C2150-609 Online Practice Questions and Answers

A risk officer of an organization discovered that a site protected by the IBM Security Access Manager V9.0 solution might be vulnerable to common attacks like cross-site scripting (XSS) and SQL injection.

Which optional component should be configured to protect against these attacks?

A. Federation

B. Secure Web Settings

C. Advanced Access Control

D. Web Application Firewall

A customer has three LDAP servers: A master (ds1.example.com), another master (ds2.example com) and a read-only replica (ds3.example.com) used for the IBM Security Access Manager (ISAM) V9.0. The deployment professional has configured the ISAM runtime using ds1.example.com as the registration server.

Which configuration will provide load balancing for LDAP read across all three servers and failover to ds2.example.com for LDAP write?

A. replica= ds2.example.com, 389, readonly,5 replica= ds3.example.com, 389, readonly,5 replica= ds2.example.com, 389, readwrite,6

B. replica= ds1.example.com, 389, readonly,6 replica= ds2.example.com, 389, readonly,6 replica= ds3.example.com, 389, readonly,6 replica= ds2.example.com, 389, readwrite,4

C. replica= ds1.example.com, 389, readonly,4 replica= ds2.example.com, 389, readonly,4 replica= ds3.example.com, 389, readonly,4 replica= ds2.example.com, 389, readwrite,6

D. replica= ds1.example.com, 389, readonly,1 replica= ds2.example.com, 389, readonly,2 replica= ds3.example.com, 389, readonly,3 replica= ds2.example.com, 389, readwrite,4

A deployment professional has a requirement to configure an OpenID Connect federation which does not allow the Relying Party to access the token endpoint.

Which grant type must be enabled when creating the federation?

A. Implicit

B. Refresh Token

C. Client Credentials

D. Authorization code

An IBM Security Access Manager V9.0 deployment professional wants to be alerted by the appliance for events like certificate expiry.

In which two ways can these alert notifications be configured? (Choose two.)

A. SNMP

B. SMS text

C. RSS Feed

D. Desktop Alert

E. Remote Syslog

Which one is supported to externalize the Advanced Access Control runtime database?

A. DB2

B. MySQL

C. PostgreSQL

D. Berkeley DB

To configure IBM Security Access Manager V9.0 for Windows desktop single sign-on using Kerberos authentication, the Reverse Proxy's identity in the Active Directory Kerbros Domain must be associated with a Service Principal name (SPN).

Given the following information:

AD Kerberos Realm Name: company.com ISAM Reverse Proxy DNS Domain: ws1.company.com

What is the correct SPN?

A. HTTP/ws1.company.com

B. HTTP/[email protected]

C. HTTP/[email protected]

D. HTTP/[email protected]

A customer's IBM Security Access Manager (ISAM) V.90 environment consists of the appliance embedded LDAP as the Primary LDAP, and a federated Active Directory (AD) which contains all user/group information. The embedded LDAP will only contain information about default ISAM components and a limited number of AD groups. Users will be required to change their own passwords via ISAM.

Which ldap.conf configuration will properly configure the AD into this Federation and meet all customer requirements?

A. basic-user-support = no host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

B. basic-user-support = no host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

C. basic-user-support = yes host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

D. basic-user-support = yes host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

A deployment professional has configured SNMP on all IBM Security Access Manager V9.0 appliances and is using the agentless adapter from Tivoli Monitoring to pull OS level CPU, Memory, Disk and Processes information.

Which alert can be setup in Tivoli Monitoring based on the data extracted?

A. Alert when reverse proxy is not running

B. Alert when reverse proxy log file size exceeds 1GB

C. Alert on junction level response times higher than 1 second

D. Alert when hard/soft limits are reached on a reverse proxy

A customer has setup IBM Security Access Manager V9.0 hardware appliances (AP, A1, A2) in a cluster. The appliances (A1, A2) that host reverse proxies are labeled as "restricted" in the cluster. AP is the Primary of the cluster.

There is one reverse proxy in appliance A1 and two in appliance A2. These reverse proxies are being tuned for performance. The appliance A1 and A2 max socket range has been set to 64510. What is true in this situation?

A. The appliance AP cannot be used for running reverse proxies to balance load

B. The reverse proxy in appliance A1 can have a maximum thread count of 30,000

C. Both reverse proxies in appliance A2 can have a maximum thread count of 30,000

D. Appliance A2 with two reverse proxies will perform better than Appliance A1 with one reverse proxy

The deployment professional wants to back up the embedded LDAP personal certificate, including the private key. They navigate to Manage System Settings -> SSL Certificates -> and select the "extract" option.

Which file format is the resulting certificate backup?

A. .p12

B. .kdb

C. .jks

D. .cer