C2150-606.exam.32q: Website: VCE To PDF Converter: Facebook: Twitter

C2150-606.exam.
32q
Number: C2150-606
Passing Score: 800
Time Limit: 120 min
Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
https://vceplus.com/
C2150-606
IBM Security Guardium V10.0 Administration

Exam A
QUESTION 1
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data
safety.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Given this scenario, which is true regarding the purge schedule?
A. The Archive and the Export have independent purge schedules but should not be run at the same time.
B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
C. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to
archive.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is
active, the starting purge date that is specified here must be greater than the Export data older than value
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
QUESTION 2
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.
Which CLI command should the administrator run?
A. iptraf
B. support show iptables
C. show network routes operational
D. support must_gather network_issues
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference: support
must_gather network_issues
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand
other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost).
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/
basic_information_for_ibm_support.html
QUESTION 3
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
A. Guardium Installation Manager (GIM) on the Database Server.

B. Configuration Auditing System (CAS) on the Database Server.
C. Configuration Auditing System (CAS) on the Guardium Collector.
D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.
Correct Answer: D
Section: (none)
Explanation
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership
or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change
auditing functions from the Guardium portal.
The CAS server is a component of Guardium and runs on the Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
QUESTION 4
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing
all
Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the report
on each Collector.
What should the administrator do to simplify this task and run the report in only one place every week?
A. Replace the 4 Collectors with one Aggregator.

B. Create an Enterprise Report on one Collector combining the data.
C. Add a Guardium Aggregator to the environment. Create and run the report on the Aggregator.
D. Install a Configuration Auditing System (CAS) on each Database Server. Configure the CAS Client to send data to a Collector. Create and run the report on the
Collector.
Correct Answer: C
Section: (none)
Explanation
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central
Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other
administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and
generate enterprise-level reports.
Incorrect:
Not D: CAS does not monitor DML SQL Statements.
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other database
or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks such
changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. Reference: http://www-
01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 5
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium
administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?
A. Client OS
B. Client MAC
C. Access ID
D. Analyzed Client IP
Correct Answer: B
Section: (none)
Explanation
The column named smac is a Guardian Client/Server server which represents the Client MAC.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html
QUESTION 6
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The
Aggregators and Central Manager can handle more load.
What should a Guardium administrator recommend?
A. Deploy 2 new Collectors, 1 in each data center.

B. Connect S-TAPs directly to Aggregators to avoid network latency.
C. Connect S-TAPs directly to the Central Manager to avoid network latency.
D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.
Correct Answer: A
Section: (none)
Explanation
IBM recommends to use 1 aggregator for every 8 collectors.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 7
Which use cases are covered with the File Activity Monitoring feature? (Select two.)
A. Classify sensitive files on mainframe systems.

B. Encrypts database data files on file systems based on policies.
C. Selectively redacts sensitive data patterns in files based on policies.
D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
E. Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.
.
Correct Answer: AE
Section: (none)
Explanation
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block
when unauthorized users or processes attempt access.
E: Use case example:

Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business.
Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you a
view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users.
Note: File activity monitoring consists of the following capabilities:

* Discovery to inventory files and metadata.
* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.
* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access,
or even block access to the files to prevent data leakage.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
QUESTION 8
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the
shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?
A. fileserver
B. support execute showlog
C. show log external state
D. support must_gather system_db_info
Correct Answer: B
Section: (none)
Explanation
The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote
access it not available or permitted.
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here
is an example of the interfaces and MAC addresses: Customer usage / Logged in as CLI
support execute <CMD String> <PMR #> <KEY>

# main execute command provided by Guardium Advanced Support
support execute showlog [<Secure Key>|main|files]
# Show usage logs
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 9
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based
on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?
A. Disk Util report

B. Aggregation/Archive log
C. DB Server throughput report
D. Buff Usage Monitor and System Monitor reports
Correct Answer: D
Section: (none)
Explanation
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/adm/self_monitoring.html
QUESTION 10
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to
check the current CPU load of the Guardium appliance.
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?
A. CPU Util report

B. CPU Tracker report
C. Unit summary and CPU Util report
D. Buff Usage Monitor and System monitor report
Correct Answer: D
Section: (none)
Explanation
To monitor CPU load:
Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for report :
Current Status Monitor for more information.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html
QUESTION 11
A Guardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from this
application, performance of the S-TAP and sniffer is a concern.
What action should the administrator use in the rule?
A. Ignore Session
B. Ignore S-TAP Session
C. Ignore SQL per Session
D. Ignore Responses per Session
Correct Answer: B
Section: (none)
Explanation
You can ignore capturing the activity of some specific processes by defining INGNORE S-TAP SESSION policy.
QUESTION 12
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update
to be synced with the managed units in a fully working environment?
A. 0 minutes
B. 15 minutes
C. 30 minutes
D. 60 minutes
Correct Answer: D
Section: (none)
Explanation
The managed units might not use that data to update their user tables until up to 1 hour after it is received.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/
synchronizing_portal_user_accounts.html?lang=en
QUESTION 13
A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from Data
Backup.
Which CLI command should the administrator use to accomplish this?
A. restore config
B. restore system
C. restore pre-patch-backup
D. restore certificate sniffer backup
Correct Answer: B
Section: (none)
Explanation
System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To restore
backed up system information, use the restore system CLI command
Incorrect:
Not A: restore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the
/media/ backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a
more comprehensive backup of the configuration and the entire system. Not C: restore pre-patch-backup is related to patch installations.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/
file_handling_cli_commands.html
QUESTION 14
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=0
firewall_default_state=0
firewall_timeout=10
A Guardium administrator applies a policy to the Collector with two rules as below. The actions of the rules have been hidden.
The administrator must create a policy that will terminate the session on the delete statement in the below scenario:
A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
What actions should the administrator configure?
A. Rule 1 - S-GATE AttachRule

2 - S-GATE Detach
B. Rule 1 - S-GATE
DetachRule 2 - S-GATE
Terminate
C. Rule 1 - S-GATE AttachRule
2 - S-GATE Terminate
D. Rule 1 - S-TAP
TerminateRule 2 - S-GATE
Terminate
Correct Answer: A
Section: (none)
Explanation
Note:
* S-GATE ATTACH: sets S-GATE mode to "Attached" for a specific session.
Intended for use when a certain criteria is met that raises the need to closely watch (and if needed block) the traffic on that session.
* S-GATE DETACH: sets S-GATE mode to "Detached" for a specific session.
Intended for use on sessions that are considered as "safe" or sessions that cannot tolerate any latency.
* S-GATE TERMINATE: Has effect only when the session is attached. It drops the reply of the firewalled request, which will terminate the session on some
databases. The S-GATE TERMINATE policy rule will cause a previously watched session to terminate.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 15
A Guardium policy has been configured with the following two rules:
A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object “TABLE1”.
What domain(s) can the administrator create a report in to see the SQL?
A. Access
B. Policy Violations
C. Access and Access Policy
D. Access and Policy Violations
Correct Answer: A
Section: (none)
Explanation
The Log full details action logs the full SQL string and exact timestamp for this request.
The Access domain consists of all monitored SQL requests.
QUESTION 16
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live
network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?
A. diag and iptraf

B. diag and trace_route
C. iptraf and support must_gather
D. support must_gather and show network verify
Correct Answer: C
Section: (none)
Explanation
Iptraf utility generates network statistics based on current network activity.
Incorrect:
Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software Support. Diag
collects comprehensive diagnostic data.
Not D: The show network verify command displays the current network configuaration.
QUESTION 17
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy.
Which port should the administrator use to configure IP teaming (bonding)?
A. eth1 only
B. eth2 only
C. eth3 only
D. any port
Correct Answer: D
Section: (none)
Explanation
Bonding or teaming turns eth0 and another specified network interface card (NIC) into a bonded pair with standby failover.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/config/system_configuration.html
QUESTION 18
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses
support show db-top-tables all and finds the size of the largest tables has decreased significantly.
What should the administrator do?
A. Increase the retention period and rerun the purge.

B. Rebuild the appliance and restore from the backup.
C. Login to CLI and execute stop inspection-core.
D. Optimize the internal TURBINE database using diag CLI command.
Correct Answer: D
Section: (none)
Explanation
If you when using IBM InfoSphere Guardium product, you notice the database disk space is growing at a fast rate. This is caused by sniffer not able to handle
some types of SQLs (usually a sniffer bug). This failure to handle the SQLs occurs frequently enough that GDM_ERROR table grows at a fast rate which then
translates to database disk space usage growth. Use command support show db-status used % to show database used space.
Run an Optimize to optimize the TURBINE database. This will reorganize the data in all tables, including GDM_ERROR, which will result in reflecting the current
actual reduced size.
Incorrect:
Not C: The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core" CLI
command.
QUESTION 19
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/
passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?
A. Include the PVU load of passive nodes.

B. Include half of the passive nodes PVU load.
C. Include a third of the passive nodes PVU load.
D. Not include the PVU load of passive nodes.
Correct Answer: D
Section: (none)
Explanation
In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active server.
Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38
QUESTION 20
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up
with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?
A. Install the latest patch on the Guardium appliance.
B. Install the latest released Database Activity Monitor Content.
C. Ask the database administrators to provide the default tests.
D. Ask the Company Security Provider to supply the default tests
Correct Answer: B
Section: (none)
Explanation
Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of predefined
assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
guardium_administration_guide_cover.html
QUESTION 21
During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered.
How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?
A. Install S-TAP agents on all active nodes. Set ALL_CAN_CONTROL=1 to failover the S-TAP process to the passive nodes when a database failover occurs.
B. Install S-TAP agents on all active nodes. Set WAIT_FOR_DB_EXEC=-1 to set the agent process to failover to the passive node when a database failover
occurs.
C. Install S-TAP agents on all active and passive nodes. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.
D. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a correct DB
home.
Correct Answer: A
Section: (none)
Explanation
To properly support load balancing, the Guardium S-TAP agents must be configured properly.
Add, uncomment, or modify the settings on your S-TAP Configuration to look like the following examples.
See the Guardium product documentation on how and where to adjust the S-TAP configuration file, as well as for updated guidance from IBM.
* Sqlguard_ip = <Your BIG-IP Virtual Server IP address/hostname>
For example: Sqlguard_ip = 192.0.2.123
* Participate_load_balancing = 3
* All_can_control = 1
Sqlguard_ip is the address you will define on BIG-IP LTM during the Virtual Server configuration.
Participate in Load balancing allows the S-TAP to send session information on every failover to the appliance.
All Can Control allows the S-TAP to be able to edit S-TAP configurations through GUI.
Note: all_can_control
. 0=S-TAP can be controlled only from the primary Guardium system. 1=S-TAP can be controlled from any Guardium system.
Reference: https://www.f5.com/pdf/deployment-guides/ibm-guardium-dg.pdf
QUESTION 22
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not
configured for that S-TAP.
What is an Inspection Engine?
A. A piece of software residing on the Collectors.

B. Another software to be installed on the Database server.
C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.
Correct Answer: C
Section: (none)
Explanation
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or
Sybase, for example).
The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailed
information about that traffic to an internal database.
Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/inspection_engine_configuration.html
QUESTION 23
Which port must be open for encrypted communication between UNIX S-TAP and Collector?
A. 9500
B. 16016
C. 16017
D. 16018
Correct Answer: D
Section: (none)
Explanation
The ports for CAS pertain to Change Audit System. If CAS is installed, those ports must be opened as well. Please enable the ports as listed in the table below,
depending on whether you want the traffic between the STAP and the collector to be encrypted or not.
16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

16017: Clear Unix CAS
16018: Encrypted Unix S-TAP (optional)
16019: Encrypted Unix CAS (optional)
QUESTION 24
A Guardium administrator observes certain changes to the configuration and policies.
How would the administrator identify the changes that were made and who made them?
A. Review the Audit Process Log report.

B. Review the sniffer buffer usage report.
C. Review the /var/log/messages log file.
D. Review the results of ‘Detailed Guardium User Activity’ report.
Correct Answer: D
Section: (none)
Explanation
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced.
* User Activity Audit Trail
* System/Security Activities
* Detailed Guardium User Activity (Drill-Down)
Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the Activity Type
Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and a count of Guardium
User Activity Audits entities.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/predefined_admin_reports.html
QUESTION 25
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector.
What must the administrator ensure when setting up this environment?
A. Both Collectors are centrally managed.

B. There is network connectivity between the S-TAP and both Collectors.
C. Guardium Installation Manager (GIM) is installed on the Database Server.
D. In the guard_tap.ini file of the S-TAP set participate_in_load_balancing=1
Correct Answer: B
Section: (none)
Explanation
Failover S-TAP configuration option
In this configuration (as displayed below), the S-TAP is configured to register with multiple collectors but sends traffic only to one collector at a time. S-TAP in this
configuration sends all of its traffic to one collector, unless it encounters connectivity issues to that collector that triggers a failover to a secondary collector as
configured. This is the most widely used S-TAP configuration to date.
Example, Failover S-TAP configuration option
Reference: Deployment Guide for InfoSphere Guardium (RedBooks), pages 12-13
QUESTION 26
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project
expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?
A. ia64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk
C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk
Correct Answer: B
Section: (none)
Explanation
The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). A minimum of 4 cores is also required.
QUESTION 27
A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to Standard
Guardium DAM offering.
Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)
A. Run Vulnerability Assessment reports

B. Generate audit reports using PCI-DSS Accelerator
C. Block and quarantine an unauthorized database connection
D. Mask sensitive PCI-DSS information from web application interface
E. Log and alert all database activities that access PCI-DSS Sensitive Objects.
Correct Answer: AB
Section: (none)
Explanation
B: Guardium comes with out of the box compliance regulation accelerators.
Incorrect:
Not C, Not D: DAM Advanced is DAM Standard functionality plus fine-grained access control, masking, quarantine, and blocking (activity terminate).
Note: Payment Card Industry (PCI) Data Security Standard (DSS) is a set of technical and operational requirements designed to protect cardholder data and
applies to all organizations who store, process, use, or transmit cardholder data.
Review the following information to determine which license key must be added. This will depend on what features of the product have been purchased.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.install/install/licenses.html
QUESTION 28
In a centrally managed environment, while executing the report ‘Enterprise Buffer Usage Monitor’, a Guardium administrator gets an empty report.
Why is the report empty?
A. Sniffers are not running on the Collectors.

B. The report is not executed with a remote source on the Collector.
C. The report is not executed with a remote source on the Aggregator.
D. Correct custom table upload is not scheduled on the Central Manager.
Correct Answer: C
Section: (none)
Explanation
A central manager can run a report on a managed unit as a remote source. We can check if the remote source on the report set to "none"on the Aggregator.
Note: Enterprise Buffer Usage Monitor report shows the aggregate of sniffer buffer usage from all managed units. It is based on the Enterprise Buffer Usage query.
QUESTION 29
Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct?
(Select 2)
A. Restart the Anomaly detection process

B. Send a test email with CLI diag command
C. From the GUI Alerter page, test the SMTP connection
D. Create a query in access domain to see the sent messages
E. Obtain the syslog file from fileserver and check for SMTP messages
Correct Answer: BC
Section: (none)
Explanation
B: Use this command to send a test email using the configured SMTP server.
1. Select Test Email from the Interactive Queries menu.

2. You are prompted to select a recipient. Select Custom and press Enter.
3. You are prompted to supply an email address. Type an email address and press Enter. You will be informed of the output of the operation.
C: Note that on the Administration Console, the Test Connection link in the SMTP pane of the Alerter configuration panel only tests that an SMTP port is
configured, not that mail can actually be delivered via that server. You can use this command to test email delivery without having to configure and trigger a
statistical or realtime alert, or an audit process notification.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/diag_cli_command.html
QUESTION 30
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product.
Which of the following are correct with regards to these features? (Select two.)
A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.
Correct Answer: DE
Section: (none)
Explanation
D: Guardium Vulnerability Assessment enables you to identify and correct security vulnerabilities in your database infrastructure.
E: As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may be
present in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers and
acquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement projects
between disparate systems can easily leave sensitive data unknown and unprotected.
Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.
Incorrect:
Not A: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system. Guardium S-TAP includes support for:
Capture of all database activities on DB2 for z/OS by privileged users, mainframe-resident applications, and network clients
Capture of critical operations such as SELECTs, DML, DDL, GRANTS, and REVOKES
Not C: Use Guardium’s predefined database entitlement (privilege) reports) to see who has system privileges and who has granted these privileges to other users
and roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from
lingering accounts or ill-granted privileges.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/assess/va_intro.html?lang=en
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/discover/topics/classification.html
QUESTION 31
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no
requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?
A. Log Only
B. Alert Only
C. Alert Daily
D. Alert Per Match
Correct Answer: C
Section: (none)
Explanation
Guardium Version 9 introduced a new policy rule action - ALERT ONLY.
This rule action will populate only the message tables and constructs. It will no longer populate Policy Violations tables. With this policy rule action logging Policy
Violations in IBM InfoSphere Guardium can be avoided.
Alert Only - action that will write to message and message_text tables. This action permits all policy violation notifications to be sent to a remote destination.
Designed to improve Guardium integration with other database security solutions.
Incorrect:
Not C: Alert Daily sends notifications only the first time the rule is matched each day.
QUESTION 32
A Guardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses
needed to provide functionality for data activity monitoring, masking and blocking (terminate).
Which of the following lists the minimum licenses the administrator needs to install?
A. Base Collector license.

B. None, the licenses required are already installed automatically by the Guardium product installer.
C. Base Collector license plus IBM Security Guardium Standard Activity Monitor for Databases (DAM Standard).
D. Base Collector license plus IBM Security Guardium Advanced Activity Monitor for Databases (DAM Advanced.).
Correct Answer: D
Section: (none)
Explanation
Data Activity Monitor and Audit - Advanced: All capabilities in Data Activity Monitor Audit - Standard, plus the ability to:
* Block data traffic according to policy (data-level access control)
* Mask unauthorized extraction of sensitive dataEtc.
Reference: http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/897/ENUS215-173/index.html&lang=en&request_locale=en

C2150-606.exam.32q: Website: VCE To PDF Converter: Facebook: Twitter

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

C2150-606.exam.32q: Website: VCE To PDF Converter: Facebook: Twitter

Uploaded by

Copyright:

Available Formats

C2150-606.exam.

IBM Security Guardium V10.0 Administration

Which CLI command should the administrator run?

A. Guardium Installation Manager (GIM) on the Database Server.

A. Replace the 4 Collectors with one Aggregator.

What should a Guardium administrator recommend?

A. Deploy 2 new Collectors, 1 in each data center.

A. Classify sensitive files on mainframe systems.

E: Use case example:

Note: File activity monitoring consists of the following capabilities:

support execute <CMD String> <PMR #> <KEY>

A. Disk Util report

A. CPU Util report

What action should the administrator use in the rule?

Which CLI command should the administrator use to accomplish this?

What actions should the administrator configure?

A. Rule 1 - S-GATE AttachRule

A. diag and iptraf

Which port should the administrator use to configure IP teaming (bonding)?

What should the administrator do?

A. Increase the retention period and rerun the purge.

How should the administrator treat the PVUs of passive nodes?

A. Include the PVU load of passive nodes.

What is an Inspection Engine?

A. A piece of software residing on the Collectors.

16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

A. Review the Audit Process Log report.

What must the administrator ensure when setting up this environment?

A. Both Collectors are centrally managed.

Example, Failover S-TAP configuration option

A. Run Vulnerability Assessment reports

Why is the report empty?

A. Sniffers are not running on the Collectors.

A. Restart the Anomaly detection process

1. Select Test Email from the Interactive Queries menu.

A. Base Collector license.

You might also like