C2150-609試験無料問題集（138題）「IBM Security Access Manager V9.0 Deployment 認定」

出題：1

To configure IBM Security Access Manager V9.0 for Windows desktop single sign-on using Kerberos authentication, the Reverse Proxy's identity in the Active Directory Kerberos Domain must be associated with a Service Principal name (SPN).
Given the following information:
AD Kerberos Realm Name: company.com
ISAM Reverse Proxy DNS Domain: ws1xompany.com
What is the correct SPN?

A. HTTP/[email protected]

B. HTTP/wsl.company.com

C. HTTP/ws1 [email protected]

D. HTTP/[email protected]

正解：C 解答を投票する

出題：2

A deployment professional is configuring IBM Security Access Manager V9.0 for Management Authentication using remote LDAP.
Which configuration field value is optional?

A. Specify whether or not to bind anonymously

B. Configure Administrative Group DN

C. Select Local Database or Remote LDAP Server

D. Enable SSL to LDAP

正解：B 解答を投票する

出題：3

There is an SSL connectivity issue between the IBM Security Access Manager V9.0 Reverse Proxy and the backend business application.
Which two troubleshooting commands under Tools in the application SSH interface can be used to validate the Reverse Proxy can successfully connect to the backend host:secure- port? (Choose two.)

A. traceroute

B. connect

C. ping

D. connections

E. session

正解：B,E 解答を投票する

出題：4

Multiple hostnames are mapped to a single IP address used by a WebSEAL instance, listening on the default HTTPS port. For each host name requested in the browser, WebSEAL needs to present a different certificate.
What can the deployment professional do to meet this requirement?

A. Enter multiple values for the "webseal-cert-keyfile-label" parameter in the [ssl] stanza of the WebSEAL configuration

B. Configure separate WebSEAL instances for each hostname

C. Configure an additional interface in the WebSEAL configuration file, and add a
"certificate-label" for each hostname

D. Configure WebSEAL to use Server Name Indication

正解：D 解答を投票する

出題：5

A network contains an additional network segment between the user segment and the appliance. This causes traffic to flow in and out on different interfaces.
How can this be overcome?

A. Use Virtual Host junctions

B. Use a default gateway

C. Use vector based routing

D. Use static routes

正解：D 解答を投票する

出題：6

In a customer environment, a REST API client is being developed to carry out Reverse Proxy configuration and maintenance. As part of one of the activities the customer needs to update the junction information with an additional Backend Server. The customer has written a REST API client but is not able modify the junction.
Which HTTP headers should the customer pass?

A. Authorization, Accept:Application/json

B. Host, Authorization

C. content-type:application/json, Authorization

D. Host, Accept: Application/json

正解：A 解答を投票する

出題：7

The deployment professional wants to back up the embedded LDAP personal certificate, including the private key. They navigate to Manage System Settings -> SSL Certificates -> and select the "extract" option.
Which file format is the resulting certificate backup?

A. cer

B. .p12

C. .kdb

D. jks

正解：B 解答を投票する

出題：8

A customer has a developed an OAuth 2.0 Client application to access resources on behalf of a user. The customer states that the OAuth client has the following two constraints:
1. The OAuth client is not capable of maintaining its credentials confidential for authentication with the authorization server.
2. The resource owner does not have a trust relationship with the client What is the suitable OAuth 2.0 grant type for the API Protection Policy if the user resource accessed by the OAuth 2.0 client is to be protected by IBM Security Access Manager V9.0?

A. Client Credentials Grant

B. Authorization Code Grant

C. Resource Owner Password Credentials Grant

D. Implicit Grant

正解：A 解答を投票する

出題：9

A deployment professional attempts to log into an appliance which is part of a cluster to run pdadmin commands and receives the following message:
pdadmin> login -a sec_master -p password
2016-03-03-02:04:38.683-06:001------0x1354A420 pdadmin ERROR ivc socket mtsclient.cpp 2376
0x7fc2b7b0c720
HPDCO1056E Could not connect to the server 192.168.254.11, on port 7135.
Error: Could not connect to the server. (status 0x1354a426)
What should the deployment professional check concerning the login target?

A. Login was attempted on a non-primary master of a cluster and the primary policy server is down

B. Login was attempted on a restricted node

C. Login was attempted on a secondary master that has not been promoted to the primary

D. Login was attempted on a special node

正解：D 解答を投票する

出題：10

The SSL connection from browser to the IBM Security Access Manager V9.0 Reverse Proxy is broken and the deployment professional suspects an expired certificate.
In which location will the "Certificate expired" warning message that contains additional information to isolate the issue be seen?

A. LMI Home Dashboard

B. pdweb.debug trace file

C. Reverse proxy request log

D. Systems message log

正解：A 解答を投票する

C2150-609試験無料問題集「IBM Security Access Manager V9.0 Deployment 認定」