C2090-463.pdf

Exam A

QUESTION 1

Which consideration is true for a Vulnerability Assessment (VA) deployment?

A. Collectors running VA cannot also perform database monitoring.B. Each collector can run up to 20 Vulnerability Assessments simultaneously.C. S-TAP must be running on the database server before VA is run for a database on that server.D. There is a need to create an account with appropriate privileges on the database for VA to work.

Answer: DExplanation/Reference:Explanation:

QUESTION 2

Which Guardium appliance cannot be managed?

A. S-TAPB. CollectorC. AggregatorD. Central manager


QUESTION 3

When planning the deployment for Data Activity Monitoring (DAM) there is a need to determine the location of the various Guardium solutioncomponents (I.e. Agents, appliances). Which statement is correct?

A. S-TAP agents need to reside in the same data center the aggregators reside in.B. Collectors can report to aggregators that are located in data centers other then their own.C. Collectors can reside anywhere in the customer network regardless of database server location.D. Aggregators need to reside in the same data center the collectors that report to them (Aggregator) reside.

Answer: BExplanation/Reference:Explanation:

QUESTION 4

When sizing a Vulnerability Assessment solution, what is the recommendation for calculating the number of collectors needed?

A. One collector for every 30K PVU.B. One collector for every data center.C. One collector for every 35 database servers.D. One collector for every 255 database instances.


QUESTION 5

What are the mechanisms used by UNIX S-TAP to capture database traffic?

A. K-TAP, A-TAP, and PCAPB. K-TAP, LHMON, and PCAPC. PCAP, DB2TAP, and K-TAPD. A-TAP, Shared Memory Driver, and K-TAP

Answer: AExplanation/Reference:Explanation:

QUESTION 6

Which parameter should be used to enable K-TAP flex loading through GIM?

A. KTAP_ENABLED set to "1"

B. KTAP_LIVE_UPDATE set to "Y"C. KTAP_FAST_FILE_VERDICT set to "1"D. KTAP_ALLOW_MODULE_COMBOS set to "Y"


QUESTION 7

Before uninstalling A-TAP, which procedure must be done?

A. K-TAP must be unloaded using guard_ktap_loader.B. A-TAP must be deactivated on all database instances.C. The Guardium group must be removed from the server.D. The sniffer must be stopped on the Guardium appliance.


QUESTION 8

Which guard_tap.ini parameter should be used to set the virtual IP of a Microsoft SQL Server cluster environment?

A. tap_ipB. sqlguard_ipC. alternate_ipsD. connect_to_ip

Answer: CExplanation/Reference:Explanation:

QUESTION 9

What statement is true regarding policy push down?

A. Policy push down pushes a classification process into S-TAP for Z on IMS.B. Policy push down allows ZSecure to push policies into the Guardium appliance.C. Policy push down allows the Guardium appliance to identify sensitive objects inside the DB2 database.D. Policy-push-down enables policy push down of collected profiles, collection activation, and collection inactivation from the Guardium appliance.


QUESTION 10

What is the correct way to stop a UNIX S-TAP that was installed with a non-GIM installer?

A. Use the Stop S-TAP button in the S-TAP Control window.B. Find the S-TAP Process ID and terminate with kill -9 command.C. Comment the U-TAP section of /etc/inittab, followed by the init q command.D. Under the Modules parameter in the Central Manager, set STAP_ENABLED = 0 for the appropriate S-TAP.


QUESTION 11

Which appliance type(s) can serve as a Guardium host for S-TAPs?

A. A collector only.B. Collectors and Aggregators only.C. Collectors and standalone Central Managers.D. All appliance types can accept S-TAP connections.


QUESTION 12

In the Session level entity, how many UID Chain attribute(s) are there?

A. 1 - UID ChainB. 2 - UID Chain & UID Chain CompressedC. 3 - UID Chain, UID Chain Compressed & UID Chain ExpandedD. 4 - UID Chain, UID Chain Compressed, UID Chain Expanded & UID Chain for z/OS


QUESTION 13

What is the main command line utility to control and configure A-TAP on all platforms?

A. guardctlB. guard-atap-ctlC. guard-ktap-ctlD. guard-executor-32


QUESTION 14

What is the documented procedure for handling delayed cluster disk mounting?

A. Manually restart the S-TAP process after mounting the database server directory.B. Configure the wait_for_db_exec parameter in the guard_tap.ini with an appropriate delay.C. Ensure that the S-TAP process is started only after the database installation directory is available.D. There is no special procedure, S-TAP can automatically detect when the database directory becomes available.

Answer: B

Explanation/Reference:Explanation:

QUESTION 15

Which GIM component controls starting and stopping managed agents on UNIX?

A. gim_client.plB. guardium_stapC. guard_supervisorD. guard_ktap_loader


QUESTION 16

What is the correct way to stop S-TAP that is managed by GIM?

A. Uninstall S-TAP.B. Use kill -9 on S-TAP process.C. Comment S-TAP entry in /etc/inittab.D. Set STAP_ENABLED to "0" in GIM parameters.


QUESTION 17

Where are DB2 z audit rules stored?

A. Collection profilesB. CICS audit profilesC. Group audit profiles

D. VSAM audit profiles


QUESTION 18

Which ports are used by UNIX S-TAP?

A. 9500 TCP (unencrypted) and 8075 TCP (encrypted)B. 16016 TCP (unencrypted) and 16018 TCP (encrypted)C. 9500 TCP (unencrypted) and 8075 UDP (heartbeat signal)D. 16016 TCP (unencrypted) and 16018 UDP (hearbeat signal)


QUESTION 19

Which mechanism is used to intercept DB2 and Informix shared memory traffic on all UNIX platforms except Linux?

A. TEEB. PCAPC. A-TAPD. K-TAP


QUESTION 20

What is the purpose of K-TAP flex load in Linux installations?

A. Allows upgrade of the K-TAP module without requiring a reboot of the host operating system.B. Give the system administrator the ability to stop traffic interception by manually unloading the K-TAP module.C. Allows installation of K-TAP module with closest match in cases where an exact kernel match is not available.D. Allows the system administrator to upgrade the K-TAP module directly from GIM interface on Central Manager.


QUESTION 21

Which statement about Configuration Audit System (CAS) is true?

A. It does not support windows platform.B. It supports running operating system shell scripts.C. It does not support monitoring of file permissions (rwxrwxrwx).D. It supports vulnerability assessment tests using observed behavior.


QUESTION 22

What is the primary purpose of Group Builder?

A. To update vulnerability assessment rules.B. To trigger compliance workflow automation.C. To adapt to the dynamic needs of the business.D. To associate policy rules with audit process results.


QUESTION 23

What query change requires the report portlet to be regenerated?

A. Main entityB. Query fieldsC. Runtime parametersD. Timestamp attributes


QUESTION 24

In a rule definition, what DB User field value would test for a blank database user name in the traffic?

A. %B. NULLC. guardium://emptyD. Leaving the field blank


QUESTION 25

The policy has an extrusion rule with action of 'Log Extrusion Counter' when a credit card number is returned by the query. The inspection engine isconfigured with:

Query 'select credit_card from TABLE1 where customer_id in (1,2,3);' returns a total of 120 records with 10 credit cards returned in each networkpacket. What is expected result for SUM(Returned Data Count) from Full SQL domain for this query?

A. 0B. 12C. 74D. 120


QUESTION 26

An audit workflow process may contain any number of audit tasks. Which is NOT a valid audit task?

A. a privacy setB. a policy processC. a security assessmentD. a classification process


QUESTION 27

When creating a new report there is a need to choose a main entity. There are six levels in the entity hierarchy for the access domain. Which of thefollowing represents the correct hierarchy order (top to bottom)?

A. SQL, Client/Server By Session, Application Event, Command, Object, FieldB. Command, Object, SQL, Field, Client/Server By Session, Application EventC. Object, Command, SQL, Field, Client/Server By Session, Application EventD. Client/Server By Session, Application Event, SQL, Command, Object, Field


QUESTION 28

How does the database entitlement information get pulled into the Guardium appliance?

A. DB Entitlement Reports use the LDAP Domain feature to create links between the LDAP data on the selected database with the internal data ofthepredefined entitlement reports.

B. DB Entitlement Reports use the Custom Domain feature to create links between the external data on the selected database with the internaldata ofthe predefined entitlement reports.

C. DB Entitlement Reports use the Access Domain feature to create links between the accessed data on the selected database with the internaldata ofthe predefined entitlement reports.

D. DB Entitlement Reports use the Security Assessment Domain feature to create links between the user data on the selected database withtheinternal data of the predefined entitlement reports.


QUESTION 29

What does 'sample size' parameter of classification process define?

A. How many tables in the database should be evaluated by the process.B. How many rows in each table of the database should be evaluated by the process.C. How many columns in each table of the database should be evaluated by the process.D. What percent of the column in each table of the database should be evaluated by the process.


QUESTION 30

A query that is used by a correlation alert, is run at 23:59 for time period between 00:00 and 23:59 of that day, produces these results:

How many alerts were sent during that day, if first time alerter ran the query at 01:00 and anomaly detection is configured with polling interval of 30minutes?

A. 0B. 2C. 3D. 5


QUESTION 31

How should classification policy rules be defined in order to activate Luhn algorithm evaluation?

A. The policy rule should begin with "guardium: //LUHN_ALG".B. The S-TAP ini file should have luhn_activated parameter set.C. The policy rule should begin with "guardium: //CREDIT_CARD".D. The Luhn algorithm checkbox next to the pattern box should be checked.


QUESTION 32

Which one is NOT a Guardium vulnerability assessment test type?

A. Common Vunerability Exposure (CVE) testsB. CAS-based testsC. Query-based testsD. Fine grain audit tests


QUESTION 33

Which is NOT a valid End User identification option with Guardium?

A. Custom ID proceduresB. Application User TranslationC. Auto Generated Calling ProxD. Guardium Application Events API (GuardAppEvents)


QUESTION 34

Which Main Entity CANNOT be used to display Application User?

A. ObjectB. Full SQLC. Client/ServerD. Access Period


QUESTION 35

What is the default policy of a new appliance?

A. PCI policyB. SOX PolicyC. allow all policyD. selective audit policy


QUESTION 36

Which report statement is true?

A. You should not use tuple groups in reports.B. You can modify the layout of "out of the box" reports.C. You cannot create a report with both the "IP" and "SQL" attribute.D. You can run a report using the compliance work flow automation application.


QUESTION 37

Guardium supports what databases platforms for entitlement reports?

A. DB2InformixMS-SQLMySQLNetezzaPostgreSQL

B. DB2InformixMS-SQLOraclePostgreSQLSybase

C. DB2InformixMS-SQLMySQLNetezzaOraclePostgreSQLSybaseTeradata

D. NetezzaOraclePostgreSQLSybaseTeradata


QUESTION 38

What is the difference between real time alerts and correlation alerts?

A. There is no difference, terminology is used interchangeably.B. Real time alerts are based on policy rules. Correlation alerts are Query based.C. Real time alerts are driven by anomaly detection. Correlation alerts are policy driven.D. Real time alerts could only be run on the Managed Units. Correlation alerts can only be run on Central Manager.


QUESTION 39

By default, when an access policy rule is triggered, which statement is true?

A. An alert is sent.B. The unmasked SQL statement is logged.C. The policy stops processing subsequent rules unless the 'Cont. to next rule' box is checked.D. The statement continues to the next rule, unless the 'Stop Processing More Rules' box is checked.


QUESTION 40

What best practice approach will minimize the need to change policies?

A. Install multiple policies.B. Leverage the use of groups.C. Schedule rotating policies to be installed for each work shift.D. Place an S-GATE Attach rule at the beginning of the each policy.


QUESTION 41

Which database type is NOT currently supported by Vulnerability Assessment?

A. Netezza

B. IMS for zC. TeradataD. DB2 for z


QUESTION 42

Under which condition will Correlation Alerts NOT function correctly?

A. Anomaly Detection is not ActiveB. Run frequency < Accumulation intervalC. Notification frequency = Accumulation intervalD. Anomaly Detection Polling Interval < Run frequency


QUESTION 43

Which command sets the primary DNS server to 10.10.9.1?

A. store net resolver 1 10.10.9.1B. store net dns primary 10.10.9.1C. store net defaultdns 10.10.9.1D. store net interface dns 10.10.9.1


QUESTION 44

What does this GRDAPI command do? grdapi create_member_to_group_by_desc desc="PCI Admin Users" member="Joe"

A. Creates a new group called "PCI Admin Users.B. Creates a new member, PCI Admin User, and adds it to the group "Joe".C. Creates a new member, Joe, and adds it to the group "PCI Admin Users".D. Creates a new description, "PCI Admin User", and adds it to the member "Joe".


QUESTION 45

Which account can reset the user's role GUI layout?

A. cliB. INVC. AdminD. Accessmgr


QUESTION 46

In order to add a user and associate the user to a role like "Admin", "CAS", "CLI", "DBA", or "InfoSec", you would login to the Guardium Appliance aswhat user?

A. cliB. adminC. infosecD. accessmgr


QUESTION 47

What is the recommended procedure for unregistering a managed unit from a Central Manager?

A. It does not matter where a managed unit is unregistered.B. Once registered, a managed unit should never be unregistered.C. Unregistering a managed unit should be done from the Central Manager.D. Unregistering a managed unit should be done from the managed unit itself.


QUESTION 48

What Guardium administration tool or utility can be used to obtain network statistics, such as throughput and current connection?

A. diagB. iptrafC. Buffer Usage MonitorD. 'show network interface stats' CLI command


QUESTION 49

What is a mandatory prerequisite for the appliance upgrade?

A. Pre-upgrade Data purgeB. Pre-upgrade Data archiveC. Pre-upgrade Configuration exportD. Pre-upgrade Health Check process


QUESTION 50

Which tool allows you to collect a trace of traffic being logged by a collector?

A. iptrafB. Slon utilityC. Aggregation DebugD. Application Debug Log


QUESTION 51

For an SQL Server 2005 environment using encryption, what can cause DB User and Source Program information to show up blank in the Guardiumreports?

A. A-TAP is not installed.B. The port range specified in the inspection engines is not correct.C. There is a policy with Ignore S-TAP Session rule blocking the users.D. The Instance Name parameter in the inspection engines is not correct.


QUESTION 52

What could cause all the S-TAPs on a particular collector to turn red (in S-TAP Control)?

A. The GUI is down (port 8443 unavailable).

B. The SSH daemon on appliance is down (port 22 unavailable).C. The GIM server on the appliance is down (port 8081 unavailable).D. The inspection core was stopped (ports 9500 and 16016 unavailable).


QUESTION 53

When attempting to quarantine a connection, what is needed to create a rule within the security policy?

A. Fill out the DB User and identify the "command" as Quarantine.B. Fill out the "Quarantine for xx" minutes section of the Admin Quarantine tab.C. Fill out the "reset Interval" to identify when the Quarantined user will become active.D. Fill out the "Quarantine for xx" minutes section of the policy and create a rule action of "Quarantine".


QUESTION 54

Given the security policy guard_tap.ini configuration shown below:

What must be done in order for an S-Gate Terminate action to work properly with a two rule policy?

A. You must have a rule with an action of "S-Gate Attach" below the "S-Gate Terminate" rule in the policy.B. You must have a rule with an action of "S-Gate Attach" above the "S-Gate Terminate" rule in the policy.C. You must have a rule with an action of "S-Gate Attach" with "continue" flag checked below the "S-Gate Terminate" rule in the policy.D. You must have a rule with an action of "S-Gate Attach" with "continue" flag checked above the "S-Gate Terminate" rule in the policy.


QUESTION 55

What reporting domain in Guardium will have information of the database connection being terminated by Guardium as part of Data access levelcontrol / blocking functionality?

A. exception domainB. access period domainC. policy violation domainD. terminated connections domain


QUESTION 56

What is a disadvantage of using S-TAP terminate action in the policy (and related functionality) over S-GATE terminate?

A. There is a need to install the S-TAP agent on the database server and as a result it's harder to deploy.B. Additionally licensed feature needs to be installed and as a result there is additional cost associated with this functionality.C. The decision to terminate is done by S-TAP and as a result it has significant negative impact on database server performance.D. The violation activity will start bringing results from the database before the connection is terminated and as a result data leakage is possible.


QUESTION 57

Which component of the Guardium solution makes a decision to terminate database connection as part of Data access level control / blockingfunctionality?

A. Functionality within policy running on Guardium collector.B. Functionality within CAS agent running on the database server.C. Functionality within S-GATE agent running on database server.D. Functionality within S-TAP process running on database server.


QUESTION 58

Where can data archived from an aggregator be restored?

A. On any applianceB. On any aggregatorC. On source aggregator onlyD. On Central Manager only, when aggregator is centrally managed


QUESTION 59

Which statement is true regarding users created in a centrally managed environment?

A. Every managed unit has its own set of users defined.B. Users can be created on any appliance and will be available on all the appliances at once.C. Users can only be created on Central Manager but will be propagated to all managed units.D. Users can only be created on Central Manager and will be stored on Central Manager only.


QUESTION 60

After a role is removed, if the user attempts to access reports or applications that are no longer authorized to this user, what will happen?

A. The user session will be terminated.B. The user account will be temporarily locked.C. A "not authorized" message will be produced.D. Nothing, once you are given access removing roles will not affect your access to that application or report.


QUESTION 61

Which storage type requires upload of the PEA file?

A. SCPB. TSMC. SFTPD. CENTERA


QUESTION 62

Importing and exporting definitions is needed in what environment?

A. In all GIM environments to provide consistency with S-TAPs.B. Customer implementation using SPAN ports that want to share reports and policies.C. Customer implementation with many standalone collectors that want to share reports and policies.D. Customer implementation in a centrally managed environment (central manager) with 30 collectors that want to share reports and policies.


QUESTION 63

In a centrally managed environment, where is the definition of a query created on the collector saved?

A. Collector onlyB. Aggregator onlyC. Central Manager onlyD. Both Collector and Central Manager


QUESTION 64

Which report allows you to monitor Guardium user activities?

A. Audit Process LogB. User Activity Audit TrailC. Guardium Users ReportD. Default DB Users Enabled


QUESTION 65

To run grdapi commands users need to use the Command Line Interface (CLI) account. Access to the CLI account is required. Which statement istrue?

A. grdapi commands can only be run from the standard CLI user.B. Roles to the CLI accounts are given to users by the Admin account.C. The standard CLI user cannot run all of the grdapi commands because it doesn't have the appropriate roles.D. GUI users of the Guardium system have default access to run grdapi commands from the guardcli1,...,guardcli5 accounts.


QUESTION 66

Which platform is supported for an InfoSphere Guardium virtual appliance build?

A. IBM PowerVMB. Citrix Xen serverC. VMWare ESX serverD. Microsoft Hyper-V server


QUESTION 67

Which component of the Guardium solution will terminate the database connection as part of Data access level control / blocking functionality?

A. S-GATE functionality within CAS agent running on the database server.B. S-GATE functionality within S-GATE agent running on database server.C. S-GATE functionality within S-TAP process running on database server.D. S-GATE functionality within sniffer process running of Guardium collector.


QUESTION 68

What is an advantage of using S-TAP terminate action in the policy over S-GATE terminate?

A. There is no need to install the S-GATE agent on the database server and as a result it's easier to deploy.

B. The decision to terminate is done by S-TAP and as a result it has significant positive impact on collector's performance.C. The decision to terminate is done by S-TAP and as a result there is no need to wait for verdict from sniffer and there is no delay in termination.D. The database activity is not held by S-TAP before it accesses the database and as a result there is no impact to customers'

applicationsperformance.


QUESTION 69

Quarantine is available for which types of rule(s) in the policy?

A. access rule onlyB. access and exception rulesC. access, exception and extrusion rulesD. access, exception, extrusion and ignore rules


QUESTION 70

Given the following configuration in the guard_tap.ini:

Which statement is true?

A. Because firewall_installed=0, no sessions will be terminated.B. Because firewall_default_state=1, all connections will not be monitored.C. Because the firewall_default_state=1, all connections will be terminated.

D. Because firewall_timeout=10 and firewall_fail_close=0, if there is no answer from the Guardium appliance within 10 minutes, the session willbeterminated.


QUESTION 71

Guardium environment consists of one collector and STAP installed on Unix database server. The guard_tap.ini parameters:

What is the expected result, if privileged user connects to the database and runs a SELECT statement on sensitive object?

A. Privileged user will be successful in running SELECT statement and getting results with no delay.B. The connection will be terminated 10 seconds after SELECT statement is run; no results will be returned.C. The connection will be terminated immediately after SELECT statement is run; no results will be returned.D. Privileged user will be successful in running SELECT statement and getting results after 10 seconds delay.


QUESTION 72

Which statement is true for S-TAP/K-TAP on UNIX platforms?

A. A server reboot is required after new installations of S-TAP.B. A server reboot is required only if K-TAP is installed with S-TAP.

C. A server reboot is only required after installing S-TAP on specific database types.D. A server reboot is required to completely remove the K-TAP following an S-TAP uninstall.


QUESTION 73

Which ports are used by Windows S-TAP?

A. 9500 TCP (unencrypted) and 8075 TCP (encrypted)B. 16016 TCP (unencrypted) and 16018 TCP (encrypted)C. 9500 TCP (unencrypted) and 8075 UDP (heartbeat signal)D. 16016 TCP (unencrypted) and 16018 UDP (heartbeat signal)


QUESTION 74

Which parameter should be used to enable K-TAP upgrade without server reboot?

A. KTAP_ENABLED set to "1"B. KTAP_LIVE_UPDATE set to "Y"C. KTAP_FAST_FILE_VERDICT set to "1"D. KTAP_ALLOW_MODULE_COMBOS set to "Y"


QUESTION 75

Which operating system requires that the oracle executable be instrumented prior to activating A- TAP?

A. AIXB. LinuxC. SolarisD. HP-UX


QUESTION 76

Which Operating System requires a restart of the database instance (and listener, if appropriate) in order to properly log traffic following a new S-TAPinstallation?

A. AIXB. LinuxC. SolarisD. HP-UX


QUESTION 77

Which platform requires A-TAP configuration to monitor DB2 shared memory activity?

A. AIXB. SolarisC. Red HatD. Windows


QUESTION 78

What is the default time of the command "store uid_chain_polling_interval " where N is time in minutes?

A. 2 minutesB. 30 minutesC. 60 minutesD. 720 minutes


QUESTION 79

Which method stops a non-GIM installed Windows S-TAP?

A. Invoking the "stop winstap" command.B. Stopping the GUARDIUM_STAP service.C. Ending Guardium S-TAP process through Task Manager.D. Removing S-TAP from startup programs and rebooting server.


QUESTION 80

Which guard_tap.ini parameter is configured to set User ID (UID) chain logging?

A. huntB. uid_chainC. hunter_traceD. Specify "user" in Intercept Types

Answer: C


QUESTION 81

S-TAP for Z will offload processing to which hardware component?

A. DASD when availableB. ZIIP Processors when availableC. CICS transaction server when availableD. Encryption Accelerator module when available


QUESTION 82

When Configuration Audit System (CAS) is deployed to a server, which statement is true?

A. S-TAP must be installed with CAS.B. Using an * means do not match any characters in the template definition.C. Wildcard support such as "/home/oracle/../.*ora" is not supported to identify all files *.ora within the /home/oracle subdirectories.D. The CAS template is changed to a specific instance where all variables are instantiated to specific items to be monitored on the host.


QUESTION 83

Which statement is true regarding A-TAP?

A. A-TAP can function independently of K-TAP.B. The database must be stopped before activating A-TAP.C. A-TAP the main component for the guardium firewall (SGATE).

D. The database does not need to be restarted after upgrading A-TAP.


QUESTION 84

Which parameter(s) are required during the initial S-TAP installation?

A. IP addresses of database server and Guardium host.B. Configuration Audit System (CAS) installation directory.C. Physical and alternate IP addresses of database server.D. IP address of database server and list of databases running.


QUESTION 85

Which is NOT a GIM process/component?

A. GIM CLIENTB. GIM SERVERC. GIM ANALYZERD. GIM SUPERVISOR


QUESTION 86

Which GIM bundle status indicates that additional user action is required to complete the GIM operation?

A. IP (In Progress)B. PENDING-UPDATEC. PENDING-UNINSTALLD. IP-PR (In Progress Pending Reboot)


QUESTION 87

When configuring S-TAP on Solaris Zones or AIX WPARs, what is the correct way to configure the connect_to_ip parameter in the Inspection Engines?

A. connect_to_ip = 127.0.0.1B. connect_to_ip = 1.1.1.1/0.0.0.0C. connect_to_ip = D. connect_to_ip =


QUESTION 88

With Guardium version 8.x "S-TAP for z" monitoring a single DB2 instance on z/OS, which statement is true?

A. There is typically 1 started task running on z:ADHSPAGT = Agent

B. There are typically 2 started tasks running on z:ADHCXXXX = CollectorADHSPSRV = Server

C. There are typically 3 started tasks running on z:ADHMXXXX = MasterADHSPAGT = AgentADHSPSRV = Server

D. There are typically 4 started tasks running on z:ADHCXXXX = CollectorADHMXXXX = MasterADHSPAGT = AgentADHSPSRV = Server


QUESTION 89

Which command is used to check the upgrade status?

A. show support stateB. check upgrade statusC. show system patch installD. support show db-struct-check


QUESTION 90

What is required for S-TAP to capture local oracle database connections using the Bequeath protocol?

A. A-TAP must be installed and configured.B. The db_exec_file should be set in the inspection engine.C. Instance Name must be specified in the inspection engines.D. hunter_trace parameter must be enabled in the guard_tap.ini


QUESTION 91

Which predefined report contains important statistics about the health of the Inspection Core (sniffer)?

A. TCP ExceptionsB. Logged R/T AlertsC. Buffer Usage MonitorD. Current Status Monitor


QUESTION 92

User accounts recently added to the Central Manager are not working on the managed units. How can this issue be addressed?

A. Re-register managed units.B. Restart GUI on managed units.C. Add users locally on managed units.D. Run Portal User Sync process on Central Manager.


QUESTION 93

In a centrally managed environment, if the dedicated Central Manager is down, which statement is true?

A. Interactive reports would not run.B. Collector stop logging data from its S-TAPs.C. Users would not be able to login to the Managed Units.D. All Managed Units will revertto pre-registered configuration.


QUESTION 94

Which storage type requires a dsm.sys file to be uploaded to the Guardium appliance?

A. SCPB. TSMC. SFTPD. CENTERA


QUESTION 95

How can an appliance be set up as an Aggregator?

A. Installing Aggregator patchB. During appliance image installationC. Entering an Aggregator-specific license keyD. Using 'store unit type aggregator' command


QUESTION 96

When a user logs into the Guardium system via the GUI, authentication of the user occurs. Which authentication related statement is true?

A. Authentication of users is determined by the "admin" account.B. LDAP authentication is achievable for all accounts on the Guardium system.C. The Guardium "admin" user account is always authenticated by Guardium alone.D. Authentication only occurs if the system was configured to authenticate user access.


QUESTION 97

Which log is the most relevant for data restore troubleshooting on an aggregator?

A. syslogB. sql_err.logC. snif_stderr.txtD. agg_progress.log


QUESTION 98

A customer is asking for data level security and wants to restrict what users of the Guardium systems see. Which statement is the correct?

A. Data level security can be achieved with Guardium only at the aggregator level.B. Data level security can be achieved by enabling data level security through the Global Profile in the admin account.C. Data level security can only be achieved by creating custom reports for each of the users with query conditions that limit what they are able tosee.D. Data level security is not possible with the Guardium solution because once you are logged into your account on the collector you can alwayscreate

reports on the data that was logged.


QUESTION 99

When importing a group that already exists, what is the default behavior?

A. The existing group members will be deleted.

B. If there is a member that already exists in the group, after the import, there will be two identical members.C. The original group name will be replaced by the groupName.HHMMYYYY timestamp to guarantee uniqueness.D. Additional members of the group will be added to the existing group members, no existing members will be deleted.


QUESTION 100

Which GUI report is used to verify the purge process ran successfully?

A. Guardium Job QueueB. Scheduled Jobs reportC. Current Status MonitorD. Aggregation Archive Log


QUESTION 101

Which statement is true in a centrally managed environment?

A. Policies can be created and installed only on Central Manager.B. Policy should be created and installed on collector.C. Policy installed on one collector will automatically propagate to other collectors.D. Policy can be created on Central Manager or managed unit but need to be installed on the relevant collector.


QUESTION 102

Which action CANNOT take place as the result of a correlation alert?

A. Send an Email alert.B. Trigger a Policy Violation.C. Block unauthorized access to sensitive data.D. Send audit data to a SIEM via Syslog or SNMP.


QUESTION 103

What value must be provided for DB User to ensure that an exception rule will trigger on failed logins for a single user rather than for all users in a giventime period.

A. .B. ?C. %D.


QUESTION 104

Which Guardium Feature can be used to extract Application End User information from a stored procedure call?

A. Tuple GroupsB. Custom ID proceduresC. ABAP Import proceduresD. SIEM Integration with Message Templates


QUESTION 105

Which action should be used to ignore activity from users or applications that are producing a high volume of network traffic?

A. Audit OnlyB. Skip loggingC. Ignore S-TAP sessionD. Ignore SQL per session


QUESTION 106

Audit process results can be configured so that receivers are notified of new process results via e- mail. Which statement is true?

A. The email notification will list the report results in the body of the email.B. The email will contain an image of the results in the body of the email (not PDF).C. The email notification will contain a hypertext link to the results stored on the Guardium appliance.D. The email will only inform the users that there are results on the Guardium system so that they can go to the Guardium system to retrieve them.


QUESTION 107

What do extrusion rules inspect?

A. SQL Errors and Failed Logins.B. SQL commands issued by a user.C. Changes to the database server at the OS.D. Result sets sent by the database server to the client.


QUESTION 108

Guardium supports what databases platforms for entitlement reports?

A. DB2InformixMS-SQLMySQLNetezzaPostgreSQL

B. DB2InformixMS-SQLOraclePostgreSQLSybase

C. DB2InformixMS-SQLMySQLNetezzaOraclePostgreSQLSybaseTeradata

D. NetezzaOraclePostgreSQLSybaseTeradata


QUESTION 109

When using the Group Builder, you can automatically populate a group with members. Which of the following is NOT a valid method to populate groupmembers?

A. Running a classification process.B. Running a query on a custom table.C. Running a database auto-discovery job.D. Importing information from an LDAP server.


QUESTION 110

Which is NOT a valid classification rule type?

A. Catalog searchB. Search by permissionsC. Search for vulnerabilityD. Search for unstructured data


QUESTION 111

Which query main entity should be selected to build a report showing application user name, client IP, full SQL, and timestamp?

A. SessionB. Full SQLC. Client/ServerD. App User Name

Answer: B


QUESTION 112

If the S-TAP is configured with firewall_default_state=1 (closed mode), what type of action should be used in order to NOT firewall a specificconnection?

A. S-GATE ATTACHB. S-GATE DETACHC. S-TAP TERMINATED. S-GATE TERMINATE


QUESTION 113

Given the GrdAPI command: grdapi upload_custom_data tableName=DB2_COLUMN_PRIVS What does this command do?

A. upload database entitlement information into the DB2_COLUMN_PRIVS table for use in the DB2 entitlement reportsB. push Guardium audit information into the DB2 table DB2_COLUMN_PRIVS for use with the DB2 Unload commandC. upload entitlement information into the Guardium central manager for reporting on the DB2_COLUMN_PRIVS entitlement reportD. upload database entitlement information into S-TAP to block privilege users from accessing column level privileges within DB2


QUESTION 114

Which is the recommended datasource for use by Vulnerability Assessment?

A. An administrator user credential with read-only access.B. A generic database user credential with read and write access.

C. A datasource using default user accounts for the targeted database type.D. A datasource created using the gdmmonitor script specific for the targeted database type.


QUESTION 115

Which timestamp attribute records the time when a session begins?

A. Period startB. Session startC. Session timestampD. Access period timestamp


QUESTION 116

Which step is necessary to configure Vulnerability assessment for CVE tests?

A. Create policyB. Create datasourceC. Install and configure CASD. Install and configure S-TAP


QUESTION 117

When designing reports, which query condition item provides capability to dynamically filter on reports?

A. ValueB. AttributeC. OperatorD. Parameter


QUESTION 118

Which is NOT a valid classifier policy action?

A. Send AlertB. Create GroupC. Log Policy ViolationD. Create Access Rule


QUESTION 119

Which attributes must be defined as query fields for a query to be available to a correlation alert?

A. Text and BooleanB. Numeric and TextC. Date and CountD. Boolean and Numeric


QUESTION 120

How does Application End User Translation determine the correct application user?

A. Uses Client MAC Address to determine Client IP.B. Imports LDAP and matches Client IP address with Application User name.C. Guesses the correct application user by comparing session time to / from the database server.D. Integrates with Enterprise Business Application to deterministically capture application user name.


QUESTION 121

Which sizing statement is correct?

A. Sizing the number of aggregators required is based directly on database server PVU counts.B. When sizing the number of collectors for a Data-Level Access Control (S-GATE), special sizing considerations are required for

performancereasons.C. When sizing the number of physical collectors for a Data Activity Monitoring, you need to calculate sizing based on the number of virtualappliances

plus 50%.D. When sizing the number of virtual collectors for a Data Activity Monitoring, you need to calculate sizing based on the number of physicalappliances

plus 300%.


QUESTION 122

A customer is deploying InfoSphere Guardium for Data Activity Monitoring (DAM) & Data Level Access Control (DLAC). They are not sure where tolocate their collector appliances with respect to the database server that needs to be monitored & protected. Which response is correct?

A. The collectors can be located anywhere on the network.B. The collectors should be located in the same data center the database servers they monitor & protect reside.C. The S-TAP must reside in the same data center the databases servers are at but the collectors can be anywhere.

D. The collectors and aggregators need to reside in the same location regardless of were the database servers reside.


QUESTION 123

Which statement represents redundancy/contingency options on collectors?

A. Collectors can automatically fail over between aggregators.B. Collectors can be configured with dual management ethernet ports.C. Collector databases can be configured to perform real time synch with other collectors.D. Collectors can be configured with a heartbeat allowing fail over between two collectors.


QUESTION 124

Which Guardium appliance cannot be a standalone unit?

A. S-TAPB. CollectorC. AggregatorD. Central manager


QUESTION 125

When building a Virtual Appliance there memory recommendations (RAM) that need to be taken into account. What is the present maximum memorylimit for such an appliance in Giga Bytes (GB)?

A. There is no maximum limitB. Maximum 16 GB of memoryC. Maximum 18 GB of memoryD. Maximum 24 GB of memory


QUESTION 126

Guardium GUI can be customized to meet a number of unique customer requirements. What should be done In order to add one tab (or pane) at thehighest level?

A. Select the "i" icon and then "Add Pane".B. Select "Quick Start" and then "Add Pane".C. Select "tools -> customize GUI" from the admin console.D. Select "Customize -> Add Pane" in the upper right hand portion of the GUI.


QUESTION 127

Which command sets the eth0 network IP address to 192.168.1.54?

A. store network ip 0 192.168.1.54B. store network resolver 1 192.168.1.54C. store network interface ip 192.168.1.54D. store network routes static 192.168.1.54


QUESTION 128

Which statement will create an inspection engine for an Oracle database on host 10.10.9.57?

A. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=Sybase portMin=4200 portMax=4200 client=0.0.0.0/0.0.0.0ktapDbPort=4200

B. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=Oracle portMin=1521 portMax=1521 dbInstallDir=/usr/lib/oracleprocName=/usr/lib/oracle/app/oracle/product/10.2.0/server/bin/oracle client=0.0.0.0/0.0.0.0 ktapDbPort=1521

C. grdapi create_stap_inspection_engine stapHost=10.10.9.59 protocol=Oracle portMin=1521 portMax=1521 dbInstallDir=/usr/lib/oracleprocName=/usr/lib/oracle/app/oracle/product/10.2.0/server/bin/oracle client=0.0.0.0/0.0.0.0 ktapDbPort=1521

D. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=DB2 portMin=50001 portMax=50001 dbInstallDir=/home/db2inst2procName=/home/db2inst2/sqllib/adm/db2sysc client=0.0.0.0/0.0.0.0 db2SharedMemAdjustment=20 db2SharedMemClientPosition=61440db2SharedMemSize=131072 ktapDbPort=50001


QUESTION 129

How can you find the help documents within the Guardium GUI?

A. by selecting the "about" link in the upper right hand of the screenB. by selecting the "?" to the right of the Portal Map iconC. by selecting the "tools-> help" from the admin consoleD. by selecting the magnifying glass icon in the upper right hand of the screen


QUESTION 130

There are various considerations when sizing the number of appliances required to support a customer environment.

What represents the BASIC unit of measurement used to calculate the initial number of Collectors required for a scope of Data Activity Monitoring(DAM) in a Mainframe environment?

A. VU (Value Unit)B. NTV (Network Traffic Volume)C. DTA (Database Traffic Volume)D. TSA (Technical Specification Assumptions)

Answer: AExplanation/Reference:

Documents

C2090-463.pdf