Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min

C2150-606.
35q
Number: C2150-606
Passing Score: 800
Time Limit: 120 min
Website: https://vceplus.com
VCE to PDF Converter: https://vceplus.com/vce-to-pdf/
Facebook: https://www.facebook.com/VCE.For.All.VN/
Twitter : https://twitter.com/VCE_Plus
https://vceplus.com/
C2150-606
IBM Security Guardium V10.0 Administration

Exam A
QUESTION 1
www.vceplus.com - Free Questions & Answers - Online Courses - Convert VCE to PDF - VCEplus.com
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of
databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with
incoming data.
Which data management function does the administrator need to configure?
A. Purge
B. Data Export
C. Data Restore
D. System Backup
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
The quickest way to reduce the DB % Full is to induce a purge of some older data now.
Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are
happy to attempt to purge off slightly more data now
Note: The DB filling up can be caused by the following - amongst other things
* Spikes in the data being captured
* A policy setting that allows too much data to be logged in the Internal Database
* Keeping too much data on the Internal Database
* Collecting data from too many Databases (STAPs)
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21511904
QUESTION 2
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data
safety.
Given this scenario, which is true regarding the purge schedule?
A. The Archive and the Export have independent purge schedules but should not be run at the same time.
B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
C. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to
archive.
Correct Answer: D
Section: (none)
Explanation
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is
active, the starting purge date that is specified here must be greater than the Export data older than value
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
QUESTION 3
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager.
Which CLI command should the administrator run?
A. iptraf
B. support show iptables
C. show network routes operational
D. support must_gather network_issues
Correct Answer: D
Section: (none)
Explanation
support must_gather
network_issues
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand
other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost).
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/
basic_information_for_ibm_support.html
QUESTION 4
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server.
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
A. Guardium Installation Manager (GIM) on the Database Server.

B. Configuration Auditing System (CAS) on the Database Server.
C. Configuration Auditing System (CAS) on the Guardium Collector.
D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.
Correct Answer: D
Section: (none)
Explanation
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership
or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change
auditing functions from the Guardium portal.
The CAS server is a component of Guardium and runs on the Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
QUESTION 5
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing
all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the
report on each Collector.
What should the administrator do to simplify this task and run the report in only one place every week?
A. Replace the 4 Collectors with one Aggregator.
B. Create an Enterprise Report on one Collector combining the data.

C. Add a Guardium Aggregator to the environment. Create and run the report on the Aggregator.
D. Install a Configuration Auditing System (CAS) on each Database Server. Configure the CAS Client to send data to a Collector. Create and run the report on the
Collector.
Correct Answer: C
Section: (none)
Explanation
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central
Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other
administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and
generate enterprise-level reports.
Incorrect:
Not D: CAS does not monitor DML SQL Statements.
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other
database or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks
such changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. Reference: http://www-
01.ibm.com/support/docview.wss?uid=swg27039720
QUESTION 6
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The
Aggregators and Central Manager can handle more load.
What should a Guardium administrator recommend?
A. Deploy 2 new Collectors, 1 in each data center.
B. Connect S-TAPs directly to Aggregators to avoid network latency.
C. Connect S-TAPs directly to the Central Manager to avoid network latency.
D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.
Correct Answer: A
Section: (none)
Explanation
IBM recommends to use 1 aggregator for every 8 collectors.
QUESTION 7
Which use cases are covered with the File Activity Monitoring feature? (Select two.)
A. Classify sensitive files on mainframe systems.

B. Encrypts database data files on file systems based on policies.
C. Selectively redacts sensitive data patterns in files based on policies.
D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
E. Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.
Correct Answer: AE
Section: (none)
Explanation
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block
when unauthorized users or processes attempt access.
E: Use case example:

Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business.
Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you a
view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users.
Note: File activity monitoring consists of the following capabilities:
* Discovery to inventory files and metadata.
* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.
* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access,
or even block access to the files to prevent data leakage.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
QUESTION 8
A Guardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to
identify if the firewall ports are open.
How can the administrator do this?
A. Ask the company’s network administrators.

B. Ask IBM technical support to login as root and verify.
C. Login as CLI and execute telnet <ip address> <port number>
D. Login as CLI and execute support show port open <ip address> <port number>
Correct Answer: D
Section: (none)
Explanation
The support show port open command is similar to using telnet to detect an open TCP port locally or on a remote host.
If we are able to connect successfully you will see a message like: Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
If you are unable to connect you will see a message like: connect to 127.0.0.1 port 1 (tcp) failed: Connection refused
Syntax: support show port open

IP port - IP must be a valid IPv4 address like 127.0.0.1.
Port must be an integer with a value in 1-65535.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 9
A Guardium administrator needs to configure EMC Centera for Archive and/or Backup.
In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?
A. ClipID
B. PEA file
C. Shared secret
D. Certificate signed request (CSR)
Correct Answer: B
Section: (none)
Explanation
The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the Centera
Server and the PEA file from Centera.
QUESTION 10
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the
shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?
A. fileserver
B. support execute showlog
C. show log external state
D. support must_gather system_db_info
Correct Answer: B
Section: (none)
Explanation
The support execute utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote
access it not available or permitted.
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here
is an example of the interfaces and MAC addresses: Customer usage / Logged in as CLI
support execute <CMD String> <PMR #> <KEY>

# main execute command provided by Guardium Advanced Support
support execute showlog [<Secure Key>|main|files]
# Show usage logs
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
QUESTION 11
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based
on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?
A. Disk Util report

B. Aggregation/Archive log
C. DB Server throughput report
D. Buff Usage Monitor and System Monitor reports
Correct Answer: D
Section: (none)
Explanation
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/adm/self_monitoring.html
QUESTION 12
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to
check the current CPU load of the Guardium appliance.
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?
A. CPU Util report

B. CPU Tracker report
C. Unit summary and CPU Util report
D. Buff Usage Monitor and System monitor report
Correct Answer: D
Section: (none)
Explanation
To monitor CPU load:
Report: Select Guardium Monitor > Current Status Monitor, or Select Guardium Monitor > Buffer Usage Monitor, or See Predefined admin Reports for report :
Current Status Monitor for more information.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/self_monitoring.html
QUESTION 13
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update
to be synced with the managed units in a fully working environment?
A. 0 minutes
B. 15 minutes
C. 30 minutes
D. 60 minutes
Correct Answer: D
Section: (none)
Explanation
The managed units might not use that data to update their user tables until up to 1 hour after it is received.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.admin/aggregate_cm/
synchronizing_portal_user_accounts.html?lang=en
QUESTION 14
A Guardium administrator has rebuilt an appliance, and wants now to restore a backup image of the entire database, audit data, and all definitions from Data
Backup.
Which CLI command should the administrator use to accomplish this?
A. restore config
B. restore system
C. restore pre-patch-backup
D. restore certificate sniffer backup
Correct Answer: B
Section: (none)
Explanation
System backups are used to backup and store all the necessary data and configuration values to restore a server in case of hardware corruption. To restore
backed up system information, use the restore system CLI command
Incorrect:
Not A: restore config
These commands back up and restore configuration information from the internal administration tables. The backup config command stores data in the
/media/ backup directory. The backup config command removes license and other machine-specific information. The backup system command provides a
more comprehensive backup of the configuration and the entire system. Not C: restore pre-patch-backup is related to patch installations.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.0.0/com.ibm.guardium.using.doc/dita-appendices_help1_book/topics/
file_handling_cli_commands.html
QUESTION 15
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=0
firewall_default_state=0
firewall_timeout=10
A Guardium administrator applies a policy to the Collector with two rules as below. The actions of the rules have been hidden.
The administrator must create a policy that will terminate the session on the delete statement in the below scenario:
A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
What actions should the administrator configure?
A. Rule 1 - S-GATE AttachRule

2 - S-GATE Detach
B. Rule 1 - S-GATE
DetachRule 2 - S-GATE
Terminate
C. Rule 1 - S-GATE AttachRule
2 - S-GATE Terminate
D. Rule 1 - S-TAP
TerminateRule 2 - S-GATE
Terminate
Correct Answer: A
Section: (none)
Explanation
Note:
* S-GATE ATTACH: sets S-GATE mode to "Attached" for a specific session.
Intended for use when a certain criteria is met that raises the need to closely watch (and if needed block) the traffic on that session.
* S-GATE DETACH: sets S-GATE mode to "Detached" for a specific session.
Intended for use on sessions that are considered as "safe" or sessions that cannot tolerate any latency.
* S-GATE TERMINATE: Has effect only when the session is attached. It drops the reply of the firewalled request, which will terminate the session on some
databases. The S-GATE TERMINATE policy rule will cause a previously watched session to terminate.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 16
A Guardium policy has been configured with the following two rules:
A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object “TABLE1”.
What domain(s) can the administrator create a report in to see the SQL?
A. Access
B. Policy Violations
C. Access and Access Policy
D. Access and Policy Violations
Correct Answer: A
Section: (none)
Explanation
The Log full details action logs the full SQL string and exact timestamp for this request.
The Access domain consists of all monitored SQL requests.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/protect/topics/rule_actions.html
QUESTION 17
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live
network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?
A. diag and iptraf
B. diag and trace_route
C. iptraf and support must_gather
D. support must_gather and show network verify
Correct Answer: C
Section: (none)
Explanation
Iptraf utility generates network statistics based on current network activity.
Incorrect:
Not A, not B: Diag can be used if there is a problem with the Guardium STAP, andinformation must be gathered before contacting IBM Software Support. Diag
collects comprehensive diagnostic data.
Not D: The show network verify command displays the current network configuaration.
QUESTION 18
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy.
Which port should the administrator use to configure IP teaming (bonding)?
A. eth1 only
B. eth2 only
C. eth3 only
D. any port
Correct Answer: D
Section: (none)
Explanation
Bonding or teaming turns eth0 and another specified network interface card (NIC) into a bonded pair with standby failover.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/config/system_configuration.html
QUESTION 19
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses
support show db-top-tables all and finds the size of the largest tables has decreased significantly.
What should the administrator do?
A. Increase the retention period and rerun the purge.

B. Rebuild the appliance and restore from the backup.
C. Login to CLI and execute stop inspection-core.
D. Optimize the internal TURBINE database using diag CLI command.
Correct Answer: D
Section: (none)
Explanation
If you when using IBM InfoSphere Guardium product, you notice the database disk space is growing at a fast rate. This is caused by sniffer not able to handle
some types of SQLs (usually a sniffer bug). This failure to handle the SQLs occurs frequently enough that GDM_ERROR table grows at a fast rate which then
translates to database disk space usage growth. Use command support show db-status used % to show database used space.
Run an Optimize to optimize the TURBINE database. This will reorganize the data in all tables, including GDM_ERROR, which will result in reflecting the current
actual reduced size.
Incorrect:
Not C: The inspection-core is sniffer itself. You can stop inspection-core by "stop inspection-core" CLI command and start it by "start inspection-core" CLI
command.
QUESTION 20
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/
passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?
A. Include the PVU load of passive nodes.

B. Include half of the passive nodes PVU load.
C. Include a third of the passive nodes PVU load.
D. Not include the PVU load of passive nodes.
Correct Answer: D
Section: (none)
Explanation
In calculating licensing, all active processor value units (PVUs) are considered. In an active-passive cluster, the PVUs are calculated only for the active server.
Reference: IBM RedBooks, IBM InfoSphere Information Server Deployment Architectures, page 38
QUESTION 21
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up
with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?
A. Install the latest patch on the Guardium appliance.

B. Install the latest released Database Activity Monitor Content.
C. Ask the database administrators to provide the default tests.
D. Ask the Company Security Provider to supply the default tests
Correct Answer: B
Section: (none)
Explanation
Database Activity Monitor Content Subscription (previously known as Database Protection Subscription Service) supports the maintenance of predefined
assessment tests, SQL based tests, CVEs, APARs, and groups such as database versions and patches.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/
guardium_administration_guide_cover.html
QUESTION 22
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not
configured for that S-TAP.
What is an Inspection Engine?
A. A piece of software residing on the Collectors.
B. Another software to be installed on the Database server.
C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.
Correct Answer: C
Section: (none)
Explanation
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or
Sybase, for example).
The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs
detailed information about that traffic to an internal database.
Note: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/administer/topics/inspection_engine_configuration.html
QUESTION 23
Which port must be open for encrypted communication between UNIX S-TAP and Collector?
A. 9500 B.
16016
C. 16017
D. 16018
Correct Answer: D
Section: (none)
Explanation
The ports for CAS pertain to Change Audit System. If CAS is installed, those ports must be opened as well. Please enable the ports as listed in the table below,
depending on whether you want the traffic between the STAP and the collector to be encrypted or not.
16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

16017: Clear Unix CAS
16018: Encrypted Unix S-TAP (optional)
16019: Encrypted Unix CAS (optional)
QUESTION 24
A Guardium administrator observes certain changes to the configuration and policies.
How would the administrator identify the changes that were made and who made them?
A. Review the Audit Process Log report.

B. Review the sniffer buffer usage report.
C. Review the /var/log/messages log file.
D. Review the results of ‘Detailed Guardium User Activity’ report.
Correct Answer: D
Section: (none)
Explanation
User Activity Audit Trail Reports
The User Activity Audit Trail menu selection displays two reports. In addition, from each of those reports, a third report can be produced.
* User Activity Audit Trail
* System/Security Activities
* Detailed Guardium User Activity (Drill-Down)
Detailed Guardium User Activity report lists the following attribute values, all of which are from the Guardium User Activity Audit entity, except for the Activity Type
Description, which is from the Guardium Activity Types entity: User Name, Timestamp, Modified Entity, Object Description, All Values, and a count of Guardium
User Activity Audits entities.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/predefined_admin_reports.html
QUESTION 25
The guard_tap.ini of a UNIX S-TAP is configured with the following parameters:
firewall_installed=1
firewall_fail_close=1
firewall_default_state=1
firewall_timeout=10
The collector that this S-TAP is sending data to has become unavailable and there is no failover option configured. A Guardium administrator must communicate
the impact of this outage to users of the monitored database.
What should the administrator advise is the expected behavior for a database session?
A. The session will not experience any latency or termination.

B. No SQL can be executed and after 10 seconds the session will be terminated.
C. In the first 10 seconds of the session SQL can be executed, then the session is terminated.
D. In the first 10 seconds of the session no SQL can be executed, then the session will work as normal.
Correct Answer: C
Section: (none)
Explanation
The firewall_timeout is the time in seconds to wait for a verdict from the Guardium system if timed out. Look at firewall_fail_close value to know whether to block or
allow the connection. The value can be any integer value.
The firewall_fail_close: If the verdict does not come back from the Guardium system and the firewall_timeout is passed, then if firewall_close = 0 the connection
will go through; if firewall_close=1 the connection will be blocked.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.stap/stap/r_stapparmsu_firewall.html?lang=en
QUESTION 26
A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that it
does not impact the current data being collected or any merge settings. In order to keep the reports separate (old data vs current data), the administrator sets up
an Investigation Center.
Which is a key requirement for users of the Investigation Center?
A. The user must be in one of the groups INV_1, INV_2, or INV_3 (case-sensitive).
B. The users must login as one of the predefined user accounts INV_1, INV_2, or INV_3 (case-sensitive).
C. A separate user must be used with a role of either INV_1, INV_2, or INV_3 (case-sensitive).
D. To correctly configure an investigation user, the user’s Last Name must be set to the name of one of the three investigation databases, INV_1, INV_2, or INV_3
(case-sensitive).
Correct Answer: D
Section: (none)
Explanation
To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases - 'INV_1', 'INV_2', or
'INV_3' (case-sensitive).
When creating an investigation user, it is suggested that the user's name correspond or have some representation that denotes which investigation database that
will be used. For instance, if a user will be using the INV_1 database, the user's name could be "john1" or "inv1" .
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium91.doc/aggregation_cm/topics/investigation_center.html
QUESTION 27
A Guardium administrator needs to build new appliances with the latest version of Guardium.
How should the administrator obtain the ISO image?
A. Contact IBM Support.

B. Download from ibm.com
C. Download from IBM Fix Central.
D. Download from IBM Passport Advantage.
Correct Answer: D
Section: (none)
Explanation
On Passport Advantage (PA) you will find Guardium Product Image - ISO file, Licences, Product Keys, Manuals, etc. You may only download products that your
are entitled.
QUESTION 28
A Guardium administrator is checking the scheduled jobs exceptions report on a standalone Collector. The following error is repeating every 15 minutes.
java.lang.NumberFormatException: empty String
The administrator also notices that the anomaly detection polling interval is 15 minutes.
What should the administrator do next to contribute troubleshooting the problem?
A. Pause all scheduled jobs and check if the exception comes back.
B. Identify the alert that is causing the problem by deactivating one alert at a time.
C. Check in the alert builder to see which alerts have accumulation interval of 15 minutes.
D. In the CLI run support must_gather agg_issues and send the file to IBM support.
Correct Answer: B
Section: (none)
Explanation
There is an error that is originating from one of your active alerts.
The first step to resolving the problem is to identify the exact alert that is causing the problem.
1. Deactivate one alert from the Anomaly Detection page.

2. Wait for the length of the polling interval to elapse.
3. Check to see if the errors stop with that alert deactivated.
4. If not, reactivate the alert and deactivate the next one.
5. Repeat steps 2-5 until you have tried all alerts.
QUESTION 29
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector.
What must the administrator ensure when setting up this environment?
A. Both Collectors are centrally managed.

B. There is network connectivity between the S-TAP and both Collectors.
C. Guardium Installation Manager (GIM) is installed on the Database Server.
D. In the guard_tap.ini file of the S-TAP set participate_in_load_balancing=1
Correct Answer: B
Section: (none)
Explanation
Failover S-TAP configuration option
In this configuration (as displayed below), the S-TAP is configured to register with multiple collectors but sends traffic only to one collector at a time. S-TAP in this
configuration sends all of its traffic to one collector, unless it encounters connectivity issues to that collector that triggers a failover to a secondary collector as
configured. This is the most widely used S-TAP configuration to date.
Example, Failover S-TAP configuration option
Reference: Deployment Guide for InfoSphere Guardium (RedBooks), pages 12-13
QUESTION 30
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project
expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?
A. ia64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, 1 TB disk
C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
D. linuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk
Correct Answer: B
Section: (none)
Explanation
The IBM Guardium solution works only on x86 Intel-based or AMD-based platforms (for example, x86_64). A minimum of 4 cores is also required.
QUESTION 31
In a centrally managed environment, while executing the report ‘Enterprise Buffer Usage Monitor’, a Guardium administrator gets an empty report.
Why is the report empty?
A. Sniffers are not running on the Collectors.

B. The report is not executed with a remote source on the Collector.
C. The report is not executed with a remote source on the Aggregator.
D. Correct custom table upload is not scheduled on the Central Manager.
Correct Answer: C
Section: (none)
Explanation
A central manager can run a report on a managed unit as a remote source. We can check if the remote source on the report set to "none"on the Aggregator.
Note: Enterprise Buffer Usage Monitor report shows the aggregate of sniffer buffer usage from all managed units. It is based on the Enterprise Buffer Usage query.
QUESTION 32
Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct?
(Select 2)
A. Restart the Anomaly detection process

B. Send a test email with CLI diag command
C. From the GUI Alerter page, test the SMTP connection
D. Create a query in access domain to see the sent messages
E. Obtain the syslog file from fileserver and check for SMTP messages
Correct Answer: BC
Section: (none)
Explanation
B: Use this command to send a test email using the configured SMTP server.
1. Select Test Email from the Interactive Queries menu.

2. You are prompted to select a recipient. Select Custom and press Enter.
3. You are prompted to supply an email address. Type an email address and press Enter. You will be informed of the output of the operation.
C: Note that on the Administration Console, the Test Connection link in the SMTP pane of the Alerter configuration panel only tests that an SMTP port is
configured, not that mail can actually be delivered via that server. You can use this command to test email delivery without having to configure and trigger a
statistical or realtime alert, or an audit process notification.
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/appendices/topics/diag_cli_command.html
QUESTION 33
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product.
Which of the following are correct with regards to these features? (Select two.)
A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.
Correct Answer: DE
Section: (none)
Explanation
D: Guardium Vulnerability Assessment enables you to identify and correct security vulnerabilities in your database infrastructure.
E: As the size and organization of the corporate database grows, sensitive information like credit card numbers and transactions, or personal financial data, may
be present in multiple locations, without the knowledge of the current owners of that data. This frequently happens in corporations that have experienced mergers
and acquisitions and in older corporations where legacy systems have outlasted their original owners. Even in the best of cases, integration and enhancement
projects between disparate systems can easily leave sensitive data unknown and unprotected.
Guardium provides the Classification feature to discover and classify sensitive data, so that you can make and enforce effective access policy decisions.
Incorrect:
Not A: The Guardium S-TAP is a lightweight software agent installed on a database server system. The S-TAP monitors database traffic and forwards information
about that traffic to a Guardium system. Guardium S-TAP includes support for:
Capture of all database activities on DB2 for z/OS by privileged users, mainframe-resident applications, and network clients
Capture of critical operations such as SELECTs, DML, DDL, GRANTS, and REVOKES
Not C: Use Guardium’s predefined database entitlement (privilege) reports) to see who has system privileges and who has granted these privileges to other users
and roles. Database entitlement reports are important for auditors tracking changes to database access and to ensure that security holes do not exist from
lingering accounts or ill-granted privileges.
Reference: http://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/assess/va_intro.html?lang=en
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/discover/topics/classification.html
QUESTION 34
A Guardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses
needed to provide functionality for data activity monitoring, masking and blocking (terminate).
Which of the following lists the minimum licenses the administrator needs to install?
A. Base Collector license.

B. None, the licenses required are already installed automatically by the Guardium product installer.
C. Base Collector license plus IBM Security Guardium Standard Activity Monitor for Databases (DAM Standard).
D. Base Collector license plus IBM Security Guardium Advanced Activity Monitor for Databases (DAM Advanced.).
Correct Answer: D
Section: (none)
Explanation
Data Activity Monitor and Audit - Advanced: All capabilities in Data Activity Monitor Audit - Standard, plus the ability
to: * Block data traffic according to policy (data-level access control)
* Mask unauthorized extraction of sensitive data
Etc.
Reference: http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/897/ENUS215-173/index.html&lang=en&request_locale=en
QUESTION 35
A Guardium administrator needs to use both CLI and GrdAPI functions to manage the system.
Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI?
A. CLI: commands <search option>

GrdApi: grdapi <search option> --help
B. CLI: help <search option>
GrdApi: grdapi --help <search option>
C. CLI: commands <search option>
GrdAPI: grdapi command <search option>
D. CLI: <search option> --help
GrdApi: grdapi <search option> --help=true
Correct Answer: D
Section: (none)
Explanation
To display the parameters for a particular command, enter the command followed by '--help=true'. For example:
CLI> grdapi list_entry_location --help=true
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmaskref.doc/cli_api/guardapi_reference.html

Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Website: VCE To PDF Converter: Facebook: Twitter:: Number: C2150-606 Passing Score: 800 Time Limit: 120 Min

Uploaded by

Copyright:

Available Formats

C2150-606.

IBM Security Guardium V10.0 Administration

Which data management function does the administrator need to configure?

Given this scenario, which is true regarding the purge schedule?

Which CLI command should the administrator run?

A. Guardium Installation Manager (GIM) on the Database Server.

A. Replace the 4 Collectors with one Aggregator.

B. Create an Enterprise Report on one Collector combining the data.

What should a Guardium administrator recommend?

A. Classify sensitive files on mainframe systems.

E: Use case example:

How can the administrator do this?

A. Ask the company’s network administrators.

Syntax: support show port open

support execute <CMD String> <PMR #> <KEY>

A. Disk Util report

A. CPU Util report

Which CLI command should the administrator use to accomplish this?

What actions should the administrator configure?

A. Rule 1 - S-GATE AttachRule

Which port should the administrator use to configure IP teaming (bonding)?

What should the administrator do?

A. Increase the retention period and rerun the purge.

How should the administrator treat the PVUs of passive nodes?

A. Include the PVU load of passive nodes.

A. Install the latest patch on the Guardium appliance.

What is an Inspection Engine?

16016: Clear Unix S-TAP (including IBM i S-TAP running in PASE)

A. Review the Audit Process Log report.

A. The session will not experience any latency or termination.

Which is a key requirement for users of the Investigation Center?

How should the administrator obtain the ISO image?

A. Contact IBM Support.

What should the administrator do next to contribute troubleshooting the problem?

1. Deactivate one alert from the Anomaly Detection page.

What must the administrator ensure when setting up this environment?

A. Both Collectors are centrally managed.

Example, Failover S-TAP configuration option

Why is the report empty?

A. Sniffers are not running on the Collectors.

A. Restart the Anomaly detection process

1. Select Test Email from the Interactive Queries menu.

A. Base Collector license.

A. CLI: commands <search option>

You might also like