Note! Following C2150-609 Exam is Retired now. Please select the alternative replacement for your Exam Certification.

C2150-609 Exam Dumps - IBM Security Access Manager V9.0 Deployment

Question # 4

The request in a customer environment is IDP Initiated unsolicited SSO. The initial URL is:

https://POCIDP/FIM/sps/saml2idp/sam120/logininitial? RequestBinding=HTTPPost &Partnerld=https://POCSP/isam/sps/abc/saml20 &NameIdFormat=email

The POCIDP is Point of Contact for Identity Provider and POCSP is Point of Contact for Service Provider. The customer wants to configure TargetURL within the Service Provide' Federation configuration in IBM Security Access Manager V9.0.

What will satisfy this requirement?

poc.signin.responseTargetURL

Target_URL in the mapping rule

Federation Runtime property TargetURL

itfim_override_targeturl_attr in the mapping rule

Full Access

Question # 5

What are two key benefits of deploying IBM Security Access Manager V9.0? (Choose two.)

Session Management Server module

Enhanced user life-cycle management

Enhanced Session Recording features

Federated Single Sign On capabilities

Secure user access to web and mobile applications

Full Access

Question # 6

The IBM Security Access Manager (ISAM) V9.0 LMI SSL certificate is auto-generated by default.

When the LMI certificate is due to expire, how is it renewed?

The ISAM Appliance will renew LMI certificate automatically.

The ISAM deployment professional must issue reset_lmi_cert using command line interface

The ISAM deployment professional must re-generate it using LMI Manage System Settings -> SSL panels.

The ISAM deployment professional must create a new self sign certificate using LMI Manage System Settings -> SSL panels.

Full Access

Question # 7

A customer has deployed an IBM Security Access Manager V9.0 solution to protect web applications. After the initial authentication between the client and WebSEAL, WebSEAL can build a new Basic Authentication header and use the â€”b option to provide the authenticated Security Access Manager user name (client's original identity) together with a predefined static password across the junction to the back-end server.

Which configuration option will accomplish this?

â€“b gso

â€“b filter

â€“b ignore

â€“b supply

Full Access

Question # 8

What feature or capability of IBM Security Access Manager V9.0 can be utilized for inserting a static (pre-defined) HTTP header tag/value pair into the request flowing from WebSEAL to the backend application?

HTTP Transformation rule

HTTP-Tag-Value extended attribute

AuthzRule in LMI Policy Administration

[header-names] stanza in WebSEAL conf file

Full Access

Question # 9

A customer is migrating from TAM v6.1 running on AIX to IBM Security Access Manager (ISAM) V9.0 hardware appliances.

Which information from the TAM v6.1 environment will be useful in sizing the new ISAM V9.0 hardware configuration?

WebSEAL request logs

WebSEAL CDAS specifics

Number of LDAP replicas

Number of objects in the protected object space

Full Access

Question # 10

The IBM Security Access Manager (ISAM) V9.0 deployment professional tries to login to the LMI and discovers user "admin" no longer works, even though the correct password is also provided. The ISAM deployment professional must use "admin@localâ€.

What ISAM application configuration change has occurred to cause this behavior?

The LMI certificate has expired.

The LMI Dashboard was incorrectly configured.

Management Authorization has been configured.

Management Authentication has been configured.

Full Access

Question # 11

An IBM Security Access Manager (ISAM) V9.0 environment is defined with multiple WebSEAL servers defined for high availability. They protect the same set of backend junctions.

Which parameter needs to be configured in each WebSEAL's configuration file to force all replicated WebSEAL servers to perform authorization checks against the same protected object space?

host-name

server-name

domain-name

virtual-host-name

Full Access

Question # 12

The customer currently maintains all its users in Active Directory. As part of its new IBM Security Access Manager (ISAM) V9.0 deployment, the customer understands it will have to implement the ISAM "Global Sign-on (GSO)" to achieve SSO with certain backend applications which do their own authentication and cannot be modified.

Which federated repositories configuration will address the customer requirements?

Use an external ISDS LDAP as the ISAM Primary LDAP, federate with the AD and import all AD users into the ISAM TDS

Configure the AD as the ISAM Primary LDAP, which will create the necessary secauthority=default suffix. Import all users into the ISAM AD

Use the ISAM embedded LDAP as the Primary LDAP, federate with the AD and configure "basic user", and specify "basic-user-principal-attribute = samAccountName"

Use an external ISDS LDAP as the Primary LDAP, federate with the AD, configure "basic userâ€, specify "basic-user-principal-attribute = samAccountName" and "basic-user-search-suffix = secauthority=default"

Full Access

Question # 13

An IBM Security Access Manager V9.0 deployment professional needs to create the HTTP-Tag-Value attribute to pass values to a backend server as headers.

How can this be done?

By creating an HTTP rule which is attached to the ACL

By creating an AuthzRule which pulls the header from the ADI

By creating an extended attribute on a POP protecting the junction

By creating an extended attribute on the junction protected object

Full Access

Question # 14

The IBM Security Access Manager V9.0 deployment professional has enabled the Reverse Proxy pdweb.sescache statistic to troubleshoot a problem.

What is the problem?

HTTP sessions are being timed out prematurely.

HTTP requests are taking longer than expected.

User sessions are terminated sooner than expected.

Document caching is not as effective as anticipated.

Full Access

Question # 15

As part of installing a fixpack a deployment professional wants to back up the appliance configuration.

How is this done?

Click on the Create Backup link of the active partition

Select the active partition, select the Backup option from the Edit menu

Create a new snapshot, download the snapshot to the deployment professional's workstation, install the fixpack

Install the fixpack. The installation will copy the configuration and install the fixpack to the inactive partition, set it active and restart

Full Access

Question # 16

A deployment professional needs to configure a JavaScript into an application before a user can access a resource protected by an IBM Security Access Manager V9.0 Advanced Access Control policy which calculates a Risk Score.

What is the name of this JavaScript?

info.js

init_acc.js

setup_riskscore.js

dynamic.attributes.js

Full Access

Question # 17

A deployment professional has a requirement to configure an OpenID Connect federation which does not allow the Relying Party to access the token endpoint.

Which grant type must be enabled when creating the federation?

Implicit

Refresh Token

Client Credentials

Authorization code

Full Access

Question # 18

A system is configured with two IBM Security Access Manager (ISAM) V9.0 reverse proxy servers behind a load balancer, and it is planned to use forms-based user authentication. It is a requirement that if a reverse proxy were to fail, users that were already logged in would not be required to log in again.

Which two configurations can the deployment professional use to achieve this? (Choose two.)

Configure the system to use LTPA cookies

Configure the system to use session cookies

Configure the system to use failover cookies

Configure the system to use the global signon (GSO) cache

Configure the system to use the Distributed Session Cache (DSC)

Full Access

Question # 19

The customer requires high availability of its IBM Security Access Manager (ISAM) V9.0 WebSEAL infrastructure. The environment includes two WebSEAL appliances, two appliances for Policy Server and other ISAM services. All ISAM appliances are configured into a cluster which includes replicating the ISAM runtime and certificate files, the Policy Server, Runtime and Configuration databases, and the Distributed Session Cache. The complete LDAP configuration uses the embedded LDAP and externally federated IBM Security Directory Server (ISDS).

Which failover scenario is supported with this configuration?

The embedded LDAP on the WebSEAL appliances is available in read-only mode if the Primary Policy Server is unavailable.

Policy Server failover is automatic without manual intervention and the WebSEALs automatically detect the new active Policy Server.

An LDAP federation implies high availability therefore the external ISDS is always available with no additional configuration.

Distributed Session Cache (DSC) failover requires manual intervention at which point the WebSEALs automatically detect the new active DSC.

Full Access

Question # 20

A deployment professional in charge of a large deployment with replicated reverse proxy instances needs to keep junctions, template files, and configuration settings in sync between the instances.

How can this be done?

Setup appliance clustering and issue server sync all

Setup appliance clustering and issue server cluster sync

Setup a master reverse proxy instance and issue server task source-instance sync target-instance

Setup a master reverse proxy instance and issue server task target-instance sync source-instance

Full Access