An IBM Security Access Manager V9.0 deployment specialist is getting reports of failing requests. Analysis of a support file shows many connections to the backend server in TIME_WAIT state?
Where is the setting "sysctl.net.ipv4.tcp_tw_reuse = 1" added?
A. In the LMI "Manage System Settings -> System Settings -> Advanced Tuning Parameters" panel
B. In the LMI "Manage System Settings -> Network Settings -> Tuning" panel
C. In the [server] stanza of the reverse proxy instance conf file
D. In the [tcp] stanza of the reverse proxy instance conf file
正解:A
質問 2:
An IBM Security Access Manager V9.0 deployment professional needs to create the HTTP- Tag-Value attribute to pass values to a backend server as headers.
How can this be done?
A. By creating an extended attribute on the junction protected object
B. By creating an AuthzRule which pulls the header from the ADI
C. By creating an HTTP rule which is attached to the ACL
D. By creating an extended attribute on a POP protecting the junction
正解:D
質問 3:
Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.
What can the deployment professional do to meet this requirement?
A. Enter multiple values for the "webseal-cert-keyfile-label" parameter in the [ssl] stanza of the WebSEAL configuration
B. Configure an additional interface in the WebSEAL configuration file, and add a
"certificate-label" for each hostname
C. Configure WebSEAL to use Server Name Indication
D. Configure separate WebSEAL instances for each hostname
正解:C
質問 4:
A system is configured with two IBM Security Access Manager (ISAM) V9.0 reverse proxy servers behind a load balancer, and it is planned to use forms-based user authentication. It is a requirement that if a reverse proxy were to fail, users that were already logged in would not be required to log in again.
Which two configurations can the deployment professional use to achieve this? (Choose two.)
A. Configure the system to use LTPA cookies
B. Configure the system to use failover cookies
C. Configure the system to use session cookies
D. Configure the system to use the global signon (GSO) cache
E. Configure the system to use the Distributed Session Cache (DSC)
正解:A,C
質問 5:
A company wants to use a different authentication option than username and password to access the company's web portal. The security deployment-professional is in the process of deploying an IBM Security Access Manager 9.0.0 solution for the company to protect its web portal.
Which authentication method should the deployment professional consider?
A. NTLM Authentication
B. Client-side certificate authentication
C. Basic Authentication
D. Form based Authentication
正解:B
質問 6:
A deployment professional has configured Federated Single Sign-On using IBM Security Access Manager V9.0 with WebSEAL as point of contact.
Which two things need to be configured to achieve Single Log Out (SLO) in the SAML 2.0 Federation? (Choose two.)
A. The passing of session cookies to junctioned servers (-k option in the junction creation)
B. The creation of user session ID's ([session] user-session-ids = yes)
C. The page displayed after pkmslogout is called (logout.html)
D. The appropriate extended attribute to the Federation junction (HTTP-Tag-Value user_session_id=user_session_id)
E. The URIs that receive a single signoff request ([acnt-mgt] single-signoff-uri
/applications/sign off)
正解:A,E
1227 お客様のコメント





Masaki -
C2150-609試験対策の為に購入しました。一通り読んだ後に模擬試験を繰り返しやりました。
とても役に立ちました。ありがとうございました。