C2090 463 PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 51

Exam A

QUESTION 1
Which consideration is true for a Vulnerability Assessment (VA) deployment?
A. Collectors running VA cannot also perform database monitoring.
B. Each collector can run up to 20 Vulnerability Assessments simultaneously.
C. S-TAP must be running on the database server before VA is run for a database on that server.
D. There is a need to create an account with appropriate privileges on the database for VA to work.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 2
Which Guardium appliance cannot be managed?
A. S-TAP
B. Collector
C. Aggregator
D. Central manager
Answer: D
Explanation/Reference:
Explanation:
QUESTION 3
When planning the deployment for Data Activity Monitoring (DAM) there is a need to determine the location of the various Guardium solution
components (I.e. Agents, appliances). Which statement is correct?
A. S-TAP agents need to reside in the same data center the aggregators reside in.
B. Collectors can report to aggregators that are located in data centers other then their own.
C. Collectors can reside anywhere in the customer network regardless of database server location.
D. Aggregators need to reside in the same data center the collectors that report to them (Aggregator) reside.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 4
When sizing a Vulnerability Assessment solution, what is the recommendation for calculating the number of collectors needed?
A. One collector for every 30K PVU.
B. One collector for every data center.
C. One collector for every 35 database servers.
D. One collector for every 255 database instances.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 5
What are the mechanisms used by UNIX S-TAP to capture database traffic?
A. K-TAP, A-TAP, and PCAP
B. K-TAP, LHMON, and PCAP
C. PCAP, DB2TAP, and K-TAP
D. A-TAP, Shared Memory Driver, and K-TAP
Answer: A
Explanation/Reference:
Explanation:
QUESTION 6
Which parameter should be used to enable K-TAP flex loading through GIM?
A. KTAP_ENABLED set to "1"
B. KTAP_LIVE_UPDATE set to "Y"
C. KTAP_FAST_FILE_VERDICT set to "1"
D. KTAP_ALLOW_MODULE_COMBOS set to "Y"
Answer: D
Explanation/Reference:
Explanation:
QUESTION 7
Before uninstalling A-TAP, which procedure must be done?
A. K-TAP must be unloaded using guard_ktap_loader.
B. A-TAP must be deactivated on all database instances.
C. The Guardium group must be removed from the server.
D. The sniffer must be stopped on the Guardium appliance.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 8
Which guard_tap.ini parameter should be used to set the virtual IP of a Microsoft SQL Server cluster environment?
A. tap_ip
B. sqlguard_ip
C. alternate_ips
D. connect_to_ip
Answer: C
Explanation/Reference:
Explanation:
QUESTION 9
What statement is true regarding policy push down?
A. Policy push down pushes a classification process into S-TAP for Z on IMS.
B. Policy push down allows ZSecure to push policies into the Guardium appliance.
C. Policy push down allows the Guardium appliance to identify sensitive objects inside the DB2 database.
D. Policy-push-down enables policy push down of collected profiles, collection activation, and collection inactivation from the Guardium appliance.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 10
What is the correct way to stop a UNIX S-TAP that was installed with a non-GIM installer?
A. Use the Stop S-TAP button in the S-TAP Control window.
B. Find the S-TAP Process ID and terminate with kill -9 command.
C. Comment the U-TAP section of /etc/inittab, followed by the init q command.
D. Under the Modules parameter in the Central Manager, set STAP_ENABLED =0 for the appropriate S-TAP.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 11
Which appliance type(s) can serve as a Guardium host for S-TAPs?
A. A collector only.
B. Collectors and Aggregators only.
C. Collectors and standalone Central Managers.
D. All appliance types can accept S-TAP connections.
Answer: A
Explanation/Reference:
Explanation:
QUESTION 12
In the Session level entity, how many UID Chain attribute(s) are there?
A. 1 - UID Chain
B. 2 - UID Chain & UID Chain Compressed
C. 3 - UID Chain, UID Chain Compressed & UID Chain Expanded
D. 4 - UID Chain, UID Chain Compressed, UID Chain Expanded & UID Chain for z/OS
Answer: B
Explanation/Reference:
Explanation:
QUESTION 13
What is the main command line utility to control and configure A-TAP on all platforms?
A. guardctl
B. guard-atap-ctl
C. guard-ktap-ctl
D. guard-executor-32
Answer: A
Explanation/Reference:
Explanation:
QUESTION 14
What is the documented procedure for handling delayed cluster disk mounting?
A. Manually restart the S-TAP process after mounting the database server directory.
B. Configure the wait_for_db_exec parameter in the guard_tap.ini with an appropriate delay.
C. Ensure that the S-TAP process is started only after the database installation directory is available.
D. There is no special procedure, S-TAP can automatically detect when the database directory becomes available.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 15
Which GIM component controls starting and stopping managed agents on UNIX?
A. gim_client.pl
B. guardium_stap
C. guard_supervisor
D. guard_ktap_loader
Answer: C
Explanation/Reference:
Explanation:
QUESTION 16
What is the correct way to stop S-TAP that is managed by GIM?
A. Uninstall S-TAP.
B. Use kill -9 on S-TAP process.
C. Comment S-TAP entry in /etc/inittab.
D. Set STAP_ENABLED to "0" in GIM parameters.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 17
Where are DB2 z audit rules stored?
A. Collection profiles
B. CICS audit profiles
C. Group audit profiles
D. VSAM audit profiles
Answer: A
Explanation/Reference:
Explanation:
QUESTION 18
Which ports are used by UNIX S-TAP?
A. 9500 TCP (unencrypted) and 8075 TCP (encrypted)
B. 16016 TCP (unencrypted) and 16018 TCP (encrypted)
C. 9500 TCP (unencrypted) and 8075 UDP (heartbeat signal)
D. 16016 TCP (unencrypted) and 16018 UDP (hearbeat signal)
Answer: B
Explanation/Reference:
Explanation:
QUESTION 19
Which mechanism is used to intercept DB2 and Informix shared memory traffic on all UNIX platforms except Linux?
A. TEE
B. PCAP
C. A-TAP
D. K-TAP
Answer: D
Explanation/Reference:
Explanation:
QUESTION 20
What is the purpose of K-TAP flex load in Linux installations?
A. Allows upgrade of the K-TAP module without requiring a reboot of the host operating system.
B. Give the system administrator the ability to stop traffic interception by manually unloading the K-TAP module.
C. Allows installation of K-TAP module with closest match in cases where an exact kernel match is not available.
D. Allows the system administrator to upgrade the K-TAP module directly from GIM interface on Central Manager.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 21
Which statement about Configuration Audit System (CAS) is true?
A. It does not support windows platform.
B. It supports running operating system shell scripts.
C. It does not support monitoring of file permissions (rwxrwxrwx).
D. It supports vulnerability assessment tests using observed behavior.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 22
What is the primary purpose of Group Builder?
A. To update vulnerability assessment rules.
B. To trigger compliance workflow automation.
C. To adapt to the dynamic needs of the business.
D. To associate policy rules with audit process results.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 23
What query change requires the report portlet to be regenerated?
A. Main entity
B. Query fields
C. Runtime parameters
D. Timestamp attributes
Answer: C
Explanation/Reference:
Explanation:
QUESTION 24
In a rule definition, what DB User field value would test for a blank database user name in the traffic?
A. %
B. NULL
C. guardium://empty
D. Leaving the field blank
Answer: C
Explanation/Reference:
Explanation:
QUESTION 25
The policy has an extrusion rule with action of 'Log Extrusion Counter' when a credit card number is returned by the query. The inspection engine is
configured with:
Query 'select credit_card from TABLE1 where customer_id in (1,2,3);' returns a total of 120 records with 10 credit cards returned in each network
packet. What is expected result for SUM(Returned Data Count) from Full SQL domain for this query?
A. 0
B. 12
C. 74
D. 120
Answer: D
Explanation/Reference:
Explanation:
QUESTION 26
An audit workflow process may contain any number of audit tasks. Which is NOT a valid audit task?
A. a privacy set
B. a policy process
C. a security assessment
D. a classification process
Answer: B
Explanation/Reference:
Explanation:
QUESTION 27
When creating a new report there is a need to choose a main entity. There are six levels in the entity hierarchy for the access domain. Which of the
following represents the correct hierarchy order (top to bottom)?
A. SQL, Client/Server By Session, Application Event, Command, Object, Field
B. Command, Object, SQL, Field, Client/Server By Session, Application Event
C. Object, Command, SQL, Field, Client/Server By Session, Application Event
D. Client/Server By Session, Application Event, SQL, Command, Object, Field
Answer: D
Explanation/Reference:
Explanation:
QUESTION 28
How does the database entitlement information get pulled into the Guardium appliance?
A. DB Entitlement Reports use the LDAP Domain feature to create links between the LDAP data on the selected database with the internal data ofthe
predefined entitlement reports.
B. DB Entitlement Reports use the Custom Domain feature to create links between the external data on the selected database with the internaldata of
the predefined entitlement reports.
C. DB Entitlement Reports use the Access Domain feature to create links between the accessed data on the selected database with the internaldata of
the predefined entitlement reports.
D. DB Entitlement Reports use the Security Assessment Domain feature to create links between the user data on the selected database with
theinternal data of the predefined entitlement reports.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 29
What does 'sample size' parameter of classification process define?
A. How many tables in the database should be evaluated by the process.
B. How many rows in each table of the database should be evaluated by the process.
C. How many columns in each table of the database should be evaluated by the process.
D. What percent of the column in each table of the database should be evaluated by the process.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 30
A query that is used by a correlation alert, is run at 23:59 for time period between 00:00 and 23:59 of that day, produces these results:
How many alerts were sent during that day, if first time alerter ran the query at 01:00 and anomaly detection is configured with polling interval of 30
minutes?
A. 0
B. 2
C. 3
D. 5
Answer: B
Explanation/Reference:
Explanation:
QUESTION 31
How should classification policy rules be defined in order to activate Luhn algorithm evaluation?
A. The policy rule should begin with "guardium: //LUHN_ALG".
B. The S-TAP ini file should have luhn_activated parameter set.
C. The policy rule should begin with "guardium: //CREDIT_CARD".
D. The Luhn algorithm checkbox next to the pattern box should be checked.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 32
Which one is NOT a Guardium vulnerability assessment test type?
A. Common Vunerability Exposure (CVE) tests
B. CAS-based tests
C. Query-based tests
D. Fine grain audit tests
Answer: D
Explanation/Reference:
Explanation:
QUESTION 33
Which is NOT a valid End User identification option with Guardium?
A. Custom ID procedures
B. Application User Translation
C. Auto Generated Calling Prox
D. Guardium Application Events API (GuardAppEvents)
Answer: C
Explanation/Reference:
Explanation:
QUESTION 34
Which Main Entity CANNOT be used to display Application User?
A. Object
B. Full SQL
C. Client/Server
D. Access Period
Answer: C
Explanation/Reference:
Explanation:
QUESTION 35
What is the default policy of a new appliance?
A. PCI policy
B. SOX Policy
C. allow all policy
D. selective audit policy
Answer: C
Explanation/Reference:
Explanation:
QUESTION 36
Which report statement is true?
A. You should not use tuple groups in reports.
B. You can modify the layout of "out of the box" reports.
C. You cannot create a report with both the "IP" and "SQL" attribute.
D. You can run a report using the compliance work flow automation application.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 37
Guardium supports what databases platforms for entitlement reports?
A. DB2
Informix
MS-SQL
MySQL
Netezza
PostgreSQL
B. DB2
Informix
MS-SQL
Oracle
PostgreSQL
Sybase
C. DB2
Informix
MS-SQL
MySQL
Netezza
Oracle
PostgreSQL
Sybase
Teradata
D. Netezza
Oracle
PostgreSQL
Sybase
Teradata
Answer: C
Explanation/Reference:
Explanation:
QUESTION 38
What is the difference between real time alerts and correlation alerts?
A. There is no difference, terminology is used interchangeably.
B. Real time alerts are based on policy rules. Correlation alerts are Query based.
C. Real time alerts are driven by anomaly detection. Correlation alerts are policy driven.
D. Real time alerts could only be run on the Managed Units. Correlation alerts can only be run on Central Manager.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 39
By default, when an access policy rule is triggered, which statement is true?
A. An alert is sent.
B. The unmasked SQL statement is logged.
C. The policy stops processing subsequent rules unless the 'Cont. to next rule' box is checked.
D. The statement continues to the next rule, unless the 'Stop Processing More Rules' box is checked.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 40
What best practice approach will minimize the need to change policies?
A. Install multiple policies.
B. Leverage the use of groups.
C. Schedule rotating policies to be installed for each work shift.
D. Place an S-GATE Attach rule at the beginning of the each policy.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 41
Which database type is NOT currently supported by Vulnerability Assessment?
A. Netezza
B. IMS for z
C. Teradata
D. DB2 for z
Answer: B
Explanation/Reference:
Explanation:
QUESTION 42
Under which condition will Correlation Alerts NOT function correctly?
A. Anomaly Detection is not Active
B. Run frequency <Accumulation interval
C. Notification frequency =Accumulation interval
D. Anomaly Detection Polling Interval <Run frequency
Answer: A
Explanation/Reference:
Explanation:
QUESTION 43
Which command sets the primary DNS server to 10.10.9.1?
A. store net resolver 1 10.10.9.1
B. store net dns primary 10.10.9.1
C. store net defaultdns 10.10.9.1
D. store net interface dns 10.10.9.1
Answer: A
Explanation/Reference:
Explanation:
QUESTION 44
What does this GRDAPI command do? grdapi create_member_to_group_by_desc desc="PCI Admin Users" member="J oe"
A. Creates a new group called "PCI Admin Users.
B. Creates a new member, PCI Admin User, and adds it to the group "J oe".
C. Creates a new member, J oe, and adds it to the group "PCI Admin Users".
D. Creates a new description, "PCI Admin User", and adds it to the member "J oe".
Answer: C
Explanation/Reference:
Explanation:
QUESTION 45
Which account can reset the user's role GUI layout?
A. cli
B. INV
C. Admin
D. Accessmgr
Answer: D
Explanation/Reference:
Explanation:
QUESTION 46
In order to add a user and associate the user to a role like "Admin", "CAS", "CLI", "DBA", or "InfoSec", you would login to the Guardium Appliance as
what user?
A. cli
B. admin
C. infosec
D. accessmgr
Answer: D
Explanation/Reference:
Explanation:
QUESTION 47
What is the recommended procedure for unregistering a managed unit from a Central Manager?
A. It does not matter where a managed unit is unregistered.
B. Once registered, a managed unit should never be unregistered.
C. Unregistering a managed unit should be done from the Central Manager.
D. Unregistering a managed unit should be done from the managed unit itself.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 48
What Guardium administration tool or utility can be used to obtain network statistics, such as throughput and current connection?
A. diag
B. iptraf
C. Buffer Usage Monitor
D. 'show network interface stats' CLI command
Answer: B
Explanation/Reference:
Explanation:
QUESTION 49
What is a mandatory prerequisite for the appliance upgrade?
A. Pre-upgrade Data purge
B. Pre-upgrade Data archive
C. Pre-upgrade Configuration export
D. Pre-upgrade Health Check process
Answer: D
Explanation/Reference:
Explanation:
QUESTION 50
Which tool allows you to collect a trace of traffic being logged by a collector?
A. iptraf
B. Slon utility
C. Aggregation Debug
D. Application Debug Log
Answer: B
Explanation/Reference:
Explanation:
QUESTION 51
For an SQL Server 2005 environment using encryption, what can cause DB User and Source Program information to show up blank in the Guardium
reports?
A. A-TAP is not installed.
B. The port range specified in the inspection engines is not correct.
C. There is a policy with Ignore S-TAP Session rule blocking the users.
D. The Instance Name parameter in the inspection engines is not correct.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 52
What could cause all the S-TAPs on a particular collector to turn red (in S-TAP Control)?
A. The GUI is down (port 8443 unavailable).
B. The SSH daemon on appliance is down (port 22 unavailable).
C. The GIM server on the appliance is down (port 8081 unavailable).
D. The inspection core was stopped (ports 9500 and 16016 unavailable).
Answer: D
Explanation/Reference:
Explanation:
QUESTION 53
When attempting to quarantine a connection, what is needed to create a rule within the security policy?
A. Fill out the DB User and identify the "command" as Quarantine.
B. Fill out the "Quarantine for xx" minutes section of the Admin Quarantine tab.
C. Fill out the "reset Interval" to identify when the Quarantined user will become active.
D. Fill out the "Quarantine for xx" minutes section of the policy and create a rule action of "Quarantine".
Answer: D
Explanation/Reference:
Explanation:
QUESTION 54
Given the security policy guard_tap.ini configuration shown below:
What must be done in order for an S-Gate Terminate action to work properly with a two rule policy?
A. You must have a rule with an action of "S-Gate Attach" below the "S-Gate Terminate" rule in the policy.
B. You must have a rule with an action of "S-Gate Attach" above the "S-Gate Terminate" rule in the policy.
C. You must have a rule with an action of "S-Gate Attach" with "continue" flag checked below the "S-Gate Terminate" rule in the policy.
D. You must have a rule with an action of "S-Gate Attach" with "continue" flag checked above the "S-Gate Terminate" rule in the policy.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 55
What reporting domain in Guardium will have information of the database connection being terminated by Guardium as part of Data access level
control / blocking functionality?
A. exception domain
B. access period domain
C. policy violation domain
D. terminated connections domain
Answer: C
Explanation/Reference:
Explanation:
QUESTION 56
What is a disadvantage of using S-TAP terminate action in the policy (and related functionality) over S-GATE terminate?
A. There is a need to install the S-TAP agent on the database server and as a result it's harder to deploy.
B. Additionally licensed feature needs to be installed and as a result there is additional cost associated with this functionality.
C. The decision to terminate is done by S-TAP and as a result it has significant negative impact on database server performance.
D. The violation activity will start bringing results from the database before the connection is terminated and as a result data leakage is possible.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 57
Which component of the Guardium solution makes a decision to terminate database connection as part of Data access level control / blocking
functionality?
A. Functionality within policy running on Guardium collector.
B. Functionality within CAS agent running on the database server.
C. Functionality within S-GATE agent running on database server.
D. Functionality within S-TAP process running on database server.
Answer: A
Explanation/Reference:
Explanation:
QUESTION 58
Where can data archived from an aggregator be restored?
A. On any appliance
B. On any aggregator
C. On source aggregator only
D. On Central Manager only, when aggregator is centrally managed
Answer: B
Explanation/Reference:
Explanation:
QUESTION 59
Which statement is true regarding users created in a centrally managed environment?
A. Every managed unit has its own set of users defined.
B. Users can be created on any appliance and will be available on all the appliances at once.
C. Users can only be created on Central Manager but will be propagated to all managed units.
D. Users can only be created on Central Manager and will be stored on Central Manager only.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 60
After a role is removed, if the user attempts to access reports or applications that are no longer authorized to this user, what will happen?
A. The user session will be terminated.
B. The user account will be temporarily locked.
C. A "not authorized" message will be produced.
D. Nothing, once you are given access removing roles will not affect your access to that application or report.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 61
Which storage type requires upload of the PEA file?
A. SCP
B. TSM
C. SFTP
D. CENTERA
Answer: D
Explanation/Reference:
Explanation:
QUESTION 62
Importing and exporting definitions is needed in what environment?
A. In all GIM environments to provide consistency with S-TAPs.
B. Customer implementation using SPAN ports that want to share reports and policies.
C. Customer implementation with many standalone collectors that want to share reports and policies.
D. Customer implementation in a centrally managed environment (central manager) with 30 collectors that want to share reports and policies.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 63
In a centrally managed environment, where is the definition of a query created on the collector saved?
A. Collector only
B. Aggregator only
C. Central Manager only
D. Both Collector and Central Manager
Answer: C
Explanation/Reference:
Explanation:
QUESTION 64
Which report allows you to monitor Guardium user activities?
A. Audit Process Log
B. User Activity Audit Trail
C. Guardium Users Report
D. Default DB Users Enabled
Answer: B
Explanation/Reference:
Explanation:
QUESTION 65
To run grdapi commands users need to use the Command Line Interface (CLI) account. Access to the CLI account is required. Which statement is
true?
A. grdapi commands can only be run from the standard CLI user.
B. Roles to the CLI accounts are given to users by the Admin account.
C. The standard CLI user cannot run all of the grdapi commands because it doesn't have the appropriate roles.
D. GUI users of the Guardium system have default access to run grdapi commands from the guardcli1,...,guardcli5 accounts.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 66
Which platform is supported for an InfoSphere Guardium virtual appliance build?
A. IBM PowerVM
B. Citrix Xen server
C. VMWare ESX server
D. Microsoft Hyper-V server
Answer: C
Explanation/Reference:
Explanation:
QUESTION 67
Which component of the Guardium solution will terminate the database connection as part of Data access level control / blocking functionality?
A. S-GATE functionality within CAS agent running on the database server.
B. S-GATE functionality within S-GATE agent running on database server.
C. S-GATE functionality within S-TAP process running on database server.
D. S-GATE functionality within sniffer process running of Guardium collector.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 68
What is an advantage of using S-TAP terminate action in the policy over S-GATE terminate?
A. There is no need to install the S-GATE agent on the database server and as a result it's easier to deploy.
B. The decision to terminate is done by S-TAP and as a result it has significant positive impact on collector's performance.
C. The decision to terminate is done by S-TAP and as a result there is no need to wait for verdict from sniffer and there is no delay in termination.
D. The database activity is not held by S-TAP before it accesses the database and as a result there is no impact to customers'
applicationsperformance.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 69
Quarantine is available for which types of rule(s) in the policy?
A. access rule only
B. access and exception rules
C. access, exception and extrusion rules
D. access, exception, extrusion and ignore rules
Answer: C
Explanation/Reference:
Explanation:
QUESTION 70
Given the following configuration in the guard_tap.ini:
Which statement is true?
A. Because firewall_installed=0, no sessions will be terminated.
B. Because firewall_default_state=1, all connections will not be monitored.
C. Because the firewall_default_state=1, all connections will be terminated.
D. Because firewall_timeout=10 and firewall_fail_close=0, if there is no answer from the Guardium appliance within 10 minutes, the session will
beterminated.
Answer: A
Explanation/Reference:
Explanation:
QUESTION 71
Guardium environment consists of one collector and STAP installed on Unix database server. The guard_tap.ini parameters:
What is the expected result, if privileged user connects to the database and runs a SELECT statement on sensitive object?
A. Privileged user will be successful in running SELECT statement and getting results with no delay.
B. The connection will be terminated 10 seconds after SELECT statement is run; no results will be returned.
C. The connection will be terminated immediately after SELECT statement is run; no results will be returned.
D. Privileged user will be successful in running SELECT statement and getting results after 10 seconds delay.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 72
Which statement is true for S-TAP/K-TAP on UNIX platforms?
A. A server reboot is required after new installations of S-TAP.
B. A server reboot is required only if K-TAP is installed with S-TAP.
C. A server reboot is only required after installing S-TAP on specific database types.
D. A server reboot is required to completely remove the K-TAP following an S-TAP uninstall.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 73
Which ports are used by Windows S-TAP?
A. 9500 TCP (unencrypted) and 8075 TCP (encrypted)
B. 16016 TCP (unencrypted) and 16018 TCP (encrypted)
C. 9500 TCP (unencrypted) and 8075 UDP (heartbeat signal)
D. 16016 TCP (unencrypted) and 16018 UDP (heartbeat signal)
Answer: C
Explanation/Reference:
Explanation:
QUESTION 74
Which parameter should be used to enable K-TAP upgrade without server reboot?
A. KTAP_ENABLED set to "1"
B. KTAP_LIVE_UPDATE set to "Y"
C. KTAP_FAST_FILE_VERDICT set to "1"
D. KTAP_ALLOW_MODULE_COMBOS set to "Y"
Answer: B
Explanation/Reference:
Explanation:
QUESTION 75
Which operating system requires that the oracle executable be instrumented prior to activating A- TAP?
A. AIX
B. Linux
C. Solaris
D. HP-UX
Answer: A
Explanation/Reference:
Explanation:
QUESTION 76
Which Operating System requires a restart of the database instance (and listener, if appropriate) in order to properly log traffic following a new S-TAP
installation?
A. AIX
B. Linux
C. Solaris
D. HP-UX
Answer: A
Explanation/Reference:
Explanation:
QUESTION 77
Which platform requires A-TAP configuration to monitor DB2 shared memory activity?
A. AIX
B. Solaris
C. Red Hat
D. Windows
Answer: C
Explanation/Reference:
Explanation:
QUESTION 78
What is the default time of the command "store uid_chain_polling_interval <N>" where N is time in minutes?
A. 2 minutes
B. 30 minutes
C. 60 minutes
D. 720 minutes
Answer: A
Explanation/Reference:
Explanation:
QUESTION 79
Which method stops a non-GIM installed Windows S-TAP?
A. Invoking the "stop winstap" command.
B. Stopping the GUARDIUM_STAP service.
C. Ending Guardium S-TAP process through Task Manager.
D. Removing S-TAP from startup programs and rebooting server.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 80
Which guard_tap.ini parameter is configured to set User ID (UID) chain logging?
A. hunt
B. uid_chain
C. hunter_trace
D. Specify "user" in Intercept Types
Answer: C
Explanation/Reference:
Explanation:
QUESTION 81
S-TAP for Z will offload processing to which hardware component?
A. DASD when available
B. ZIIP Processors when available
C. CICS transaction server when available
D. Encryption Accelerator module when available
Answer: B
Explanation/Reference:
Explanation:
QUESTION 82
When Configuration Audit System (CAS) is deployed to a server, which statement is true?
A. S-TAP must be installed with CAS.
B. Using an * means do not match any characters in the template definition.
C. Wildcard support such as "/home/oracle/../.*ora" is not supported to identify all files *.ora within the /home/oracle subdirectories.
D. The CAS template is changed to a specific instance where all variables are instantiated to specific items to be monitored on the host.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 83
Which statement is true regarding A-TAP?
A. A-TAP can function independently of K-TAP.
B. The database must be stopped before activating A-TAP.
C. A-TAP the main component for the guardium firewall (SGATE).
D. The database does not need to be restarted after upgrading A-TAP.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 84
Which parameter(s) are required during the initial S-TAP installation?
A. IP addresses of database server and Guardium host.
B. Configuration Audit System (CAS) installation directory.
C. Physical and alternate IP addresses of database server.
D. IP address of database server and list of databases running.
Answer: A
Explanation/Reference:
Explanation:
QUESTION 85
Which is NOT a GIM process/component?
A. GIM CLIENT
B. GIM SERVER
C. GIM ANALYZER
D. GIM SUPERVISOR
Answer: C
Explanation/Reference:
Explanation:
QUESTION 86
Which GIM bundle status indicates that additional user action is required to complete the GIM operation?
A. IP (In Progress)
B. PENDING-UPDATE
C. PENDING-UNINSTALL
D. IP-PR (In Progress Pending Reboot)
Answer: D
Explanation/Reference:
Explanation:
QUESTION 87
When configuring S-TAP on Solaris Zones or AIX WPARs, what is the correct way to configure the connect_to_ip parameter in the Inspection Engines?
A. connect_to_ip =127.0.0.1
B. connect_to_ip =1.1.1.1/0.0.0.0
C. connect_to_ip =<IP address of local zone>
D. connect_to_ip =<IP address of global zone>
Answer: C
Explanation/Reference:
Explanation:
QUESTION 88
With Guardium version 8.x "S-TAP for z" monitoring a single DB2 instance on z/OS, which statement is true?
A. There is typically 1 started task running on z:
ADHSPAGT =Agent
B. There are typically 2 started tasks running on z:
ADHCXXXX =Collector
ADHSPSRV =Server
C. There are typically 3 started tasks running on z:
ADHMXXXX =Master
ADHSPAGT =Agent
ADHSPSRV =Server
D. There are typically 4 started tasks running on z:
ADHCXXXX =Collector
ADHMXXXX =Master
ADHSPAGT =Agent
ADHSPSRV =Server
Answer: D
Explanation/Reference:
Explanation:
QUESTION 89
Which command is used to check the upgrade status?
A. show support state
B. check upgrade status
C. show system patch install
D. support show db-struct-check
Answer: C
Explanation/Reference:
Explanation:
QUESTION 90
What is required for S-TAP to capture local oracle database connections using the Bequeath protocol?
A. A-TAP must be installed and configured.
B. The db_exec_file should be set in the inspection engine.
C. Instance Name must be specified in the inspection engines.
D. hunter_trace parameter must be enabled in the guard_tap.ini
Answer: B
Explanation/Reference:
Explanation:
QUESTION 91
Which predefined report contains important statistics about the health of the Inspection Core (sniffer)?
A. TCP Exceptions
B. Logged R/T Alerts
C. Buffer Usage Monitor
D. Current Status Monitor
Answer: C
Explanation/Reference:
Explanation:
QUESTION 92
User accounts recently added to the Central Manager are not working on the managed units. How can this issue be addressed?
A. Re-register managed units.
B. Restart GUI on managed units.
C. Add users locally on managed units.
D. Run Portal User Sync process on Central Manager.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 93
In a centrally managed environment, if the dedicated Central Manager is down, which statement is true?
A. Interactive reports would not run.
B. Collector stop logging data from its S-TAPs.
C. Users would not be able to login to the Managed Units.
D. All Managed Units will revertto pre-registered configuration.
Answer: A
Explanation/Reference:
Explanation:
QUESTION 94
Which storage type requires a dsm.sys file to be uploaded to the Guardium appliance?
A. SCP
B. TSM
C. SFTP
D. CENTERA
Answer: B
Explanation/Reference:
Explanation:
QUESTION 95
How can an appliance be set up as an Aggregator?
A. Installing Aggregator patch
B. During appliance image installation
C. Entering an Aggregator-specific license key
D. Using 'store unit type aggregator' command
Answer: B
Explanation/Reference:
Explanation:
QUESTION 96
When a user logs into the Guardium system via the GUI, authentication of the user occurs. Which authentication related statement is true?
A. Authentication of users is determined by the "admin" account.
B. LDAP authentication is achievable for all accounts on the Guardium system.
C. The Guardium "admin" user account is always authenticated by Guardium alone.
D. Authentication only occurs if the system was configured to authenticate user access.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 97
Which log is the most relevant for data restore troubleshooting on an aggregator?
A. syslog
B. sql_err.log
C. snif_stderr.txt
D. agg_progress.log
Answer: D
Explanation/Reference:
Explanation:
QUESTION 98
A customer is asking for data level security and wants to restrict what users of the Guardium systems see. Which statement is the correct?
A. Data level security can be achieved with Guardium only at the aggregator level.
B. Data level security can be achieved by enabling data level security through the Global Profile in the admin account.
C. Data level security can only be achieved by creating custom reports for each of the users with query conditions that limit what they are able tosee.
D. Data level security is not possible with the Guardium solution because once you are logged into your account on the collector you can alwayscreate
reports on the data that was logged.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 99
When importing a group that already exists, what is the default behavior?
A. The existing group members will be deleted.
B. If there is a member that already exists in the group, after the import, there will be two identical members.
C. The original group name will be replaced by the groupName.HHMMYYYY timestamp to guarantee uniqueness.
D. Additional members of the group will be added to the existing group members, no existing members will be deleted.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 100
Which GUI report is used to verify the purge process ran successfully?
A. Guardium J ob Queue
B. Scheduled J obs report
C. Current Status Monitor
D. Aggregation Archive Log
Answer: D
Explanation/Reference:
Explanation:
QUESTION 101
Which statement is true in a centrally managed environment?
A. Policies can be created and installed only on Central Manager.
B. Policy should be created and installed on collector.
C. Policy installed on one collector will automatically propagate to other collectors.
D. Policy can be created on Central Manager or managed unit but need to be installed on the relevant collector.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 102
Which action CANNOT take place as the result of a correlation alert?
A. Send an Email alert.
B. Trigger a Policy Violation.
C. Block unauthorized access to sensitive data.
D. Send audit data to a SIEM via Syslog or SNMP.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 103
What value must be provided for DB User to ensure that an exception rule will trigger on failed logins for a single user rather than for all users in a given
time period.
A. .
B. ?
C. %
D. <blank>
Answer: A
Explanation/Reference:
Explanation:
QUESTION 104
Which Guardium Feature can be used to extract Application End User information from a stored procedure call?
A. Tuple Groups
B. Custom ID procedures
C. ABAP Import procedures
D. SIEM Integration with Message Templates
Answer: B
Explanation/Reference:
Explanation:
QUESTION 105
Which action should be used to ignore activity from users or applications that are producing a high volume of network traffic?
A. Audit Only
B. Skip logging
C. Ignore S-TAP session
D. Ignore SQL per session
Answer: C
Explanation/Reference:
Explanation:
QUESTION 106
Audit process results can be configured so that receivers are notified of new process results via e- mail. Which statement is true?
A. The email notification will list the report results in the body of the email.
B. The email will contain an image of the results in the body of the email (not PDF).
C. The email notification will contain a hypertext link to the results stored on the Guardium appliance.
D. The email will only inform the users that there are results on the Guardium system so that they can go to the Guardium system to retrieve them.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 107
What do extrusion rules inspect?
A. SQL Errors and Failed Logins.
B. SQL commands issued by a user.
C. Changes to the database server at the OS.
D. Result sets sent by the database server to the client.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 108
Guardium supports what databases platforms for entitlement reports?
A. DB2
Informix
MS-SQL
MySQL
Netezza
PostgreSQL
B. DB2
Informix
MS-SQL
Oracle
PostgreSQL
Sybase
C. DB2
Informix
MS-SQL
MySQL
Netezza
Oracle
PostgreSQL
Sybase
Teradata
D. Netezza
Oracle
PostgreSQL
Sybase
Teradata
Answer: C
Explanation/Reference:
Explanation:
QUESTION 109
When using the Group Builder, you can automatically populate a group with members. Which of the following is NOT a valid method to populate group
members?
A. Running a classification process.
B. Running a query on a custom table.
C. Running a database auto-discovery job.
D. Importing information from an LDAP server.
Answer: C
Explanation/Reference:
Explanation:
QUESTION 110
Which is NOT a valid classification rule type?
A. Catalog search
B. Search by permissions
C. Search for vulnerability
D. Search for unstructured data
Answer: C
Explanation/Reference:
Explanation:
QUESTION 111
Which query main entity should be selected to build a report showing application user name, client IP, full SQL, and timestamp?
A. Session
B. Full SQL
C. Client/Server
D. App User Name
Answer: B
Explanation/Reference:
Explanation:
QUESTION 112
If the S-TAP is configured with firewall_default_state=1 (closed mode), what type of action should be used in order to NOT firewall a specific
connection?
A. S-GATE ATTACH
B. S-GATE DETACH
C. S-TAP TERMINATE
D. S-GATE TERMINATE
Answer: B
Explanation/Reference:
Explanation:
QUESTION 113
Given the GrdAPI command: grdapi upload_custom_data tableName=DB2_COLUMN_PRIVS What does this command do?
A. upload database entitlement information into the DB2_COLUMN_PRIVS table for use in the DB2 entitlement reports
B. push Guardium audit information into the DB2 table DB2_COLUMN_PRIVS for use with the DB2 Unload command
C. upload entitlement information into the Guardium central manager for reporting on the DB2_COLUMN_PRIVS entitlement report
D. upload database entitlement information into S-TAP to block privilege users from accessing column level privileges within DB2
Answer: A
Explanation/Reference:
Explanation:
QUESTION 114
Which is the recommended datasource for use by Vulnerability Assessment?
A. An administrator user credential with read-only access.
B. A generic database user credential with read and write access.
C. A datasource using default user accounts for the targeted database type.
D. A datasource created using the gdmmonitor script specific for the targeted database type.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 115
Which timestamp attribute records the time when a session begins?
A. Period start
B. Session start
C. Session timestamp
D. Access period timestamp
Answer: B
Explanation/Reference:
Explanation:
QUESTION 116
Which step is necessary to configure Vulnerability assessment for CVE tests?
A. Create policy
B. Create datasource
C. Install and configure CAS
D. Install and configure S-TAP
Answer: B
Explanation/Reference:
Explanation:
QUESTION 117
When designing reports, which query condition item provides capability to dynamically filter on reports?
A. Value
B. Attribute
C. Operator
D. Parameter
Answer: D
Explanation/Reference:
Explanation:
QUESTION 118
Which is NOT a valid classifier policy action?
A. Send Alert
B. Create Group
C. Log Policy Violation
D. Create Access Rule
Answer: B
Explanation/Reference:
Explanation:
QUESTION 119
Which attributes must be defined as query fields for a query to be available to a correlation alert?
A. Text and Boolean
B. Numeric and Text
C. Date and Count
D. Boolean and Numeric
Answer: C
Explanation/Reference:
Explanation:
QUESTION 120
How does Application End User Translation determine the correct application user?
A. Uses Client MAC Address to determine Client IP.
B. Imports LDAP and matches Client IP address with Application User name.
C. Guesses the correct application user by comparing session time to / from the database server.
D. Integrates with Enterprise Business Application to deterministically capture application user name.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 121
Which sizing statement is correct?
A. Sizing the number of aggregators required is based directly on database server PVU counts.
B. When sizing the number of collectors for a Data-Level Access Control (S-GATE), special sizing considerations are required for
performancereasons.
C. When sizing the number of physical collectors for a Data Activity Monitoring, you need to calculate sizing based on the number of virtualappliances
plus 50%.
D. When sizing the number of virtual collectors for a Data Activity Monitoring, you need to calculate sizing based on the number of physicalappliances
plus 300%.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 122
A customer is deploying InfoSphere Guardium for Data Activity Monitoring (DAM) & Data Level Access Control (DLAC). They are not sure where to
locate their collector appliances with respect to the database server that needs to be monitored & protected. Which response is correct?
A. The collectors can be located anywhere on the network.
B. The collectors should be located in the same data center the database servers they monitor & protect reside.
C. The S-TAP must reside in the same data center the databases servers are at but the collectors can be anywhere.
D. The collectors and aggregators need to reside in the same location regardless of were the database servers reside.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 123
Which statement represents redundancy/contingency options on collectors?
A. Collectors can automatically fail over between aggregators.
B. Collectors can be configured with dual management ethernet ports.
C. Collector databases can be configured to perform real time synch with other collectors.
D. Collectors can be configured with a heartbeat allowing fail over between two collectors.
Answer: B
Explanation/Reference:
Explanation:
QUESTION 124
Which Guardium appliance cannot be a standalone unit?
A. S-TAP
B. Collector
C. Aggregator
D. Central manager
Answer: D
Explanation/Reference:
Explanation:
QUESTION 125
When building a Virtual Appliance there memory recommendations (RAM) that need to be taken into account. What is the present maximum memory
limit for such an appliance in Giga Bytes (GB)?
A. There is no maximum limit
B. Maximum 16 GB of memory
C. Maximum 18 GB of memory
D. Maximum 24 GB of memory
Answer: B
Explanation/Reference:
Explanation:
QUESTION 126
Guardium GUI can be customized to meet a number of unique customer requirements. What should be done In order to add one tab (or pane) at the
highest level?
A. Select the "i" icon and then "Add Pane".
B. Select "Quick Start" and then "Add Pane".
C. Select "tools ->customize GUI" from the admin console.
D. Select "Customize ->Add Pane" in the upper right hand portion of the GUI.
Answer: D
Explanation/Reference:
Explanation:
QUESTION 127
Which command sets the eth0 network IP address to 192.168.1.54?
A. store network ip 0 192.168.1.54
B. store network resolver 1 192.168.1.54
C. store network interface ip 192.168.1.54
D. store network routes static 192.168.1.54
Answer: C
Explanation/Reference:
Explanation:
QUESTION 128
Which statement will create an inspection engine for an Oracle database on host 10.10.9.57?
A. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=Sybase portMin=4200 portMax=4200 client=0.0.0.0/0.0.0.0
ktapDbPort=4200
B. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=Oracle portMin=1521 portMax=1521 dbInstallDir=/usr/lib/oracle
procName=/usr/lib/oracle/app/oracle/product/10.2.0/server/bin/oracle client=0.0.0.0/0.0.0.0 ktapDbPort=1521
C. grdapi create_stap_inspection_engine stapHost=10.10.9.59 protocol=Oracle portMin=1521 portMax=1521 dbInstallDir=/usr/lib/oracle
procName=/usr/lib/oracle/app/oracle/product/10.2.0/server/bin/oracle client=0.0.0.0/0.0.0.0 ktapDbPort=1521
D. grdapi create_stap_inspection_engine stapHost=10.10.9.57 protocol=DB2 portMin=50001 portMax=50001 dbInstallDir=/home/db2inst2
procName=/home/db2inst2/sqllib/adm/db2sysc client=0.0.0.0/0.0.0.0 db2SharedMemAdjustment=20 db2SharedMemClientPosition=61440
db2SharedMemSize=131072 ktapDbPort=50001
Answer: B
Explanation/Reference:
Explanation:
QUESTION 129
How can you find the help documents within the Guardium GUI?
A. by selecting the "about" link in the upper right hand of the screen
B. by selecting the "?" to the right of the Portal Map icon
C. by selecting the "tools->help" from the admin console
D. by selecting the magnifying glass icon in the upper right hand of the screen
Answer: B
Explanation/Reference:
Explanation:
QUESTION 130
There are various considerations when sizing the number of appliances required to support a customer environment.
What represents the BASIC unit of measurement used to calculate the initial number of Collectors required for a scope of Data Activity Monitoring
(DAM) in a Mainframe environment?
A. VU (Value Unit)
B. NTV (Network Traffic Volume)
C. DTA (Database Traffic Volume)
D. TSA (Technical Specification Assumptions)
Answer: A
Explanation/Reference:

You might also like