C2150-609 Online Practice Questions and Answers

A deployment professional in charge of a large deployment with replicated reverse proxy instances needs to keep junctions, template files, and configuration settings in sync between the instances.

How can this be done?

A. Setup appliance clustering and issue server sync all

B. Setup appliance clustering and issue server cluster sync

C. Setup a master reverse proxy instance and issue server task source-instance sync target-instance

D. Setup a master reverse proxy instance and issue server task target-instance sync source-instance

A company is upgrading its existing IBM Security Access Manager (ISAM) environment to ISAM 9.0. Based on the requirements for the upgrade, activation keys have been procured for different ISAM modules.

Which two features require an activation key? (Choose two.)

A. REST APIs

B. Web Reverse Proxy

C. Authorization Server

D. Local Management Interface

E. Distributed Session Cache

An IBM Security Access Manager (ISAM) V9.0 environments is configured with Primary and Secondary Masters servers. The Primary master node becomes unavailable and ISAM deployment professional promotes the Secondary Master node to a Primary Master.

What happens to the original Primary Master when it becomes available and rejoins the network?

A. It is automatically removed from the cluster.

B. It is automatically demoted to the role of a non-master node.

C. It is automatically promoted to the role of a primary Master node.

D. It is automatically demoted to the role of a Secondary Master node.

The IBM Security Access Manager (ISAM) V9.0 deployment professional has recently discovered an entire deployment of over 100 junctions was performed incorrectly.

How can a repair operation be scripted for this, and future deployment personnel?

A. Use the CLI SSH interface, navigating to isam-> admin and authenticating as sec_master.

B. Use a text editor and create the correct junction XML files, then import them using the LMI.

C. Use the LMI Secure Web Settings-> Reverse Proxy-> Manage-> Junction Management interface.

D. Use the REST API interface https://{appliance_hostname}/isam/pdadmin, JSON files and the CURL utility.

A customer's IBM Security Access Manager (ISAM) V.90 environment consists of the appliance embedded LDAP as the Primary LDAP, and a federated Active Directory (AD) which contains all user/group information. The embedded LDAP will only contain information about default ISAM components and a limited number of AD groups. Users will be required to change their own passwords via ISAM.

Which ldap.conf configuration will properly configure the AD into this Federation and meet all customer requirements?

A. basic-user-support = no host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

B. basic-user-support = no host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

C. basic-user-support = yes host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

D. basic-user-support = yes host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**

What method can be used to upload firmware to an IBM Security Access Manager V9.0 virtual appliance?

A. USB

B. SCP

C. FTP

D. VMware tools

A company wants to use a different authentication option than username and password to access the company's web portal. The security deployment professional is in the process of deploying an IBM Security Access Manager 9.0.0 solution for the company to protect its web portal.

Which authentication method should the deployment professional consider?

A. NTLM Authentication

B. Basic Authentication

C. Form based Authentication

D. Client-side certificate authentication

An IBM Security Access Manager (ISAM) V9.0 customer is deploying a new WebSphere based Java application and wants to protect it via an ISAM Web Reverse Proxy. The user registries are not shared between ISAM and Websphere Application Server.

Which trust configuration can be used to achieve Single Sign On between ISAM Web Reverse Proxy and Websphere Application Server?

A. LTPAToken

B. LTPAToken Version 2

C. SPNEGO Trust Association Interceptor

D. Extended Trust Association Interceptor plus (eTAI)

The IBM Security Access Manager V9.0 system deployment professional is about to make a significant change to the system configuration and plans to take an appliance snapshot to protect against problems occurring as a result of the change.

Which two statements are correct regarding appliance snapshots? (Choose two.)

A. Snapshot files contain the contents of the internal user registry.

B. Appliance snapshots are supported only on virtual appliances running under VMware ESXi.

C. The purpose of snapshots is to restore prior configuration and policy settings to an appliance.

D. Snapshot files contain all the `must get' data required to be sent to IBM Support in the event of a PMR being raised.

E. An appliance snapshot can be restored on any appliance that has the same firmware level as the snapshot and the same network infrastructure.

IBM Security Access Manager V9.0 will be configured as Service Provider (SP) in a SAML Federation. The same user that logs in at the Identity Provider (IdP) will be logged in on the SP side after the Single Sign-On, for example UserA on IdP will be UserA on the SP side.

Which name identifier format meets this requirement?

A. transient

B. persistent

C. principalName

D. emailAddress