Download IBM Security Guardium V10.0 Administration.C2150-606.TestKing.2018-11-26.33q.vcex

Vendor: IBM
Exam Code: C2150-606
Exam Name: IBM Security Guardium V10.0 Administration
Date: Nov 26, 2018
File Size: 619 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incoming data. 
Which data management function does the administrator need to configure? 
  1. Purge
  2. Data Export
  3. Data Restore
  4. System Backup
Correct answer: A
Explanation:
The quickest way to reduce the DB % Full is to induce a purge of some older data now. Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are happy to attempt to purge off slightly more data now Note: The DB filling up can be caused by the following - amongst other thingsSpikes in the data being captured A policy setting that allows too much data to be logged in the Internal Database Keeping too much data on the Internal Database Collecting data from too many Databases (STAPs) Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21511904
The quickest way to reduce the DB % Full is to induce a purge of some older data now. 
Example - If you have "Purge data older than 30 days" set currently, and presuming you have all necessary backups and Archives of your system and you are happy to attempt to purge off slightly more data now 
Note: The DB filling up can be caused by the following - amongst other things
  • Spikes in the data being captured 
  • A policy setting that allows too much data to be logged in the Internal Database 
  • Keeping too much data on the Internal Database 
  • Collecting data from too many Databases (STAPs) 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21511904
Question 2
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data safety. 
Given this scenario, which is true regarding the purge schedule?
  1. The Archive and the Export have independent purge schedules but should not be run at the same time.
  2. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
  3. It would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
  4. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to archive.
Correct answer: D
Explanation:
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is active, the starting purge date that is specified here must be greater than the Export data older than value Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
Any value that is specified for the starting purge date must be greater than the value specified for the Archive data older than value. In addition, if data exporting is active, the starting purge date that is specified here must be greater than the Export data older than value 
Reference: http://www-01.ibm.com/support/knowledgecenter/SSWL9Z_10.0.0/com.ibm.guardium.appmask.doc/adm/archiving_data.html?lang=en
Question 3
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager. 
Which CLI command should the administrator run? 
  1. iptraf
  2. support show iptables
  3. show network routes operational
  4. support must_gather network_issues
Correct answer: D
Explanation:
support must_gather network_issues The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost). Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/basic_information_for_ibm_support.html
support must_gather network_issues 
The command gathers all network information from the appliance and polls hoststhat Guardium interacts with by ping, traceroute, corresponding port probingand other measures. If optional parameter is specified, then it polls only thehost that was specified (if Guardium is configured to do any activity on thishost). 
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/common_tools/topics/basic_information_for_ibm_support.html
Question 4
A Guardium administrator needs to monitor changes to the Oracle configuration file on a production Oracle database server. 
Assuming all valid licenses are applied, which Guardium component does the administrator need to install and where?
  1. Guardium Installation Manager (GIM) on the Database Server.
  2. Configuration Auditing System (CAS) on the Database Server.
  3. Configuration Auditing System (CAS) on the Guardium Collector.
  4. Configuration Auditing System (CAS) on the Database Server and on the Guardium Collector.
Correct answer: D
Explanation:
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change auditing functions from the Guardium portal. The CAS server is a component of Guardium and runs on the Guardium system. Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
CAS is an agent installed on the database server and reports to the Guardium system whenever a monitored entity have changed, either in content or in ownership or permissions. You install a CAS client on the database server system. Once the CAS client has been installed on the host, you configure the actual change auditing functions from the Guardium portal. 
The CAS server is a component of Guardium and runs on the Guardium system. 
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.1.0/com.ibm.guardium91.doc/assess_harden/topics/cas.html
Question 5
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the report on each Collector. 
What should the administrator do to simplify this task and run the report in only one place every week?
  1. Replace the 4 Collectors with one Aggregator.
  2. Create an Enterprise Report on one Collector combining the data.
  3. Add a Guardium Aggregator to the environment. Create and run the report on the Aggregator.
  4. Install a Configuration Auditing System (CAS) on each Database Server. Configure the CAS Client to send data to a Collector. Create and run the report on the Collector. 
Correct answer: C
Explanation:
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and generate enterprise-level reports. Incorrect:Not D: CAS does not monitor DML SQL Statements. Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other database or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks such changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
Central Manager/Aggregator –The Central Manager is a single point of management for the entire IBM InfoSphere Guardium deployment. With the Central Manager, customers can define enterprise-wide policies, alerts, queries and reports, install patches, push configuration and perform a variety of other administrative tasks from a single console. In addition, data from multiple collectors can be aggregated to the Aggregation Server to provide holistic views and generate enterprise-level reports. 
Incorrect:
Not D: CAS does not monitor DML SQL Statements. 
Databases can be affected by changes to the server environment; for example, by changing configuration files, environment or registry variables, or other database or operating system components, including executable files or scripts used by the database management system or the operating system. CAS tracks such changes and reports on them. The data is available on the Guardium system and can be used for reports and alerts. 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
Question 6
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption. 
Which column can the administrator add that would help users to better identify the client?
  1. Client OS
  2. Client MAC
  3. Access ID
  4. Analyzed Client IP
Correct answer: B
Explanation:
The column named smac is a Guardian Client/Server server which represents the Client MAC. Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html
The column named smac is a Guardian Client/Server server which represents the Client MAC. 
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_9.5.0/com.ibm.guardium95.doc/appendices/topics/cef_mapping.html
Question 7
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The Aggregators and Central Manager can handle more load. 
What should a Guardium administrator recommend?
  1. Deploy 2 new Collectors, 1 in each data center.
  2. Connect S-TAPs directly to Aggregators to avoid network latency.
  3. Connect S-TAPs directly to the Central Manager to avoid network latency.
  4. Deploy 2 new Collectors in the third data center located in between the 2 data centers.
Correct answer: A
Explanation:
IBM recommends to use 1 aggregator for every 8 collectors. Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
IBM recommends to use 1 aggregator for every 8 collectors. 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg27039720
Question 8
Which use cases are covered with the File Activity Monitoring feature? (Select two.) 
  1. Classify sensitive files on mainframe systems.
  2. Encrypts database data files on file systems based on policies.
  3. Selectively redacts sensitive data patterns in files based on policies.
  4. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
  5. Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.
Correct answer: AE
Explanation:
A: Use case example:Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block when unauthorized users or processes attempt access. E: Use case example: Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business. Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you a view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users. Note: File activity monitoring consists of the following capabilities:Discovery to inventory files and metadata. Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information. Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access, or even block access to the files to prevent data leakage. Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
A: Use case example:
Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server 
Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block when unauthorized users or processes attempt access. 
E: Use case example: 
Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business. 
Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you a view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users. 
Note: File activity monitoring consists of the following capabilities:
  • Discovery to inventory files and metadata. 
  • Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information. 
  • Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access, or even block access to the files to prevent data leakage. 
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html
Question 9
A Guardium administrator needs to configure EMC Centera for Archive and/or Backup. 
In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?
  1. ClipID
  2. PEA file
  3. Shared secret
  4. Certificate signed request (CSR)
Correct answer: B
Explanation:
The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the Centera Server and the PEA file from Centera. Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21687345
The required steps that are needed to be taken, in Guardium in order to reconfigure EMC Centera by changing the IP address, are the IP address of the Centera Server and the PEA file from Centera. 
Reference: http://www-01.ibm.com/support/docview.wss?uid=swg21687345
Question 10
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the shell script, a CLI command and the encrypted key to execute the uploaded shell script. 
Which CLI command should the administrator use to review the commands that were previously run?
  1. fileserver
  2. support execute showlog
  3. show log external state
  4. support must_gather system_db_info
Correct answer: B
Explanation:
The support execute  utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote access it not available or permitted. In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here is an example of the interfaces and MAC addresses:Customer usage / Logged in as CLI support execute <CMD String> <PMR #> <KEY> # main execute command provided by Guardium Advanced Support support execute showlog [<Secure Key>|main|files] # Show usage logs Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
The support execute  utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote access it not available or permitted. 
In order to permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for eth0. Here is an example of the interfaces and MAC addresses:
Customer usage / Logged in as CLI 
support execute <CMD String> <PMR #> <KEY> 
# main execute command provided by Guardium Advanced Support 
support execute showlog [<Secure Key>|main|files] 
# Show usage logs 
Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc.reference/cli_api/support_cli_commands.html
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!