EMT Practice Test

1. Question Content...


Question List

Question1: An attacker has compromised the private key associated with a certificate.
Which two methods can be used to ensure that certificates have not been revoked by the Certification authority that issued it? (Choose two.)

Question2: Multiple users are complaining about being denied access to resources they believe they are entitled to see. The IBM Security Access Manager (ISAM) V9.0 deployment professional needs to understand and troubleshoot the various access control constructs in the ISAM protected object space. The deployment professional must also understand the order of evaluation of the three major access control constructs available in the Policy Administration tool.
That is the correct order of evaluation for these constructs?

Question3: A company has deployed an IBM Security Manager V9.0 solution to protect web resources and now wants to secure access to enterprise resources from mobile devices. The security deployment professional needs to run a utility to configure the existing WebSEAL with the instance of the appliance that provides the authorization server for Advanced Access Control.
Which utility tool will perform this configuration?

Question4: A deployment professional has created an Access Control Policy to protect sensitive business information:

Which Policy decision is returned for a user with a risk score of 35 and has consented to registering a device?

Question5: A part of installing a fixpack a deployment professional wants to back up the appliance configuration.
How is this done?

Question6: A deployment professional wants to ensure traffic from a Reverse Proxy to a junction backend application server goes out over a specific interface.
How can this be accomplished?

Question7: The deployed IBM Security Access Manager (ISAM) V9.0 solution in a company already contains a federated LDAP server. However, the dynamic group support is disabled. A deployment professional is required to change the existing federated LDAP server configuration to support the dynamic groups.
How should the deployment professional do this?

Question8: A company has deployed an IBM Security Access Manager V9.0 solution for protecting web resources and has enabled auditing for monitoring purposes. A security deployment professional has observed that audit records are using large quantities of disk space due to the large number of audit events related to HTTP access.
Which two strategies will help to reduce the volume of audit events in above scenario? (Choose two.)

Question9: In a Web Commerce environment, a "/shoppingcart" junction with four back-end application servers is created on the IBM Security Access Manager V9.0 Web Reverse Proxy. The back-end servers are not using session replication.
Which action is appropriate for maintaining session state when creating the junction?

Question10: A company is upgrading its existing IBM Security Access Manager (ISAM) environment to ISAM 9.0.
Based on the requirements for the upgrade, activation keys have been procured for different ISAM modules.
Which two features require an activation key? (Choose two.)

Question11: In an organization's testing environment, the IBM Security Access Manager V9.0 deployment professional is required to deploy the virtual appliance on Amazon EC2 with a single reverse proxy instance with a single network interface.
How should the deployment professional configure the reverse proxy so that end-users can access the reverse proxy without specifying a non-standard port (other than 80 and 443)?

Question12: The Distributed Session Cache has been enabled to replace the Session Management Server in a recently migrated IBM Security Access Manager V9.0 environment. Several Reverse Proxies have not yet been migrated from ISAM V7.0.
The help desk is now receiving user complaints due to multiple logins required for applications protected by the ISAM V7.0 Reverse Proxies.
Which Distributed Session Cache option should be checked?

Question13: The IBM Security Access Manager (ISAM) V9.0 deployment professional has recently discovered an entire deployment of over 100 junctions was performed incorrectly.
How can a repair operation be scripted for this, and future deployment personnel?

Question14: An Access Manager environment utilizing failover coolies was recently upgraded from TAM 6.1.1 to IBM Security Access MANAGER (ISAM) V9.0. The deployment professional wants to take advantage of the Distributed Session Cache.
What are two advantages of the DSC verses failover coolies? (Choose two.)

Question15: A customer's IBM Security Access Manager V9.0 deployment consists of a cluster with Primary and Secondary masters. The Primary master fails and becomes unavailable and prevents any policy updates.
Which action is required to ensure policy updates can be applied?

Question16: Which settings' default value needs to be changed to prevent loss of data when using a SolidDB external database for the runtime?

Question17: After a test cycle the deployment professional wants to search the WebSEAL WGA1 instance request log for HTTP 404 responses.
Where can this log be found in the Local Management Interface?

Question18: A customer deployment consists of a large number of virtual host functions definitions. During a troubleshooting session the deployment professional realizes the WebSEAL logs do not distinguish between requests to different virtual hosts.
How can this be remediated?

Question19: A company is using the embedded LDAP server to store IBM Security Access Manager V9.0 user data.
However, there is a requirement to create another suffix to hold a set of user data.
Which two suffix elements are supported when creating a top level entry for the suffix? (Choose two.)

Question20: A deployment professional needs to configure a JavaScript into an application before a user can access a resource protected by an IBM Security Access Manager V9.0 Advanced Access Control policy which calculates a Risk Score.
What is the name of this JavaScript?

Question21: A system is configured with two IBM Security Access Manager (ISAM) V9.0 reverse proxy servers behind a load balancer, and it is planned to use forms-based user authentication. It is a requirement that if a reverse proxy were to fail, users that were already logged in would not be required to log in again.
Which two configurations can the deployment professional use to achieve this? (Choose two.)

Question22: Which hardware component is included in an IBM Security Access Manager V9.0 hardware appliance?

Question23: Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.
What can the deployment professional do to meet this requirement?

Question24: A customer has configured the IBM Security Access Manager V9.0 appliance authentication to an external LDAP server. The customer wants to allow support staff with LDAP accounts that are members of the HelpDesk group to view appliance and audit logs.
Where should the deployment professional configure a new role and map it to the HelpDesk LDAP group for the support staff?

Question25: The IBM Security Manager V9.0 Advances Access Control module can perform Context-based Authorization based on the contents of a POST parameter.
Which two configuration steps need to be performed to do this? (Choose two.)

Question26: A deployment professional has created a new SAML 2.0 Service Provider federation and added an Identity Provider partner.
What will be the next step to allow users to single sign-on to the service?

Question27: During testing of an application the deployment professional is receiving frequent alerts about high disk utilization.
What action can be taken to resolve this issue?

Question28: Which action must be completed for an external high volume runtime database after upgrading a Security Access Manager appliance?

Question29: A company is planning to deploy an IBM Security Access Manager (ISAM) V9.0 cluster to provide high availability services to its customer. ISAM cluster members are separated by a firewall.
Which port(s) should be open in the firewall to assure normal cluster service functionality?

Question30: A large bank has multiple applications protected by two identically configured WebSEAL servers. One junction supports a reporting application that frequently expenses performance issues which slows response time. The worst case results in the entire site becoming unresponsive when all WebSEAL worker threads on all WebSEAL instances are consumed on the junctions to this one reporting application.
Which configuration change will prevent this situation from occurring without impacting the behavior of any other application (junction), and keeping the entire site up?

Question31: The request in a customer environment is IDP Initiated unsolicited SSO. The initial URL is:
https://POCIDP/FIM/sps/saml2idp/saml20/loginitial?
RequestBinding =HTTPPost&PartnerId= https://POCSP/isam/sps/abc/saml20&NameIdFormat =Email The POCIDP is Point of Contact for Identity Provider and POCSP is Point of Contact for Service Provider.
The customer wants to configure TargetURL within the Service Provider Federation configuration in IBM Security Access Manager V9.0.
What will satisfy this requirement?

Question32: An IBM Security Access Manager (ISAM) V9.0 deployment professional has downloaded the ISAM V9.0 installation files from the IBM Passport Advantage site. XenServer 6.2 will be the hypervisor technology used for a new ISAM Virtual Appliance installation.
What is the installation media file type needed to deploy the new ISAM appliance on XenServer?

Question33: An IBM Security Access Manager (ISAM) V9.0 environments is configured with Primary and Secondary Masters servers. The Primary master node becomes unavailable and ISAM deployment professional promotes the Secondary Master node to a Primary Master.
What happens to the original Primary Master when it becomes available and rejoins the network?

Question34: A deployment professional creates a support file on an IBM Security Access Manager V9.0 appliance.
What is the purpose?

Question35: An IBM Security Access Manager V9.0 deployment professional wants to be alerted by the appliance for events like certificate expiry.
In which two ways can these alert notifications be configured? (Choose two.)

Question36: The appliance dashboard Reverse Proxy Health widget indicates a problem with the /snoop junction on the Test instance.
Which log file can be examined to find product errors?

Question37: The IBM Security Access Manager V9.0 deployment professional has enabled the Reverse proxy pdweb, sescache statistic to troubleshoot a problem.
What is the problem?

Question38: An IBM Security Manager V9.0 deployment professional responsible for a large cluster notices the clocks among the nodes are not in sync and needs to update settings to ensure the clocks are synchronized.
Which setting should be used to help keep times synchronized?

Question39: An IBM Security Access Manager (ISAM) V9.0 deployment professional has downloaded a snapshot from an ISAM virtual appliance configured with reverse proxy. This snapshot is being applied to another virtual appliance.
Which condition must be met before applying a snapshot from one virtual appliance to another?

Question40: Due to regulatory statues, the customer must limit a user to one session.
Which IBM Security Access Manager V9.0 capability is required to address this customer requirement?