IBM C2150-201 - Fundamentals of Applying IBM Security Systems Identity and Access Assurance Exam
Page: 2 / 13
Total 65 questions
Question #6 (Topic: )
Which two statements are relevant when planning a scalable Security Access Manager for
Enterprise Single Sign-On deployment? (Choose two.)
Enterprise Single Sign-On deployment? (Choose two.)
A. Fingerprint authentication is not supported in a virtual appliance deployment.
B. As the number of users increases, appropriate sizing and tuning become very important.
C. A single instance of IMS server on a Websphere Application Server is all that is required.
D. A clustered deployment of Websphere Application Servers allows for easy addition of IMS servers.
E. A combination of AD and other LDAP directory servers is not supported and you must select one or the other.
Answer: A,D
Question #7 (Topic: )
A large public insurance company's employees have a wide variety of roles, from
accounting to adjusting claims, to customer service. When employees switch departments
and jobs, significant time can pass before the employee is removed from old systems and
added to new systems. The delays create security issues and decrease productivity.
Which product can help this insurance company to deal with user accounts and security
issues?
accounting to adjusting claims, to customer service. When employees switch departments
and jobs, significant time can pass before the employee is removed from old systems and
added to new systems. The delays create security issues and decrease productivity.
Which product can help this insurance company to deal with user accounts and security
issues?
A. IBM Security Identity Manager
B. IBM Tivoli Federated Identity Manager
C. IBM Security Access Manager for Web
D. IBM Security Access Manager for Enterprise Single Sign-On
Answer: D
Question #8 (Topic: )
A customer is using Microsoft Active Directory to manage access to all the applications in
the organization. When an employee joins the organization, in order to set up his/her
access to the applications through Active Directory, as a regular practice, the administrator
would clone the Active Directory permissions from an existing employee in the same job
role and assign it to the new employee. Over the years, employees have been changing
their job roles within the organization. Whenever a job role change occurs, the same
practice of cloning the access from an existing employee in the new job role is followed. As
the AD permissions are cloned, the existing permissions for the employee changing the job
role are not removed.
What is the potential problem and solution for this customer?
the organization. When an employee joins the organization, in order to set up his/her
access to the applications through Active Directory, as a regular practice, the administrator
would clone the Active Directory permissions from an existing employee in the same job
role and assign it to the new employee. Over the years, employees have been changing
their job roles within the organization. Whenever a job role change occurs, the same
practice of cloning the access from an existing employee in the new job role is followed. As
the AD permissions are cloned, the existing permissions for the employee changing the job
role are not removed.
What is the potential problem and solution for this customer?
A. As the existing access is never cleaned up when an employee changes job roles and new access is assigned as per the new job role, many employees may be violating SoD policies. This problem can be identified and addressed by deploying IBM Security Access Manager and designing specific SoD policies.
B. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Identity Manager to implement a Role Based Access Control (RBAC) model and automate role revalidation.
C. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Access Manager to implement a Role Based Access Control (RBAC) model and automate role revalidation.
D. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Access Manager to manage fine grained access on Active Directory, implement Single Sign-On and automate role revalidation.
Answer: A
Question #9 (Topic: )
A company wants a high-performance system for collecting, analyzing, archiving and
storing large volumes of security event logs.
Which IBM product will satisfy this need?
storing large volumes of security event logs.
Which IBM product will satisfy this need?
A. IBM Security Identity Manager
B. IBM Security Directory Server
C. IBM Security Access Manager
D. IBM Security QRadar Log Manager
Answer: D
Question #10 (Topic: )
Which scenario is typical for onboarding a new web application into IBM Security Access
Manager for Enterprise Single Sign-On?
Manager for Enterprise Single Sign-On?
A. Use AccessStudio to create a profile in the test environment. Confirm the profile works and use it directly in the production environment.
B. Create a junction configuration in the test environment, confirm successful authentication, export configuration from test import into production environment.
C. Use AccessStudio directly in production environment to create a new application profile, confirm by using the test functionality in AccessStudio, and upload new application profile to production IMS server.
D. Use AccessStudio to create a new application profile. Add a condition so the profile is only available to your test users. After confirmation of the test users, remove the condition to enable the profile for all users in the production environment.
Answer: D
