Professional Documents
Culture Documents
C2150-606.exam.32q: Website: VCE To PDF Converter: Facebook: Twitter
C2150-606.exam.32q: Website: VCE To PDF Converter: Facebook: Twitter
32q
Number: C2150-606
Passing Score: 800
Time Limit: 120 min
Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
https://vceplus.com/
C2150-606
QUESTION 1
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data
safety.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Given this scenario, which is true regarding the purge schedule?
https://vceplus.com/
A. The Archive and the Export have independent purge schedules but should not be run at the same time.
B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
C. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to
archive.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is
active, the starting purge date that is specified here must be greater than the Export data older than value
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
QUESTION 2
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.
A. iptraf
B. support show iptables
C. show network routes operational
D. support must_gather network_issues
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference: support
must_gather network_issues
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand
other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost).
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/
basic_information_for_ibm_support.html
QUESTION 3
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership
or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change
auditing functions from the Guardium portal.
The CAS server is a component of Guardium and runs on the Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
QUESTION 4
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing
all
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the report
on each Collector.
What should the administrator do to simplify this task and run the report in only one place every week?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central
Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other
administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and
generate enterprise-level reports.
Incorrect:
Not D: CAS does not monitor DML SQL Statements.
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other database
or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks such
changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. Reference: http://www-
01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 5
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium
administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?
A. Client OS
B. Client MAC
C. Access ID
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. Analyzed Client IP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The column named smac is a Guardian Client/Server server which represents the Client MAC.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html
QUESTION 6
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The
Aggregators and Central Manager can handle more load.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
IBM recommends to use 1 aggregator for every 8 collectors.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 7
Which use cases are covered with the File Activity Monitoring feature? (Select two.)
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
.
https://vceplus.com/
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block
when unauthorized users or processes attempt access.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
QUESTION 8
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the
shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. fileserver
B. support execute showlog
C. show log external state
D. support must_gather system_db_info
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote
access it not available or permitted.
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here
is an example of the interfaces and MAC addresses: Customer usage / Logged in as CLI
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 9
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based
on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?
Correct Answer: D
Section: (none)
Explanation
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation/Reference:
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/adm/self_monitoring.html
QUESTION 10
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to
check the current CPU load of the Guardium appliance.
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
To monitor CPU load:
Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for report :
Current Status Monitor for more information.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html
QUESTION 11
A Guardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from this
application, performance of the S-TAP and sniffer is a concern.
A. Ignore Session
B. Ignore S-TAP Session
C. Ignore SQL per Session
D. Ignore Responses per Session
Correct Answer: B
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Section: (none)
Explanation
Explanation/Reference:
You can ignore capturing the activity of some specific processes by defining INGNORE S-TAP SESSION policy.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21497163
QUESTION 12
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update
to be synced with the managed units in a fully working environment?
A. 0 minutes
B. 15 minutes
C. 30 minutes
D. 60 minutes
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
The managed units might not use that data to update their user tables until up to 1 hour after it is received.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/
synchronizing_portal_user_accounts.html?lang=en
QUESTION 13
A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from Data
Backup.
A. restore config
B. restore system
C. restore pre-patch-backup
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. restore certificate sniffer backup
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To restore
backed up system information, use the restore system CLI command
Incorrect:
Not A: restore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the
/media/ backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a
more comprehensive backup of the configuration and the entire system. Not C: restore pre-patch-backup is related to patch installations.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/
file_handling_cli_commands.html
QUESTION 14
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=0
firewall_default_state=0
firewall_timeout=10
A Guardium administrator applies a policy to the Collector with two rules as below. The actions of the rules have been hidden.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
The administrator must create a policy that will terminate the session on the delete statement in the below scenario:
A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
C. Rule 1 - S-GATE AttachRule
2 - S-GATE Terminate
D. Rule 1 - S-TAP
TerminateRule 2 - S-GATE
Terminate
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Note:
* S-GATE ATTACH: sets S-GATE mode to "Attached" for a specific session.
Intended for use when a certain criteria is met that raises the need to closely watch (and if needed block) the traffic on that session.
* S-GATE DETACH: sets S-GATE mode to "Detached" for a specific session.
Intended for use on sessions that are considered as "safe" or sessions that cannot tolerate any latency.
* S-GATE TERMINATE: Has effect only when the session is attached. It drops the reply of the firewalled request, which will terminate the session on some
databases. The S-GATE TERMINATE policy rule will cause a previously watched session to terminate.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 15
A Guardium policy has been configured with the following two rules:
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object “TABLE1”.
What domain(s) can the administrator create a report in to see the SQL?
A. Access
B. Policy Violations
C. Access and Access Policy
D. Access and Policy Violations
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The Log full details action logs the full SQL string and exact timestamp for this request.
The Access domain consists of all monitored SQL requests.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 16
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live
network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
https://vceplus.com/
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Iptraf utility generates network statistics based on current network activity.
Incorrect:
Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software Support. Diag
collects comprehensive diagnostic data.
Not D: The show network verify command displays the current network configuaration.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21690345
QUESTION 17
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy.
A. eth1 only
B. eth2 only
C. eth3 only
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. any port
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Bonding or teaming turns eth0 and another specified network interface card (NIC) into a bonded pair with standby failover.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/config/system_configuration.html
QUESTION 18
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses
support show db-top-tables all and finds the size of the largest tables has decreased significantly.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
If you when using IBM InfoSphere Guardium product, you notice the database disk space is growing at a fast rate. This is caused by sniffer not able to handle
some types of SQLs (usually a sniffer bug). This failure to handle the SQLs occurs frequently enough that GDM_ERROR table grows at a fast rate which then
translates to database disk space usage growth. Use command support show db-status used % to show database used space.
Run an Optimize to optimize the TURBINE database. This will reorganize the data in all tables, including GDM_ERROR, which will result in reflecting the current
actual reduced size.
Incorrect:
Not C: The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core" CLI
command.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21700128
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
QUESTION 19
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/
passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active server.
Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38
QUESTION 20
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up
with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?
A. Install the latest patch on the Guardium appliance.
B. Install the latest released Database Activity Monitor Content.
C. Ask the database administrators to provide the default tests.
D. Ask the Company Security Provider to supply the default tests
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of predefined
assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
guardium_administration_guide_cover.html
QUESTION 21
During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered.
How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?
A. Install S-TAP agents on all active nodes. Set ALL_CAN_CONTROL=1 to failover the S-TAP process to the passive nodes when a database failover occurs.
B. Install S-TAP agents on all active nodes. Set WAIT_FOR_DB_EXEC=-1 to set the agent process to failover to the passive node when a database failover
occurs.
C. Install S-TAP agents on all active and passive nodes. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.
D. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a correct DB
home.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
To properly support load balancing, the Guardium S-TAP agents must be configured properly.
Add, uncomment, or modify the settings on your S-TAP Configuration to look like the following examples.
See the Guardium product documentation on how and where to adjust the S-TAP configuration file, as well as for updated guidance from IBM.
* Sqlguard_ip = <Your BIG-IP Virtual Server IP address/hostname>
For example: Sqlguard_ip = 192.0.2.123
* Participate_load_balancing = 3
* All_can_control = 1
Sqlguard_ip is the address you will define on BIG-IP LTM during the Virtual Server configuration.
Participate in Load balancing allows the S-TAP to send session information on every failover to the appliance.
All Can Control allows the S-TAP to be able to edit S-TAP configurations through GUI.
Note: all_can_control
. 0=S-TAP can be controlled only from the primary Guardium system. 1=S-TAP can be controlled from any Guardium system.
Reference: https://www.f5.com/pdf/deployment-guides/ibm-guardium-dg.pdf
QUESTION 22
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not
configured for that S-TAP.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or
Sybase, for example).
The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailed
information about that traffic to an internal database.
Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/inspection_engine_configuration.html
QUESTION 23
Which port must be open for encrypted communication between UNIX S-TAP and Collector?
A. 9500
B. 16016
C. 16017
D. 16018
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
The ports for CAS pertain to Change Audit System. If CAS is installed, those ports must be opened as well. Please enable the ports as listed in the table below,
depending on whether you want the traffic between the STAP and the collector to be encrypted or not.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21569674
QUESTION 24
A Guardium administrator observes certain changes to the configuration and policies.
How would the administrator identify the changes that were made and who made them?
https://vceplus.com/
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced.
* User Activity Audit Trail
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
* System/Security Activities
* Detailed Guardium User Activity (Drill-Down)
Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the Activity Type
Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and a count of Guardium
User Activity Audits entities.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/predefined_admin_reports.html
QUESTION 25
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Failover S-TAP configuration option
In this configuration (as displayed below), the S-TAP is configured to register with multiple collectors but sends traffic only to one collector at a time. S-TAP in this
configuration sends all of its traffic to one collector, unless it encounters connectivity issues to that collector that triggers a failover to a secondary collector as
configured. This is the most widely used S-TAP configuration to date.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: Deployment Guide for InfoSphere Guardium (RedBooks), pages 12-13
QUESTION 26
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project
expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?
A. ia64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk
C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk
Correct Answer: B
Section: (none)
Explanation
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation/Reference:
The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). A minimum of 4 cores is also required.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27046184
QUESTION 27
A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to Standard
Guardium DAM offering.
Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
B: Guardium comes with out of the box compliance regulation accelerators.
Incorrect:
Not C, Not D: DAM Advanced is DAM Standard functionality plus fine-grained access control, masking, quarantine, and blocking (activity terminate).
Note: Payment Card Industry (PCI) Data Security Standard (DSS) is a set of technical and operational requirements designed to protect cardholder data and
applies to all organizations who store, process, use, or transmit cardholder data.
Review the following information to determine which license key must be added. This will depend on what features of the product have been purchased.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.install/install/licenses.html
QUESTION 28
In a centrally managed environment, while executing the report ‘Enterprise Buffer Usage Monitor’, a Guardium administrator gets an empty report.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A central manager can run a report on a managed unit as a remote source. We can check if the remote source on the report set to "none"on the Aggregator.
Note: Enterprise Buffer Usage Monitor report shows the aggregate of sniffer buffer usage from all managed units. It is based on the Enterprise Buffer Usage query.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21679901
QUESTION 29
Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct?
(Select 2)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
B: Use this command to send a test email using the configured SMTP server.
C: Note that on the Administration Console, the Test Connection link in the SMTP pane of the Alerter configuration panel only tests that an SMTP port is
configured, not that mail can actually be delivered via that server. You can use this command to test email delivery without having to configure and trigger a
statistical or realtime alert, or an audit process notification.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/diag_cli_command.html
QUESTION 30
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product.
Which of the following are correct with regards to these features? (Select two.)
A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
D: Guardium Vulnerability Assessment enables you to identify and correct security vulnerabilities in your database infrastructure.
E: As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may be
present in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers and
acquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement projects
between disparate systems can easily leave sensitive data unknown and unprotected.
Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.
Incorrect:
Not A: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system. Guardium S-TAP includes support for:
Capture of all database activities on DB2 for z/OS by privileged users, mainframe-resident applications, and network clients
Capture of critical operations such as SELECTs, DML, DDL, GRANTS, and REVOKES
Not C: Use Guardium’s predefined database entitlement (privilege) reports) to see who has system privileges and who has granted these privileges to other users
and roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from
lingering accounts or ill-granted privileges.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/assess/va_intro.html?lang=en
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/discover/topics/classification.html
QUESTION 31
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no
requirement for the data to be viewed or reported on in the Guardium appliance.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?
A. Log Only
B. Alert Only
C. Alert Daily
D. Alert Per Match
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Guardium Version 9 introduced a new policy rule action - ALERT ONLY.
This rule action will populate only the message tables and constructs. It will no longer populate Policy Violations tables. With this policy rule action logging Policy
Violations in IBM InfoSphere Guardium can be avoided.
Alert Only - action that will write to message and message_text tables. This action permits all policy violation notifications to be sent to a remote destination.
Designed to improve Guardium integration with other database security solutions.
Incorrect:
Not C: Alert Daily sends notifications only the first time the rule is matched each day.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 32
A Guardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses
needed to provide functionality for data activity monitoring, masking and blocking (terminate).
Which of the following lists the minimum licenses the administrator needs to install?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Data Activity Monitor and Audit - Advanced: All capabilities in Data Activity Monitor Audit - Standard, plus the ability to:
* Block data traffic according to policy (data-level access control)
* Mask unauthorized extraction of sensitive dataEtc.
Reference: http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/897/ENUS215-173/index.html&lang=en&request_locale=en
https://vceplus.com/
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com