Pregunta 1
Pregunta
Which is true for the relationship between provisioning policies, services, and roles?
Respuesta
-
A provisioning policy governs only services that are associated the same business unit or sub
tree of the business unit with which the policy is associated. A role referenced in the provisioning
policy must be associated the same business unit or sub tree of the business unit with which the
policy is associated.
-
A provisioning policy governs only services that are associated the same business unit or sub
tree of the business unit with which the policy is associated. A role referenced in the provisioning
policy can be anywhere in the tree of the organization.
-
A provisioning policy governs services that are anywhere in the tree of the organization. A role
referenced in the provisioning policy must be associated the same business unit or sub tree of the
business unit with which the policy is associated.
-
A provisioning policy governs services that are anywhere in the tree of the organization. A role
referenced in the provisioning policy can be anywhere in the tree of the organization.
Pregunta 2
Pregunta
When applying an IBM Security Identity Manager (ISIM) fixpack in a clustered ISIM installation
which statement is correct?
Respuesta
-
Websphere application and messaging clusters must be stopped prior to installing the ISIM
fixpack.
-
Websphere application and messaging clusters must be running prior to installing the ISIM
fixpack.
-
All Websphere processes must be stopped prior to installing the ISIM fixpack.
-
All Websphere processes must be running prior to installing the ISIM fixpack.
Pregunta 3
Pregunta
Which actions are best practice for securing IBM Security Identity Manager LDAP data?
Respuesta
-
Disabling anonymous read access, enabling SSL communication only
-
Allow only read access to IBM Security Identity Manager LDAP
-
Run the IBM Security Identity Manager server as non-root user
-
Enabled WebSphere global security
Pregunta 4
Pregunta
When gathering requirements for a Provisioning Policy design, which type of owner is used for
orphan accounts?
Pregunta 5
Pregunta
When gathering requirements for setting the Password policy which two tasks should be identified
for system-wide password settings? (Choose two) - Seleccionar 2 alternativas
Respuesta
-
Synchronizing password changes for all sponsor accounts
-
Enabling forgotten password authentication
-
Enabling forgotten password date rule
-
Creating a password strength rule
-
Creating a password notation rule
Pregunta 6
Pregunta
A customer wants to query services that have communication failures and initiate recovery
actions.
What is the recommended design approach?
Respuesta
-
Write custom code to query the ISIM Database tables to find services that have had
communication failure. Recovery is not possible, blocked requests on these services will need to
be resubmitted.
-
Write custom code to query the ISIM Database tables to find services that have communication
failure. After communication is restored, ISIM will automatically retry requests that were blocked.
-
Use the ISIM Administration console to query services with a Failed status. After
communication is restored, resubmit blocked requests.
-
Use the ISIM Administration console to query services with a Failed status. After
communication is restored, retry blocked requests.
Pregunta 7
Pregunta
Your customer has requested that you interface their existing management reporting system
based on a commercially available business intelligence tool that features the ability to read any
relational database. Which of the following considerations would be part of your design?
Respuesta
-
You will need to set up external data synchronization to update the reporting tables before
allowing the BI tool to generate reports.
-
All that is needed is to define a connector to the database, the database tables are always
current.
-
Views will need to be defined to allow the BI tool to view the data.
-
You must check to see if the BI tool can read an LDAP directory.
Pregunta 8
Pregunta
Which IBM Security Identity Manager properties file contains SSO settings?
Respuesta
-
enroleStartup.properties
-
enRole.properties
-
sdo.properties
-
ui.properties
Pregunta 9
Pregunta
What feature in DB2 should be enabled to automate memory allocation within areas of DB2,
(buffer pools, sort heap, package heap)
Pregunta 10
Pregunta
In order to debug a problem with the ISIM Workflow Designer, you have enabled applet logging
and have specified DEBUG_MAX for the tracing level.
Where will the expected trace output be written?
Respuesta
-
Websphere SystemOut.log
-
Java Console
-
ISIMtrace.log
-
audit.log
Pregunta 11
Pregunta
When moving from a previous version of IBM Tivoli Identity Manager (ITIM) to a ISIM v6 what
directory is required in order to signal an upgrade?
Pregunta 12
Pregunta
Your customer would like to display some of the functions of the Self Service user interface within
a portal they have developed for internal use. They would like to show only the operations for a
subset of the task boxes on the self-service user interface. How do you accommodate their
request?
Respuesta
-
Change the CSS files so that the banner, footer, and toolbar are no longer visible.
-
Modify the SelfServiceUI.components.layout properties file.
-
Change the JSP files in the EAR subdirectory.
-
Modify the values of the ui.layout properties.
Pregunta 13
Pregunta
What does IdentityPolicy.getNextCount(baseld) in an identity policy return, where baseId is the
value of the base user ID? (Choose two)
Respuesta
-
It returns the iteration number that the identity policy is running to identify the number of times a
user name had to be generated before a unique one could be found.
-
It returns the next user ID that is generated according to the rules in the Identity policy but does
not check for uniqueness.
-
It returns a number that can be appended to the end of the user name to make that user name
unique.
-
It returns the number of conflicts the passed user name has against all services configured in
ISIM.
-
It returns-1 if the user name is already unique.
Pregunta 14
Pregunta
When gathering requirements for email notifications, which mail protocol is used to send email
notifications in the IBM Security Identity Manager environment?
Respuesta
-
SMTP protocol
-
IMAP protocol
-
UDP protocol
-
TCP protocol
Pregunta 15
Pregunta
How would you create an organizational structure in ISIM for a customer to manage 50.000 users
and 900 servers?
Respuesta
-
Create an organization structure where users can be placed into multiple user OUs based on
placement rule that evaluates user attributes. Services on which a user can have accounts must
be defined in the same OU as the user.
-
Create an organization structure where users can be placed into multiple user OUs based on
placement rule that evaluates user attributes. Services on which a user can have accounts can be
defined in a separate OU.
-
Create two separate OUs for users and services. All users need to be in the same OU in ISIM,
and organization roles must be defined at level that is higher than the user OU.
-
Create a single Organizational Unit (OU) under the default Organization to anchor users and
services and their associated policies.
Pregunta 16
Pregunta
Separation of Duty policies create mutually exclusive relationship between what in order to protect
sensitive information from conflicts of interest?
Respuesta
-
Provisioning policies
-
Accounts
-
Groups
-
Roles
Pregunta 17
Pregunta
To configure logging to diagnose an issue with the WinAD64 adapter, which of the following must
be performed using AgentCfg?
Respuesta
-
Enable activity logging
-
Enable thread logging
-
Enable detail logging
-
Enable base logging
Pregunta 18
Pregunta
Which of the following will disable the footer in the administrative user interface?
Respuesta
-
enrole.ui.footer=disabled
-
ui.adminlnterface.footer=false
-
enrole.ui.footer.visibility=0
-
ui.footer.isVisible=no
Pregunta 19
Pregunta
What is the purpose of creating a custom Person entity?
Respuesta
-
To rename the user records in the IBM Security Identity Manager (ISIM).
-
To include enterprise-specific attributes associated with a person.
-
To separate Person from Business Partner Person.
-
To protect the privacy of the person.
Pregunta 20
Pregunta
The number of items displayed in the IBM Security Identity Manager (ISIM) Administrator Console
has been updated to a value of 100 in the test environment. What are the two options below to
update the Production environment? (Choose two) - dos alternativas
Respuesta
-
Update the value using the system configuration tool. (runConfig)
-
Manually update the values in the SelfServiceUI.properties file
-
Update the value using the import/export feature in ISIM.
-
Manually update the value in the enRole.properties file.
-
Manually update the value in the ui.properties file.
Pregunta 21
Pregunta
Given an IBM Security Identity Manager solution that is integrated with QRadar Log Management,
which polling sequence is enabled?
Respuesta
-
User-defined mode
-
Real-time mode
-
Server mode
-
Batch mode
Pregunta 22
Pregunta
When considering forms associated with Service, Accounts and Service Group categories, what
two forms can be customized?
Respuesta
-
The Account form for accounts associated with a specific service type can be customized.
-
The Service Group form for groups associated with a specific service can be customized.
-
The Account form for accounts associated with a specific service can be customized
-
The Service Group form for a specific group value can be customized.
-
The Service form for a specific service can be customized.
Pregunta 23
Pregunta
Which recertification policy options need to be considered when designing a recertification policy?
Respuesta
-
Who approves the recertification request what action to take when recertification rejected, who
to send rejection email to
-
Who rejects the recertification request, who approves the recertification request, who to send
rejection email to
-
Who approves the recertification request, account owner email notification, manager email
notification
-
Who approves the recertification request, what approval action to take, who to send approval
email to
Pregunta 24
Pregunta
Which file controls the redirection and mapping of administrative console html help?
Respuesta
-
helpmapping.properties
-
helpconsole.properties
-
helpmapping.css
-
ui.properties
Pregunta 25
Pregunta
What is the recommended SOAP timeout interval, used when installing fix packs?
Respuesta
-
30 seconds
-
15 minutes
-
1 minute
-
1 hour
Pregunta 26
Pregunta
Which configuration must be in place to allow new account passwords to be emailed in clear text?
Respuesta
-
Property "enrole.mail.notify=" set to 'ASYNC in enRole.properties
-
"Enable store forwarding" checked on Post Office configuration
-
sharedsecret attribute populated on person objects
-
Enrole.workflow.notifyPassword set to true
Pregunta 27
Pregunta
Password synchronization provides change to accounts of which ownership type?
Respuesta
-
Device
-
System
-
Individual
-
All of the above
Pregunta 28
Pregunta
In a web SSO environment, what is a valid step in the deployment plan to achieve integration
between ISIM and web SSO product for implementing Forgotten Password functionality?
Respuesta
-
ISIM's Forgotten Password function must get the challenge questions from the web SSO
product and change ISIM service's password.
-
ISIM's Forgotten Password function will automatically bounce the request to web SSO product's
Forgotten Password function.
-
The web SSO product's Forgotten Password function can get the challenge questions from
ISIM.
-
The web SSO's forgotten password function cannot be used - only ISIM's forgotten password
function must be used.
Pregunta 29
Pregunta
Identity Manager (ISIM) identity feed. ISIM is setup to only accept connections over SSL using
self-signed certificate. What must be done in order for ITDI to communicate with ISIM?
Respuesta
-
ISIM's self-signed certificate will need to be imported as a trusted signer certificate in the ITDI
certificate store.
-
The ISIM default truststore will need to be updated before connections can be made.
-
Since ITDI is a component of the ISIM solution no specific configuration is required.
-
The service in ISIM will need to be configured for SSL.
Pregunta 30
Pregunta
The client's IBM Security Identity Manager (ISIM) production environment consists of a two node
IBM Websphere Application cluster. Server #1 has the Websphere Deployment Manager installed
as well as one of the cluster nodes. Server #2 in the cluster just has the node installed.
If a process monitor is being configured on Server #1 how many Java processes are there related
just to Websphere?
Respuesta
-
4 - Deployment Manager process, Node process, Application Server process, Messaging
Server process
-
1- Deployment Manager and Node processes run under a single Java process
-
3 - Deployment Manager process, Node process, Application Server process
-
2 - Deployment Manager process and Node process
Pregunta 31
Pregunta
Which two db2 commands must be performed in order to collect information for calculating a db2
bufferpool hit ratio? (Choose two)
Respuesta
-
Update dbm cfg using DFT_MON_BUFPOOL ON
-
Get database manager configuration
-
Get database configuration
-
Get database snapshot
-
Get monitor switches
Pregunta 32
Pregunta
When gathering requirements for a Roles Administration design, which would static and dynamic
roles be associated?
Respuesta
-
In the design of the Organization tree
-
In the design of Password policies
-
In the design of a LDAP Adapter
-
In the design of a work flow
Pregunta 33
Pregunta
What is the Linux path and command to verify that ISIM v6.0 is currently running?
Respuesta
-
WAS_PROFILE_HOME/bin/serverStatus.sh -all
-
WAS_PROFILE_HOME/var/status.sh
-
ISIM_HOME/var/serverStatus.sh -all
-
ISIM_HOME/bin/serverStatus.sh-all
Pregunta 34
Pregunta
Which interface needs to be implemented to create a custom password generator?
Respuesta
-
com.ibm.tivoli.itim.passwordrules.PasswordGenerator
-
com.ibm.passwordrules.PasswordGenerator
-
generator.ibm.tivoli.itim.CustomGenerator
-
com.ibm.passwordrules.Rule
Pregunta 35
Pregunta
The criteria to setup indexes for a Directory Server attribute is based on what?
Respuesta
-
The frequency of replicating objects containing the attribute to a replica.
-
The frequency of reading and writing information to / from the attribute.
-
The frequency of writing information to the attribute.
-
The frequency of reading information based on the attribute's contents.
Pregunta 36
Pregunta
On a 32-bit operating system what is the recommended maxheap value specification for ISIM's
jvm?
Respuesta
-
1280MB
-
4096MB
-
1024MB
-
2048MB
Pregunta 37
Pregunta
Which two of the following are relevant to password retrieval by a user using a URL?
Respuesta
-
enrole.generic.randomizer should be set to true for generation of random URL for each
password retrieval request.
-
enrole.password.retrievalURL should be set to the value of the URL where the user can retrieve
the password.
-
The shared secret attribute of the Person object should be populated by the user beforehand.
-
enrole.workflow.notifyPassword should be set to false.
-
enrole.password.retrieval should be set to true.
Pregunta 38
Pregunta
Given an IBM Security Identity Manager test environment which is a valid option for testing
thousands of TDI/RMI adapters?
Respuesta
-
Point IBM Security Identity Manager test environment services to production environment end
points to be managed
-
Use the threaded_damlserver.pl script from the IBM Security Identity Manager tuning guide
-
Install thousands of separate TDI dispatchers
-
Use the virtual service adapter setup
Pregunta 39
Pregunta
A functioning IBM Security Identity Manager (ISIM) test environment has been copied over to a
production ISIM environment. Which of the following would validate the application is up and
functioning correctly?
Respuesta
-
Login to the application and perform a password change and verify the request is scheduled
and completes successfully.
-
Login to the WebSphere Administrative Console and validate the status of the ISIM application.
-
Confirm the database instance for ISIM is running.
-
Confirm the LDAP instance for ISIM is running.
Pregunta 40
Pregunta
When planning an ISIM server upgrade, which two of the following processes are NOT preserved?
(Choose two)
Respuesta
-
Windows Active Directory Password Synchronization
-
Self Service User Interface customization files
-
Provisioning policy Add/Modify/Remove
-
Certificate Authority certificates
-
Identity Feeds
Pregunta 41
Pregunta
Which trace settings would offer the most information when debugging a reconciliation failure?
Respuesta
-
Remote services, policy and script at DEBUG_MAX
-
Remoteservices and policy at DEBUG_MAX
-
Logger.trace.level at DEBUG_MAX
-
Remoteservices at DEBUG_MAX
Pregunta 42
Pregunta
Which two properties files would be considered for changing the order of sections displayed on the
Self Service User Interface and text of the actions within the sections displayed? (Choose two)
Respuesta
-
SelfServiceScreenText.properties
-
SelfServiceHomePage.properties
-
SelfServiceLabels.properties
-
CustomLabels.properties
-
SelfServiceUI.properties
Pregunta 43
Pregunta
Which two identity feed service types come with the out of the box IBM Security Identity Manager
(ISIM)? (Choose two)
Pregunta 44
Pregunta
When planning for backup and recovery, which of these components must be covered in the
planning document?
Respuesta
-
LDAP database instance, WAS profiles, HTTP server profiles, TDI adapters, SSUI
customization files, all audit and reporting data after a data synchronization. Database instance
backup is not needed as the data other than the audit and reporting data is transient in nature.
-
LDAP database instance, WAS profiles, TDI adapters, SSUI customization, and the adapter
data directory with the profiles and any adapter configuration, as well as the ISIM install data
subdirectory under the home directory.
-
ISIM database instance, LDAP database instance, WAS profiles, HTTP server configuration,
TDI adapter configuration, ISIM configuration files. Adapter profiles and configuration.
-
ISIM database instance. TDI assembly line XML documents, WAS cluster profiles, adapter data
directory, and the report configuration files.
Pregunta 45
Pregunta
A user is a member of two ISIM groups. Each group is a member in two separate Access Control
Items (ACIs), ACI1 and ACI2 on Static Organizational Roles. Each group also has a separate UI
View associated with it, called View1 and View2.
Which statement is correct in describing the access granted or denied to the user?
Respuesta
-
The user will be able to create a static organizational role via the Java API if access to Create
operation is granted in ACM and ACI2, and if View1 or View2 allow access to the Manage Roles
task.
-
The user will have access to create a static organizational role if its granted by ACI1 regardless
of whether ACI2 grants, denies or provides none access to the Create operation.
-
The user has a view of only the common tasks provided by both View1 and View2 in the ISIM
Admin User Interface or ISIM Self Service User Interface.
-
The user has a merged view of all the tasks provided by View1 and View2 in the ISIM Admin
User Interface or ISIM Self Service User Interface,
Pregunta 46
Pregunta
When you create a custom Person or BPPerson type entity, how is the actual LDAP class that
stores the entity created?
Respuesta
-
IBM Security Systems Identity Manager will recognize the new attributes from data feed and
create the objectclass automatically.
-
Custom LDAP classes and their attributes must be created directly within your LDAP data
repository.
-
Use the IdapConfig tool provided by IBM Security Systems Identity Manager to create the
objectclass.
-
Modify the person form and specify the attributes to include for the new entity.
Pregunta 47
Pregunta
Where is the correct location for verifying database connections to ISIM v6.0?
Respuesta
-
WebSphere administrative console
-
ISIM database connection log
-
ISIM 6 Management Console
-
WebSphere transaction log
Pregunta 48
Pregunta
What is the default location for the Tivoli Common Reporting Pack?
Respuesta
-
<isim home>/reporting
-
<isim home>/jdbc/lib/data
-
<isim home>/opt/reporting
-
<isim home>/extensions/6.0/tcr
Pregunta 49
Pregunta
An adoption policy matches the attributes for an account on a managed resource to the attributes
for an IBM Security Identity Manager user.
If there is more than one person evaluated as the owner of the account, how is the account
assigned?
Respuesta
-
The account is randomly assigned to one of the matched person.
-
The account is assigned to the system administrator.
-
The account is assigned to the first matching person.
-
The account is orphaned.
Pregunta 50
Pregunta
The customer's design calls for a new custom person entity to be created.
What is a valid statement regarding operations that can be carried out on the new person entity?
Respuesta
-
The custom person entity will inherit only System Defined operations of Person entity type.
These can be customized and new operations can be defined.
-
The custom person entity will inherit all operations of Person entity type. These cannot be
customized, but new operations can be defined.
-
The custom person entity will inherit all operations of Person entity type. These can be
customized, and new operations can be defined.
-
The custom person entity will not inherit any operations of Person entity type. All needed
operations will need to be defined.
Pregunta 51
Pregunta
What special consideration needs to be taken when loading xhtml labels into a custom labels file?
Respuesta
-
Escape characters need to be used for tag characters such as "("
-
No more than 255 characters can be used per label
-
Closing tags are no longer needed (</body>)
-
Each entry must contain a <body> tag
Pregunta 52
Pregunta
Which of the following is NOT a valid certificate type for use with an ISIM v6.0 Adapter?
Respuesta
-
Certificate Authority (CA) certificates
-
Signature verification certificates
-
DER Self Signed certificates
-
Object signing certificates
Pregunta 53
Pregunta
The Recycle Bin has been activated, the Recycle Bin Age is set to 62 days, and the IdapClean
script is set to run daily.
When IdapClean completes, which statement is true?
Respuesta
-
Some objects in the Directory Server's Recycle Bin may not be deleted even if age is greater
than Recycle Bin Age Limit.
-
All objects in the Directory Server's Recycle Bin will be deleted regardless of age greater than
Recycle Bin Age Limit.
-
All objects in the Directory Server's Recycle Bin will be deleted if their age is greater than
Recycle Bin Age Limit.
-
Objects in the Directory Server's Recycle Bin will be deleted if their age is less than Recycle Bin
Age Limit.
Pregunta 54
Pregunta
When upgrading IBM Security Identity Manager (ISIM) from a previous version to v6 which two
middleware components might have to be upgraded? (Choose two)
Pregunta 55
Pregunta
Which two items are relevant when considering an increase of the ISIM 1TDS directory instance
entry cache size? (Choose two)
Respuesta
-
Available memory per process in the operating system
-
Number of attributes defined in v3.modifiedschema
-
Number and size of user and accounts objects
-
Current setting of ibm-slapdSizeLimit
-
Number of indexed attributes
Pregunta 56
Pregunta
When the role CheckWtiter is assigned to a user, a maximum check amount limit must be
specified.
What is the recommended design option to implement this requirement?
Respuesta
-
Advice the customer this requirement involves a custom schema and a custom UI.
-
Create an Assignment attribute on the CheckWriter role called MaxCheck Amount.
-
Create multiple roles, one for each check writer's maximum check amount.
-
Extend the role schema to add an attribute called MaxCheckAmount.
Pregunta 57
Pregunta
A static, constant value which can be assigned to an entitlement parameter for a single or multivalued
attribute is an example of:
Respuesta
-
Provisioning policy steady state functions
-
Provisioning policy JavaScript functions
-
Provisioning policy Null types
-
Provisioning policy constant
Pregunta 58
Pregunta
What occurs when a Separation of Duty policy exemption is revoked?
Respuesta
-
A person modify request is generated requesting that the conflicting roles be removed.
-
The violation is displayed in the list of violations of the policy
-
The conflicting roles are removed from the violators
-
The violators of the policy are suspended
Pregunta 59
Pregunta
Where would one go to download the latest version of a specific IBM Security Identity Manager
(ISIM) adapter?
Pregunta 60
Pregunta
Life cycle rule is triggered automatically by which event?
Pregunta 61
Pregunta
What components in a IBM Security Identity Manager (ISIM) environment can be configured for
SSL communication?
Respuesta
-
HTTP Server. Websphere Application Server. Directory Server, Tivoli Directory Integrator, and
Adapters
-
HTTP Server and Adapters
-
Tivoli Directory Integrator. HTTP Server, and Adapters
-
HTTP Server and Tivoli Directory Server
Pregunta 62
Pregunta
Which two statements are correct for a loop node in a workflow? (Choose two)
Respuesta
-
Nodes inside a loop can transition to activities outside the loop provide
process.goto("Activity_ID") is used on the transition.
-
To retrieve an instance of an activity in a loop, the process.getActivity method is passed two
parameters.
-
The loop node does not specify the results of the nodes in the loop.
-
loopcount is a local variable available only in the loop node.
-
Index of activities in a loop starts with zero.
Pregunta 63
Pregunta
A services selection policy is evaluated under which of the two scenarios? (Choose two)
Respuesta
-
When a user is added to an organizational role that is a member of a provisioning policy that
targets the service selection policy.
-
When account workflows related to services are referenced in the service selection policy.
-
Whenever a new service is added to ISIM.
-
When policy join behavior is modified.
-
When user's attributes are modified.
Pregunta 64
Pregunta
When gathering requirements for Identity Policy, which ID will define the rule to generate the user
ID?
Respuesta
-
Application Owner
-
Administrator
-
Manager
-
Auditor
Pregunta 65
Pregunta
How should a reconciliation schedule be configured to ignore certain accounts and certain
attributes for a service?
Respuesta
-
Update a attribute exclusion list through the administrative console.
-
Select what attributes to return from the available attribute list.
-
Add a valid LDAP filter that will return the desired accounts.
-
Add Java script to filter out accounts.
-
Select supporting data only option.
Pregunta 66
Pregunta
When gathering requirements for data to be loaded, which data feed is natively supported by IBM
Security Identity Manager?
Respuesta
-
A data feed using Microsoft Word format
-
A data feed using binary data format
-
A data feed using the SOAP format
-
A data feed using DSML format
Pregunta 67
Pregunta
When designing a custom adapter, which of the following areas will have the largest impact on design scope and implementation complexity?
Respuesta
-
The number of attributes included in the reconciliation operation.
-
The number of group definitions used by the platform.
-
The password strength policy.
-
The service definition profile.