The customer requires high availability of its IBM Security Access Manager (ISAM) V9.0 WebSEAL infrastructure. The environment includes two WebSEAL appliances, two appliances for Policy Server and other ISAM services. All ISAM appliances are configured into a cluster which includes replicating the ISAM runtime and certificate files, the Policy Server, Runtime and Configuration databases, and the Distributed Session Cache. The complete LDAP configuration uses the embedded LDAP and externally federated IBM Security Directory Server (ISDS).
Which failover scenario is supported with this configuration?
A. The embedded LDAP on the WebSEAL appliances is available in read-only mode if the Primary Policy Server is unavailable
B. Policy Server failover is automatic without manual intervention and the WebSEALs automatically detect the new active Policy Server
C. An LDAP federation implies high availability therefore the external ISDS is always available with no additional configuration
D. Distributed Session Cache (DSC) failover requires manual intervention at which point the WebSEALs automatically detect the new active DSC.
A customer requirement stipulates the use of a second factor authentication to access certain resources.
Which two policy constructs cab be used to implement two-factor authentication using IBM Security Access Manager V9.0 Advanced Access Control? (Choose two.)
A. Permit
B. Deny with Obligation
C. Permit with Obligation
D. Permit with Authentication
E. Permit with Risk Based Access
A deployment professional is configuring IBM Security Access Manager V9.0 for Management Authentication using remote LDAP.
Which configuration field value is optional?
A. Enable SSL to LDAP
B. Configure Administrative Group DN
C. Specify whether or not to bind anonymously
D. Select Local Database or Remote LDAP Server
Given the following description of the IBM Security Access Manager V9.0 Web Proxy environment and command:
LMI Interface IP 192.168.42.111 Admin id: admin Admin Password: secret Web Reverse Proxy Instance Name: webseal_instA Web Reverse Proxy Instance Name: webseal_instB Web Reverse Proxy Instance Name: webseal_instC
curl –s –k –u admin:secret –H "Accept: application/json" –X put https://192.168.42.111/wga-reverseproxy/webseal_instA/tracing/pdweb.snoop -d {\"level\":\9 \",\"id\":\"pdweb.snoop\",\"rollover_size\":\"2000000\"}
What will running this command do?
A. It will turn off the pdweb.snoop tracing for webseal_instA.
B. It will turn on the pdweb.snoop tracing for webseal_instA.
C. It will turn off the pdweb.snoop tracing on ALL Web Proxy instances.
D. It will turn on the pdweb.snoop tracing on ALL Web Proxy instances.
A deployment professional has enable tracing for the WebSEAL instance to assist developers in troubleshooting the application. A developer requests a trace containing the request message bodies to and from WebSEAL.
Which log file contains this information?
A. request.log
B. pdweb.snoop.log
C. pdweb.debug.log
D. pdweb.request.log
What method can be used to upload firmware to an IBM Security Access Manager V9.0 virtual appliance?
A. USB
B. SCP
C. FTP
D. VMware tools
An IBM Security Access Manager V9.0 deployment professional wants to shut down one of two restricted appliances in a cluster configured with Distributed Session Cache running reverse proxies for maintenance, and then repeat for the other. A load balancer directs traffic to reverse proxies on the two appliances with stickiness enabled.
What will allow for a graceful shutdown without any impact to end-users?
A. Remove appliance from the cluster for maintenance.
B. Stop all reverse proxies on one appliance one after the other.
C. Drain traffic on the load balancer to one appliance and take it offline.
D. Execute junction throttle operation on the appliance to be taken offline.
The IBM Security Access Manager V9.0 system deployment professional is configuring context-based access to a protected resource, and has configured an Access Control Policy made up of four rules. The Precedence is set to First.
How are the four rules combined to produce an authorization decision?
A. Access is permitted or denied based on the outcome of first rule in the policy that can be evaluated against the access request. The order in which the rules are evaluated depends on the request payload.
B. Access is permitted or denied based on the outcome of first rule in the policy that can be evaluated against the access request. The rules in the policy are evaluated in the same order they are listed.
C. The rules are examined sequentially in the same order they are listed. If the first rule in the policy returns deny, the policy returns deny, and if any other rule in the policy returns permit, the policy returns permit.
D. All the rules are examined, and the order in which the rules are evaluated depends on the request payload. If the first rule in the policy returns deny, the policy returns deny, and if any other rule in the policy returns permit, the policy returns permit.
IBM Security Access Manager (ISAM) V.90 provides an External Authentication Interface (EAI) that enables the extension of the authentication process for WebSEAL. The identity information returned by the EAI service is used to generate user credentials. This can be used as one of the methods to implement step-up authentication.
How is this authentication information returned from the EAI server?
A. HTTP headers
B. HTTP parameters
C. [step-up] stanza
D. [authentication-levels] stanza
A customer's IBM Security Access Manager (ISAM) V.90 environment consists of the appliance embedded LDAP as the Primary LDAP, and a federated Active Directory (AD) which contains all user/group information. The embedded LDAP will only contain information about default ISAM components and a limited number of AD groups. Users will be required to change their own passwords via ISAM.
Which ldap.conf configuration will properly configure the AD into this Federation and meet all customer requirements?
A. basic-user-support = no host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**
B. basic-user-support = no host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**
C. basic-user-support = yes host = test-root.acme.com port = 636 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**
D. basic-user-support = yes host = test-root.acme.com port = 389 bind-dn = CN=sys_isamadm,OU=SvcAccts,DC=test,DC=acme,DC=com ssl-enabled = yes suffix = dc=test-root,dc=com basic-user-principal-attribute = samAccountName bind-pwd = **obfuscated**
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IBM exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your C2150-609 exam preparations and IBM certification application, do not hesitate to visit our Vcedump.com to find your solutions here.