Examen ISIM

A provisioning policy governs only services that are associated the same business unit or sub
tree of the business unit with which the policy is associated. A role referenced in the provisioning
policy must be associated the same business unit or sub tree of the business unit with which the
policy is associated.

A provisioning policy governs only services that are associated the same business unit or sub
tree of the business unit with which the policy is associated. A role referenced in the provisioning
policy can be anywhere in the tree of the organization.

A provisioning policy governs services that are anywhere in the tree of the organization. A role
referenced in the provisioning policy must be associated the same business unit or sub tree of the
business unit with which the policy is associated.

A provisioning policy governs services that are anywhere in the tree of the organization. A role
referenced in the provisioning policy can be anywhere in the tree of the organization.

Websphere application and messaging clusters must be stopped prior to installing the ISIM
fixpack.

Websphere application and messaging clusters must be running prior to installing the ISIM
fixpack.

All Websphere processes must be stopped prior to installing the ISIM fixpack.

All Websphere processes must be running prior to installing the ISIM fixpack.

Disabling anonymous read access, enabling SSL communication only

Allow only read access to IBM Security Identity Manager LDAP

Run the IBM Security Identity Manager server as non-root user

Enabled WebSphere global security

An owner with a contractor email address

An account manager

An account owner

A group owner

Synchronizing password changes for all sponsor accounts

Enabling forgotten password authentication

Enabling forgotten password date rule

Creating a password strength rule

Creating a password notation rule

Write custom code to query the ISIM Database tables to find services that have had
communication failure. Recovery is not possible, blocked requests on these services will need to
be resubmitted.

Write custom code to query the ISIM Database tables to find services that have communication
failure. After communication is restored, ISIM will automatically retry requests that were blocked.

Use the ISIM Administration console to query services with a Failed status. After
communication is restored, resubmit blocked requests.

Use the ISIM Administration console to query services with a Failed status. After
communication is restored, retry blocked requests.

You will need to set up external data synchronization to update the reporting tables before
allowing the BI tool to generate reports.

All that is needed is to define a connector to the database, the database tables are always
current.

Views will need to be defined to allow the BI tool to view the data.

You must check to see if the BI tool can read an LDAP directory.

enroleStartup.properties

enRole.properties

sdo.properties

ui.properties

Self-Tuning Memory Manager

Server side sorting

Directory caching

RUNSTATS

Websphere SystemOut.log

Java Console

ISIMtrace.log

audit.log

IBM Websphere Application Server home directory.

IBM HTTP Server home directory

IBM Java home directory

ISIM home directory

Change the CSS files so that the banner, footer, and toolbar are no longer visible.

Modify the SelfServiceUI.components.layout properties file.

Change the JSP files in the EAR subdirectory.

Modify the values of the ui.layout properties.

It returns the iteration number that the identity policy is running to identify the number of times a
user name had to be generated before a unique one could be found.

It returns the next user ID that is generated according to the rules in the Identity policy but does
not check for uniqueness.

It returns a number that can be appended to the end of the user name to make that user name
unique.

It returns the number of conflicts the passed user name has against all services configured in
ISIM.

It returns-1 if the user name is already unique.

SMTP protocol

IMAP protocol

UDP protocol

TCP protocol

Create an organization structure where users can be placed into multiple user OUs based on
placement rule that evaluates user attributes. Services on which a user can have accounts must
be defined in the same OU as the user.

Create an organization structure where users can be placed into multiple user OUs based on
placement rule that evaluates user attributes. Services on which a user can have accounts can be
defined in a separate OU.

Create two separate OUs for users and services. All users need to be in the same OU in ISIM,
and organization roles must be defined at level that is higher than the user OU.

Create a single Organizational Unit (OU) under the default Organization to anchor users and
services and their associated policies.

Provisioning policies

Accounts

Groups

Roles

Enable activity logging

Enable thread logging

Enable detail logging

Enable base logging

enrole.ui.footer=disabled

ui.adminlnterface.footer=false

enrole.ui.footer.visibility=0

ui.footer.isVisible=no

To rename the user records in the IBM Security Identity Manager (ISIM).

To include enterprise-specific attributes associated with a person.

To separate Person from Business Partner Person.

To protect the privacy of the person.

Update the value using the system configuration tool. (runConfig)

Manually update the values in the SelfServiceUI.properties file

Update the value using the import/export feature in ISIM.

Manually update the value in the enRole.properties file.

Manually update the value in the ui.properties file.

User-defined mode

Real-time mode

Server mode

Batch mode

The Account form for accounts associated with a specific service type can be customized.

The Service Group form for groups associated with a specific service can be customized.

The Account form for accounts associated with a specific service can be customized

The Service Group form for a specific group value can be customized.

The Service form for a specific service can be customized.

Who approves the recertification request what action to take when recertification rejected, who
to send rejection email to

Who rejects the recertification request, who approves the recertification request, who to send
rejection email to

Who approves the recertification request, account owner email notification, manager email
notification

Who approves the recertification request, what approval action to take, who to send approval
email to

helpmapping.properties

helpconsole.properties

helpmapping.css

ui.properties

30 seconds

15 minutes

1 minute

1 hour

Property "enrole.mail.notify=" set to 'ASYNC in enRole.properties

"Enable store forwarding" checked on Post Office configuration

sharedsecret attribute populated on person objects

Enrole.workflow.notifyPassword set to true

Device

System

Individual

All of the above

ISIM's Forgotten Password function must get the challenge questions from the web SSO
product and change ISIM service's password.

ISIM's Forgotten Password function will automatically bounce the request to web SSO product's
Forgotten Password function.

The web SSO product's Forgotten Password function can get the challenge questions from
ISIM.

The web SSO's forgotten password function cannot be used - only ISIM's forgotten password
function must be used.

ISIM's self-signed certificate will need to be imported as a trusted signer certificate in the ITDI
certificate store.

The ISIM default truststore will need to be updated before connections can be made.

Since ITDI is a component of the ISIM solution no specific configuration is required.

The service in ISIM will need to be configured for SSL.

4 - Deployment Manager process, Node process, Application Server process, Messaging
Server process

1- Deployment Manager and Node processes run under a single Java process

3 - Deployment Manager process, Node process, Application Server process

2 - Deployment Manager process and Node process

Update dbm cfg using DFT_MON_BUFPOOL ON

Get database manager configuration

Get database configuration

Get database snapshot

Get monitor switches

In the design of the Organization tree

In the design of Password policies

In the design of a LDAP Adapter

In the design of a work flow

WAS_PROFILE_HOME/bin/serverStatus.sh -all

WAS_PROFILE_HOME/var/status.sh

ISIM_HOME/var/serverStatus.sh -all

ISIM_HOME/bin/serverStatus.sh-all

com.ibm.tivoli.itim.passwordrules.PasswordGenerator

com.ibm.passwordrules.PasswordGenerator

generator.ibm.tivoli.itim.CustomGenerator

com.ibm.passwordrules.Rule

The frequency of replicating objects containing the attribute to a replica.

The frequency of reading and writing information to / from the attribute.

The frequency of writing information to the attribute.

The frequency of reading information based on the attribute's contents.

1280MB

4096MB

1024MB

2048MB

enrole.generic.randomizer should be set to true for generation of random URL for each
password retrieval request.

enrole.password.retrievalURL should be set to the value of the URL where the user can retrieve
the password.

The shared secret attribute of the Person object should be populated by the user beforehand.

enrole.workflow.notifyPassword should be set to false.

enrole.password.retrieval should be set to true.

Point IBM Security Identity Manager test environment services to production environment end
points to be managed

Use the threaded_damlserver.pl script from the IBM Security Identity Manager tuning guide

Install thousands of separate TDI dispatchers

Use the virtual service adapter setup

Login to the application and perform a password change and verify the request is scheduled
and completes successfully.

Login to the WebSphere Administrative Console and validate the status of the ISIM application.

Confirm the database instance for ISIM is running.

Confirm the LDAP instance for ISIM is running.

Windows Active Directory Password Synchronization

Self Service User Interface customization files

Provisioning policy Add/Modify/Remove

Certificate Authority certificates

Identity Feeds

Remote services, policy and script at DEBUG_MAX

Remoteservices and policy at DEBUG_MAX

Logger.trace.level at DEBUG_MAX

Remoteservices at DEBUG_MAX

SelfServiceScreenText.properties

SelfServiceHomePage.properties

SelfServiceLabels.properties

CustomLabels.properties

SelfServiceUI.properties

AD Organizational Person Identity Feed (Microsoft Windows Active Directory)

Generalize XML identity feed

Database Identity Feed

DSML Identity Feed

DAML Identity Feed

LDAP database instance, WAS profiles, HTTP server profiles, TDI adapters, SSUI
customization files, all audit and reporting data after a data synchronization. Database instance
backup is not needed as the data other than the audit and reporting data is transient in nature.

LDAP database instance, WAS profiles, TDI adapters, SSUI customization, and the adapter
data directory with the profiles and any adapter configuration, as well as the ISIM install data
subdirectory under the home directory.

ISIM database instance, LDAP database instance, WAS profiles, HTTP server configuration,
TDI adapter configuration, ISIM configuration files. Adapter profiles and configuration.

ISIM database instance. TDI assembly line XML documents, WAS cluster profiles, adapter data
directory, and the report configuration files.

The user will be able to create a static organizational role via the Java API if access to Create
operation is granted in ACM and ACI2, and if View1 or View2 allow access to the Manage Roles
task.

The user will have access to create a static organizational role if its granted by ACI1 regardless
of whether ACI2 grants, denies or provides none access to the Create operation.

The user has a view of only the common tasks provided by both View1 and View2 in the ISIM
Admin User Interface or ISIM Self Service User Interface.

The user has a merged view of all the tasks provided by View1 and View2 in the ISIM Admin
User Interface or ISIM Self Service User Interface,

IBM Security Systems Identity Manager will recognize the new attributes from data feed and
create the objectclass automatically.

Custom LDAP classes and their attributes must be created directly within your LDAP data
repository.

Use the IdapConfig tool provided by IBM Security Systems Identity Manager to create the
objectclass.

Modify the person form and specify the attributes to include for the new entity.

WebSphere administrative console

ISIM database connection log

ISIM 6 Management Console

WebSphere transaction log

<isim home>/reporting

<isim home>/jdbc/lib/data

<isim home>/opt/reporting

<isim home>/extensions/6.0/tcr

The account is randomly assigned to one of the matched person.

The account is assigned to the system administrator.

The account is assigned to the first matching person.

The account is orphaned.

The custom person entity will inherit only System Defined operations of Person entity type.
These can be customized and new operations can be defined.

The custom person entity will inherit all operations of Person entity type. These cannot be
customized, but new operations can be defined.

The custom person entity will inherit all operations of Person entity type. These can be
customized, and new operations can be defined.

The custom person entity will not inherit any operations of Person entity type. All needed
operations will need to be defined.

Escape characters need to be used for tag characters such as "("

No more than 255 characters can be used per label

Closing tags are no longer needed (</body>)

Each entry must contain a <body> tag

Certificate Authority (CA) certificates

Signature verification certificates

DER Self Signed certificates

Object signing certificates

Some objects in the Directory Server's Recycle Bin may not be deleted even if age is greater
than Recycle Bin Age Limit.

All objects in the Directory Server's Recycle Bin will be deleted regardless of age greater than
Recycle Bin Age Limit.

All objects in the Directory Server's Recycle Bin will be deleted if their age is greater than
Recycle Bin Age Limit.

Objects in the Directory Server's Recycle Bin will be deleted if their age is less than Recycle Bin
Age Limit.

Websphere Application Server

Database Server

SMTP Server

HTTP Server

Mail Server

Available memory per process in the operating system

Number of attributes defined in v3.modifiedschema

Number and size of user and accounts objects

Current setting of ibm-slapdSizeLimit

Number of indexed attributes

Advice the customer this requirement involves a custom schema and a custom UI.

Create an Assignment attribute on the CheckWriter role called MaxCheck Amount.

Create multiple roles, one for each check writer's maximum check amount.

Extend the role schema to add an attribute called MaxCheckAmount.

Provisioning policy steady state functions

Provisioning policy JavaScript functions

Provisioning policy Null types

Provisioning policy constant

A person modify request is generated requesting that the conflicting roles be removed.

The violation is displayed in the list of violations of the policy

The conflicting roles are removed from the violators

The violators of the policy are suspended

IBM Passport Advantage Website

ISIM Administration Guide

ISIM Infocenter Website

ISIM Installation Guide

A schedule and matching criteria evaluated against an entity.

External event.

Schedule only.

Internal event.

HTTP Server. Websphere Application Server. Directory Server, Tivoli Directory Integrator, and
Adapters

HTTP Server and Adapters

Tivoli Directory Integrator. HTTP Server, and Adapters

HTTP Server and Tivoli Directory Server

Nodes inside a loop can transition to activities outside the loop provide
process.goto("Activity_ID") is used on the transition.

To retrieve an instance of an activity in a loop, the process.getActivity method is passed two
parameters.

The loop node does not specify the results of the nodes in the loop.

loopcount is a local variable available only in the loop node.

Index of activities in a loop starts with zero.

When a user is added to an organizational role that is a member of a provisioning policy that
targets the service selection policy.

When account workflows related to services are referenced in the service selection policy.

Whenever a new service is added to ISIM.

When policy join behavior is modified.

When user's attributes are modified.

Application Owner

Administrator

Manager

Auditor

Update a attribute exclusion list through the administrative console.

Select what attributes to return from the available attribute list.

Add a valid LDAP filter that will return the desired accounts.

Add Java script to filter out accounts.

Select supporting data only option.

A data feed using Microsoft Word format

A data feed using binary data format

A data feed using the SOAP format

A data feed using DSML format

The number of attributes included in the reconciliation operation.

The number of group definitions used by the platform.

The password strength policy.

The service definition profile.