After an authorization rule is evaluated, which two identifiers can be returned? (Choose two.)
A. INDIFFERENT
B. PERMIT
C. ALLOW
D. FALSE
E. DENY
正解:A,D
質問 2:
What will help reduce the volume of audit event, while preserving important audit information?
A. reconfiguration of WebSEAL to use CARS auditing instead of native auditing
B. generation of events for successful HTTP accesses only
C. complete disablement of event generation
D. generation of events for unsuccessful HTTP accesses only
正解:D
質問 3:
There is a requirement to return a specific redirect page instead of a 302 response. Which WebSEAL configuration will achieve this?
A. [acnt-mgt]
html-redirect = redirect.html
B. [acnt-mgt]
enable-html-redirect = yes
html-redirect = redirect.html
C. 302=yes
html-redirect = redirect.html
D. [acnt-mgt]
enable-html-redirect = no
html-redirect = redirect.html
正解:B
質問 4:
Click on the Exhibit.
The exhibit displays a high-level setup of a basic Security Access Implementation. All communication between end-user and WebSEAL happens over HTTPS. The communication between DMZ and Intranet is HTTP-based. What information is gathered if 'pdweb.https' is enabled on WebSEAL?
A. Information about response times of HTTPS-requests between end-user and WebSEAL.
B. Information about successful and failed client certificate authentication attempts.
C. Information about response times of HTTPS-requests between WebSEAL and backend servers (in case of SSL-junctions).
D. Information about the WebSEAL session cache.
正解:A
質問 5:
In an organization all customer information is stored in an Active Directory (AD). Special applications for customer contracts and transactions are all connected to this AD. This organization wants to enable customers to see their information online. Therefore, a web environment has been deployed including WebSphere Application Server, IBM Tivoli Directory Server (ITDS) and IBM Security Access Manager. For security reasons the organization decided that this web environment cannot directly connect to Active Directory but should use its own directory, ITDS. A letter will be sent to each customer with its personal login details. What is the least labor intensive way to authenticate a customer online?
A. Use IBM Tivoli Directory Integrator to exchange essential data between the directories
B. Schedule an export of AD into LDIF and load this into ITDS.
C. Configure the ITDS authorization forwarding to AD
D. Configure WebSEAL's EAI to authenticate directly on the AD
正解:A
質問 6:
When configuring a Standby Policy Server environment for Security Access Manager environment on AIX, what two conditions apply? (Choose two.)
A. Each AIX system must have access to a different disk array that is configured for data redundancy.
B. The registry server must be available and installed on a separate system.
C. The registry server must be available and installed on a same system.
D. The policy database and the configuration files that are used by the policy server must be on a shared disk array.
E. Both the primary and standby policy servers must be on separate AIX systems that are part of a High Availability Cluster Multi-Processing (PowerHA) environment.
正解:D,E
質問 7:
Click on the Exhibit.
The exhibit displays a high-level setup of a basic Security Access Implementation. All communication between end-user and WebSEAL happens over HTTPS. The communication between DMZ and Intranet is HTTP-based.
What is the result of the above action?
A. The configuration in the stanza [aznapi-configuration] conflicts with the pdadmin-command; a warning message is logged in thee WebSEAL 'server-log' file.
B. The statistical gathering of the component 'pdweb.jct.1' is disabled until the next reboot of WebSEAL.
C. The component continues to log statistical information as long the logcfg-entry is not deleted or uncommented from the WebSEAL-configuration file.
D. The statistical gathering of the component 'pdweb.jct.1' is disabled and takes effect after a restart of the WebSEAL-instance.
正解:B
質問 8:
How would you supply the user identifier from WebSEAL to a custom web application in the HTTP header, without requiring base64 to be used in the application?
A. -c iv_uid
B. -b ignore
C. -b supply
D. -c iv_user
正解:D
質問 9:
What are two supported Single Sign-On methods used for WebSphere Application Server? (Choose two.)
A. Lightweight Third Party Association
B. HTTP Authentication Method
C. Trusted Association Interceptor
D. Advanced Authentication Method
E. Client Side Certificate Authentication Method
正解:A,C
Koutoku -
かなりコスパが高いです。C2150-198学習に良い