Professional Documents
Culture Documents
Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min
Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min
35q
Number: C2150-606
Passing Score: 800
Time Limit: 120 min
Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
https://vceplus.com/
C2150-606
QUESTION 1
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of
databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with
incoming data.
A. Purge
B. Data Export
C. Data Restore
D. System Backup
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The quickest way to reduce the DB % Full is to induce a purge of some older data now.
Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are
happy to attempt to purge off slightly more data now
Note: The DB filling up can be caused by the following - amongst other things
* Spikes in the data being captured
* A policy setting that allows too much data to be logged in the Internal Database
* Keeping too much data on the Internal Database
* Collecting data from too many Databases (STAPs)
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21511904
QUESTION 2
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data
safety.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
https://vceplus.com/
A. The Archive and the Export have independent purge schedules but should not be run at the same time.
B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
C. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to
archive.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is
active, the starting purge date that is specified here must be greater than the Export data older than value
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
QUESTION 3
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.
A. iptraf
B. support show iptables
C. show network routes operational
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. support must_gather network_issues
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
support must_gather
network_issues
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand
other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost).
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/
basic_information_for_ibm_support.html
QUESTION 4
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership
or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change
auditing functions from the Guardium portal.
The CAS server is a component of Guardium and runs on the Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
QUESTION 5
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing
all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the
report on each Collector.
What should the administrator do to simplify this task and run the report in only one place every week?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central
Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other
administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and
generate enterprise-level reports.
Incorrect:
Not D: CAS does not monitor DML SQL Statements.
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other
database or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks
such changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. Reference: http://www-
01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 6
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The
Aggregators and Central Manager can handle more load.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. Deploy 2 new Collectors, 1 in each data center.
B. Connect S-TAPs directly to Aggregators to avoid network latency.
C. Connect S-TAPs directly to the Central Manager to avoid network latency.
D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
IBM recommends to use 1 aggregator for every 8 collectors.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 7
Which use cases are covered with the File Activity Monitoring feature? (Select two.)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block
when unauthorized users or processes attempt access.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Note: File activity monitoring consists of the following capabilities:
* Discovery to inventory files and metadata.
* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.
* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access,
or even block access to the files to prevent data leakage.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
QUESTION 8
A Guardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to
identify if the firewall ports are open.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
The support show port open command is similar to using telnet to detect an open TCP port locally or on a remote host.
If we are able to connect successfully you will see a message like: Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
If you are unable to connect you will see a message like: connect to 127.0.0.1 port 1 (tcp) failed: Connection refused
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 9
A Guardium administrator needs to configure EMC Centera for Archive and/or Backup.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?
A. ClipID
B. PEA file
C. Shared secret
D. Certificate signed request (CSR)
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the Centera
Server and the PEA file from Centera.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21687345
QUESTION 10
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the
shell script, a CLI command and the encrypted key to execute the uploaded shell script.
https://vceplus.com/
Which CLI command should the administrator use to review the commands that were previously run?
A. fileserver
B. support execute showlog
C. show log external state
D. support must_gather system_db_info
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote
access it not available or permitted.
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here
is an example of the interfaces and MAC addresses: Customer usage / Logged in as CLI
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 11
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based
on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/adm/self_monitoring.html
QUESTION 12
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to
check the current CPU load of the Guardium appliance.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
To monitor CPU load:
Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for report :
Current Status Monitor for more information.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html
QUESTION 13
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update
to be synced with the managed units in a fully working environment?
A. 0 minutes
B. 15 minutes
C. 30 minutes
D. 60 minutes
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
The managed units might not use that data to update their user tables until up to 1 hour after it is received.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/
synchronizing_portal_user_accounts.html?lang=en
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
QUESTION 14
A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from Data
Backup.
A. restore config
B. restore system
C. restore pre-patch-backup
D. restore certificate sniffer backup
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To restore
backed up system information, use the restore system CLI command
Incorrect:
Not A: restore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the
/media/ backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a
more comprehensive backup of the configuration and the entire system. Not C: restore pre-patch-backup is related to patch installations.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/
file_handling_cli_commands.html
QUESTION 15
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=0
firewall_default_state=0
firewall_timeout=10
A Guardium administrator applies a policy to the Collector with two rules as below. The actions of the rules have been hidden.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
The administrator must create a policy that will terminate the session on the delete statement in the below scenario:
A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
C. Rule 1 - S-GATE AttachRule
2 - S-GATE Terminate
D. Rule 1 - S-TAP
TerminateRule 2 - S-GATE
Terminate
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Note:
* S-GATE ATTACH: sets S-GATE mode to "Attached" for a specific session.
Intended for use when a certain criteria is met that raises the need to closely watch (and if needed block) the traffic on that session.
* S-GATE DETACH: sets S-GATE mode to "Detached" for a specific session.
Intended for use on sessions that are considered as "safe" or sessions that cannot tolerate any latency.
* S-GATE TERMINATE: Has effect only when the session is attached. It drops the reply of the firewalled request, which will terminate the session on some
databases. The S-GATE TERMINATE policy rule will cause a previously watched session to terminate.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 16
A Guardium policy has been configured with the following two rules:
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object “TABLE1”.
What domain(s) can the administrator create a report in to see the SQL?
A. Access
B. Policy Violations
C. Access and Access Policy
D. Access and Policy Violations
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The Log full details action logs the full SQL string and exact timestamp for this request.
The Access domain consists of all monitored SQL requests.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 17
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live
network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. diag and iptraf
B. diag and trace_route
C. iptraf and support must_gather
D. support must_gather and show network verify
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Iptraf utility generates network statistics based on current network activity.
Incorrect:
Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software Support. Diag
collects comprehensive diagnostic data.
Not D: The show network verify command displays the current network configuaration.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21690345
QUESTION 18
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy.
A. eth1 only
B. eth2 only
C. eth3 only
D. any port
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Bonding or teaming turns eth0 and another specified network interface card (NIC) into a bonded pair with standby failover.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/config/system_configuration.html
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
QUESTION 19
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses
support show db-top-tables all and finds the size of the largest tables has decreased significantly.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
If you when using IBM InfoSphere Guardium product, you notice the database disk space is growing at a fast rate. This is caused by sniffer not able to handle
some types of SQLs (usually a sniffer bug). This failure to handle the SQLs occurs frequently enough that GDM_ERROR table grows at a fast rate which then
translates to database disk space usage growth. Use command support show db-status used % to show database used space.
Run an Optimize to optimize the TURBINE database. This will reorganize the data in all tables, including GDM_ERROR, which will result in reflecting the current
actual reduced size.
Incorrect:
Not C: The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core" CLI
command.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21700128
QUESTION 20
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/
passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
D. Not include the PVU load of passive nodes.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active server.
Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38
QUESTION 21
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up
with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of predefined
assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
guardium_administration_guide_cover.html
QUESTION 22
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not
configured for that S-TAP.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. A piece of software residing on the Collectors.
B. Another software to be installed on the Database server.
C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or
Sybase, for example).
The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs
detailed information about that traffic to an internal database.
Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/inspection_engine_configuration.html
QUESTION 23
Which port must be open for encrypted communication between UNIX S-TAP and Collector?
A. 9500 B.
16016
C. 16017
D. 16018
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
The ports for CAS pertain to Change Audit System. If CAS is installed, those ports must be opened as well. Please enable the ports as listed in the table below,
depending on whether you want the traffic between the STAP and the collector to be encrypted or not.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
16019: Encrypted Unix CAS (optional)
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21569674
QUESTION 24
A Guardium administrator observes certain changes to the configuration and policies.
https://vceplus.com/
How would the administrator identify the changes that were made and who made them?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced.
* User Activity Audit Trail
* System/Security Activities
* Detailed Guardium User Activity (Drill-Down)
Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the Activity Type
Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and a count of Guardium
User Activity Audits entities.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/predefined_admin_reports.html
QUESTION 25
The guard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=1
firewall_default_state=1
firewall_timeout=10
The collector that this S-TAP is sending data to has become unavailable and there is no failover option configured. A Guardium administrator must communicate
the impact of this outage to users of the monitored database.
What should the administrator advise is the expected behavior for a database session?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
The firewall_timeout is the time in seconds to wait for a verdict from the Guardium system if timed out. Look at firewall_fail_close value to know whether to block or
allow the connection. The value can be any integer value.
The firewall_fail_close: If the verdict does not come back from the Guardium system and the firewall_timeout is passed, then if firewall_close = 0 the connection
will go through; if firewall_close=1 the connection will be blocked.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.stap/stap/r_stapparmsu_firewall.html?lang=en
QUESTION 26
A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that it
does not impact the current data being collected or any merge settings. In order to keep the reports separate (old data vs current data), the administrator sets up
an Investigation Center.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A. The user must be in one of the groups INV_1, INV_2, or INV_3 (case-sensitive).
B. The users must login as one of the predefined user accounts INV_1, INV_2, or INV_3 (case-sensitive).
C. A separate user must be used with a role of either INV_1, INV_2, or INV_3 (case-sensitive).
D. To correctly configure an investigation user, the user’s Last Name must be set to the name of one of the three investigation databases, INV_1, INV_2, or INV_3
(case-sensitive).
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases - 'INV_1', 'INV_2', or
'INV_3' (case-sensitive).
When creating an investigation user, it is suggested that the user's name correspond or have some representation that denotes which investigation database that
will be used. For instance, if a user will be using the INV_1 database, the user's name could be "john1" or "inv1" .
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium91.doc/aggregation_cm/topics/investigation_center.html
QUESTION 27
A Guardium administrator needs to build new appliances with the latest version of Guardium.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
On Passport Advantage (PA) you will find Guardium Product Image - ISO file, Licences, Product Keys, Manuals, etc. You may only download products that your
are entitled.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21675411
QUESTION 28
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
A Guardium administrator is checking the scheduled jobs exceptions report on a standalone Collector. The following error is repeating every 15 minutes.
java.lang.NumberFormatException: empty String
The administrator also notices that the anomaly detection polling interval is 15 minutes.
A. Pause all scheduled jobs and check if the exception comes back.
B. Identify the alert that is causing the problem by deactivating one alert at a time.
C. Check in the alert builder to see which alerts have accumulation interval of 15 minutes.
D. In the CLI run support must_gather agg_issues and send the file to IBM support.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
There is an error that is originating from one of your active alerts.
The first step to resolving the problem is to identify the exact alert that is causing the problem.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21660382
QUESTION 29
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Failover S-TAP configuration option
In this configuration (as displayed below), the S-TAP is configured to register with multiple collectors but sends traffic only to one collector at a time. S-TAP in this
configuration sends all of its traffic to one collector, unless it encounters connectivity issues to that collector that triggers a failover to a secondary collector as
configured. This is the most widely used S-TAP configuration to date.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Reference: Deployment Guide for InfoSphere Guardium (RedBooks), pages 12-13
QUESTION 30
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project
expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?
A. ia64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk
C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk
Correct Answer: B
Section: (none)
Explanation
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation/Reference:
The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). A minimum of 4 cores is also required.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27046184
QUESTION 31
In a centrally managed environment, while executing the report ‘Enterprise Buffer Usage Monitor’, a Guardium administrator gets an empty report.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
A central manager can run a report on a managed unit as a remote source. We can check if the remote source on the report set to "none"on the Aggregator.
Note: Enterprise Buffer Usage Monitor report shows the aggregate of sniffer buffer usage from all managed units. It is based on the Enterprise Buffer Usage query.
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21679901
QUESTION 32
Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct?
(Select 2)
Correct Answer: BC
Section: (none)
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Explanation
Explanation/Reference:
B: Use this command to send a test email using the configured SMTP server.
C: Note that on the Administration Console, the Test Connection link in the SMTP pane of the Alerter configuration panel only tests that an SMTP port is
configured, not that mail can actually be delivered via that server. You can use this command to test email delivery without having to configure and trigger a
statistical or realtime alert, or an audit process notification.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/diag_cli_command.html
QUESTION 33
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product.
Which of the following are correct with regards to these features? (Select two.)
A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
D: Guardium Vulnerability Assessment enables you to identify and correct security vulnerabilities in your database infrastructure.
E: As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may
be present in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers
and acquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement
projects between disparate systems can easily leave sensitive data unknown and unprotected.
Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Incorrect:
Not A: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system. Guardium S-TAP includes support for:
Capture of all database activities on DB2 for z/OS by privileged users, mainframe-resident applications, and network clients
Capture of critical operations such as SELECTs, DML, DDL, GRANTS, and REVOKES
Not C: Use Guardium’s predefined database entitlement (privilege) reports) to see who has system privileges and who has granted these privileges to other users
and roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from
lingering accounts or ill-granted privileges.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/assess/va_intro.html?lang=en
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/discover/topics/classification.html
QUESTION 34
A Guardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses
needed to provide functionality for data activity monitoring, masking and blocking (terminate).
Which of the following lists the minimum licenses the administrator needs to install?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Data Activity Monitor and Audit - Advanced: All capabilities in Data Activity Monitor Audit - Standard, plus the ability
to: * Block data traffic according to policy (data-level access control)
* Mask unauthorized extraction of sensitive data
Etc.
Reference: http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/897/ENUS215-173/index.html&lang=en&request_locale=en
QUESTION 35
A Guardium administrator needs to use both CLI and GrdAPI functions to manage the system.
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
To display the parameters for a particular command, enter the command followed by '--help=true'. For example:
CLI> grdapi list_entry_location --help=true
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmaskref.doc/cli_api/guardapi_reference.html
https://vceplus.com/
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com