Copy and Edit

Examen ISIM

Description

Examen de Certificacion de la Herramienta de gestion de identidades 6.0
Jose Antonio Lindo Meza
Quiz by Jose Antonio Lindo Meza, updated more than 1 year ago
Jose Antonio Lindo Meza
Created by Jose Antonio Lindo Meza about 8 years ago
124
1
0

Resource summary

Question 1

Question
Which is true for the relationship between provisioning policies, services, and roles?
Answer
  • A provisioning policy governs only services that are associated the same business unit or sub tree of the business unit with which the policy is associated. A role referenced in the provisioning policy must be associated the same business unit or sub tree of the business unit with which the policy is associated.
  • A provisioning policy governs only services that are associated the same business unit or sub tree of the business unit with which the policy is associated. A role referenced in the provisioning policy can be anywhere in the tree of the organization.
  • A provisioning policy governs services that are anywhere in the tree of the organization. A role referenced in the provisioning policy must be associated the same business unit or sub tree of the business unit with which the policy is associated.
  • A provisioning policy governs services that are anywhere in the tree of the organization. A role referenced in the provisioning policy can be anywhere in the tree of the organization.

Question 2

Question
When applying an IBM Security Identity Manager (ISIM) fixpack in a clustered ISIM installation which statement is correct?
Answer
  • Websphere application and messaging clusters must be stopped prior to installing the ISIM fixpack.
  • Websphere application and messaging clusters must be running prior to installing the ISIM fixpack.
  • All Websphere processes must be stopped prior to installing the ISIM fixpack.
  • All Websphere processes must be running prior to installing the ISIM fixpack.

Question 3

Question
Which actions are best practice for securing IBM Security Identity Manager LDAP data?
Answer
  • Disabling anonymous read access, enabling SSL communication only
  • Allow only read access to IBM Security Identity Manager LDAP
  • Run the IBM Security Identity Manager server as non-root user
  • Enabled WebSphere global security

Question 4

Question
When gathering requirements for a Provisioning Policy design, which type of owner is used for orphan accounts?
Answer
  • An owner with a contractor email address
  • An account manager
  • An account owner
  • A group owner

Question 5

Question
When gathering requirements for setting the Password policy which two tasks should be identified for system-wide password settings? (Choose two) - Seleccionar 2 alternativas
Answer
  • Synchronizing password changes for all sponsor accounts
  • Enabling forgotten password authentication
  • Enabling forgotten password date rule
  • Creating a password strength rule
  • Creating a password notation rule

Question 6

Question
A customer wants to query services that have communication failures and initiate recovery actions. What is the recommended design approach?
Answer
  • Write custom code to query the ISIM Database tables to find services that have had communication failure. Recovery is not possible, blocked requests on these services will need to be resubmitted.
  • Write custom code to query the ISIM Database tables to find services that have communication failure. After communication is restored, ISIM will automatically retry requests that were blocked.
  • Use the ISIM Administration console to query services with a Failed status. After communication is restored, resubmit blocked requests.
  • Use the ISIM Administration console to query services with a Failed status. After communication is restored, retry blocked requests.

Question 7

Question
Your customer has requested that you interface their existing management reporting system based on a commercially available business intelligence tool that features the ability to read any relational database. Which of the following considerations would be part of your design?
Answer
  • You will need to set up external data synchronization to update the reporting tables before allowing the BI tool to generate reports.
  • All that is needed is to define a connector to the database, the database tables are always current.
  • Views will need to be defined to allow the BI tool to view the data.
  • You must check to see if the BI tool can read an LDAP directory.

Question 8

Question
Which IBM Security Identity Manager properties file contains SSO settings?
Answer
  • enroleStartup.properties
  • enRole.properties
  • sdo.properties
  • ui.properties

Question 9

Question
What feature in DB2 should be enabled to automate memory allocation within areas of DB2, (buffer pools, sort heap, package heap)
Answer
  • Self-Tuning Memory Manager
  • Server side sorting
  • Directory caching
  • RUNSTATS

Question 10

Question
In order to debug a problem with the ISIM Workflow Designer, you have enabled applet logging and have specified DEBUG_MAX for the tracing level. Where will the expected trace output be written?
Answer
  • Websphere SystemOut.log
  • Java Console
  • ISIMtrace.log
  • audit.log

Question 11

Question
When moving from a previous version of IBM Tivoli Identity Manager (ITIM) to a ISIM v6 what directory is required in order to signal an upgrade?
Answer
  • IBM Websphere Application Server home directory.
  • IBM HTTP Server home directory
  • IBM Java home directory
  • ISIM home directory

Question 12

Question
Your customer would like to display some of the functions of the Self Service user interface within a portal they have developed for internal use. They would like to show only the operations for a subset of the task boxes on the self-service user interface. How do you accommodate their request?
Answer
  • Change the CSS files so that the banner, footer, and toolbar are no longer visible.
  • Modify the SelfServiceUI.components.layout properties file.
  • Change the JSP files in the EAR subdirectory.
  • Modify the values of the ui.layout properties.

Question 13

Question
What does IdentityPolicy.getNextCount(baseld) in an identity policy return, where baseId is the value of the base user ID? (Choose two)
Answer
  • It returns the iteration number that the identity policy is running to identify the number of times a user name had to be generated before a unique one could be found.
  • It returns the next user ID that is generated according to the rules in the Identity policy but does not check for uniqueness.
  • It returns a number that can be appended to the end of the user name to make that user name unique.
  • It returns the number of conflicts the passed user name has against all services configured in ISIM.
  • It returns-1 if the user name is already unique.

Question 14

Question
When gathering requirements for email notifications, which mail protocol is used to send email notifications in the IBM Security Identity Manager environment?
Answer
  • SMTP protocol
  • IMAP protocol
  • UDP protocol
  • TCP protocol

Question 15

Question
How would you create an organizational structure in ISIM for a customer to manage 50.000 users and 900 servers?
Answer
  • Create an organization structure where users can be placed into multiple user OUs based on placement rule that evaluates user attributes. Services on which a user can have accounts must be defined in the same OU as the user.
  • Create an organization structure where users can be placed into multiple user OUs based on placement rule that evaluates user attributes. Services on which a user can have accounts can be defined in a separate OU.
  • Create two separate OUs for users and services. All users need to be in the same OU in ISIM, and organization roles must be defined at level that is higher than the user OU.
  • Create a single Organizational Unit (OU) under the default Organization to anchor users and services and their associated policies.

Question 16

Question
Separation of Duty policies create mutually exclusive relationship between what in order to protect sensitive information from conflicts of interest?
Answer
  • Provisioning policies
  • Accounts
  • Groups
  • Roles

Question 17

Question
To configure logging to diagnose an issue with the WinAD64 adapter, which of the following must be performed using AgentCfg?
Answer
  • Enable activity logging
  • Enable thread logging
  • Enable detail logging
  • Enable base logging

Question 18

Question
Which of the following will disable the footer in the administrative user interface?
Answer
  • enrole.ui.footer=disabled
  • ui.adminlnterface.footer=false
  • enrole.ui.footer.visibility=0
  • ui.footer.isVisible=no

Question 19

Question
What is the purpose of creating a custom Person entity?
Answer
  • To rename the user records in the IBM Security Identity Manager (ISIM).
  • To include enterprise-specific attributes associated with a person.
  • To separate Person from Business Partner Person.
  • To protect the privacy of the person.

Question 20

Question
The number of items displayed in the IBM Security Identity Manager (ISIM) Administrator Console has been updated to a value of 100 in the test environment. What are the two options below to update the Production environment? (Choose two) - dos alternativas
Answer
  • Update the value using the system configuration tool. (runConfig)
  • Manually update the values in the SelfServiceUI.properties file
  • Update the value using the import/export feature in ISIM.
  • Manually update the value in the enRole.properties file.
  • Manually update the value in the ui.properties file.

Question 21

Question
Given an IBM Security Identity Manager solution that is integrated with QRadar Log Management, which polling sequence is enabled?
Answer
  • User-defined mode
  • Real-time mode
  • Server mode
  • Batch mode

Question 22

Question
When considering forms associated with Service, Accounts and Service Group categories, what two forms can be customized?
Answer
  • The Account form for accounts associated with a specific service type can be customized.
  • The Service Group form for groups associated with a specific service can be customized.
  • The Account form for accounts associated with a specific service can be customized
  • The Service Group form for a specific group value can be customized.
  • The Service form for a specific service can be customized.

Question 23

Question
Which recertification policy options need to be considered when designing a recertification policy?
Answer
  • Who approves the recertification request what action to take when recertification rejected, who to send rejection email to
  • Who rejects the recertification request, who approves the recertification request, who to send rejection email to
  • Who approves the recertification request, account owner email notification, manager email notification
  • Who approves the recertification request, what approval action to take, who to send approval email to

Question 24

Question
Which file controls the redirection and mapping of administrative console html help?
Answer
  • helpmapping.properties
  • helpconsole.properties
  • helpmapping.css
  • ui.properties

Question 25

Question
What is the recommended SOAP timeout interval, used when installing fix packs?
Answer
  • 30 seconds
  • 15 minutes
  • 1 minute
  • 1 hour

Question 26

Question
Which configuration must be in place to allow new account passwords to be emailed in clear text?
Answer
  • Property "enrole.mail.notify=" set to 'ASYNC in enRole.properties
  • "Enable store forwarding" checked on Post Office configuration
  • sharedsecret attribute populated on person objects
  • Enrole.workflow.notifyPassword set to true

Question 27

Question
Password synchronization provides change to accounts of which ownership type?
Answer
  • Device
  • System
  • Individual
  • All of the above

Question 28

Question
In a web SSO environment, what is a valid step in the deployment plan to achieve integration between ISIM and web SSO product for implementing Forgotten Password functionality?
Answer
  • ISIM's Forgotten Password function must get the challenge questions from the web SSO product and change ISIM service's password.
  • ISIM's Forgotten Password function will automatically bounce the request to web SSO product's Forgotten Password function.
  • The web SSO product's Forgotten Password function can get the challenge questions from ISIM.
  • The web SSO's forgotten password function cannot be used - only ISIM's forgotten password function must be used.

Question 29

Question
Identity Manager (ISIM) identity feed. ISIM is setup to only accept connections over SSL using self-signed certificate. What must be done in order for ITDI to communicate with ISIM?
Answer
  • ISIM's self-signed certificate will need to be imported as a trusted signer certificate in the ITDI certificate store.
  • The ISIM default truststore will need to be updated before connections can be made.
  • Since ITDI is a component of the ISIM solution no specific configuration is required.
  • The service in ISIM will need to be configured for SSL.

Question 30

Question
The client's IBM Security Identity Manager (ISIM) production environment consists of a two node IBM Websphere Application cluster. Server #1 has the Websphere Deployment Manager installed as well as one of the cluster nodes. Server #2 in the cluster just has the node installed. If a process monitor is being configured on Server #1 how many Java processes are there related just to Websphere?
Answer
  • 4 - Deployment Manager process, Node process, Application Server process, Messaging Server process
  • 1- Deployment Manager and Node processes run under a single Java process
  • 3 - Deployment Manager process, Node process, Application Server process
  • 2 - Deployment Manager process and Node process

Question 31

Question
Which two db2 commands must be performed in order to collect information for calculating a db2 bufferpool hit ratio? (Choose two)
Answer
  • Update dbm cfg using DFT_MON_BUFPOOL ON
  • Get database manager configuration
  • Get database configuration
  • Get database snapshot
  • Get monitor switches

Question 32

Question
When gathering requirements for a Roles Administration design, which would static and dynamic roles be associated?
Answer
  • In the design of the Organization tree
  • In the design of Password policies
  • In the design of a LDAP Adapter
  • In the design of a work flow

Question 33

Question
What is the Linux path and command to verify that ISIM v6.0 is currently running?
Answer
  • WAS_PROFILE_HOME/bin/serverStatus.sh -all
  • WAS_PROFILE_HOME/var/status.sh
  • ISIM_HOME/var/serverStatus.sh -all
  • ISIM_HOME/bin/serverStatus.sh-all

Question 34

Question
Which interface needs to be implemented to create a custom password generator?
Answer
  • com.ibm.tivoli.itim.passwordrules.PasswordGenerator
  • com.ibm.passwordrules.PasswordGenerator
  • generator.ibm.tivoli.itim.CustomGenerator
  • com.ibm.passwordrules.Rule

Question 35

Question
The criteria to setup indexes for a Directory Server attribute is based on what?
Answer
  • The frequency of replicating objects containing the attribute to a replica.
  • The frequency of reading and writing information to / from the attribute.
  • The frequency of writing information to the attribute.
  • The frequency of reading information based on the attribute's contents.

Question 36

Question
On a 32-bit operating system what is the recommended maxheap value specification for ISIM's jvm?
Answer
  • 1280MB
  • 4096MB
  • 1024MB
  • 2048MB

Question 37

Question
Which two of the following are relevant to password retrieval by a user using a URL?
Answer
  • enrole.generic.randomizer should be set to true for generation of random URL for each password retrieval request.
  • enrole.password.retrievalURL should be set to the value of the URL where the user can retrieve the password.
  • The shared secret attribute of the Person object should be populated by the user beforehand.
  • enrole.workflow.notifyPassword should be set to false.
  • enrole.password.retrieval should be set to true.

Question 38

Question
Given an IBM Security Identity Manager test environment which is a valid option for testing thousands of TDI/RMI adapters?
Answer
  • Point IBM Security Identity Manager test environment services to production environment end points to be managed
  • Use the threaded_damlserver.pl script from the IBM Security Identity Manager tuning guide
  • Install thousands of separate TDI dispatchers
  • Use the virtual service adapter setup

Question 39

Question
A functioning IBM Security Identity Manager (ISIM) test environment has been copied over to a production ISIM environment. Which of the following would validate the application is up and functioning correctly?
Answer
  • Login to the application and perform a password change and verify the request is scheduled and completes successfully.
  • Login to the WebSphere Administrative Console and validate the status of the ISIM application.
  • Confirm the database instance for ISIM is running.
  • Confirm the LDAP instance for ISIM is running.

Question 40

Question
When planning an ISIM server upgrade, which two of the following processes are NOT preserved? (Choose two)
Answer
  • Windows Active Directory Password Synchronization
  • Self Service User Interface customization files
  • Provisioning policy Add/Modify/Remove
  • Certificate Authority certificates
  • Identity Feeds

Question 41

Question
Which trace settings would offer the most information when debugging a reconciliation failure?
Answer
  • Remote services, policy and script at DEBUG_MAX
  • Remoteservices and policy at DEBUG_MAX
  • Logger.trace.level at DEBUG_MAX
  • Remoteservices at DEBUG_MAX

Question 42

Question
Which two properties files would be considered for changing the order of sections displayed on the Self Service User Interface and text of the actions within the sections displayed? (Choose two)
Answer
  • SelfServiceScreenText.properties
  • SelfServiceHomePage.properties
  • SelfServiceLabels.properties
  • CustomLabels.properties
  • SelfServiceUI.properties

Question 43

Question
Which two identity feed service types come with the out of the box IBM Security Identity Manager (ISIM)? (Choose two)
Answer
  • AD Organizational Person Identity Feed (Microsoft Windows Active Directory)
  • Generalize XML identity feed
  • Database Identity Feed
  • DSML Identity Feed
  • DAML Identity Feed

Question 44

Question
When planning for backup and recovery, which of these components must be covered in the planning document?
Answer
  • LDAP database instance, WAS profiles, HTTP server profiles, TDI adapters, SSUI customization files, all audit and reporting data after a data synchronization. Database instance backup is not needed as the data other than the audit and reporting data is transient in nature.
  • LDAP database instance, WAS profiles, TDI adapters, SSUI customization, and the adapter data directory with the profiles and any adapter configuration, as well as the ISIM install data subdirectory under the home directory.
  • ISIM database instance, LDAP database instance, WAS profiles, HTTP server configuration, TDI adapter configuration, ISIM configuration files. Adapter profiles and configuration.
  • ISIM database instance. TDI assembly line XML documents, WAS cluster profiles, adapter data directory, and the report configuration files.

Question 45

Question
A user is a member of two ISIM groups. Each group is a member in two separate Access Control Items (ACIs), ACI1 and ACI2 on Static Organizational Roles. Each group also has a separate UI View associated with it, called View1 and View2. Which statement is correct in describing the access granted or denied to the user?
Answer
  • The user will be able to create a static organizational role via the Java API if access to Create operation is granted in ACM and ACI2, and if View1 or View2 allow access to the Manage Roles task.
  • The user will have access to create a static organizational role if its granted by ACI1 regardless of whether ACI2 grants, denies or provides none access to the Create operation.
  • The user has a view of only the common tasks provided by both View1 and View2 in the ISIM Admin User Interface or ISIM Self Service User Interface.
  • The user has a merged view of all the tasks provided by View1 and View2 in the ISIM Admin User Interface or ISIM Self Service User Interface,

Question 46

Question
When you create a custom Person or BPPerson type entity, how is the actual LDAP class that stores the entity created?
Answer
  • IBM Security Systems Identity Manager will recognize the new attributes from data feed and create the objectclass automatically.
  • Custom LDAP classes and their attributes must be created directly within your LDAP data repository.
  • Use the IdapConfig tool provided by IBM Security Systems Identity Manager to create the objectclass.
  • Modify the person form and specify the attributes to include for the new entity.

Question 47

Question
Where is the correct location for verifying database connections to ISIM v6.0?
Answer
  • WebSphere administrative console
  • ISIM database connection log
  • ISIM 6 Management Console
  • WebSphere transaction log

Question 48

Question
What is the default location for the Tivoli Common Reporting Pack?
Answer
  • <isim home>/reporting
  • <isim home>/jdbc/lib/data
  • <isim home>/opt/reporting
  • <isim home>/extensions/6.0/tcr

Question 49

Question
An adoption policy matches the attributes for an account on a managed resource to the attributes for an IBM Security Identity Manager user. If there is more than one person evaluated as the owner of the account, how is the account assigned?
Answer
  • The account is randomly assigned to one of the matched person.
  • The account is assigned to the system administrator.
  • The account is assigned to the first matching person.
  • The account is orphaned.

Question 50

Question
The customer's design calls for a new custom person entity to be created. What is a valid statement regarding operations that can be carried out on the new person entity?
Answer
  • The custom person entity will inherit only System Defined operations of Person entity type. These can be customized and new operations can be defined.
  • The custom person entity will inherit all operations of Person entity type. These cannot be customized, but new operations can be defined.
  • The custom person entity will inherit all operations of Person entity type. These can be customized, and new operations can be defined.
  • The custom person entity will not inherit any operations of Person entity type. All needed operations will need to be defined.

Question 51

Question
What special consideration needs to be taken when loading xhtml labels into a custom labels file?
Answer
  • Escape characters need to be used for tag characters such as "("
  • No more than 255 characters can be used per label
  • Closing tags are no longer needed (</body>)
  • Each entry must contain a <body> tag

Question 52

Question
Which of the following is NOT a valid certificate type for use with an ISIM v6.0 Adapter?
Answer
  • Certificate Authority (CA) certificates
  • Signature verification certificates
  • DER Self Signed certificates
  • Object signing certificates

Question 53

Question
The Recycle Bin has been activated, the Recycle Bin Age is set to 62 days, and the IdapClean script is set to run daily. When IdapClean completes, which statement is true?
Answer
  • Some objects in the Directory Server's Recycle Bin may not be deleted even if age is greater than Recycle Bin Age Limit.
  • All objects in the Directory Server's Recycle Bin will be deleted regardless of age greater than Recycle Bin Age Limit.
  • All objects in the Directory Server's Recycle Bin will be deleted if their age is greater than Recycle Bin Age Limit.
  • Objects in the Directory Server's Recycle Bin will be deleted if their age is less than Recycle Bin Age Limit.

Question 54

Question
When upgrading IBM Security Identity Manager (ISIM) from a previous version to v6 which two middleware components might have to be upgraded? (Choose two)
Answer
  • Websphere Application Server
  • Database Server
  • SMTP Server
  • HTTP Server
  • Mail Server

Question 55

Question
Which two items are relevant when considering an increase of the ISIM 1TDS directory instance entry cache size? (Choose two)
Answer
  • Available memory per process in the operating system
  • Number of attributes defined in v3.modifiedschema
  • Number and size of user and accounts objects
  • Current setting of ibm-slapdSizeLimit
  • Number of indexed attributes

Question 56

Question
When the role CheckWtiter is assigned to a user, a maximum check amount limit must be specified. What is the recommended design option to implement this requirement?
Answer
  • Advice the customer this requirement involves a custom schema and a custom UI.
  • Create an Assignment attribute on the CheckWriter role called MaxCheck Amount.
  • Create multiple roles, one for each check writer's maximum check amount.
  • Extend the role schema to add an attribute called MaxCheckAmount.

Question 57

Question
A static, constant value which can be assigned to an entitlement parameter for a single or multivalued attribute is an example of:
Answer
  • Provisioning policy steady state functions
  • Provisioning policy JavaScript functions
  • Provisioning policy Null types
  • Provisioning policy constant

Question 58

Question
What occurs when a Separation of Duty policy exemption is revoked?
Answer
  • A person modify request is generated requesting that the conflicting roles be removed.
  • The violation is displayed in the list of violations of the policy
  • The conflicting roles are removed from the violators
  • The violators of the policy are suspended

Question 59

Question
Where would one go to download the latest version of a specific IBM Security Identity Manager (ISIM) adapter?
Answer
  • IBM Passport Advantage Website
  • ISIM Administration Guide
  • ISIM Infocenter Website
  • ISIM Installation Guide

Question 60

Question
Life cycle rule is triggered automatically by which event?
Answer
  • A schedule and matching criteria evaluated against an entity.
  • External event.
  • Schedule only.
  • Internal event.

Question 61

Question
What components in a IBM Security Identity Manager (ISIM) environment can be configured for SSL communication?
Answer
  • HTTP Server. Websphere Application Server. Directory Server, Tivoli Directory Integrator, and Adapters
  • HTTP Server and Adapters
  • Tivoli Directory Integrator. HTTP Server, and Adapters
  • HTTP Server and Tivoli Directory Server

Question 62

Question
Which two statements are correct for a loop node in a workflow? (Choose two)
Answer
  • Nodes inside a loop can transition to activities outside the loop provide process.goto("Activity_ID") is used on the transition.
  • To retrieve an instance of an activity in a loop, the process.getActivity method is passed two parameters.
  • The loop node does not specify the results of the nodes in the loop.
  • loopcount is a local variable available only in the loop node.
  • Index of activities in a loop starts with zero.

Question 63

Question
A services selection policy is evaluated under which of the two scenarios? (Choose two)
Answer
  • When a user is added to an organizational role that is a member of a provisioning policy that targets the service selection policy.
  • When account workflows related to services are referenced in the service selection policy.
  • Whenever a new service is added to ISIM.
  • When policy join behavior is modified.
  • When user's attributes are modified.

Question 64

Question
When gathering requirements for Identity Policy, which ID will define the rule to generate the user ID?
Answer
  • Application Owner
  • Administrator
  • Manager
  • Auditor

Question 65

Question
How should a reconciliation schedule be configured to ignore certain accounts and certain attributes for a service?
Answer
  • Update a attribute exclusion list through the administrative console.
  • Select what attributes to return from the available attribute list.
  • Add a valid LDAP filter that will return the desired accounts.
  • Add Java script to filter out accounts.
  • Select supporting data only option.

Question 66

Question
When gathering requirements for data to be loaded, which data feed is natively supported by IBM Security Identity Manager?
Answer
  • A data feed using Microsoft Word format
  • A data feed using binary data format
  • A data feed using the SOAP format
  • A data feed using DSML format

Question 67

Question
When designing a custom adapter, which of the following areas will have the largest impact on design scope and implementation complexity?
Answer
  • The number of attributes included in the reconciliation operation.
  • The number of group definitions used by the platform.
  • The password strength policy.
  • The service definition profile.
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

Exothermic & Endothermic Reactions (C2)
victoriarose
Sources of Law
cearak
GCSE PHYSICS: Energy Transfer
magykman1998
MCAT Chemistry Review: Chemical Bonds
HappyOwl
AQA AS Biology Unit 2 DNA and Meiosis
elliedee
A-Level Revision Tips
Alex Declan
Chapter 18 - Marketing mix(Product & Price)
irene floriane
Literary Devices
vanillalove
2PR101 1.test - 6. část
Nikola Truong
Management 1. PT (3MA101) - 2. část
Vendula Tranová
Browse Library