The Latest Guide To C2150-609 Test Question

NEW QUESTION 1
An IBM Security Access Manager V9.0 Reverse Proxy has a stateful junction to a Portal application called “/wps”. There is no web server in front of Portal. This junction has three Portal servers defined behind it. The Portal team needs to do maintenance on each of the three servers. The team wants to accomplish this with least impact to end users.
Which pdadmin "server task" based steps will accomplish this?

• A. Stop a server, have Portal team apply maintenance, bring server online - repeat for the other two servers
• B. Delete a server, have Portal team apply maintenance then add server back - repeat for the other two servers
• C. Take a server offline, have Portal team apply maintenance, bring server online - repeat for the other two servers
• D. Throttle a server, ensure activity has ceased for that server, have Portal team apply maintenance, bring server online - repeat for the other two servers

Answer: C

NEW QUESTION 2
A customer has IBM Security Access Manager (ISAM) V9.0 Appliance A which will be used for the Point of Contact Server and the Context-based External Authorization Service. Appliance B will be used for the SAML 2.1 Service Provider.
What are the license requirements for Appliance A and B respectively?

• A. Federation | Federation
• B. ISAM for Mobile | Federation
• C. ISAM Access Manager Platform | ISAM Access Manager Platform, Federation
• D. ISAM Access Manager Platfor
• E. Advanced Access Control | ISAM Access Manager Platform, Federation

Answer: D

NEW QUESTION 3
An IBM Security Access Manager V9.0 deployment professional wants to shut down one of two restricted appliances in a cluster configured with Distributed Session Cache running reverse proxies for maintenance, and then repeat for the other. A load balancer directs traffic to reverse proxies on the two appliances with stickiness enabled.

• A. Remove appliance from the cluster for maintenance
• B. Stop all reverse proxies on one appliance one after the other
• C. Drain traffic on the load balancer to one appliance and take it offline
• D. Execute junction throttle operation on the appliance to be taken offline

Answer: D

NEW QUESTION 4
A deployment professional attempts to log into an appliance which is part of a cluster to run pdadmin commands and receives the following message:
pdadmin> login -a sec_master -p password
:04:38.683-06:001------0x1354A420 pdadmin ERROR ivc socket mtsclient.cpp 2376 0x7fc2b7b0c720
HPDCO1056E Could not connect to the server 192.168.254.11, on port 7135.
Error: Could not connect to the server. (status 0x1354a426)
What should the deployment professional check concerning the login target?

• A. Login was attempted on a special node
• B. Login was attempted on a restricted node
• C. Login was attempted on a secondary master that has not been promoted to the primary
• D. Login was attempted on a non-primary master of a cluster and the primary policy server is down

Answer: A

NEW QUESTION 5
What feature or capability of IBM Security Access Manager V9.0 can be utilized for inserting a static (pre-defined) HTTP header tag/value pair into the request flowing from WebSEAL to the backend application?

• A. HTTP Transformation rule
• B. HTTP-Tag-Value extended attribute
• C. AuthzRule in LMI Policy Administration
• D. [header-names] stanza in WebSEAL conf file

Answer: C

NEW QUESTION 6
An IBM Security Access Manager V9.0 deployment professional wants to be alerted by the appliance for events like certificate expiry.
In which two ways can these alert notifications be configured? (Choose two.)

• A. SNMP
• B. SMS text
• C. RSS Feed
• D. Desktop Alert
• E. Remote Syslog

Answer: BC

NEW QUESTION 7
During testing of an application the deployment professional is receiving frequent alerts about high disk utilization.
What action can be taken to resolve this issue?

• A. Enable log rotation and compression
• B. Resize the virtual disk and extend the active partition
• C. Configure the appliance to store log and trace files on a remote server
• D. Enable the appliance background scheduler to clear unused log and trace files on a periodic basis

Answer: A

NEW QUESTION 8
A customer has an IBM Security Access Manager V9.0 appliance cluster spanning two data centers A and B. Data center A has the Primary Master and two Restricted nodes. Data center B has a Secondary Master and two Restricted Nodes. A Load Balancer with redundancy across data centers provides sticky load balancing to reverse proxies in both data centers.
What is true if a disaster recovery testing scenario takes down all appliances in data center A?

• A. The Secondary Master will automatically be promoted to Primary Master
• B. Reverse Proxies in Data Center B will service all end-users with no intervention
• C. The Secondary Master has to be promoted to Primary for Data Center B to service end-users
• D. Reverse Proxies in Data Center B need to be recycled sequentially to handle users assigned Data Center A reverse proxies

Answer: B

NEW QUESTION 9
Which method provides the ability to delete all support files from an IBM Security Access Manager V9.0 appliance?

• A. Use the delete command found under the logs menu in Command Line Interface (CLI)
• B. Use the purge command found under the support menu in Command Line Interface (CLI)
• C. Use the delete command found under the support menu in Command Line Interface (CLI)
• D. Use the deleteall command found under the support menu in Command Line Interface (CLI)

Answer: C

NEW QUESTION 10
An IBM Security Access Manager V9.0 systems deployment professional needs to protect a back-end web applications from SQL injection attacks that match signatures from the IBM X-Force signature database.
Which action needs to be performed?

• A. Simulation Mode must be enabled and a Risk Profile must be specified.
• B. Web Content Protection must be enabled and a Risk Profile must be specified.
• C. Simulation Mode must be enabled and a Registered Resource must be specified.
• D. Web Content Protection must be enabled and a Registered Resource must be specified.

Answer: A

NEW QUESTION 11
A deployment professional wants to ensure traffic from a Reverse Proxy to a junction backend application server goes out over a specific interface.
How can this be accomplished?

• A. Create a new management interface.
• B. Create a new application interface.
• C. Create a static route to the backend server.
• D. Create a new interface in the reverse proxy configuration file.

Answer: A

NEW QUESTION 12
Which Hypervisor is supported for a Virtual Appliance?

• A. Hyper-V
• B. ESXI5.0
• C. VirtualBox
• D. VMware Workstation

Answer: B

NEW QUESTION 13
An IBM Security Access Manager V9.0 deployment specialist is getting reports of failing requests. Analysis of a support file shows many connections to the backend server in TIME_WAIT state?
Where is the setting "sysctl.net.ipv4.tcp_tw_reuse = 1" added?

• A. In the [tcp] stanza of the reverse proxy instance conf file
• B. In the [server] stanza of the reverse proxy instance conf file
• C. In the LMI "Manage System Settings -> Network Settings -> Tuning" panel
• D. In the LMI "Manage System Settings -> System Settings -> Advanced Tuning Parameters" panel

Answer: D

NEW QUESTION 14
A customer has configured the IBM Security Access Manager V9.0 appliance authentication to an external LDAP server. The customer wants to allow support staff with LDAP accounts that are members of the HelpDesk group to view appliance and audit logs.
Where should the deployment professional configure a new role and map it to the HelpDesk LDAP group for the support staff?

• A. Manage System Settings -> Management Delegation
• B. Manage System Settings -> Administrator Settings
• C. Manage System Settings -> Management Authorization
• D. Manage System Settings -> Management Authentication

Answer: A

NEW QUESTION 15
The IBM Security Access Manager V9.0 system deployment professional is about to make a significant change to the system configuration and plans to take an appliance snapshot to protect against problems occurring as a result of the change.
Which two statements are correct regarding appliance snapshots? (Choose two.)

• A. Snapshot files contain the contents of the internal user registry.
• B. Appliance snapshots are supported only on virtual appliances running under VMware ESXi.
• C. The purpose of snapshots is to restore prior configuration and policy settings to an appliance.
• D. Snapshot files contain all the 'must get' data required to be sent to IBM Support in the event of a PMR being raised.
• E. An appliance snapshot can be restored on any appliance that has the same firmware level as the snapshot and the same network infrastructure.

Answer: CE

NEW QUESTION 16
The IBM Security Access Manager (ISAM) V9.0 LMI SSL certificate is auto-generated by default. When the LMI certificate is due to expire, how is it renewed?

• A. The ISAM Appliance will renew LMI certificate automatically.
• B. The ISAM deployment professional must issue reset_lmi_cert using command line interface
• C. The ISAM deployment professional must re-generate it using LMI Manage System Settings -> SSL panels.
• D. The ISAM deployment professional must create a new self sign certificate using LMI Manage System Settings -> SSL panels.

Answer: C

NEW QUESTION 17
To configure IBM Security Access Manager V9.0 for Windows desktop single sign-on using Kerberos authentication, the Reverse Proxy's identity in the Active Directory Kerberos Domain must be associated with a Service Principal name (SPN).
Given the following information:
AD Kerberos Realm Name: company.com
ISAM Reverse Proxy DNS Domain: ws1xompany.com What is the correct SPN?

• A. HTTP/wsl.company.com
• B. HTTP/ws1 .company.com@COMPANY.COM
• C. HTTP/ws1.company.com@ws1.company.com
• D. HTTP/ws1.company.com@WS1.COMPANY.COM

Answer: B

NEW QUESTION 18
A large bank has multiple applications protected by two identically configured WebSEAL servers. One junction supports a reporting application that frequently experiences performance issues which slows response time. The worst case results in the entire site becoming unresponsive when all WebSEAL worker threads on all WebSEAL instances are consumed on the Junctions to this one reporting application.
Which configuration change will prevent this situation from occurring without impacting the behavior of any other application (junction), and keeping the entire site up?

• A. Change worker-thread-hard-limit to 75 in WebSEAL configuration file on both WebSEAL servers.
• B. Use the "throttle" option on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.
• C. Use the -L 75 and -f options on the "pdadmin server task" command for the reporting application junction on both WebSEAL instances.
• D. Create a third WebSEAL instance supporting only this one reporting application and load balancerequests across all three WebSEAL instances.

Answer: A

NEW QUESTION 19
As part of installing a fixpack a deployment professional wants to back up the appliance configuration. How is this done?

• A. Click on the Create Backup link of the active partition
• B. Select the active partition, select the Backup option from the Edit menu
• C. Create a new snapshot, download the snapshot to the deployment professional's workstation, install the fixpack
• D. Install the fixpac
• E. The installation will copy the configuration and install the fixpack to the inactive partition, set it active and restart

Answer: A

NEW QUESTION 20
In a customer environment, a REST API client is being developed to carry out Reverse Proxy configuration and maintenance. As part of one of the activities the customer needs to update the junction information with an additional Backend Server. The customer has written a REST API client but is not able modify the junction.
Which HTTP headers should the customer pass?

• A. Host, Authorization
• B. Host, Accept: Application/json
• C. Authorization, Accept:Application/json
• D. content-type:application/json, Authorization

Answer: C

NEW QUESTION 21
In a Web Commerce environment, a "/shoppingcart" junction with four back-end application servers is created on the IBM Security Access Manager V9.0 Web Reverse Proxy. The back-end servers are not using session replication.
Which action is appropriate for maintaining session state when creating the junction?

• A. Create a WebSEAL-to-WebSEAL junction
• B. Configure the junction so that it uses the "least-busy" algorithm
• C. Configure the junction so that it is configured to be a stateful junction
• D. Configure the junction to insert user session data "user_session_id" into the HTTP headers

Answer: C

NEW QUESTION 22
A company has a large number of users who use mobile applications. The company wants to implement context-aware access controls for these resources.
Which module of IBM Security Access Manager V9.0 should the company enable to support this requirement?

• A. Federation module
• B. Protocol Analysis module
• C. Mobile Access Control modulo
• D. Advanced Access Control module

Answer: A

NEW QUESTION 23
An IBM Security Access Manager V9.0 deployment at a customer has enabled audit.authz, audit.authn, audit,http for meeting auditing requirements and results in large volume of audit records and poses significant data management challenges to the client. The customer wants to exclude the audit events to certain static resources such as images.
What action should be taken to implement this?

• A. Disable audit.http events only
• B. Disable audit.http.unsuccessful events only
• C. Define a POP with the audithttp set to "no"; attach this to the static resources
• D. Define an ACL with the audithttp operation set to "no"; attach this to the static resources

Answer: C

NEW QUESTION 24
......