Question No: 1- Ding the na phase ofthe Gusrdlam deployment the Guaréum administrator wants to ‘igre out an ideal tie period to purge cea from the appliance based one data oad ‘ich predefined Guardum repos) alows the adminisratrte detain the cert ‘atabase disk usage ofthe Guardum Apple? ‘Aish Ualeeport 1B. Aagregaton/Achive log (DB Sener thcughput report 1 bul Usage Monitor and Sistem Moar reports Question No : 2 - Ina centrally managed environment, while executing the report Enterprise Buer Usage Monitor, 2 Guardlum administrator gets an empiy report. Why isthe report empty? ‘A Saiffers are not running on the Collectors. 'B. The report isnot executed with a remote source on the Collector. . The eport is not executed with aremote source onthe Aggregator. '. Correct custom table upload isnot scheduled onthe Centr Manager. Question No :3- ‘An administrator has a new standalone Guarcium appliance that will be placed into Production next week. The appliance will monitor traffic from a number of databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incoming data. Which data management function does the administrator need to configure? APurge B. Data Export C. Data Restore D. System Backup Question No: 4- ‘AGuardium administrator needs to use both CLI and GrdAPI functions to manage the system. Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI? A. CLI: commands &t;search option> GrdApi: grdapi ⁢search option> help B. CLi:help <search option> GrdApi: grdapi ~help <isearch option> ©. CLI: commands ⁢search option> GrdAPI: grdapi command &;search option> . CLI: &itsearch option> -help GrdApi: grdapi ⁢search option» -help=trueQuestion No: 5- ‘An administrator just installed the Guardium product using the Guardium ISO image. Which ‘step must the administrator perform as part of the initial set-up of the new appliance? A. Generate the GUI certificate request. B. Configure network settings on the appliance. ©. Restart the sniffer process from the CLI command prompt. D. Obtain the passwords for the databases to be monitored by the appliance Question No : 6 - ring a Guarum deployment panning mecting, the team decides to deploy alSTAP ‘agents ona Unwin database systems. & UnvuLinux system administator team ‘manager asks a Guardium administrator there ae ay ifferences between Guard TAPS for AIX and Linux systems thatthe tear should be aware of nat anouls be the Guacum administrators response? ‘A A-TAP required en all ADDB Serves. B.aserver reboot ie requited to capture shared memory traffic from alldtabases on AIX. (©. KTAP is required on the AIK DB servers. The exact uname a output is requied to determine the cortectK-TAP module forthe . TAP is requis onthe Linux DB servers. The exact uname output is required to determine the comectK-TAP module forthe Question No: 7- Acompany wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The Aggregators and Central ‘Manager can handle more load What should a Guardium administrator recommend? ‘A. Deploy 2 new Collectors, 1 in each data center. B. Connect S-TAPs directly to Aggregators to avoid network latency. ©. Connect S-TAPs directly to the Central Manager to avoid network latency. Deploy 2 new Collectors in the third data center located in between the 2 data centers. Question No ‘A uardium administrator installed an S-TAP buts not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine snot configured for that sap, Whats an Inspection Engine? |A. Aplece of software residing onthe Collectors. £8. Another software tobe installed on the Database server (C. The same thing s the policy and itruns en the S-TAP to Inspect the afi in reasime. D.A sot of parameters needed forthe S TAP to define how to monitor vai fora patlelar database instance on a serverQuestion No : 9 - ‘A Guardium administrator is preparing a command to install Configuration Auditing System (CAS) on a Linux server using the command line method. Which parameter is requited? Adie B.tapip . javechome D. saiguardip Question No : 10 - ‘A Guardium administater needs to check the traceroute information between one appliance and its Central Manager. Which CLI command should the administrator run? A itrat B. support show iptables C. show network routes operational . support must_gather network issues Question No: 11- ‘A Guardium administrator is preparing commands to install or upgrade an S-TAP using the ‘command line method. Which operating system can use the ktap_allow.module.combos parameter forthe installation and upgrade? AAIK B. Linux ©. Solaris, DHPUX Question No: 12- ‘A Guardium administrator observes certain changes to the configuration and policies. How would the administrator identify the changes that were made and who made them? A. Review the Audit Process Log report. B. Review the sniffer buffer usage report. C. Review the /var/log/messages log file. D. Review the results of ‘Detailed Guardium User Activity’ report. Question No: 13 - “Te quer tp nt of a UN STAPisconfaeed wth the oloning parameters Ia dota frewalimeod=10 ‘A Guardum administer apptesa poco the Colectr wth wo nls as below. The acns ofthe mas have been iden‘Teasinisvater mist ceate pay tht wil eminste the session onthe ele ‘The administrator must create a policy that will terminate the session on the delete statement in the below scenario: ‘Asession is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement. What actions should the administrator configure? ‘A Rule 1-S-GATE Attach Rule? -S-GATE Detach B. Rule 1 - S-GATE Detach Rule 2-S-GATE Terminate C. Rule 1- S GATE Attach Rule 2-S-GATE Terminate D. RuleT -S-TAP Terminate Rule 2 - S-GATE Terminate Question No: 14- ‘A Guardium administrator is creating a policy to alert on actions by users that are stored on ‘an LDAP server. How can the administrator populate a group to use inthe policy? ‘A. Schedule the LDAP user import into the group. . Schedule the LDAP user import from accessmar and run portal user sync. C. Schedule the LDAP user import from accessmar and populate the group from a query. . Populate the group from a query in access domain with a condition on the LDAP server as the Server IPQuestion No: 15- Which use cases are covered with he Fle Activity Mentoring feature? (Select wo) ‘A Classy senate les on mainframe systems. 8B, Enoypts databace data fles one systems based on poles. 6. Selectively redctssenstve deta pattems in fes based on polices. Provides auc ral of access to les, alert andr block when unauthorized users or processes atom acces, Adntiflesfies containing Personal ontiiabl information (PI o proprietary confidential information on Linux Unix Windows (uw) ystems. Question No : 16 - ‘A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to check the current CPU load of the Guardium appliance. Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardiun Appliance? ‘A. CPU Util report B. CPU Tracker report €. Unit summary and CPU Util report D. Butf Usage Monitor and System monitor report Question No : 17 - ‘A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server. Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where? ‘A. Guardium Installation Manager (GIM) on the Database Server BB. Configuration Auditing System (CAS) on the Database Server. . Configuration Auditing System (CAS) on the Guardium Collector. D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.Question No : 18 - ‘A Guardium administrator must configure realtime policy alerts tobe sent to a remote ‘SIEM for every SQL statement run on a sensitive abject. There ie no requirement forthe {ata tobe viewed or reported on in the Guardium appliance. ‘Which policy action would achieve that task and store the least amount of data in the ‘Guardium internal database? ‘A.Log Only B. Alert Only ©. Alert Daily D. Alert Per Match Question No : 19 - ‘AGuarcium administrator needs to upgrade BUNDLE-STAP ona Linux server tothe latest ‘version using GIN, What parameter should the administator st to enaure the upgrade wil not require aeboot ofthe server? A. KTAP_ENABLEE B.KTAP_NO_ROLLBACK=1 (C.KTAP_LIVE_UPDATE-Y .KTAP_ALLOW_MODULE.COMBOS- Question No : 20 - ‘An administrator manages a Guardium environment including 4 Collectors exporting data ‘to an Aggregator. The Collectors export thelr data dally at 2,3, 4 and 5 am Eastern ‘Standard Time (EST) respectively The Collectors receive trafic everyday. The lags on all ‘the Collectors confirm data is exported dally without errors, and all he exported files always have data, A Session report is run onthe Aggregator at noon EST for data from the last dy. Which of the fllowing wil ensure there is data inthe report? |A. Schedule Data Purge on the Aggregator to run every day after Sam EST, '. Schedule Data Import on the Aggregator to run at any time ofthe day C. Schedule Data Import in the Aggregator to run every day before 2am EST. ©, Schedile Data Import on the Aggregator to run every day at 6 am EST or ater, Question No: 21 - AGuardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open-How can the administrator do this? ‘A. Ask the company’s network administrators. B. Ask IBM technical support to login as root and verify. €. Login as CLI and execute telnet tip address> ⁢port number= D. Login as CLI and execute support show port open &itip address> ⁢port numberQuestion No : 22 - Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardia ‘appliance. How can the administrator confirm the configuration is correct? (Select 2) ‘A. Restart the Anomaly detection process: B, Send a test email with CLI diag command C. From the GUI Alerter page, test the SMTP connection D. Create a query in access domain to see the seat messages E. Obtain the sysiog file from fileserver and check for SMTP messages Question No : 23 - The Quick Search window does not show up on the GUI of a standalone Collector What ‘echnical feature should the Guardium administrator check frst? A. That the Collector has at least 24 GB, B. That the Collector has at least $2 68. . That the Collector has at least 64 GB. . Check the contract and verify whether that feature was purchased, Question No : 24- ‘An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project expansion. The Guardium, administrator is asked which server option is best for a Guardium Collector. Which server option can the Guardium administrator use for the new Collector? A. ja64 Intel Processor with quad-core CPU, 3268 memory, 4 NICs, 2T8 disk B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk ©. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB diskQuestion No : 25 - AGuardium administrator ust fished instaling the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses needed to provide funetonalty for data acivty monitoring, masking and blocking terminate). Which of the fllowing lists the minimum licenses the administrator needs to install? ‘A.Base Collector license, B. None the lcenses required are already installed automaticaly by the Guardium produc installer. C. Base Collector icense plus IBM Security Guardium Standard Actvty Maritor for Databases (DAM Standard). . Base Collector license plus IBM Securty Guarium Advanced Actirty Monitor for Databases (DAM Advanced). Question No : 26 - ‘A Guarcium administrator needs to install and configure a physical appliance to ensure network redundancy. Which port should the administrator use to configure IP teeming (ponding)? ‘A. etht only B. eth2 only C. eth3 only D. any port Question No: 27- | Guordum atinsvator needs 0 rnitor an ace database on production database Which component oes the arinistrator need to instants taba server hat il ‘montertetratie? Aste 8. Gusrdiom Collector ©. Guarium talon Manager (IM) 1. coniguation Austing Systom (CAS) ‘suawit ‘AS used to monitor he confiration changes not hea othe trac you need TAP.Question No : 28 - Which port must be open for encrypted communi Collector? jon between UNIX S-TAP and A. 9500 B. 16016 ©.16017 D. 16018 Question No : 29 - ‘A Guardium administrator manages portal user synchronization by using a Central Manager. When a change is made on the Central Manager such as, for example, adding a Guardium ser to @ Guardium group, how long should be allowed for the update to be synced with the ‘managed units in a fully working environment? ‘A.Ominutes B15 minutes .30 minutes D. 60 minutes Question No : 30- _AGuarium adminsvatoris using the Classification Enttemen and Vlerbity assessment features ofthe product Which of the flowing are correc with regards to ‘hese features (Select wo.) ‘A. ulneraity Ascestment reports ae populted to te Guardum appliance via TAP 2 Clatsfcaton or tabaces ac fle ue th sare mecharism and pattems to search er eneve data, 6 Enitement reports are predefined database peg report and are populated tothe Guarism apptance via STAP '. Vulnerability Assessment identifes and helps correct secu wunerabiies and threat inthe database inastructres. E The lassifeation feature dscover snstive assets including ced car number ornatenal card numbers rm various daQuestion No : 31- ‘A Guardium administrator needs to configure EMC Centera for Archive and/or Backup. {In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network? A. ciipiD B.PEASile ©. Shared secret D. Certificate signed request (CSR) Question No : 32 - ‘A Guardium administrator needs to use CLI commands to maintain the internal database, ‘lean static orphans, produce static system reports and to monitr live network traffic filtered by IP addresses and port numbers. |Which combination of commands should the administrator use for these tasks? A dlagandiptrat 8. diag and trace route .jptrafandsupport must_gather 'D support must_gatherandshow network verity Question No : 33 - ‘An administrator previously had an issue with @ Guardium system. This was resolved with the assistance from the [EM Guardium support team, who provided the shell script a CL! ‘command and the encrypted key to execute the uploaded shell script. Which CLI command should the administrator use to review the commands that were previously run? A. flieserver B. support execute showlog . show log extemal state . support must_gather system.db_info Question No : 34- ‘A Guardium administrator is setting up a Collector schedule to export deta to an “Aggregator and Archive it data to an Archive storage uni for addtional data safety, Given thie scenario, which is tru ecarding te purge schedule? ‘A The Suchve and the Export have independent purge schedules but should not bern tthe same tne 8B. The Guarium unit would un the Export and Archive before any purge so you would any sea the last purge un ch day. ©. itould nt be possible to configure both on a Collector the Aggegatr should do the archiving ad ony export from the Caller. Anytime that Dota Export ana Data Archive are bth configured the purge age must be greater than both the agest which to export and the ageat which to archiveQuestion No : 35 - ‘AGuardium administrator must configure a policy to ignore al traffic from an application witha known cient IP Due to the high amount of traffic from this application, performance ‘of the S-TAP and sniffer ie a concern, |What action should the administrator use inthe rule? ‘A Ignore Session B. ignore TAP Session . ignore SOL per Session 1D ignore Responses per Session Question No : 36 - ‘The last Vulnerbilty Assessment tests performed in a company were run one year ago. ‘The company wants to ensure the Vulnerability Assessment tests keep up with the latest database common vulnerabilities. The company wants to use the Guarcium default tests instead of customer designed tess, \What should the Guarclum administrator do to update the tests that willbe run? ‘A. install the latest patch on the Guardium appliance. Install the latest released Database Activity Monitor Content. C. Ack the database administrators to provide the default tests. . Ask the Company Security Provider to supply the default tests Question No : 37 - “The quad. tp.n ofa UNIX TAP is conigued wan the folowing parameters The collector that this TAP s sanding dstato hes become unavasble and here no {allover option configured, A Guardium acminitator must communicate the mpact of the ‘outage to users of the monitored database What should he aninisrator adv isthe expected behavior fora databace secon? {A The session wil not exprence any ateney or termination 'B.No SOL canbe executed and after 10 seconds the session willbe terminated. (.inthefist 10 seconds ofthe session SOL can be exected then the sessions terminated. inthe fest 10 seconds ofthe session no SOL canbe executed thn the session wil Wotk a5 normal.Question No : 38 - ‘A Guardlum administrator plans to use the Guardum instalation Manager (GM) o install, {and uparade agents, Where should the administrator manually instal he GIM client forthe fiat time? A.collector B. Aggregator C. Database server Cental Manager Question No : 39 - ‘After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses support show db- ‘top-tables all and finds the size ofthe largest tables has decreased significantly. What should the administrator do? ‘A. Increase the retention period and rerun the purge. 'B. Rebuild the appliance and restore from the backup, ©. Login to CLI and execute stop inspection-core. D. Optimize the internal TURBINEdatabase using diag CLI command. Question No : 40 - ‘Guarda poly has been confgure wt the fling wo es:AGuardium administrator is required to check for SQL statements from client IP 9.4.5.6 ‘executed on object "TABLET: What domain(s) can the administrator create report in to ‘see the SQL? A Aocess B. Policy Violations ©. Access and Access Policy . Access and Policy Violations Question No : 41 - ‘A Guarcium administrator handles 2 large environment and has been asked to restore old ata fr avdiors to review. This olddata needs tobe restored so that it does nat impact the Ccurent date being collected or any merge settings. oder to keep the reports separate (eld datavs current dat) the administrator sets up an Investigation Cent Wich a key requirement for users ofthe Investigation Center? ‘A Tho user must be in one ofthe groupe INV, INV.2, or INV. (case censtve) 1. The users must lagi as one ofthe predefined user accounts INV_1, INV_2, orINV_9 (case-sensitivs). .A separate user must be used wth a role of ether INV-1,INV.2. or INV. (case-senskive) 1. To correctly configure an investigation user, the users Last Name must be eet tothe name af ane of he thee investigation dolabases,INV_1,INV.2, or NV. (case-sensitive) Question No: 42 - ‘A Guardium administrator needs to build new appliances with the latest version of Guardium. How should the administrator obtain the ISO image? A. Contact IBM Support. B. Download fromibm.com ©. Download from IBM Fix Central. . Download from IBM Passport Advantage. Question No : 43 - ‘A Guardium administrator is planning to build an environment that contains an $-TAP with cone primary Collector and one failover Collector. What must the administrator ensure when setting up this environment? ‘A. Both Collectors are centrally managed. B. There is network connectivity between the S-TAP and both Collectors. C. Guardium Installation Manager (GIM) is installed on the Database Server. D. in the quard_tap.ini file of the S-TAP set participate_in_load_balancing=Question No : 44 - While looking at the -TAP Status report on a Collector, a Guardium administrator notices ‘that the status of the S-TAPs is changing every few minutes, The administrator suspects. that the sniffer is restarting every few minutes and that is why the status change is happening. How can the Guardium administrator confirm ifthe sniffer is restarting every few minutes? ‘A. Review the Audit Process Log for ‘Sniffer stopped’ message. B. Review the Aggregation/Archive Log for ‘Sniffer is restarting message. C. Review the Scheduled Jobs Exceptions for ‘Sniffer process failed message. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes. Question No : 45 - ‘Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from, The Guardium administrator has identified that the databases are using encryption, Which column can the administrator add that would help users to better identify the client? ‘A.Glient 0S. B. Client MAC ©. Access ID D. Analyzed Client IP Question No : 46 - AGuardium administrator is checking the scheduled jobs excentions report on a standalone Collector The following error is repeating every 15 minutes. java lang. NumberFormatExceation: empty String ‘The administrator also notices that the anomaly detection polling interval is 15 minutes. What should the administrator do next to contribute troubleshooting the problem? ‘A. Pause all scheduled jobs and check if the exception comes back. B. identify the alert that Is causing the problem by deactivating one alert at a time. €. Check in the alert builder to see which alerts have accumulation interval of 15 minutes. D. in the CLI run support must_gather aggjssues and send the file to IBM support.Question No : 47 - During a Guarium deployment planning meeting, # database administrator indicated that the mission critical databases were clustered, How shoul the Guardium administrator handle STAP installation and configuration with respect o clustered databases? |. install TAP agents on all active nodes. et ALL CAN, CONTROL=1 fo failover the S-TAP process to the passive nodes whena ‘database failover ooo, 1. install TAP agents on all active nodes Set WAIT_FOR_DB_EXEC-1 10 set the agent proces to faloverto the passive node when ‘a databace failover occurs. ©. install S-TAP agents on all active and passive nodes, Set ALL_GAN.CONTROL=0 to disable al pasive nodes until a database allover occurs, install TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 onl nedes to start STAP processes without ating for @corect D8 hore, Question No : 48 - |AGuardium adinetrator hasan ieee wih Guard, The a¢ministatorhas nt coen thie particular issue before and needs to gett fred. To get tis resolved, what should the aminitatr do? ‘A Lov a PMR and request an answer fom 18M Support 8. Log a PMR so IBM Suppor can contact the customer. Then while wating doa search ofthe Guardum Knowledge Centr and “ectnotes for kaown sues and resohtion. Request EM Support nist a remote session and collect what they need to resolve the lsu 1. Search Guardium Knowledge Center and Technotes for known issues and resolutions. Then f stil needed, collect must gather ‘information and fl problem details required for anew PMR ao that I@M Support can review the Problem befere contacting the Question No : 49 - Auditors request 2 report of all unsuccessful login attempts to a database monitored by Guardium. How should a Guardium administrator create such a report? ‘A. Add a failed login rule to the policy. B. Create a failed login query and report using access domain in Guardium. C. Create a failed login query and report using exceptions domain in Guardium. D. Create a failed login query and report using application data domain in Guardium. Question No : 50 - ‘AGuardium environment is set up to send dally reports to users. The users are complaining ‘that their report has not been delivered to their inbox for the past week. What is the first action the Guardium administrator should take in order to diagnose the problem? ‘A. Open a ticket with IBM Support. BB. Pause the User Portal Syne process. €. Check in the Aggregation/Archive log. D. Check in the Scheduled Job Exceptions,Question No : 51 - | GuarSum ainitatr manages an envicnment conning four standalone Cllactors “The aint as been asked to provide a west rear showing al et Menpuston Language (OWL SOL statements performed al database administrators on at databace. The ainittr does ot wart rn the repr an each Clct. ‘what toute administrator goto smelly ths tsk an un he ep inony one pace vey week? A Replace te 4 Caectare wih one Apgregtor. Create an Enterprise Report an cre Calor combining the data Adda Guardum Aooregetor' the environment ete and the er onthe Aooregat © insta a Coniguratonauating Sytem (CAS an each Database Server. Conigue he CAS Cent to send data Yo Coteetor, ‘rete and rune report on te Coleco Question No : 52 - A Guardium administrator installed the BUNDLE STAP module and is monitoring the state of the install. Which state requires a database server reboot to complete the installation process? Alp B.IPPR FAILED D. PENDING-UPDATE Question No : 53 - AGuardium administrator has rebuilt an appliance, and wants nowto restore a backup image of the entire database, audit data, and all definitions from Data backup. Which CLI ‘command should the administrator use to accomplish this? A restore config B. restore system ©. restore pre-patch-backup D. restore certificate sniffer backup Question No : 54 - ‘A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count, How should the administrator treat the PVUs of passive nodes? A. include the PVU load of passive nodes. B. include half of the passive nodes PVU load. . include a third of the passive nodes PVU load. . Not include the PVU load of passive nodes.Question No : 55- ‘company has recently acquted Guardlum software entiement to hap meet thelr, upcoming PCHDSS audit requirements. The company i ented to Standard Guardium DAM offering. Which ofthe folowing features can the Guaraium acministratr use with the current entitlement (Select two.) ‘A Run Vunersbilty Assessment reports 8B. Generate audit repens using PCH-DSS Accelerator ©. Block and quarantine an unauthorized database connection . Mask senstve PCLOSS information from web application interface Log and serail datanase activities that access POI-DSS Sense Objects