IBM InfoSphere Guardium Technical Mastery Test v2 v6.0 (P2150-739)

Page:    1 / 3   
Total 47 questions

How is authentication and encryption implemented between collectors, aggregators and the
Central Policy Manager in a multi-tier Guardium environment?

  • A. Using an encrypted file containing the system password that must be copied to the Central Policy Manager and collectors.
  • B. A System Shared Secret is specified through the GUI for each collector and the Central Policy Manager.
  • C. The Central Policy Manager scans the network for Guardium collectors and performs a security handshake with each appliance.
  • D. The communication between collectors and the Central Policy Manager is based on unsecured network packets.


Answer : B

Which of the following best describes the role of the aggregator in a Guardium environment?

  • A. The aggregator is a Guardium appliance that collects and consolidates information from multiple collectors to a single Aggregation Server, allowing for reporting across the enterprise.
  • B. The aggregator is the Guardium appliance that communicates with mainframes.
  • C. The aggregator is a Guardium appliance that allows a collector and a Central Policy Manager to communicate and is required in multi-collector environments.
  • D. The aggregator is another name for the Central Policy Manager.


Answer : A

Which of the following items cannot be identified using database auto-discovery?

  • A. IP address of servers with a database instance.
  • B. Port(s) on which a database is communicating on each server.
  • C. List of databases for each database instance.
  • D. Type of database running on each server.


Answer : C

What is the purpose of Guardium's Application Events API?

  • A. Adding application event data, such as user ID, event type and number, to the SQL statements executed between an API no-op call and its release signal.
  • B. Being part of the pattern matching engine that evaluates statements for membership in a specific security policy.
  • C. Enabling non-supported database engines to be used with Guardium.
  • D. The Application Events API is used to increase the speed at which Guardium processes statements.


Answer : A

Which of the following is often required to ensure that Guardium can identify a user's credentials through the Stored Procedure Monitoring feature?

  • A. A database system-specific plug-in that attaches on to the collector's engine.
  • B. A well-configured custom identification procedure mapping.
  • C. A credential replication routine available for free from Guardium.
  • D. Reconfiguring the security policy so the appliance knows all the application servers that contact the data server.


Answer : B

Which of the following cannot be monitored using CAS?

  • A. Environment variables.
  • B. Database configurations.
  • C. SQL activity.
  • D. File permissions.


Answer : C

A database known to contain the medical records of a foreign head of state is accessed at
1:30 AM. No security mechanism is installed and so this highly sensitive information is leaked to the media. Could this breach have been detected by running a Guardium vulnerability assessment without creating any custom assessment tests?

  • A. No, this type of test is not included with Guardium.
  • B. Yes, but only if the appliance includes Guardium's Database Protection Subscription service.
  • C. Yes, after hours login detection is one of the standard behavioral vulnerability tests included with Guardium.
  • D. Yes, however this particular test is only available for IBM DB2 and Informix servers.


Answer : C

What is Guardium's primary storage mechanism for logs and audit information?

  • A. Data can only be stored in flat files on the collector (one file per S-TAP).
  • B. Data storage can only be managed individually by each S-TAP, with audit data stored locally on the data server in flat files.
  • C. Data is stored on the collector in a normalized relational database.
  • D. Data is stored locally on each server with an S-TAP but is managed centrally through the collector.


Answer : C

Which of the following is true about applying CAS templates to CAS hosts?

  • A. Each CAS Template can only be applied to one CAS host.
  • B. Instance-level changes can be made to the template items so that the same template may be applied with different parameters (ie. run frequency) to many CAS hosts.
  • C. Applying CAS Templates will require the database management system on the CAS host to be restarted.
  • D. CAS Templates are applied to collectors, which act as CAS hosts.


Answer : B

Which of the following native SQL commands is required to link external data to internal data?

  • A. IMPORT
  • B. JOIN
  • C. ALTER
  • D. LINK


Answer : B

How would a DBA or developer notify Guardium using the Application User API that an application user has taken or given up control of a data server connection?

  • A. By importing the GuardUtils library and issuing calls through it from the application.
  • B. By creating a wrapper solution that sends HTTP requests to Guardium's service- oriented API whenever an event like this happens.
  • C. By registering the application's connection pool with Guardium.
  • D. By using the GuardAppUser call in the form of a SQL SELECT statement to indicate that a new application user has taken control of the connection.


Answer : D

Which of the following is a valid use case for scheduled database auto-discovery?

  • A. Database auto-discovery cannot be scheduled because the user must specify a series of IP addresses and port ranges every time prior to running the process.
  • B. Automating the cataloging of new database instances so the administrator does not have to perform this task manually.
  • C. Ensuring that S-TAP instances have the latest database configuration for all the databases that are being monitored.
  • D. Identifying new or rogue databases across environments, as well as new instances that may have been created within existing, already discovered database services.


Answer : D

Which of the following steps must be taken before a custom table can be defined on the
Guardium appliance?

  • A. The Guardium API must be used to notify the engine that a custom table is going to be defined.
  • B. All other users of the Guardium user interface must be logged off since there can only be one active session when the custom table is being defined.
  • C. A test provided by Guardium must be run on the data server to make sure no malicious data is found in the table to be queried.
  • D. Data in the existing database must be verified to make sure that the different data types are supported by Guardium's custom tables.


Answer : D

In a Guardium environment where data servers can talk to the collector, what is the relationship between the S-TAP and the collector appliance?

  • A. There is no relationship since the S-TAP and the collector are incompatible Guardium entities.
  • B. The S-TAP reports database activity to the collector for policy management and auditing.
  • C. A collector can only interact with one S-TAP for policy management and auditing.
  • D. The collector sends the S-TAP information about its policies so it knows what traffic to intercept.


Answer : B

Which of the following actions is NOT a known benefit of using correlation alerts?

  • A. Real time database traffic analysis and security policy inspection.
  • B. Monitoring database usage and pinpointing suspicious activity.
  • C. Automatically alerting users when established behavioral baselines are exceeded.
  • D. Saving time in alerting and analyzing versus manually doing so.


Answer : A

Page:    1 / 3   
Total 47 questions