IBM.Test-king.C2150-606.v2018-11-26.by.Jeremy · 11/26/2018 · C2150-606.exam.33q Number :...

https://www.gratisexam.com/

C2150-606.exam.33q

Number: C2150-606Passing Score: 800Time Limit: 120 min


C2150-606

IBM Security Guardium V10.0 Administration


Exam A

QUESTION 1An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number ofdatabases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incomingdata.

Which data management function does the administrator need to configure?


A. Purge

B. Data Export

C. Data Restore

D. System Backup

Correct Answer: ASection: (none)Explanation

Explanation/Reference:The quickest way to reduce the DB % Full is to induce a purge of some older data now.

Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you arehappy to attempt to purge off slightly more data now

Note: The DB filling up can be caused by the following - amongst other things* Spikes in the data being captured* A policy setting that allows too much data to be logged in the Internal Database* Keeping too much data on the Internal Database* Collecting data from too many Databases (STAPs)

Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21511904

QUESTION 2A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data


safety.

Given this scenario, which is true regarding the purge schedule?

A. The Archive and the Export have independent purge schedules but should not be run at the same time.

B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.

C. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.

D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which toarchive.

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting isactive, the starting purge date that is specified here must be greater than the Export data older than value

Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en

QUESTION 3A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.

Which CLI command should the administrator run?

A. iptraf

B. support show iptables

C. show network routes operational

D. support must_gather network_issues


Explanation/Reference:support must_gather network_issues

The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingandother measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost).


Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/basic_information_for_ibm_support.html

QUESTION 4A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.

Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?

A. Guardium Installation Manager (GIM) on the Database Server.

B. Configuration Auditing System (CAS) on the Database Server.

C. Configuration Auditing System (CAS) on the Guardium Collector.

D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.


Explanation/Reference:CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownershipor permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual changeauditing functions from the Guardium portal.

The CAS server is a component of Guardium and runs on the Guardium system.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html

QUESTION 5A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing allData Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the reporton each Collector.

What should the administrator do to simplify this task and run the report in only one place every week?

A. Replace the 4 Collectors with one Aggregator.

B. Create an Enterprise Report on one Collector combining the data.

C. Add a Guardium Aggregator to the environment. Create and run the report on the Aggregator.

D. Install a Configuration Auditing System (CAS) on each Database Server. Configure the CAS Client to send data to a Collector. Create and run the report on theCollector.


Correct Answer: CSection: (none)Explanation

Explanation/Reference:Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the CentralManager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other administrativetasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and generateenterprise-level reports.

Incorrect:Not D: CAS does not monitor DML SQL Statements. Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other databaseor operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks suchchanges and reports on them. The data is available on the Guardium system and can be used for reports and alerts.


QUESTION 6Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardiumadministrator has identified that the databases are using encryption.

Which column can the administrator add that would help users to better identify the client?

A. Client OS

B. Client MAC

C. Access ID

D. Analyzed Client IP

Correct Answer: BSection: (none)Explanation

Explanation/Reference:The column named smac is a Guardian Client/Server server which represents the Client MAC.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html

QUESTION 7A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The


Aggregators and Central Manager can handle more load.

What should a Guardium administrator recommend?

A. Deploy 2 new Collectors, 1 in each data center.

B. Connect S-TAPs directly to Aggregators to avoid network latency.

C. Connect S-TAPs directly to the Central Manager to avoid network latency.

D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.


Explanation/Reference:IBM recommends to use 1 aggregator for every 8 collectors.


QUESTION 8Which use cases are covered with the File Activity Monitoring feature? (Select two.)


A. Classify sensitive files on mainframe systems.

B. Encrypts database data files on file systems based on policies.

C. Selectively redacts sensitive data patterns in files based on policies.

D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.

E. Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Correct Answer: AESection: (none)Explanation

Explanation/Reference:A: Use case example:


Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database serverSolution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or blockwhen unauthorized users or processes attempt access.

E: Use case example: Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business.Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you aview into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users.

Note: File activity monitoring consists of the following capabilities:* Discovery to inventory files and metadata.* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access,or even block access to the files to prevent data leakage.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html

QUESTION 9A Guardium administrator needs to configure EMC Centera for Archive and/or Backup.

In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?

A. ClipID

B. PEA file

C. Shared secret

D. Certificate signed request (CSR)


Explanation/Reference:The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the CenteraServer and the PEA file from Centera.


QUESTION 10An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided theshell script, a CLI command and the encrypted key to execute the uploaded shell script.


Which CLI command should the administrator use to review the commands that were previously run?

A. fileserver

B. support execute showlog

C. show log external state

D. support must_gather system_db_info


Explanation/Reference:The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remoteaccess it not available or permitted.In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here isan example of the interfaces and MAC addresses:

Customer usage / Logged in as CLI

support execute <CMD String> <PMR #> <KEY># main execute command provided by Guardium Advanced Supportsupport execute showlog [<Secure Key>|main|files]# Show usage logs

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html

QUESTION 11A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants tocheck the current CPU load of the Guardium appliance.

Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?

A. CPU Util report

B. CPU Tracker report

C. Unit summary and CPU Util report

D. Buff Usage Monitor and System monitor report



Explanation/Reference:To monitor CPU load:Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for report :Current Status Monitor for more information.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html

QUESTION 12A Guardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from thisapplication, performance of the S-TAP and sniffer is a concern.

What action should the administrator use in the rule?

A. Ignore Session

B. Ignore S-TAP Session

C. Ignore SQL per Session

D. Ignore Responses per Session


Explanation/Reference:You can ignore capturing the activity of some specific processes by defining INGNORE S-TAP SESSION policy.


QUESTION 13A Guardium administrator manages portal user synchronization by using a Central Manager.

When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update tobe synced with the managed units in a fully working environment?

A. 0 minutes

B. 15 minutes

C. 30 minutes

D. 60 minutes

Correct Answer: D


Section: (none)Explanation

Explanation/Reference:The managed units might not use that data to update their user tables until up to 1 hour after it is received.

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/synchronizing_portal_user_accounts.html?lang=en

QUESTION 14A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from DataBackup.

Which CLI command should the administrator use to accomplish this?

A. restore config

B. restore system

C. restore pre-patch-backup

D. restore certificate sniffer backup


Explanation/Reference:System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To restore backedup system information, use the restore system CLI command

Incorrect:Not A: restore configThese commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a morecomprehensive backup of the configuration and the entire system.Not C: restore pre-patch-backup is related to patch installations.

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/file_handling_cli_commands.html

QUESTION 15A Guardium policy has been configured with the following two rules:


A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object “TABLE1”.

What domain(s) can the administrator create a report in to see the SQL?

A. Access

B. Policy Violations

C. Access and Access Policy

D. Access and Policy Violations



Explanation/Reference:The Log full details action logs the full SQL string and exact timestamp for this request.The Access domain consists of all monitored SQL requests.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html

QUESTION 16A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor livenetwork traffic filtered by IP addresses and port numbers.

Which combination of commands should the administrator use for these tasks?

A. diag and iptraf

B. diag and trace_route

C. iptraf and support must_gather

D. support must_gather and show network verify


Explanation/Reference:Iptraf utility generates network statistics based on current network activity.

Incorrect:Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software Support. Diagcollects comprehensive diagnostic data.Not D: The show network verify command displays the current network configuaration.


QUESTION 17A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.


How should the administrator treat the PVUs of passive nodes?

A. Include the PVU load of passive nodes.

B. Include half of the passive nodes PVU load.

C. Include a third of the passive nodes PVU load.

D. Not include the PVU load of passive nodes.


Explanation/Reference:In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active server.

Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38

QUESTION 18The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep upwith the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.

What should the Guardium administrator do to update the tests that will be run?

A. Install the latest patch on the Guardium appliance.

B. Install the latest released Database Activity Monitor Content.

C. Ask the database administrators to provide the default tests.

D. Ask the Company Security Provider to supply the default tests


Explanation/Reference:Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of predefinedassessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/guardium_administration_guide_cover.html

QUESTION 19


During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered.

How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?

A. Install S-TAP agents on all active nodes. Set ALL_CAN_CONTROL=1 to failover the S-TAP process to the passive nodes when a database failover occurs.

B. Install S-TAP agents on all active nodes. Set WAIT_FOR_DB_EXEC=-1 to set the agent process to failover to the passive node when a database failover occurs.

C. Install S-TAP agents on all active and passive nodes. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.

D. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a correct DB home.


Explanation/Reference:To properly support load balancing, the Guardium S-TAP agents must be configured properly.Add, uncomment, or modify the settings on your S-TAP Configuration to look like the following examples.See the Guardium product documentation on how and where to adjust the S-TAP configuration file, as well as for updated guidance from IBM.* Sqlguard_ip = <Your BIG-IP Virtual Server IP address/hostname>For example: Sqlguard_ip = 192.0.2.123

* Participate_load_balancing = 3* All_can_control = 1

Sqlguard_ip is the address you will define on BIG-IP LTM during the Virtual Server configuration.Participate in Load balancing allows the S-TAP to send session information on every failover to the appliance.All Can Control allows the S-TAP to be able to edit S-TAP configurations through GUI.

Note: all_can_control . 0=S-TAP can be controlled only from the primary Guardium system. 1=S-TAP can be controlled from any Guardium system.

Reference: https://www.f5.com/pdf/deployment-guides/ibm-guardium-dg.pdf

QUESTION 20A Guardium administrator is creating a policy to alert on actions by users that are stored on an LDAP server.

How can the administrator populate a group to use in the policy?



A. Schedule the LDAP user import into the group.

B. Schedule the LDAP user import from accessmgr and run portal user sync.

C. Schedule the LDAP user import from accessmgr and populate the group from a query.

D. Populate the group from a query in access domain with a condition on the LDAP server as the Server IP.


Explanation/Reference:To populate groups from an LDAP server, first define a group, and then configure an import operation to obtain the appropriate set of members from an LDAPserver. You use a query for this purpose.

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-common_tools_help1_book/topics/building_groups.html

QUESTION 21A Guardium administrator is preparing a command to install Configuration Auditing System (CAS) on a Linux server using the command line method.

Which parameter is required?

A. dir

B. tapip

C. java-home

D. sqlguardip


Explanation/Reference:

QUESTION 22A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is notconfigured for that S-TAP.

What is an Inspection Engine?


A. A piece of software residing on the Collectors.

B. Another software to be installed on the Database server.

C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.

D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.


Explanation/Reference:An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle orSybase, for example).The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailedinformation about that traffic to an internal database.

Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards informationabout that traffic to a Guardium system.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/inspection_engine_configuration.html

QUESTION 23A Guardium administrator observes certain changes to the configuration and policies.

How would the administrator identify the changes that were made and who made them?

A. Review the Audit Process Log report.

B. Review the sniffer buffer usage report.

C. Review the /var/log/messages log file.

D. Review the results of ‘Detailed Guardium User Activity’ report.


Explanation/Reference:User Activity Audit Trail Reports The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced. * User Activity Audit Trail* System/Security Activities* Detailed Guardium User Activity (Drill-Down)


Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the Activity TypeDescription, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and a count of GuardiumUser Activity Audits entities.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/predefined_admin_reports.html

QUESTION 24The guard_tap.ini of a UNIX S-TAP is configured with the following parameters:

firewall_installed=1firewall_fail_close=1firewall_default_state=1firewall_timeout=10

The collector that this S-TAP is sending data to has become unavailable and there is no failover option configured. A Guardium administrator must communicatethe impact of this outage to users of the monitored database.

What should the administrator advise is the expected behavior for a database session?

A. The session will not experience any latency or termination.

B. No SQL can be executed and after 10 seconds the session will be terminated.

C. In the first 10 seconds of the session SQL can be executed, then the session is terminated.

D. In the first 10 seconds of the session no SQL can be executed, then the session will work as normal.


Explanation/Reference:The firewall_timeout is the time in seconds to wait for a verdict from the Guardium system if timed out. Look at firewall_fail_close value to know whether to block orallow the connection. The value can be any integer value.The firewall_fail_close: If the verdict does not come back from the Guardium system and the firewall_timeout is passed, then if firewall_close = 0 the connection willgo through; if firewall_close=1 the connection will be blocked.

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.stap/stap/r_stapparmsu_firewall.html?lang=en

QUESTION 25A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that itdoes not impact the current data being collected or any merge settings. In order to keep the reports separate (old data vs current data), the administrator sets up anInvestigation Center.


Which is a key requirement for users of the Investigation Center?

A. The user must be in one of the groups INV_1, INV_2, or INV_3 (case-sensitive).

B. The users must login as one of the predefined user accounts INV_1, INV_2, or INV_3 (case-sensitive).

C. A separate user must be used with a role of either INV_1, INV_2, or INV_3 (case-sensitive).

D. To correctly configure an investigation user, the user’s Last Name must be set to the name of one of the three investigation databases, INV_1, INV_2, or INV_3(case-sensitive).


Explanation/Reference:To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases - 'INV_1', 'INV_2', or'INV_3' (case-sensitive).When creating an investigation user, it is suggested that the user's name correspond or have some representation that denotes which investigation database thatwill be used. For instance, if a user will be using the INV_1 database, the user's name could be "john1" or "inv1" .

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium91.doc/aggregation_cm/topics/investigation_center.html

QUESTION 26An administrator manages a Guardium environment including 4 Collectors exporting data to an Aggregator. The Collectors export their data daily at 2, 3, 4 and 5am Eastern Standard Time (EST) respectively. The Collectors receive traffic every day. The logs on all the Collectors confirm data is exported daily without errors,and all the exported files always have data. A Session report is run on the Aggregator at noon EST for data from the last day.

Which of the following will ensure there is data in the report?

A. Schedule Data Purge on the Aggregator to run every day after 5 am EST.

B. Schedule Data Import on the Aggregator to run at any time of the day.

C. Schedule Data Import in the Aggregator to run every day before 2 am EST.

D. Schedule Data Import on the Aggregator to run every day at 6 am EST or later.


Explanation/Reference:


QUESTION 27A Guardium administrator is checking the scheduled jobs exceptions report on a standalone Collector. The following error is repeating every 15 minutes.

java.lang.NumberFormatException: empty String

The administrator also notices that the anomaly detection polling interval is 15 minutes.

What should the administrator do next to contribute troubleshooting the problem?

A. Pause all scheduled jobs and check if the exception comes back.

B. Identify the alert that is causing the problem by deactivating one alert at a time.

C. Check in the alert builder to see which alerts have accumulation interval of 15 minutes.

D. In the CLI run support must_gather agg_issues and send the file to IBM support.


Explanation/Reference:There is an error that is originating from one of your active alerts.

The first step to resolving the problem is to identify the exact alert that is causing the problem.

1. Deactivate one alert from the Anomaly Detection page.2. Wait for the length of the polling interval to elapse.3. Check to see if the errors stop with that alert deactivated.4. If not, reactivate the alert and deactivate the next one.5. Repeat steps 2-5 until you have tried all alerts.


QUESTION 28An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium projectexpansion. The Guardium administrator is asked which server option is best for a Guardium Collector.

Which server option can the Guardium administrator use for the new Collector?

A. ia64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk

B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk

C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk


D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk


Explanation/Reference:The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). A minimum of 4 cores is also required.


QUESTION 29A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to StandardGuardium DAM offering.

Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)

A. Run Vulnerability Assessment reports

B. Generate audit reports using PCI-DSS Accelerator

C. Block and quarantine an unauthorized database connection

D. Mask sensitive PCI-DSS information from web application interface

E. Log and alert all database activities that access PCI-DSS Sensitive Objects.

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:B: Guardium comes with out of the box compliance regulation accelerators.

Incorrect:Not C, Not D: DAM Advanced is DAM Standard functionality plus fine-grained access control, masking, quarantine, and blocking (activity terminate).

Note: Payment Card Industry (PCI) Data Security Standard (DSS) is a set of technical and operational requirements designed to protect cardholder data and appliesto all organizations who store, process, use, or transmit cardholder data.

Review the following information to determine which license key must be added. This will depend on what features of the product have been purchased.


Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.install/install/licenses.html

QUESTION 30Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct?(Select 2)

A. Restart the Anomaly detection process

B. Send a test email with CLI diag command

C. From the GUI Alerter page, test the SMTP connection

D. Create a query in access domain to see the sent messages

E. Obtain the syslog file from fileserver and check for SMTP messages


Correct Answer: BCSection: (none)Explanation

Explanation/Reference:B: Use this command to send a test email using the configured SMTP server.

1. Select Test Email from the Interactive Queries menu.2. You are prompted to select a recipient. Select Custom and press Enter.3. You are prompted to supply an email address. Type an email address and press Enter. You will be informed of the output of the operation.

C: Note that on the Administration Console, the Test Connection link in the SMTP pane of the Alerter configuration panel only tests that an SMTP port is configured,not that mail can actually be delivered via that server. You can use this command to test email delivery without having to configure and trigger a statistical or real-time alert, or an audit process notification.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/diag_cli_command.html

QUESTION 31A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product.

Which of the following are correct with regards to these features? (Select two.)

A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.

B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.

C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.

D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.

E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.

Correct Answer: DESection: (none)Explanation

Explanation/Reference:D: Guardium Vulnerability Assessment enables you to identify and correct security vulnerabilities in your database infrastructure.

E: As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may bepresent in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers andacquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement projectsbetween disparate systems can easily leave sensitive data unknown and unprotected.


Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.

Incorrect:Not A: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards informationabout that traffic to a Guardium system. Guardium S-TAP includes support for:Capture of all database activities on DB2 for z/OS by privileged users, mainframe-resident applications, and network clientsCapture of critical operations such as SELECTs, DML, DDL, GRANTS, and REVOKESNot C: Use Guardium’s predefined database entitlement (privilege) reports) to see who has system privileges and who has granted these privileges to other usersand roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from lingeringaccounts or ill-granted privileges.

Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/assess/va_intro.html?lang=enReference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/discover/topics/classification.html

QUESTION 32A Guardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licensesneeded to provide functionality for data activity monitoring, masking and blocking (terminate).

Which of the following lists the minimum licenses the administrator needs to install?

A. Base Collector license.

B. None, the licenses required are already installed automatically by the Guardium product installer.

C. Base Collector license plus IBM Security Guardium Standard Activity Monitor for Databases (DAM Standard).

D. Base Collector license plus IBM Security Guardium Advanced Activity Monitor for Databases (DAM Advanced.).


Explanation/Reference:Data Activity Monitor and Audit - Advanced: All capabilities in Data Activity Monitor Audit - Standard, plus the ability to:* Block data traffic according to policy (data-level access control)* Mask unauthorized extraction of sensitive dataEtc.

Reference: http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/897/ENUS215-173/index.html&lang=en&request_locale=en

QUESTION 33A Guardium administrator needs to use both CLI and GrdAPI functions to manage the system.

Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI?


A. CLI: commands <search option>GrdApi: grdapi <search option> --help

B. CLI: help <search option>GrdApi: grdapi --help <search option>

C. CLI: commands <search option>GrdAPI: grdapi command <search option>

D. CLI: <search option> --helpGrdApi: grdapi <search option> --help=true


Explanation/Reference:To display the parameters for a particular command, enter the command followed by '--help=true'. For example:CLI> grdapi list_entry_location --help=true

Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmaskref.doc/cli_api/guardapi_reference.html


IBM.Test-king.C2150-606.v2018-11-26.by.Jeremy · 11/26/2018 · C2150-606.exam.33q Number :...

Documents

Transcript of IBM.Test-king.C2150-606.v2018-11-26.by.Jeremy · 11/26/2018 · C2150-606.exam.33q Number :...