will properly configure the AD into this Federation and meet all customer requirements?

A.

basic-user-support = no

host = test-rootacme.com „

port = 636

bind-dn = CN=sysjsamadm(OU=SvcAccts.DC=test,DC=acme,DC=com

ssl-enabled = yes

suffix = dc=test-root,dc=com

basic-user-principal-attribute = samAccountName

bind-pwd = **obfuscated**

B.

basic-user-support = no

host = test-root.acme.com port = 389

bind-dn = CN=sys_isamadm1OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = no suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = "obfuscated**

C.

basic-user-support = yes host = test-root.acme.com port = 636

bind-dn = CN=sysjsamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com

D.

basic-user-support = yes

host = test-root.acme.com

port = 389

bind-dn = CN=sysjsamadm,OU=SvcAccts.DC=test,DC=acme,DC=com

ssl-enabled = no

suffix = dc=test-root,dc=com

basic-user-principal-attribute = samAccountName

bind-pwd = **obfuscated**

basic-user-principal-attribute = samAccountNarrae bind-pwd = "obfuscated**

Full Access
Question # 16

The IBM Security Access Manager V9.0 deployment professional has recently discovered an entire deployment of over 100 junctions was performed incorrectly.

How can a repair operation be scripted for this, and future deployment personnel?

A.

Use the CLI SSH interface, navigating to isam->admin and authenticating as sec_master.

B.

Use a text editor and create the correct junction XML files, then import them using the LMI.

C.

Use the LMI Secure Web Settings -> Reverse Proxy -> Manage -> Junction Management interface.

D.

Use the REST API interface https://{appliance_hostname}/isam/pdadmin, JSON files and the CURL utility.

Full Access
Question # 17

Which two protocols does the federation module in IBM Security Access Manager V9.0 support?

(Choose two.)

A.

SAML2.0 D B. XACML3.0

B.

Higgins 2.0.0

C.

OpenID Connect

D.

Shibboleth (Internet 2)

Full Access
Question # 18

A deployment professional has created an Access Control Policy to protect sensitive business information:

Which Policy decision is returned for a user with a risk score of 35 and has consented to registering a device?

A.

Deny

B.

Permit

C.

Permit with Obligation Register Device

D.

Permit with Authentication Consent Register Device

Full Access
Question # 19

An IBM Security Access Manager (ISAM) V9.0 environment is configured with Primary and Secondary Master servers. The Primary master node becomes unavailable and ISAM deployment professional promotes the Secondary Master node to a Primary Master.

What happens to the original Primary Master when it becomes available and rejoins the network?

A.

It is automatically removed from the cluster.

B.

It is automatically demoted to the role of a non-master node.

C.

It is automatically promoted to the role of a Primary Master node.

D.

It is automatically demoted to the role of a Secondary Master node.

Full Access
Question # 20

During testing of an application the deployment professional is receiving frequent alerts about high disk utilization.

What action can be taken to resolve this issue?

A.

Enable log rotation and compression

B.

Resize the virtual disk and extend the active partition

C.

Configure the appliance to store log and trace files on a remote server

D.

Enable the appliance background scheduler to clear unused log and trace files on a periodic basis

Full Access