Number: C2150-606 Passing Score: 800 Time Limit: 120 Min: IBM C2150-606 IBM Security Guardium V10.0 Administration

C2150-606
Number: C2150-606
Passing Score: 800
Time Limit: 120 min
IBM
C2150-606
IBM Security Guardium V10.0 Administration
www.vceplus.com - Download A+ VCE (latest) free Open VCE Exams - VCE to PDF Converter - VCE Exam Simulator - VCE Online - IT Certifications
Exam A
QUESTION 1
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.
Which CLI command should the administrator run?
A. iptraf
B. support show iptables
C. show network routes operational
D. support must_gather network_issues
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
support must_gather network_issues
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port
probingand other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity
on thishost).
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/
basic_information_for_ibm_support.html
QUESTION 2
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
A. Guardium Installation Manager (GIM) on the Database Server.

B. Configuration Auditing System (CAS) on the Database Server.
C. Configuration Auditing System (CAS) on the Guardium Collector.
D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.
Correct Answer: D
Section: (none)
Explanation
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in
ownership or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure
the actual change auditing functions from the Guardium portal.
The CAS server is a component of Guardium and runs on the Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
QUESTION 3
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report
showing all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not
want to run the report on each Collector.
What should the administrator do to simplify this task and run the report in only one place every week?
A. Replace the 4 Collectors with one Aggregator.

B. Create an Enterprise Report on one Collector combining the data.
C. Add a Guardium Aggregator to the environment. Create and run the report on the Aggregator.
D. Install a Configuration Auditing System (CAS) on each Database Server. Configure the CAS Client to send data to a Collector. Create and run the
report on the Collector.
Correct Answer: C
Section: (none)
Explanation
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the
Central Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of
other administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide
holistic views and generate enterprise-level reports.
Incorrect:
Not D: CAS does not monitor DML SQL Statements.
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or
other database or operating system components, including executable files or scripts used by the database management system or the operating
system. CAS tracks such changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 4
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The
Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?
A. Client OS
B. Client MAC
C. Access ID
D. Analyzed Client IP
Correct Answer: B
Section: (none)
Explanation
The column named smac is a Guardian Client/Server server which represents the Client MAC.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html
QUESTION 5
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized.
The Aggregators and Central Manager can handle more load.
What should a Guardium administrator recommend?
A. Deploy 2 new Collectors, 1 in each data center.

B. Connect S-TAPs directly to Aggregators to avoid network latency.
C. Connect S-TAPs directly to the Central Manager to avoid network latency.
D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.
Correct Answer: A
Section: (none)
Explanation
IBM recommends to use 1 aggregator for every 8 collectors.
QUESTION 6
Which use cases are covered with the File Activity Monitoring feature? (Select two.)
A. Classify sensitive files on mainframe systems.
B. Encrypts database data files on file systems based on policies.
C. Selectively redacts sensitive data patterns in files based on policies.
D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
E. Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.
Correct Answer: AE
Section: (none)
Explanation
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and
alert or block when unauthorized users or processes attempt access.
E: Use case example:

Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business.
Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data,
give you a view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users.
Note: File activity monitoring consists of the following capabilities:

* Discovery to inventory files and metadata.
* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.
* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on
inappropriate access, or even block access to the files to prevent data leakage.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
QUESTION 7
A Guardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator
wants to identify if the firewall ports are open.
How can the administrator do this?
A. Ask the company’s network administrators.

B. Ask IBM technical support to login as root and verify.
C. Login as CLI and execute telnet <ip address> <port number>
D. Login as CLI and execute support show port open <ip address> <port number>
Correct Answer: D
Section: (none)
Explanation
The support show port open command is similar to using telnet to detect an open TCP port locally or on a remote host.
If we are able to connect successfully you will see a message like: Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
If you are unable to connect you will see a message like: connect to 127.0.0.1 port 1 (tcp) failed: Connection refused
Syntax: support show port open

IP port - IP must be a valid IPv4 address like 127.0.0.1.
Port must be an integer with a value in 1-65535.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 8
A Guardium administrator needs to configure EMC Centera for Archive and/or Backup.
In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?
A. ClipID
B. PEA file
C. Shared secret
D. Certificate signed request (CSR)
Correct Answer: B
Section: (none)
Explanation
The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the
Centera Server and the PEA file from Centera.
QUESTION 9
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who
provided the shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?
A. fileserver
B. support execute showlog
C. show log external state
D. support must_gather system_db_info
Correct Answer: B
Section: (none)
Explanation
The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct
remote access it not available or permitted.
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for
eth0. Here is an example of the interfaces and MAC addresses:
Customer usage / Logged in as CLI
support execute <CMD String> <PMR #> <KEY>

# main execute command provided by Guardium Advanced Support
support execute showlog [<Secure Key>|main|files]
# Show usage logs
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 10
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the
appliance based on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?
A. Disk Util report

B. Aggregation/Archive log
C. DB Server throughput report
D. Buff Usage Monitor and System Monitor reports
Correct Answer: D
Section: (none)
Explanation
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/adm/self_monitoring.html
QUESTION 11
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator
wants to check the current CPU load of the Guardium appliance.
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?
A. CPU Util report

B. CPU Tracker report
C. Unit summary and CPU Util report
D. Buff Usage Monitor and System monitor report
Correct Answer: D
Section: (none)
Explanation
To monitor CPU load:
Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for
report : Current Status Monitor for more information.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html
QUESTION 12
A Guardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from
this application, performance of the S-TAP and sniffer is a concern.
What action should the administrator use in the rule?
A. Ignore Session
B. Ignore S-TAP Session
C. Ignore SQL per Session
D. Ignore Responses per Session
Correct Answer: B
Section: (none)
Explanation
You can ignore capturing the activity of some specific processes by defining INGNORE S-TAP SESSION policy.
QUESTION 13
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for
the update to be synced with the managed units in a fully working environment?
A. 0 minutes
B. 15 minutes
C. 30 minutes
D. 60 minutes
Correct Answer: D
Section: (none)
Explanation
The managed units might not use that data to update their user tables until up to 1 hour after it is received.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/
synchronizing_portal_user_accounts.html?lang=en
QUESTION 14
A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from
Data Backup.
Which CLI command should the administrator use to accomplish this?
A. restore config
B. restore system
C. restore pre-patch-backup
D. restore certificate sniffer backup
Correct Answer: B
Section: (none)
Explanation
System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To
restore backed up system information, use the restore system CLI command
Incorrect:
Not A: restore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in
the /media/backup directory. The backup config command removes license and other machine-specific information. The backup system command
provides a more comprehensive backup of the configuration and the entire system.
Not C: restore pre-patch-backup is related to patch installations.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/
file_handling_cli_commands.html
QUESTION 15
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to
monitor live network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?
A. diag and iptraf

B. diag and trace_route
C. iptraf and support must_gather
D. support must_gather and show network verify
Correct Answer: C
Section: (none)
Explanation
Iptraf utility generates network statistics based on current network activity.
Incorrect:
Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software
Support. Diag collects comprehensive diagnostic data.
Not D: The show network verify command displays the current network configuaration.
QUESTION 16
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy.
Which port should the administrator use to configure IP teaming (bonding)?
A. eth1 only
B. eth2 only
C. eth3 only
D. any port
Correct Answer: D
Section: (none)
Explanation
Bonding or teaming turns eth0 and another specified network interface card (NIC) into a bonded pair with standby failover.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/config/system_configuration.html
QUESTION 17
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The
administrator uses support show db-top-tables all and finds the size of the largest tables has decreased significantly.
What should the administrator do?
A. Increase the retention period and rerun the purge.

B. Rebuild the appliance and restore from the backup.
C. Login to CLI and execute stop inspection-core.
D. Optimize the internal TURBINE database using diag CLI command.
Correct Answer: D
Section: (none)
Explanation
If you when using IBM InfoSphere Guardium product, you notice the database disk space is growing at a fast rate. This is caused by sniffer not able to
handle some types of SQLs (usually a sniffer bug). This failure to handle the SQLs occurs frequently enough that GDM_ERROR table grows at a fast
rate which then translates to database disk space usage growth. Use command support show db-status used % to show database used space.
Run an Optimize to optimize the TURBINE database. This will reorganize the data in all tables, including GDM_ERROR, which will result in reflecting
the current actual reduced size.
Incorrect:
Not C: The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core"
CLI command.
QUESTION 18
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are
in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?
A. Include the PVU load of passive nodes.

B. Include half of the passive nodes PVU load.
C. Include a third of the passive nodes PVU load.
D. Not include the PVU load of passive nodes.
Correct Answer: D
Section: (none)
Explanation
In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active
server.
Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38
QUESTION 19
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment
tests keep up with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed
tests.
What should the Guardium administrator do to update the tests that will be run?
A. Install the latest patch on the Guardium appliance.

B. Install the latest released Database Activity Monitor Content.
C. Ask the database administrators to provide the default tests.
D. Ask the Company Security Provider to supply the default tests
Correct Answer: B
Section: (none)
Explanation
Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of
predefined assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
guardium_administration_guide_cover.html
QUESTION 20
During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered.
How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?
A. Install S-TAP agents on all active nodes. Set ALL_CAN_CONTROL=1 to failover the S-TAP process to the passive nodes when a database failover
occurs.
B. Install S-TAP agents on all active nodes. Set WAIT_FOR_DB_EXEC=-1 to set the agent process to failover to the passive node when a database
failover occurs.
C. Install S-TAP agents on all active and passive nodes. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.
D. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a
correct DB home.
Correct Answer: A
Section: (none)
Explanation
To properly support load balancing, the Guardium S-TAP agents must be configured properly.
Add, uncomment, or modify the settings on your S-TAP Configuration to look like the following examples.
See the Guardium product documentation on how and where to adjust the S-TAP configuration file, as well as for updated guidance from IBM.
* Sqlguard_ip = <Your BIG-IP Virtual Server IP address/hostname>
For example: Sqlguard_ip = 192.0.2.123
* Participate_load_balancing = 3
* All_can_control = 1
Sqlguard_ip is the address you will define on BIG-IP LTM during the Virtual Server configuration.
Participate in Load balancing allows the S-TAP to send session information on every failover to the appliance.
All Can Control allows the S-TAP to be able to edit S-TAP configurations through GUI.
Note: all_can_control
. 0=S-TAP can be controlled only from the primary Guardium system. 1=S-TAP can be controlled from any Guardium system.
Reference: https://www.f5.com/pdf/deployment-guides/ibm-guardium-dg.pdf
QUESTION 21
A Guardium administrator has an issue with Guardium. The administrator has not seen this particular issue before and needs to get it fixed.
To get this resolved, what should the administrator do?
A. Log a PMR and request an answer from IBM Support.
B. Log a PMR so IBM Support can contact the customer. Then, while waiting, do a search of the Guardium Knowledge Center and Technotes for
known issues and resolutions.
C. Request IBM Support to initiate a remote session and collect what they need to resolve the issue.
D. Search Guardium Knowledge Center and Technotes for known issues and resolutions. Then, if still needed, collect must_gather information and full
problem details required for a new PMR so that IBM Support can review the problem before contacting the customer.
Correct Answer: D
Section: (none)
Explanation
Before you call IBM Support, collect basic diagnostic information about your Guardium system.
Use support must_gather commands, which can be run through the CLI to generate specific information about the state of any Guardium system. This
information can also be collected through the Guardium GUI.
This information can be uploaded from the Guardium system and sent to IBM Support whenever a Problem Management Report (PMR) is logged.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/
basic_information_for_ibm_support.html
QUESTION 22
A Guardium administrator is creating a policy to alert on actions by users that are stored on an LDAP server.
How can the administrator populate a group to use in the policy?
A. Schedule the LDAP user import into the group.

B. Schedule the LDAP user import from accessmgr and run portal user sync.
C. Schedule the LDAP user import from accessmgr and populate the group from a query.
D. Populate the group from a query in access domain with a condition on the LDAP server as the Server IP.
Correct Answer: C
Section: (none)
Explanation
To populate groups from an LDAP server, first define a group, and then configure an import operation to obtain the appropriate set of members from an
LDAP server. You use a query for this purpose.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-common_tools_help1_book/topics/
building_groups.html
QUESTION 23
A Guardium administrator is preparing a command to install Configuration Auditing System (CAS) on a Linux server using the command line method.
Which parameter is required?
A. dir
B. tapip
C. java-home
D. sqlguardip
Correct Answer: D
Section: (none)
Explanation
QUESTION 24
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection
Engine is not configured for that S-TAP.
What is an Inspection Engine?
A. A piece of software residing on the Collectors.

B. Another software to be installed on the Database server.
C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.
Correct Answer: C
Section: (none)
Explanation
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol
(Oracle or Sybase, for example).
The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and
logs detailed information about that traffic to an internal database.
Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards
information about that traffic to a Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
inspection_engine_configuration.html
QUESTION 25
Which port must be open for encrypted communication between UNIX S-TAP and Collector?
A. 9500
B. 16016
C. 16017
D. 16018
Correct Answer: D
Section: (none)
Explanation
The ports for CAS pertain to Change Audit System. If CAS is installed, those ports must be opened as well. Please enable the ports as listed in the table
below, depending on whether you want the traffic between the STAP and the collector to be encrypted or not.
16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

16017: Clear Unix CAS
16018: Encrypted Unix S-TAP (optional)
16019: Encrypted Unix CAS (optional)
QUESTION 26
A Guardium administrator observes certain changes to the configuration and policies.
How would the administrator identify the changes that were made and who made them?
A. Review the Audit Process Log report.

B. Review the sniffer buffer usage report.
C. Review the /var/log/messages log file.
D. Review the results of ‘Detailed Guardium User Activity’ report.
Correct Answer: D
Section: (none)
Explanation
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced.
* User Activity Audit Trail
* System/Security Activities
* Detailed Guardium User Activity (Drill-Down)
Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the
Activity Type Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and
a count of Guardium User Activity Audits entities.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/
predefined_admin_reports.html
QUESTION 27
The guard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=1
firewall_default_state=1
firewall_timeout=10
The collector that this S-TAP is sending data to has become unavailable and there is no failover option configured. A Guardium administrator must
communicate the impact of this outage to users of the monitored database.
What should the administrator advise is the expected behavior for a database session?
A. The session will not experience any latency or termination.

B. No SQL can be executed and after 10 seconds the session will be terminated.
C. In the first 10 seconds of the session SQL can be executed, then the session is terminated.
D. In the first 10 seconds of the session no SQL can be executed, then the session will work as normal.
Correct Answer: C
Section: (none)
Explanation
The firewall_timeout is the time in seconds to wait for a verdict from the Guardium system if timed out. Look at firewall_fail_close value to know whether
to block or allow the connection. The value can be any integer value.
The firewall_fail_close: If the verdict does not come back from the Guardium system and the firewall_timeout is passed, then if firewall_close = 0 the
connection will go through; if firewall_close=1 the connection will be blocked.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.stap/stap/r_stapparmsu_firewall.html?lang=en
QUESTION 28
A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored
so that it does not impact the current data being collected or any merge settings. In order to keep the reports separate (old data vs current data), the
administrator sets up an Investigation Center.
Which is a key requirement for users of the Investigation Center?
A. The user must be in one of the groups INV_1, INV_2, or INV_3 (case-sensitive).
B. The users must login as one of the predefined user accounts INV_1, INV_2, or INV_3 (case-sensitive).
C. A separate user must be used with a role of either INV_1, INV_2, or INV_3 (case-sensitive).
D. To correctly configure an investigation user, the user’s Last Name must be set to the name of one of the three investigation databases, INV_1,
INV_2, or INV_3 (case-sensitive).
Correct Answer: D
Section: (none)
Explanation
To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases - 'INV_1',
'INV_2', or 'INV_3' (case-sensitive).
When creating an investigation user, it is suggested that the user's name correspond or have some representation that denotes which investigation
database that will be used. For instance, if a user will be using the INV_1 database, the user's name could be "john1" or "inv1" .
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium91.doc/aggregation_cm/topics/
investigation_center.html
QUESTION 29
A Guardium administrator needs to build new appliances with the latest version of Guardium.
How should the administrator obtain the ISO image?
A. Contact IBM Support.

B. Download from ibm.com
C. Download from IBM Fix Central.
D. Download from IBM Passport Advantage.
Correct Answer: D
Section: (none)
Explanation
On Passport Advantage (PA) you will find Guardium Product Image - ISO file, Licences, Product Keys, Manuals, etc. You may only download products
that your are entitled.

Number: C2150-606 Passing Score: 800 Time Limit: 120 Min: IBM C2150-606 IBM Security Guardium V10.0 Administration

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Number: C2150-606 Passing Score: 800 Time Limit: 120 Min: IBM C2150-606 IBM Security Guardium V10.0 Administration

Uploaded by

Copyright:

Available Formats

C2150-606

IBM Security Guardium V10.0 Administration

Which CLI command should the administrator run?

A. Guardium Installation Manager (GIM) on the Database Server.

A. Replace the 4 Collectors with one Aggregator.

What should a Guardium administrator recommend?

A. Deploy 2 new Collectors, 1 in each data center.

A. Classify sensitive files on mainframe systems.

E: Use case example:

Note: File activity monitoring consists of the following capabilities:

How can the administrator do this?

A. Ask the company’s network administrators.

Syntax: support show port open

Customer usage / Logged in as CLI

support execute <CMD String> <PMR #> <KEY>

A. Disk Util report

A. CPU Util report

What action should the administrator use in the rule?

Which CLI command should the administrator use to accomplish this?

A. diag and iptraf

Which port should the administrator use to configure IP teaming (bonding)?

What should the administrator do?

A. Increase the retention period and rerun the purge.

How should the administrator treat the PVUs of passive nodes?

A. Include the PVU load of passive nodes.

A. Install the latest patch on the Guardium appliance.

To get this resolved, what should the administrator do?

How can the administrator populate a group to use in the policy?

A. Schedule the LDAP user import into the group.

Which parameter is required?

What is an Inspection Engine?

A. A piece of software residing on the Collectors.

16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

A. Review the Audit Process Log report.

A. The session will not experience any latency or termination.

Which is a key requirement for users of the Investigation Center?

How should the administrator obtain the ISO image?

A. Contact IBM Support.

You might also like