Replace IBM Security Guardium V10.0 Administration C2150-606 Braindump

NEW QUESTION 1
In a centrally managed environment, while executing the report 'Enterprise Buffer Usage Monitor', a Guardium administrator gets an empty report. Why is the report empty?

• A. Sniffers are not running on the Collectors.
• B. The report is not executed with a remote source on the Collector.
• C. The report is not executed with a remote source on the Aggregator.
• D. Correct custom table upload is not scheduled on the Central Manager.

Answer: C

NEW QUESTION 2
Which port must be open for encrypted communication between UNIX S-TAP and Collector?

• A. 9500
• B. l60l6
• C. l60l7
• D. l60l8

Answer: D

NEW QUESTION 3
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not configured for that S-TAP.
What is an Inspection Engine?

• A. A piece of software residing on the Collectors.
• B. Another software to be installed on the Database server.
• C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
• D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.

Answer: C

NEW QUESTION 4
During a Guardium deployment planning meeting, the team decides to deploy all S-TAP agents on all Unix/Linux database systems. A Unix/Linux system administrator team manager asks a Guardium administrator if there are any differences between Guardium S-TAPs for AIX and Linux systems that the team should be aware of.
What should be the Guardium administrator's response?

• A. A-TAP is required on all AIX DB Servers.
• B. a server reboot is required to capture shared memory traffic from all databases on AIX.
• C. K-TAP is required on the AIX DB server
• D. The exact uname -a output is required to determine the correct K-TAP module for the server.
• E. K-TAP is required on the Linux DB server
• F. The exact uname -a output is required to determine the correct K-TAP module for the server.

Answer: B

NEW QUESTION 5
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 6
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product. Which of the following are correct with regards to these features? (Select two.)

• A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
• B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
• C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
• D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
• E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.

Answer: DE

NEW QUESTION 7
A Guardium administrator needs to monitor an Oracle database on a production database server.
Which component does the administrator need to install on this database server that will monitor the traffic?

• A. S-TAP
• B. Guardium Collector
• C. Guardium Installation Manager (GIM)
• D. Configuration Auditing System (CAS)

Answer: D

NEW QUESTION 8
AGuardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open-How can the administrator do this?

• A. Ask the company's network administrators.
• B. Ask IBM technical support to login as root and verify.
• C. Login as CLI and execute telnet <ip address> <port number>
• D. Login as CLI and execute support show port open <ip address> <port number>

Answer: D

NEW QUESTION 9
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?

• A. Log Only
• B. Alert Only
• C. Alert Daily
• D. Alert Per Match

Answer: C

NEW QUESTION 10
AGuardium environment is set up to send daily reports to users. The users are complaining that their report has not been delivered to their inbox for the past week. What is the first action the Guardium administrator should take in order to diagnose the problem?

• A. Open a ticket with IBM Support.
• B. Pause the User Portal Sync process.
• C. Check in the Aggregation/Archive log.
• D. Check in the Scheduled Job Exceptions.

Answer: D

NEW QUESTION 11
A Guardium administrator observes certain changes to the configuration and policies. How would the administrator identify the changes that were made and who made them?

• A. Review the Audit Process Log report.
• B. Review the sniffer buffer usage report.
• C. Review the /var/log/messages log file.
• D. Review the results of 'Detailed Guardium User Activity' report.

Answer: D

NEW QUESTION 12
An administrator just installed the Guardium product using the Guardium ISO image. Which step must the administrator perform as part of the initial set-up of the new appliance?

• A. Generate the GUI certificate request.
• B. Configure network settings on the appliance.
• C. Restart the sniffer process from the CLI command prompt.
• D. Obtain the passwords for the databases to be monitored by the appliance.

Answer: B

NEW QUESTION 13
Which use cases are covered with the File Activity Monitoring feature? (Select two.)

• A. Classify sensitive files on mainframe systems.
• B. Encrypts database data files on file systems based on policies.
• C. Selectively redacts sensitive data patterns in files based on policies.
• D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
• E. Identifies files containing Personally Identifiable Information (Pll) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Answer: AE

NEW QUESTION 14
A Guardium administrator has rebuilt an appliance, and wants nowto restore a backup image of the entire database, audit data, and all definitions from Data backup.Which CLI command should the administrator use to accomplish this?

• A. restore config
• B. restore system
• C. restore pre-patch-backup
• D. restore certificate sniffer backup

Answer: B

NEW QUESTION 15
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?

• A. include the PVU load of passive nodes.
• B. include half of the passive nodes PVU load.
• C. include a third of the passive nodes PVU load.
• D. Not include the PVU load of passive nodes.

Answer: D

NEW QUESTION 16
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?

• A. Client OS
• B. Client MAC
• C. Access ID
• D. Analyzed Client IP

Answer: B

NEW QUESTION 17
A Guardium administrator needs to build new appliances with the latest version of Guardium. How should the administrator obtain the ISO image?

• A. Contact IBM Support.
• B. Download from ibm.com
• C. Download from IBM Fix Central.
• D. Download from IBM Passport Advantage.

Answer: D

NEW QUESTION 18
A Guardium policy has been configured with the following two rules:

A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object "TABLET.
What domain(s) can the administrator create a report in to see the SQL?

• A. Access
• B. Policy Violations
• C. Access and Access Policy
• D. Access and Policy Violations

Answer: A

NEW QUESTION 19
A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to Standard Guardium DAM offering.
Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)

• A. Run Vulnerability Assessment reports
• B. Generate audit reports using PCI-DSS Accelerator
• C. Block and quarantine an unauthorized database connection
• D. Mask sensitive PCI-DSS information from web application interface
• E. Log and alert all database activities that access PCI-DSS Sensitive Objects.

Answer: AB

NEW QUESTION 20
AGuardium administrator is checking the scheduled jobs exceptions report on a standalone Collector The following error is repeating every l5 minutes.
java.lang.NumberFormatException: empty String
The administrator also notices that the anomaly detection polling interval is l5 minutes. What should the administrator do next to contribute troubleshooting the problem?

• A. Pause all scheduled jobs and check if the exception comes back.
• B. identify the alert that is causing the problem by deactivating one alert at a time.
• C. Check in the alert builder to see which alerts have accumulation interval of l5 minutes.
• D. in the CLI run support must_gather aggjssues and send the file to IBM support.

Answer: B

NEW QUESTION 21
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?

• A. ja64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
• B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, l TB disk
• C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
• D. Iinuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk

Answer: B

NEW QUESTION 22
......