A customer wants to lockdown administrator access to the IBM Security Identity Manager console. The customer also wants the user to access it using domain credentials and then Single Sign-On to the console.
Which product should be used in this situation?
A. IBM Security Access manager for Operating System
B. IBM Security Access manager for Web
C. IBM Security Identity Manager
D. IBM Security Privilege Identity Manager
正解:D
質問 2:
A customer is using Microsoft Active Directory to manage access to all the applications in the organization. When an employee joins the organization, in order to set up his/her access to the applications through Active Directory, as a regular practice, the administrator would clone the Active Directory permissions from an existing employee in the same job role and assign it to the new employee. Over the years, employees have been changing their job roles within the organization. Whenever a job role change occurs, the same practice of cloning the access from an existing employee in the new job role is followed. As the AD permissions are cloned, the existing permissions for the employee changing the job role are not removed.
What is the potential problem and solution for this customer?
A. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Identity Manager to implement a Role Based Access Control (RBAC) model and automate role revalidation.
B. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Access Manager to implement a Role Based Access Control (RBAC) model and automate role revalidation.
C. An annual revalidation of access will require a lot of manual effort in validating required access for an employee based on his/her job role. Also to maintain compliance, any access associated with the previous job role needs to be revoked. This problem can be addressed by deploying IBM Security Access Manager to manage fine grained access on Active Directory, implement Single Sign-On and automate role revalidation.
D. As the existing access is never cleaned up when an employee changes job roles and new access is assigned as per the new job role, many employees may be violating SoD policies. This problem can be identified and addressed by deploying IBM Security Access Manager and designing specific SoD policies.
正解:D
質問 3:
A customer has multiple Active Directory sites across the globe. The customer has to provision users to these sites that are geographically dispersed.
Which policy would be appropriate to use to achieve using IBM Security Identity Manager?
A. Service Selection Policy
B. Separation of Duty Policy
C. Recertification Policy
D. Provisioning Policy
正解:D
質問 4:
Which two attributes are minimally required to create an identity in IBM Security Identity Manager? (Choose two.)
A. User's full name
B. User's last name
C. User's first name
D. User's e-mail address
E. User's employee number
正解:B,C
質問 5:
The customer is considering implementing IBM Security Identity Manager.
What is the benefit of adding IBM Security Identity Manager to the customer's existing environment?
A. Single Sign-On
B. Eliminates the need to manage the identities at the application level
C. Auditing of attempts to access the application
D. Reduced cost
正解:A
質問 6:
Which three points of contact configuration options are available when installing IBM Tivoli Federated Identity Manager? (Choose three.)
A. IBM WebSphere Application Server
B. Internet Information Services
C. WebSEAL
D. Apache Tomcat Application Server
E. Generic point of contact server
F. JBoss Application Server
正解:A,C
中前** -
かなりコスパが高いです。C2150-201学習に良い