Este Quiz é cronometrado.
Você tem 1 hora 40 minutos para completar as 67 questões deste quiz..
Which is true for the relationship between provisioning policies, services, and roles?
A provisioning policy governs only services that are associated the same business unit or sub tree of the business unit with which the policy is associated. A role referenced in the provisioning policy must be associated the same business unit or sub tree of the business unit with which the policy is associated.
A provisioning policy governs only services that are associated the same business unit or sub tree of the business unit with which the policy is associated. A role referenced in the provisioning policy can be anywhere in the tree of the organization.
A provisioning policy governs services that are anywhere in the tree of the organization. A role referenced in the provisioning policy must be associated the same business unit or sub tree of the business unit with which the policy is associated.
A provisioning policy governs services that are anywhere in the tree of the organization. A role referenced in the provisioning policy can be anywhere in the tree of the organization.
When applying an IBM Security Identity Manager (ISIM) fixpack in a clustered ISIM installation which statement is correct?
Websphere application and messaging clusters must be stopped prior to installing the ISIM fixpack.
Websphere application and messaging clusters must be running prior to installing the ISIM fixpack.
All Websphere processes must be stopped prior to installing the ISIM fixpack.
All Websphere processes must be running prior to installing the ISIM fixpack.
Which actions are best practice for securing IBM Security Identity Manager LDAP data?
Disabling anonymous read access, enabling SSL communication only
Allow only read access to IBM Security Identity Manager LDAP
Run the IBM Security Identity Manager server as non-root user
Enabled WebSphere global security
When gathering requirements for a Provisioning Policy design, which type of owner is used for orphan accounts?
An owner with a contractor email address
An account manager
An account owner
A group owner
When gathering requirements for setting the Password policy which two tasks should be identified for system-wide password settings? (Choose two) - Seleccionar 2 alternativas
Synchronizing password changes for all sponsor accounts
Enabling forgotten password authentication
Enabling forgotten password date rule
Creating a password strength rule
Creating a password notation rule
A customer wants to query services that have communication failures and initiate recovery actions. What is the recommended design approach?
Write custom code to query the ISIM Database tables to find services that have had communication failure. Recovery is not possible, blocked requests on these services will need to be resubmitted.
Write custom code to query the ISIM Database tables to find services that have communication failure. After communication is restored, ISIM will automatically retry requests that were blocked.
Use the ISIM Administration console to query services with a Failed status. After communication is restored, resubmit blocked requests.
Use the ISIM Administration console to query services with a Failed status. After communication is restored, retry blocked requests.
Your customer has requested that you interface their existing management reporting system based on a commercially available business intelligence tool that features the ability to read any relational database. Which of the following considerations would be part of your design?
You will need to set up external data synchronization to update the reporting tables before allowing the BI tool to generate reports.
All that is needed is to define a connector to the database, the database tables are always current.
Views will need to be defined to allow the BI tool to view the data.
You must check to see if the BI tool can read an LDAP directory.
Which IBM Security Identity Manager properties file contains SSO settings?
enroleStartup.properties
enRole.properties
sdo.properties
ui.properties
What feature in DB2 should be enabled to automate memory allocation within areas of DB2, (buffer pools, sort heap, package heap)
Self-Tuning Memory Manager
Server side sorting
Directory caching
RUNSTATS
In order to debug a problem with the ISIM Workflow Designer, you have enabled applet logging and have specified DEBUG_MAX for the tracing level. Where will the expected trace output be written?
Websphere SystemOut.log
Java Console
ISIMtrace.log
audit.log
When moving from a previous version of IBM Tivoli Identity Manager (ITIM) to a ISIM v6 what directory is required in order to signal an upgrade?
IBM Websphere Application Server home directory.
IBM HTTP Server home directory
IBM Java home directory
ISIM home directory
Your customer would like to display some of the functions of the Self Service user interface within a portal they have developed for internal use. They would like to show only the operations for a subset of the task boxes on the self-service user interface. How do you accommodate their request?
Change the CSS files so that the banner, footer, and toolbar are no longer visible.
Modify the SelfServiceUI.components.layout properties file.
Change the JSP files in the EAR subdirectory.
Modify the values of the ui.layout properties.
What does IdentityPolicy.getNextCount(baseld) in an identity policy return, where baseId is the value of the base user ID? (Choose two)
It returns the iteration number that the identity policy is running to identify the number of times a user name had to be generated before a unique one could be found.
It returns the next user ID that is generated according to the rules in the Identity policy but does not check for uniqueness.
It returns a number that can be appended to the end of the user name to make that user name unique.
It returns the number of conflicts the passed user name has against all services configured in ISIM.
It returns-1 if the user name is already unique.
When gathering requirements for email notifications, which mail protocol is used to send email notifications in the IBM Security Identity Manager environment?
SMTP protocol
IMAP protocol
UDP protocol
TCP protocol
How would you create an organizational structure in ISIM for a customer to manage 50.000 users and 900 servers?
Create an organization structure where users can be placed into multiple user OUs based on placement rule that evaluates user attributes. Services on which a user can have accounts must be defined in the same OU as the user.
Create an organization structure where users can be placed into multiple user OUs based on placement rule that evaluates user attributes. Services on which a user can have accounts can be defined in a separate OU.
Create two separate OUs for users and services. All users need to be in the same OU in ISIM, and organization roles must be defined at level that is higher than the user OU.
Create a single Organizational Unit (OU) under the default Organization to anchor users and services and their associated policies.
Separation of Duty policies create mutually exclusive relationship between what in order to protect sensitive information from conflicts of interest?
Provisioning policies
Accounts
Groups
Roles
To configure logging to diagnose an issue with the WinAD64 adapter, which of the following must be performed using AgentCfg?
Enable activity logging
Enable thread logging
Enable detail logging
Enable base logging
Which of the following will disable the footer in the administrative user interface?
enrole.ui.footer=disabled
ui.adminlnterface.footer=false
enrole.ui.footer.visibility=0
ui.footer.isVisible=no
What is the purpose of creating a custom Person entity?
To rename the user records in the IBM Security Identity Manager (ISIM).
To include enterprise-specific attributes associated with a person.
To separate Person from Business Partner Person.
To protect the privacy of the person.
The number of items displayed in the IBM Security Identity Manager (ISIM) Administrator Console has been updated to a value of 100 in the test environment. What are the two options below to update the Production environment? (Choose two) - dos alternativas
Update the value using the system configuration tool. (runConfig)
Manually update the values in the SelfServiceUI.properties file
Update the value using the import/export feature in ISIM.
Manually update the value in the enRole.properties file.
Manually update the value in the ui.properties file.
Given an IBM Security Identity Manager solution that is integrated with QRadar Log Management, which polling sequence is enabled?
User-defined mode
Real-time mode
Server mode
Batch mode
When considering forms associated with Service, Accounts and Service Group categories, what two forms can be customized?
The Account form for accounts associated with a specific service type can be customized.
The Service Group form for groups associated with a specific service can be customized.
The Account form for accounts associated with a specific service can be customized
The Service Group form for a specific group value can be customized.
The Service form for a specific service can be customized.
Which recertification policy options need to be considered when designing a recertification policy?
Who approves the recertification request what action to take when recertification rejected, who to send rejection email to
Who rejects the recertification request, who approves the recertification request, who to send rejection email to
Who approves the recertification request, account owner email notification, manager email notification
Who approves the recertification request, what approval action to take, who to send approval email to
Which file controls the redirection and mapping of administrative console html help?
helpmapping.properties
helpconsole.properties
helpmapping.css
What is the recommended SOAP timeout interval, used when installing fix packs?
30 seconds
15 minutes
1 minute
1 hour
Which configuration must be in place to allow new account passwords to be emailed in clear text?
Property "enrole.mail.notify=" set to 'ASYNC in enRole.properties
"Enable store forwarding" checked on Post Office configuration
sharedsecret attribute populated on person objects
Enrole.workflow.notifyPassword set to true
Password synchronization provides change to accounts of which ownership type?
Device
System
Individual
All of the above
In a web SSO environment, what is a valid step in the deployment plan to achieve integration between ISIM and web SSO product for implementing Forgotten Password functionality?
ISIM's Forgotten Password function must get the challenge questions from the web SSO product and change ISIM service's password.
ISIM's Forgotten Password function will automatically bounce the request to web SSO product's Forgotten Password function.
The web SSO product's Forgotten Password function can get the challenge questions from ISIM.
The web SSO's forgotten password function cannot be used - only ISIM's forgotten password function must be used.
Identity Manager (ISIM) identity feed. ISIM is setup to only accept connections over SSL using self-signed certificate. What must be done in order for ITDI to communicate with ISIM?
ISIM's self-signed certificate will need to be imported as a trusted signer certificate in the ITDI certificate store.
The ISIM default truststore will need to be updated before connections can be made.
Since ITDI is a component of the ISIM solution no specific configuration is required.
The service in ISIM will need to be configured for SSL.
The client's IBM Security Identity Manager (ISIM) production environment consists of a two node IBM Websphere Application cluster. Server #1 has the Websphere Deployment Manager installed as well as one of the cluster nodes. Server #2 in the cluster just has the node installed. If a process monitor is being configured on Server #1 how many Java processes are there related just to Websphere?
4 - Deployment Manager process, Node process, Application Server process, Messaging Server process
1- Deployment Manager and Node processes run under a single Java process
3 - Deployment Manager process, Node process, Application Server process
2 - Deployment Manager process and Node process
Which two db2 commands must be performed in order to collect information for calculating a db2 bufferpool hit ratio? (Choose two)
Update dbm cfg using DFT_MON_BUFPOOL ON
Get database manager configuration
Get database configuration
Get database snapshot
Get monitor switches
When gathering requirements for a Roles Administration design, which would static and dynamic roles be associated?
In the design of the Organization tree
In the design of Password policies
In the design of a LDAP Adapter
In the design of a work flow
What is the Linux path and command to verify that ISIM v6.0 is currently running?
WAS_PROFILE_HOME/bin/serverStatus.sh -all
WAS_PROFILE_HOME/var/status.sh
ISIM_HOME/var/serverStatus.sh -all
ISIM_HOME/bin/serverStatus.sh-all
Which interface needs to be implemented to create a custom password generator?
com.ibm.tivoli.itim.passwordrules.PasswordGenerator
com.ibm.passwordrules.PasswordGenerator
generator.ibm.tivoli.itim.CustomGenerator
com.ibm.passwordrules.Rule
The criteria to setup indexes for a Directory Server attribute is based on what?
The frequency of replicating objects containing the attribute to a replica.
The frequency of reading and writing information to / from the attribute.
The frequency of writing information to the attribute.
The frequency of reading information based on the attribute's contents.
On a 32-bit operating system what is the recommended maxheap value specification for ISIM's jvm?
1280MB
4096MB
1024MB
2048MB
Which two of the following are relevant to password retrieval by a user using a URL?
enrole.generic.randomizer should be set to true for generation of random URL for each password retrieval request.
enrole.password.retrievalURL should be set to the value of the URL where the user can retrieve the password.
The shared secret attribute of the Person object should be populated by the user beforehand.
enrole.workflow.notifyPassword should be set to false.
enrole.password.retrieval should be set to true.
Given an IBM Security Identity Manager test environment which is a valid option for testing thousands of TDI/RMI adapters?
Point IBM Security Identity Manager test environment services to production environment end points to be managed
Use the threaded_damlserver.pl script from the IBM Security Identity Manager tuning guide
Install thousands of separate TDI dispatchers
Use the virtual service adapter setup
A functioning IBM Security Identity Manager (ISIM) test environment has been copied over to a production ISIM environment. Which of the following would validate the application is up and functioning correctly?
Login to the application and perform a password change and verify the request is scheduled and completes successfully.
Login to the WebSphere Administrative Console and validate the status of the ISIM application.
Confirm the database instance for ISIM is running.
Confirm the LDAP instance for ISIM is running.
When planning an ISIM server upgrade, which two of the following processes are NOT preserved? (Choose two)
Windows Active Directory Password Synchronization
Self Service User Interface customization files
Provisioning policy Add/Modify/Remove
Certificate Authority certificates
Identity Feeds
Which trace settings would offer the most information when debugging a reconciliation failure?
Remote services, policy and script at DEBUG_MAX
Remoteservices and policy at DEBUG_MAX
Logger.trace.level at DEBUG_MAX
Remoteservices at DEBUG_MAX
Which two properties files would be considered for changing the order of sections displayed on the Self Service User Interface and text of the actions within the sections displayed? (Choose two)
SelfServiceScreenText.properties
SelfServiceHomePage.properties
SelfServiceLabels.properties
CustomLabels.properties
SelfServiceUI.properties
Which two identity feed service types come with the out of the box IBM Security Identity Manager (ISIM)? (Choose two)
AD Organizational Person Identity Feed (Microsoft Windows Active Directory)
Generalize XML identity feed
Database Identity Feed
DSML Identity Feed
DAML Identity Feed
When planning for backup and recovery, which of these components must be covered in the planning document?
LDAP database instance, WAS profiles, HTTP server profiles, TDI adapters, SSUI customization files, all audit and reporting data after a data synchronization. Database instance backup is not needed as the data other than the audit and reporting data is transient in nature.
LDAP database instance, WAS profiles, TDI adapters, SSUI customization, and the adapter data directory with the profiles and any adapter configuration, as well as the ISIM install data subdirectory under the home directory.
ISIM database instance, LDAP database instance, WAS profiles, HTTP server configuration, TDI adapter configuration, ISIM configuration files. Adapter profiles and configuration.
ISIM database instance. TDI assembly line XML documents, WAS cluster profiles, adapter data directory, and the report configuration files.
A user is a member of two ISIM groups. Each group is a member in two separate Access Control Items (ACIs), ACI1 and ACI2 on Static Organizational Roles. Each group also has a separate UI View associated with it, called View1 and View2. Which statement is correct in describing the access granted or denied to the user?
The user will be able to create a static organizational role via the Java API if access to Create operation is granted in ACM and ACI2, and if View1 or View2 allow access to the Manage Roles task.
The user will have access to create a static organizational role if its granted by ACI1 regardless of whether ACI2 grants, denies or provides none access to the Create operation.
The user has a view of only the common tasks provided by both View1 and View2 in the ISIM Admin User Interface or ISIM Self Service User Interface.
The user has a merged view of all the tasks provided by View1 and View2 in the ISIM Admin User Interface or ISIM Self Service User Interface,
When you create a custom Person or BPPerson type entity, how is the actual LDAP class that stores the entity created?
IBM Security Systems Identity Manager will recognize the new attributes from data feed and create the objectclass automatically.
Custom LDAP classes and their attributes must be created directly within your LDAP data repository.
Use the IdapConfig tool provided by IBM Security Systems Identity Manager to create the objectclass.
Modify the person form and specify the attributes to include for the new entity.
Where is the correct location for verifying database connections to ISIM v6.0?
WebSphere administrative console
ISIM database connection log
ISIM 6 Management Console
WebSphere transaction log
What is the default location for the Tivoli Common Reporting Pack?
<isim home>/reporting
<isim home>/jdbc/lib/data
<isim home>/opt/reporting
<isim home>/extensions/6.0/tcr
An adoption policy matches the attributes for an account on a managed resource to the attributes for an IBM Security Identity Manager user. If there is more than one person evaluated as the owner of the account, how is the account assigned?
The account is randomly assigned to one of the matched person.
The account is assigned to the system administrator.
The account is assigned to the first matching person.
The account is orphaned.
The customer's design calls for a new custom person entity to be created. What is a valid statement regarding operations that can be carried out on the new person entity?
The custom person entity will inherit only System Defined operations of Person entity type. These can be customized and new operations can be defined.
The custom person entity will inherit all operations of Person entity type. These cannot be customized, but new operations can be defined.
The custom person entity will inherit all operations of Person entity type. These can be customized, and new operations can be defined.
The custom person entity will not inherit any operations of Person entity type. All needed operations will need to be defined.
What special consideration needs to be taken when loading xhtml labels into a custom labels file?
Escape characters need to be used for tag characters such as "("
No more than 255 characters can be used per label
Closing tags are no longer needed (</body>)
Each entry must contain a <body> tag
Which of the following is NOT a valid certificate type for use with an ISIM v6.0 Adapter?
Certificate Authority (CA) certificates
Signature verification certificates
DER Self Signed certificates
Object signing certificates
The Recycle Bin has been activated, the Recycle Bin Age is set to 62 days, and the IdapClean script is set to run daily. When IdapClean completes, which statement is true?
Some objects in the Directory Server's Recycle Bin may not be deleted even if age is greater than Recycle Bin Age Limit.
All objects in the Directory Server's Recycle Bin will be deleted regardless of age greater than Recycle Bin Age Limit.
All objects in the Directory Server's Recycle Bin will be deleted if their age is greater than Recycle Bin Age Limit.
Objects in the Directory Server's Recycle Bin will be deleted if their age is less than Recycle Bin Age Limit.
When upgrading IBM Security Identity Manager (ISIM) from a previous version to v6 which two middleware components might have to be upgraded? (Choose two)
Websphere Application Server
Database Server
SMTP Server
HTTP Server
Mail Server
Which two items are relevant when considering an increase of the ISIM 1TDS directory instance entry cache size? (Choose two)
Available memory per process in the operating system
Number of attributes defined in v3.modifiedschema
Number and size of user and accounts objects
Current setting of ibm-slapdSizeLimit
Number of indexed attributes
When the role CheckWtiter is assigned to a user, a maximum check amount limit must be specified. What is the recommended design option to implement this requirement?
Advice the customer this requirement involves a custom schema and a custom UI.
Create an Assignment attribute on the CheckWriter role called MaxCheck Amount.
Create multiple roles, one for each check writer's maximum check amount.
Extend the role schema to add an attribute called MaxCheckAmount.
A static, constant value which can be assigned to an entitlement parameter for a single or multivalued attribute is an example of:
Provisioning policy steady state functions
Provisioning policy JavaScript functions
Provisioning policy Null types
Provisioning policy constant
What occurs when a Separation of Duty policy exemption is revoked?
A person modify request is generated requesting that the conflicting roles be removed.
The violation is displayed in the list of violations of the policy
The conflicting roles are removed from the violators
The violators of the policy are suspended
Where would one go to download the latest version of a specific IBM Security Identity Manager (ISIM) adapter?
IBM Passport Advantage Website
ISIM Administration Guide
ISIM Infocenter Website
ISIM Installation Guide
Life cycle rule is triggered automatically by which event?
A schedule and matching criteria evaluated against an entity.
External event.
Schedule only.
Internal event.
What components in a IBM Security Identity Manager (ISIM) environment can be configured for SSL communication?
HTTP Server. Websphere Application Server. Directory Server, Tivoli Directory Integrator, and Adapters
HTTP Server and Adapters
Tivoli Directory Integrator. HTTP Server, and Adapters
HTTP Server and Tivoli Directory Server
Which two statements are correct for a loop node in a workflow? (Choose two)
Nodes inside a loop can transition to activities outside the loop provide process.goto("Activity_ID") is used on the transition.
To retrieve an instance of an activity in a loop, the process.getActivity method is passed two parameters.
The loop node does not specify the results of the nodes in the loop.
loopcount is a local variable available only in the loop node.
Index of activities in a loop starts with zero.
A services selection policy is evaluated under which of the two scenarios? (Choose two)
When a user is added to an organizational role that is a member of a provisioning policy that targets the service selection policy.
When account workflows related to services are referenced in the service selection policy.
Whenever a new service is added to ISIM.
When policy join behavior is modified.
When user's attributes are modified.
When gathering requirements for Identity Policy, which ID will define the rule to generate the user ID?
Application Owner
Administrator
Manager
Auditor
How should a reconciliation schedule be configured to ignore certain accounts and certain attributes for a service?
Update a attribute exclusion list through the administrative console.
Select what attributes to return from the available attribute list.
Add a valid LDAP filter that will return the desired accounts.
Add Java script to filter out accounts.
Select supporting data only option.
When gathering requirements for data to be loaded, which data feed is natively supported by IBM Security Identity Manager?
A data feed using Microsoft Word format
A data feed using binary data format
A data feed using the SOAP format
A data feed using DSML format
When designing a custom adapter, which of the following areas will have the largest impact on design scope and implementation complexity?
The number of attributes included in the reconciliation operation.
The number of group definitions used by the platform.
The password strength policy.
The service definition profile.