An IBM Security Manager V9.0 deployment professional executes the following steps:

1.

Navigate to Edit SSL Certificate Database-embedded_ldap_keys

2.

Select the embedded LDAP server certificate

3.

Click Manage->Export

4.

Save the resulting .cer file onto local desktop

Which task was the deployment professional performing?

A. Renewing the embedded LDAP server certificate

B. Replacing the embedded LDAP server certificate

C. Creating a backup of the embedded LDAP server certificate

D. Preparing to configure SSL for a local LDAP client to the embedded LDAP server

An IBM Security Access Manager V9.0 systems deployment professional needs to protect a back-end web applications from SQL injection attacks that match signatures from the IBM X-Force signature database.

Which action needs to be performed?

A. Simulation Mode must be enabled and a Risk Profile must be specified.

B. Web Content Protection must be enabled and a Risk Profile must be specified.

C. Simulation Mode must be enabled and a Registered Resource must be specified.

D. Web Content Protection must be enabled and a Registered Resource must be specified.

The IBM Security Access Manager (ISAM) V9.0 LMI SSL certificate is auto-generated by default.

When the LMI certificate is due to expire, how is it renewed?

A. The ISAM Appliance will renew LMI certificate automatically.

B. The ISAM deployment professional must issue reset_lmi_cert using command line interface.

C. The ISAM deployment professional must re-generate it using LMI Manage System Settings-> SSL panels.

D. The ISAM deployment professional must create a new self sign certificate using LMI Manage System Settings-> SSL panels.

A company has deployed an IBM Security Access Manager V9.0 solution for protecting web resources and has enabled auditing for monitoring purposes. A security deployment professional has observed that audit records are using large quantities of disk space due to the large number of audit events related to HTTP access.

Which two strategies will help to reduce the volume of audit events in above scenario? (Choose two.)

A. Generate audit records for specific groups only

B. Generate events for unsuccessful HTTP accesses only

C. Generating selective audit records using authorization rules

D. Reconfigure WebSEAL to use CARS auditing, instead of native auditing.

E. Selectively disable the generation of events by using attached protected object policies (POPs)

The request in a customer environment is IDP Initiated unsolicited SSO. The initial URL is:

https://POCIDP/FIM/sps/saml2idp/saml20/loginitial?

RequestBinding =HTTPPostandPartnerId= https://POCSP/isam/sps/abc/saml20andNameIdFormat =Email

The POCIDP is Point of Contact for Identity Provider and POCSP is Point of Contact for Service Provider.

The customer wants to configure TargetURL within the Service Provider Federation configuration in IBM

Security Access Manager V9.0.

What will satisfy this requirement?

A. poc.sigin.responseTargetURL

B. Target_URL in the mapping rule

C. Federation Runtime property TargetURL

D. itfim_override_targeturl_attr in the mapping rule

Multiple users are complaining about being denied access to resources they believe they are entitled to see. The IBM Security Access Manager (ISAM) V9.0 deployment professional needs to understand and troubleshoot the various access control constructs in the ISAM protected object space. The deployment professional must also understand the order of evaluation of the three major access control constructs available in the Policy Administration tool.

That is the correct order of evaluation for these constructs?

A. ACL->AuthzRule->POP

B. POP->AuthzRule->ACL

C. ACL->POP->AuthzRule

D. AuthzRule->ACL->POP

A deployment professional has created a new SAML 2.0 Service Provider federation and added an Identity Provider partner.

What will be the next step to allow users to single sign-on to the service?

A. Configure trigger URL

B. Upload a mapping rule

C. Import Identity Provider metadata

D. Create a certificate to sign SAML messages

An IBM Security Manager V9.0 deployment professional responsible for a large cluster notices the clocks among the nodes are not in sync and needs to update settings to ensure the clocks are synchronized.

Which setting should be used to help keep times synchronized?

A. Set NTP settings in /etc/ntp.conf

B. Set NTP settings in the components conf file

C. Set NTP settings using the LMI at the Date/Time panel

D. Set NTP settings using the LMI at he Advanced Tunings panel

A deployment professional has configured SNMP on all IBM Security Access Manager V9.0 appliances and is using the agentless adapter from Tivoli Monitoring to pull OS level CPU, Memory, Disk and Processes information.

Which alert can be setup in Tivoli Monitoring based on the data extracted?

A. Alert when reverse proxy is not running

B. Alert when reverse proxy log file size exceeds 1GB

C. Alert on junction level response times higher than 1 second

D. Alert when hard/soft limits are reached on a reverse proxy

An IBM Security Access Manager (ISAM) V9.0 customer is deploying a new WebSphere based Java application and wants to protect it via an ISAM Web Reverse Proxy. The user registries are not shared between ISAM and Websphere Application Server.

Which trust configuration can be used to achieve Single Sign On between ISAM Web Reverse Proxy and Websphere Application Server?

A. LTPAToken

B. LTPAToken Version 2

C. SPNEGO Trust Association Interceptor

D. Extended Trust Association Interceptor plus (eTAI)