C2150-606 Exam - IBM Security Guardium V10.0 Administration

NEW QUESTION 1
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?

• A. diag and iptraf
• B. diag and trace_route
• C. jptraf and support must_gather
• D. support must_gather and show network verify

Answer: C

NEW QUESTION 2
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product. Which of the following are correct with regards to these features? (Select two.)

• A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
• B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
• C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
• D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
• E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.

Answer: DE

NEW QUESTION 3
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager. Which CLI command should the administrator run?

• A. iptraf
• B. support show iptables
• C. show network routes operational
• D. support must_gather network_issues

Answer: D

NEW QUESTION 4
The guard_tap.ini of a UNIX S-TAP is configured with the following parameters:

The collector that this S-TAP is sending data to has become unavailable and there is no failover option configured. A Guardium administrator must communicate the impact of this outage to users of the monitored database.
What should the administrator advise is the expected behavior for a database session?

• A. The session will not experience any latency or termination.
• B. No SQL can be executed and after l0 seconds the session will be terminated.
• C. in the first l0 seconds of the session SQL can be executed, then the session is terminated.
• D. in the first l0 seconds of the session no SQL can be executed, then the session will work as normal.

Answer: C

NEW QUESTION 5
Which use cases are covered with the File Activity Monitoring feature? (Select two.)

• A. Classify sensitive files on mainframe systems.
• B. Encrypts database data files on file systems based on policies.
• C. Selectively redacts sensitive data patterns in files based on policies.
• D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
• E. Identifies files containing Personally Identifiable Information (Pll) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Answer: AE

NEW QUESTION 6
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?

• A. include the PVU load of passive nodes.
• B. include half of the passive nodes PVU load.
• C. include a third of the passive nodes PVU load.
• D. Not include the PVU load of passive nodes.

Answer: D

NEW QUESTION 7
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not configured for that S-TAP.
What is an Inspection Engine?

• A. A piece of software residing on the Collectors.
• B. Another software to be installed on the Database server.
• C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
• D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.

Answer: C

NEW QUESTION 8
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 9
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server. Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?

• A. Guardium Installation Manager (GIM) on the Database Server
• B. Configuration Auditing System (CAS) on the Database Server.
• C. Configuration Auditing System (CAS) on the Guardium Collector.
• D. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.

Answer: D

NEW QUESTION 10
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?

• A. Client OS
• B. Client MAC
• C. Access ID
• D. Analyzed Client IP

Answer: B

NEW QUESTION 11
A Guardium administrator has an issue with Guardium. The administrator has not seen this particular issue before and needs to get it fixed. To get this resolved, what should the administrator do?

• A. Log a PMR and request an answer from IBM Support.
• B. Log a PMR so IBM Support can contact the custome
• C. Then, while waiting, do a search of the Guardium Knowledge Center and Technotes for known issues and resolutions.
• D. Request IBM Support to initiate a remote session and collect what they need to resolve the issue.
• E. Search Guardium Knowledge Center and Technotes for known issues and resolution
• F. Then, if still needed, collect must_gather information and full problem details required for a new PMR so that IBM Support can review the Problem before contacting the customer.

Answer: D

NEW QUESTION 12
A Guardium administrator is preparing commands to install or upgrade an S-TAP using the command line method. Which operating system can use the ktap_allow_module_combos parameter for the installation and upgrade?

• A. AIX
• B. Linux
• C. Solaris
• D. HP-UX

Answer: B

NEW QUESTION 13
In a centrally managed environment, while executing the report 'Enterprise Buffer Usage Monitor', a Guardium administrator gets an empty report. Why is the report empty?

• A. Sniffers are not running on the Collectors.
• B. The report is not executed with a remote source on the Collector.
• C. The report is not executed with a remote source on the Aggregator.
• D. Correct custom table upload is not scheduled on the Central Manager.

Answer: C

NEW QUESTION 14
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy. Which port should the administrator use to configure IP teaming (bonding)?

• A. ethl only
• B. eth2 only
• C. eth3 only
• D. any port

Answer: D

NEW QUESTION 15
Simple Mail Transfer Protocol (SMTP) has recently been configured on a Guardium appliance. How can the administrator confirm the configuration is correct? (Select 2)

• A. Restart the Anomaly detection process
• B. Send a test email with CLI diag command
• C. From the GUI Alerter page, test the SMTP connection
• D. Create a query in access domain to see the sent messages
• E. Obtain the syslog file from fileserver and check for SMTP messages

Answer: BC

NEW QUESTION 16
An administrator just installed the Guardium product using the Guardium ISO image. Which step must the administrator perform as part of the initial set-up of the new appliance?

• A. Generate the GUI certificate request.
• B. Configure network settings on the appliance.
• C. Restart the sniffer process from the CLI command prompt.
• D. Obtain the passwords for the databases to be monitored by the appliance.

Answer: B

NEW QUESTION 17
During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered. How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?

• A. Install S-TAP agents on all active node
• B. Set ALL_CAN_CONTROL=l to failover the S-TAP process to the passive nodes when a database failover occurs.
• C. install S-TAP agents on all active nodes Set WAIT_FOR_DB_EXEC=-l to set the agent process to failover to the passive node when a database failover occurs.
• D. Install S-TAP agents on all active and passive node
• E. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.
• F. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a correct DB home.

Answer: A

NEW QUESTION 18
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update to be synced with the managed units in a fully working environment?

• A. 0 minutes
• B. l5 minutes
• C. 30 minutes
• D. 60 minutes

Answer: D

NEW QUESTION 19
A Guardium administrator is preparing a command to install Configuration Auditing System (CAS) on a Linux server using the command line method. Which parameter is required?

• A. dir
• B. tapip
• C. java-home
• D. sqlguardip

Answer: D

NEW QUESTION 20
A Guardium administrator is creating a policy to alert on actions by users that are stored on an LDAP server. How can the administrator populate a group to use in the policy?

• A. Schedule the LDAP user import into the group.
• B. Schedule the LDAP user import from accessmgr and run portal user sync.
• C. Schedule the LDAP user import from accessmgr and populate the group from a query.
• D. Populate the group from a query in access domain with a condition on the LDAP server as the Server IP.

Answer: C

NEW QUESTION 21
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the report on each Collector. What should the administrator do to simplify this task and run the report in only one place every week?

• A. Replace the 4 Collectors with one Aggregator.
• B. Create an Enterprise Report on one Collector combining the data.
• C. Add a Guardium Aggregator to the environmen
• D. Create and run the report on the Aggregator.
• E. install a Configuration Auditing System (CAS) on each Database Serve
• F. Configure the CAS Client to send data to a Collecto
• G. Create and run the report on the Collector.

Answer: C

NEW QUESTION 22
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:


The administrator must create a policy that will terminate the session on the delete statement in the below scenario: A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
What actions should the administrator configure?

• A. Rule l - S-GATE Attach Rule 2 - S-GATE Detach
• B. Rule l - S-GATE Detach Rule 2 - S-GATE Terminate
• C. Rule l - S-GATE Attach Rule 2 - S-GATE Terminate
• D. Rule l - S-TAP Terminate Rule 2 - S-GATE Terminate

Answer: A

NEW QUESTION 23
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?

• A. Disk UtiI report
• B. Aggregation/Archive log
• C. DB Server throughput report
• D. Buff Usage Monitor and System Monitor reports

Answer: D

NEW QUESTION 24
AGuardium administrator needs to upgrade BUNDLE-STAP on a Linux server to the latest version using GIM. What parameter should the administrator set to ensure the upgrade will not require a reboot of the server?

• A. KTAP_ENABLED=l
• B. KTAP_NO_ROLLBACK=l
• C. KTAP_LIVE_UPDATE=Y
• D. KTAP_ALLOW_MODULE_COMBOS=Y

Answer: C

NEW QUESTION 25
......