IBM IBM Certified Deployment Professional C2150-197 Questions & Answers

• Question 21:

  Which statement is correct about identity data feed?

  A. If a repeated identify feed does not contain a value for an attribute that was previously specified for the user, the identity feed process leaves that attribute unchanged for the IBM Security Identity Manager user.

  B. All data feed attributes from the identity data feed must be stored in the IBM Security Systems Identity Manager person record.

  C. All attributes in IBM Security Systems Identity Manager person record must exist in the identity feed source.

  D. You can include some attributes in an identity feed that are not contained in the identity feed object class.

  Correct Answer: C

• Question 22:

  Orphan accounts are managed resource accounts whose owner in the IBM Security Identity Manager Server cannot be determined.

  Orphan accounts can be assigned by the administrator to a user with which restriction?

  A. When deleting the orphan accounts in IBM Security Identity Manager, they are not deleted on the managed resource.

  B. The administrator can assign the orphan account to any user as long as the applicable policies allow it.

  C. The administrator can assign the orphan account to any user and bypass policy enforcements.

  D. The orphan account, once assigned an owner, can not become orphan again.

  Correct Answer: C

• Question 23:

  Which attribute is used by the default global adoption policy to match the IBM Security Identity Manager user?

  A. The distinguished name of the account.

  B. The e-mail address of the account.

  C. The full name of the account user.

  D. The account user ID.

  Correct Answer: A

• Question 24:

  A person modify transaction is created containing requests for two roles which are identified by a Separation of Duty policy as conflicting.

  Which of the following is a TRUE statement concerning how the person modify transaction may be processed?

  A. An administrator or policy owner may change either of the requested roles so that they do not conflict.

  B. The person modify transaction may be completed without approving or rejecting the conflicting roles.

  C. An administrator or policy owner may reject either one of the two conflicting roles.

  D. An administrator or policy owner may reject or approve the role violation.

  Correct Answer: B

• Question 25:

  What does the following service selection policy return?

  

  A. It returns multiple services of the same kind for the subject to choose in a dynamic workflow.

  B. It returns the service closest to the subject based on the 'location' attribute of the subject.

  C. It returns the service closest to the subject in the organizational tree defined in ISIM.

  D. It returns the service closest to the service that the subject has requested.

  Correct Answer: B

• Question 26:

  What is the recommended Application Server JVM heapsizes for a 64 bit JVM?

  A. 4096 MB/8192 MB

  B. 1024 MB/4096 MB

  C. 512 MB/1024 MB

  D. 512 MB/4096 MB

  Correct Answer: D

• Question 27:

  A customer requires that users should NOT be able to circumvent answering challenge response questions when they login to the ISIM Self Service Console, and also wants the responses to challenges to appear masked (such as passwords) instead of appearing in plain text. How can this be achieved?

  A. Setcom.ibm.tivoli.ibm.challengeResponse.bypassChallengeResponse=false and com.ibm.tivoli.ibm.challengeResponse.showAnswers=false in scriptframework.properties file.

  B. Set enrole.password.challengeResponse.bypassChallengeResponse=false in enrole.properties file and select checkbox for Enable Password Editing under Security Settings.

  C. Set enrole.password.challengeResponse.bypassChallengeResponse=false and enrole.password.challengeResponse.showAnswers=false in enrole.properties file.

  D. Set ui.challengeResponse.bypassChallengeResponse=faise and ui.challengeResponse.showAnswers=false in ui.properties file.

  Correct Answer: C

• Question 28:

  What are TWO valid sets of Access Control Item (ACI) members that can be used to grant access to create or modify static organizational roles?

  A. The supervisor of the business unit in which the organizational role resides.

  B. Users who are members of a role other than the one being operated on.

  C. Users who are members of an ISIM group.

  D. The supervisor of the owner of the role.

  E. Users who are members of a role.

  Correct Answer: AE

• Question 29:

  Customer A is mining roles that reflect the employee population and their entitlements. As a design principle, which statement is TRUE in a role design for Company A?

  A. Design hybrid roles, using a flag in the role definitions to convert static organizational roles to dynamic organizational roles and vice versa during steady state procedures.

  B. Design only dynamic organizational roles, and ensure that person objects contain all the information needed to assign a person to a dynamic role automatically.

  C. Design a mix of dynamic and static organizational roles, and encourage business processes to assign employees to static organizational roles.

  D. Role design only needs to factor in groups of entitlements, since organizational roles are only used in provisioning policy membership.

  Correct Answer: B

• Question 30:

  Which one is NOT available in Operation workflows?

  A. Subprocess Node

  B. Workorder Node

  C. Extension Node

  D. Script Node

  Correct Answer: D