New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

Note! IBM has retired the C2150-609 Exam Contact us through Live Chat or email us for more information.

C2150-609 IBM Security Access Manager V9.0 Deployment Questions and Answers

Questions 4

The request in a customer environment is IDP Initiated unsolicited SSO. The initial URL is:

https://POCIDP/FIM/sps/saml2idp/sam120/logininitial? RequestBinding=HTTPPost &Partnerld=https://POCSP/isam/sps/abc/saml20 &NameIdFormat=email

The POCIDP is Point of Contact for Identity Provider and POCSP is Point of Contact for Service Provider. The customer wants to configure TargetURL within the Service Provide' Federation configuration in IBM Security Access Manager V9.0.

What will satisfy this requirement?

Options:

A.

poc.signin.responseTargetURL

B.

Target_URL in the mapping rule

C.

Federation Runtime property TargetURL

D.

itfim_override_targeturl_attr in the mapping rule

Buy Now
Questions 5

A customer has setup IBM Security Access Manager V9.0 hardware appliances (AP. A1, A2) in a cluster. The appliances (A1, A2) that host reverse proxies are labeled as "restricted" in the cluster. AP is the Primary of the cluster.

There is one reverse proxy in appliance A1 and two in appliance A2. These reverse proxies are being tuned for performance. The appliance A1 and A2 max socket range has been set to 64510.

What is true in this situation?

Options:

A.

The appliance AP cannot be used for running reverse proxies to balance load

B.

The reverse proxy in appliance A1 can have a maximum thread count of 30,000

C.

Both reverse proxies in appliance A2 can have a maximum thread count of 30,000.

D.

Appliance A2 with two reverse proxies will perform better than Appliance A1 with one reverse proxy

Buy Now
Questions 6

A large bank has multiple applications protected by two identically configured WebSEAL servers. One junction supports a reporting application that frequently experiences performance issues which slows response time. The worst case results in the entire site becoming unresponsive when all WebSEAL worker threads on all WebSEAL instances are consumed on the Junctions to this one reporting application.

Which configuration change will prevent this situation from occurring without impacting the behavior of any other application (junction), and keeping the entire site up?

Options:

A.

Change worker-thread-hard-limit to 75 in WebSEAL configuration file on both WebSEAL servers.

B.

Use the "throttle" option on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.

C.

Use the -L 75 and -f options on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.

D.

Create a third WebSEAL instance supporting only this one reporting application and load balance requests across all three WebSEAL instances.

Buy Now
Questions 7

A customer is deploying an IBM Security Access Manager V9.0 solution to protect back end resources and is planning to use an LDAP Server that is set up to use SSL server authentication.

What is required to enable SSL to secure communications with LDAP?

Options:

A.

LDAP server's private key

B.

LDAP server's public key stash file

C.

LDAP server's CA signer certificate

D.

LDAP server's private and public key

Buy Now
Questions 8

A customer wants to utilize the front-end load balancer (FELB) to share requests between Reverse Proxies. A junctioned application requires the actual client IP address to be passed as a header.

Which FELB option must be enabled to pass an x-forwarded-for header?

Options:

A.

Layer7

B.

Layer 4

C.

HTTP Transformation

D.

Network termination

Buy Now
Questions 9

Which two resources should a deployment professional check to ensure an appliance is at the very latest level (Choose two.)

Options:

A.

IBM Fix Central

B.

IBM Security YouTube channel

C.

Google IBM Security Access Manager V9.0 Circle

D.

Linkedln IBM Security Access Manager V9.0 Group

E.

Fixes by version for IBM Security Access Manager V9.0

Buy Now
Questions 10

In an IBM Security Access Manager (ISAM) V9.0 Federated SSO flow, the ISAM V9.0 appliance is used as the Service Provider. The SSO is I DP initiated. The I DP initiated unsolicited SSO doesn't have the target URL specified where Service Provider should be sending the user after consuming the SAML2.0 Assertion. The implementer of the SSO provider has been given the task of providing Target URL through a mapping rule in the Service Provider configuration.

How should this requirement be achieved in the mapping URL?

Options:

A.

login-redirect in .conf

B.

local-response-redirect in .conf

C.

itfim_override_targeturl in .js

D.

ITFIM attribute target_url in .xslt

Buy Now
Questions 11

A deployment professional is configuring IBM Security Access Manager V9.0 for Management Authentication using remote LDAP.

Which configuration field value is optional?

Options:

A.

Enable SSL to LDAP

B.

Configure Administrative Group DN

C.

Specify whether or not to bind anonymously

D.

Select Local Database or Remote LDAP Server

:

Buy Now
Questions 12

A deployment professional has created an Access Control Policy to protect sensitive business information:

Which Policy decision is returned for a user with a risk score of 35 and has consented to registering a device?

Options:

A.

Deny

B.

Permit

C.

Permit with Obligation Register Device

D.

Permit with Authentication Consent Register Device

Buy Now
Questions 13

A customer has an IBM Security Access Manager V9.0 appliance cluster spanning two data centers A and B. Data center A has the Primary Master and two Restricted nodes. Data center B has a Secondary Master and two Restricted Nodes. A Load Balancer with redundancy across data centers provides sticky load balancing to reverse proxies in both data centers.

What is true if a disaster recovery testing scenario takes down all appliances in data center A?

Options:

A.

The Secondary Master will automatically be promoted to Primary Master

B.

Reverse Proxies in Data Center B will service all end-users with no intervention

C.

The Secondary Master has to be promoted to Primary for Data Center B to service end-users

D.

Reverse Proxies in Data Center B need to be recycled sequentially to handle users assigned Data Center A reverse proxies

Buy Now
Questions 14

An IBM Security Access Manager V9.0 deployment professional responsible for a large cluster notices the clocks among the nodes are not in sync and needs to update settings to ensure the clocks are synchronized.

Which setting should be used to help keep times synchronized?

Options:

A.

Set NTP settings in /etc/ntp.conf

B.

Set NTP settings in the components conf file

C.

Set NTP settings using the LMI at the Date/Time panel

D.

Set NTP settings using the LMI at the Advanced Tunings panel

Buy Now
Questions 15

A customer has just received an IBM Security Access Manager (ISAM) V9.0 hardware appliance and is looking to set it up. The Appliance has been mounted into a rack, attached to a power supply and cabled to the right network switches.

How does the Customer connect directly to an ISAM hardware appliance for initial configuration?

Options:

A.

Laptop to the DB-9 Serial Port

B.

Laptop to the Serial Console Port

C.

Dumb Terminal to the DB-9 Serial Port

D.

Laptop directly to the Management Interface

Buy Now
Questions 16

Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.

What can the deployment professional do to meet this requirement?

Options:

A.

Configure WebSEAL to use Server Name Indication

B.

Configure separate WebSEAL instances for each hostname

C.

Configure an additional interface in the WebSEAL configuration file, and add a "certificate-label" for each hostname

D.

Enter multiple values for the "webseal-cert-keyfile-label" parameter in the [ssl] stanza of the WebSEAL configuration

Buy Now
Questions 17

An IBM Security Access Manager (ISAM) V9.0 environment is configured with Primary and Secondary Master servers. The Primary master node becomes unavailable and ISAM deployment professional promotes the Secondary Master node to a Primary Master.

What happens to the original Primary Master when it becomes available and rejoins the network?

Options:

A.

It is automatically removed from the cluster.

B.

It is automatically demoted to the role of a non-master node.

C.

It is automatically promoted to the role of a Primary Master node.

D.

It is automatically demoted to the role of a Secondary Master node.

Buy Now
Questions 18

An IBM Security Access Manager (ISAM) V9.0 deployment professional has downloaded a snapshot from an ISAM virtual appliance configured with reverse proxy. This snapshot is being applied to another virtual appliance.

Which condition must be met before applying a snapshot form one virtual appliance to another?

Options:

A.

Both appliances must be in the same time zone

B.

Both appliances must be at the same firmware level

C.

Both appliance must have same application database setting

D.

Both appliances must have the same activation keys applied

Buy Now
Questions 19

A deployment professional has enabled tracing for the WebSEAL instance to assist developers in troubleshooting the application. A developer requests a trace containing the request message bodies to and from WebSEAL.

Which log file contains this information?

Options:

A.

request.log

B.

pdweb.snoop.log

C.

pdweb.debug.log

D.

pdweb.request.log

Buy Now
Questions 20

The web security department of an organization has found that their site is vulnerable to Denial of Service, Brute Force, Buffer Overflow and decided to use the Web Application Firewall (WAF) feature available in IBM Security Access Manager V9.0.

Even after enabling WAF, the site is still vulnerable to the above attacks. The deployment professional is pretty sure that the signature for these attacks have been released and has decided to check for X-Force updates.

How should the deployment professional check and update this?

Options:

A.

Using CLI, firmware -> ips_updt_install

B.

Using CLI, updates -> xforce_updt_install

C.

Using LMI, Manage System Settings -> Updates and Licensing -> Available Updates

D.

Using LMI, Manage System Settings -> Updates and Licensing -> Intrusion Prevention updates

Buy Now
Exam Code: C2150-609
Exam Name: IBM Security Access Manager V9.0 Deployment
Last Update: Dec 22, 2024
Questions: 137