Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 591klB651

Hot Vendors
  1. Home
  2. IBM
  3. IBM Certified Deployment Professional
  4. C2150-609
  5. IBM Security Access Manager V9.0 Deployment Questions and Answers
Note! The C2150-609 Exam is no longer available.

C2150-609 IBM Security Access Manager V9.0 Deployment Questions and Answers

Questions 4

An IBM Security Access Manager V9.0 deployment professional needs to create the HTTP-Tag-Value attribute to pass values to a backend server as headers.

How can this be done?

Options:

A.

By creating an HTTP rule which is attached to the ACL

B.

By creating an AuthzRule which pulls the header from the ADI

C.

By creating an extended attribute on a POP protecting the junction

D.

By creating an extended attribute on the junction protected object

Buy Now
Questions 5

A deployment professional needs to update the certificate used by the LMU Which steps should the deployment professional follow to complete this task?

Options:

A.

Navigate in the LMI to manage system settings -> Management SSL Certificate -> Upload p12 file

B.

Navigate in the LMI to manage system settings -> Management SSL Certificate -> Request New Certificate from CA

C.

Navigate in the LMI to manage system settings -> Management SSL Certificate -> Update rt_profile_keys key file

D.

Navigate in the LMI to manage system settings -> Management Authorization -> Update rt_profile_keys key file

Buy Now
Questions 6

A customer has a developed an OAuth 2.0 Client application to access resources on behalf of a user. The customer states that the OAuth client has the following two constraints:

1. The OAuth client is not capable of maintaining its credentials confidential for authentication with the authorization server.

2. The resource owner does not have a trust relationship with the client

What is the suitable OAuth 2.0 grant type for the API Protection Policy if the user resource accessed by the OAuth 2.0 client is to be protected by IBM Security Access Manager V9.0?

Options:

A.

Implicit Grant

B.

Client Credentials Grant

C.

Authorization Code Grant

D.

Resource Owner Password Credentials Grant

Buy Now
Questions 7

Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.

What can the deployment professional do to meet this requirement?

Options:

A.

Configure WebSEAL to use Server Name Indication

B.

Configure separate WebSEAL instances for each hostname

C.

Configure an additional interface in the WebSEAL configuration file, and add a "certificate-label" for each hostname

D.

Enter multiple values for the "webseal-cert-keyfile-label" parameter in the [ssl] stanza of the WebSEAL configuration

Buy Now
Questions 8

Which task should an IBM Security Access Manager V9.0 deployment professional perform prior to sharing the support files with other stakeholders?

Options:

A.

Generate a MD5 hash of the support file's filename

B.

Use an archiving utility to compress the support file

C.

Inspect the contents of the support file and censor any confidential information

D.

Delete all the log files from the support file because they are not useful to the stakeholders

Buy Now
Questions 9

There is an SSL connectivity issue between the IBM Security Access Manager V9.0 Reverse Proxy and the backend business application.

Which two troubleshooting commands under Tools in the application SSH interface can be used to validate the Reverse Proxy can successfully connect to the backend host:secure-port? (Choose two.)

Options:

A.

ping

B.

session

C.

connect

D.

traceroute

E.

connections

Buy Now
Questions 10

The customer currently maintains all its users in Active Directory. As part of its new IBM Security Access Manager (ISAM) V9.0 deployment, the customer understands it will have to implement the ISAM "Global Sign-on (GSO)" to achieve SSO with certain backend applications which do their own authentication and cannot be modified.

Which federated repositories configuration will address the customer requirements?

Options:

A.

Use an external ISDS LDAP as the ISAM Primary LDAP, federate with the AD and import all AD users into the ISAM TDS

B.

Configure the AD as the ISAM Primary LDAP, which will create the necessary secauthority=default suffix. Import all users into the ISAM AD

C.

Use the ISAM embedded LDAP as the Primary LDAP, federate with the AD and configure "basic user", and specify "basic-user-principal-attribute = samAccountName"

D.

Use an external ISDS LDAP as the Primary LDAP, federate with the AD, configure "basic user”, specify "basic-user-principal-attribute = samAccountName" and "basic-user-search-suffix = secauthority=default"

Buy Now
Questions 11

Which method provides the ability to delete all support files from an IBM Security Access Manager V9.0 appliance?

Options:

A.

Use the delete command found under the logs menu in Command Line Interface (CLI)

B.

Use the purge command found under the support menu in Command Line Interface (CLI)

C.

Use the delete command found under the support menu in Command Line Interface (CLI)

D.

Use the deleteall command found under the support menu in Command Line Interface (CLI)

Buy Now
Questions 12

A deployment professional has configured Federated Single Sign-On using IBM Security Access Manager V9.0 with WebSEAL as point of contact.

Which two things need to be configured to achieve Single Log Out (SLO) in the SAML 2.0 Federation? (Choose two.)

Options:

A.

The page displayed after pkmslogout is called (logout.html)

B.

The creation of user session ID's ([session] user-session-ids = yes)

C.

The passing of session cookies to junctioned servers (-k option in the junction creation)

D.

The URIs that receive a single signoff request ([acnt-mgt] single-signoff-uri = /applications/sign off)

E.

The appropriate extended attribute to the Federation junction (HTTP-Tag-Value user_session_id=user_session_id)

Buy Now
Questions 13

The web security department of an organization has found that their site is vulnerable to Denial of Service, Brute Force, Buffer Overflow and decided to use the Web Application Firewall (WAF) feature available in IBM Security Access Manager V9.0.

Even after enabling WAF, the site is still vulnerable to the above attacks. The deployment professional is pretty sure that the signature for these attacks have been released and has decided to check for X-Force updates.

How should the deployment professional check and update this?

Options:

A.

Using CLI, firmware -> ips_updt_install

B.

Using CLI, updates -> xforce_updt_install

C.

Using LMI, Manage System Settings -> Updates and Licensing -> Available Updates

D.

Using LMI, Manage System Settings -> Updates and Licensing -> Intrusion Prevention updates

Buy Now
Questions 14

Due to regulatory statutes, the customer must limit a user to one session.

Which IBM Security Access Manager V9.0 capability is required to address this customer requirement?

Options:

A.

Authorization Server

B.

Advanced Access Control

C.

Distributed Session Cache

D.

Session Management Server

Buy Now
Questions 15

The customer requires high availability of its IBM Security Access Manager (ISAM) V9.0 WebSEAL infrastructure. The environment includes two WebSEAL appliances, two appliances for Policy Server and other ISAM services. All ISAM appliances are configured into a cluster which includes replicating the ISAM runtime and certificate files, the Policy Server, Runtime and Configuration databases, and the Distributed Session Cache. The complete LDAP configuration uses the embedded LDAP and externally federated IBM Security Directory Server (ISDS).

Which failover scenario is supported with this configuration?

Options:

A.

The embedded LDAP on the WebSEAL appliances is available in read-only mode if the Primary Policy Server is unavailable.

B.

Policy Server failover is automatic without manual intervention and the WebSEALs automatically detect the new active Policy Server.

C.

An LDAP federation implies high availability therefore the external ISDS is always available with no additional configuration.

D.

Distributed Session Cache (DSC) failover requires manual intervention at which point the WebSEALs automatically detect the new active DSC.

Buy Now
Questions 16

The deployed IBM Security Access Manager (ISAM) V9.0 solution in a company already contains a federated LDAP server. However, the dynamic group support is disabled. A deployment professional is required to change the existing federated LDAP server configuration to support the dynamic groups.

How should the deployment professional do this?

Options:

A.

Re-federate the LDAP server with dynamic group support enabled

B.

Manually modify the ldap.conf file and add 'dynamic-groups-enabled = yes'

C.

Manually modify the activedir.conf file and add 'dynamic-groups-enabled = yes’

D.

Edit the federated directory configuration using LMI method and select the checkbox "Enable dynamic group"

Buy Now
Questions 17

A deployment professional needs to achieve single sign-on between Virtual Host Junctions https://abc.ibm.com and https://xyz.ibm.com which are on separate WebSEAL instances.

Which option requires the least amount of configuration and no changes to the application?

Options:

A.

Use the Distributed Session Cache

B.

Use Cross-Domain Single Sign-On (CDSSO)

C.

Use the option "use-same-session = yes"

D.

Use the option "shared-domain-cookie = xyz.ibm.com"

Buy Now
Questions 18

The IBM Security Access Manager V9.0 deployment professional has enabled the Reverse Proxy pdweb.sescache statistic to troubleshoot a problem.

What is the problem?

Options:

A.

HTTP sessions are being timed out prematurely.

B.

HTTP requests are taking longer than expected.

C.

User sessions are terminated sooner than expected.

D.

Document caching is not as effective as anticipated.

Buy Now
Questions 19

An IBM Security Access Manager (ISAM) V9.0 environment is defined with multiple WebSEAL servers defined for high availability. They protect the same set of backend junctions.

Which parameter needs to be configured in each WebSEAL's configuration file to force all replicated WebSEAL servers to perform authorization checks against the same protected object space?

Options:

A.

host-name

B.

server-name

C.

domain-name

D.

virtual-host-name

Buy Now
Questions 20

An IBM Security Access Manager V9.0 Reverse Proxy has a stateful junction to a Portal application called “/wps”. There is no web server in front of Portal. This junction has three Portal servers defined behind it. The Portal team needs to do maintenance on each of the three servers. The team wants to accomplish this with least impact to end users.

Which pdadmin "server task" based steps will accomplish this?

Options:

A.

Stop a server, have Portal team apply maintenance, bring server online - repeat for the other two servers

B.

Delete a server, have Portal team apply maintenance then add server back - repeat for the other two servers

C.

Take a server offline, have Portal team apply maintenance, bring server online - repeat for the other two servers

D.

Throttle a server, ensure activity has ceased for that server, have Portal team apply maintenance, bring server online - repeat for the other two servers

Buy Now
Exam Code: C2150-609
Exam Name: IBM Security Access Manager V9.0 Deployment
Last Update: Nov 28, 2023
Questions: 137
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 19 Apr 2024