Vendor: IBM
Exam Code: C2150-596
Exam Name: IBM Security Access Manager for Enterprise Single Sign-On V8.2
QUESTION 1
Which statement is true regarding Serial ID Service Provider Interface (SPI) API?
A. SPI specifies a set of functions to enable biometric support.
B. SPI specifies a set of functions to enable Mobile ActiveCode.
C. SPI is a programmatic interface intended for integrating AccessAgent with third-party’ Serial ID devices used for two factor authentication.
D. SPI must be installed on every node in an IBM WebSphere Application Server cluster in order to enable second factor authentication support.
Answer: C
QUESTION 2
If using the IBM Security Access Manager Enterprise Single Sign-On V8.2 (ISAM ESSO) adapter, what is a prerequisite if the IMS Server is configured for Enterprise Directory password sync?
A. The Active Directory (AD) account must exist before the ISAMESSO account can be provisioned.
B. No ISAM ESSO password policies can be set up; only the corporate AD password policies apply.
C. The IMS account ID must include the domain if the IMS account is provisioned before the AD account.
D. No prerequisites on accounts; all restrictions from earlier releases have been removed from the ISAM ESSO release.
Answer: A
QUESTION 3
How can performance of a remote AccessAgent in a Citrix deployment be improved?
A. Remove the profiles from the wallet
B. Set the machine policy to cache the user wallet
C. Set the machine policy to query the IMS Server for credentials
D. Set the machine policy to synchronize the wallet every 30 seconds
Answer: B
QUESTION 4
After an administrator has revoked a user account from the IBM Security Access Manager Enterprise Single Sign-On V8.2 (ISAM ESSO) Server, how can a user access the same account?
A. Re-cache the wallet
B. Change the password
C. Re-login with proper user name and password
D. Delete the user from SAM ESSO and sign up with the same user account
Answer: D
QUESTION 5
A customer has updated an enterprise application and IBM Security Access Manager Enterprise Single Sign-On V8.2 does not inject credentials anymore. What can be done?
A. Install the latest fix pack on all AccessAgents and check if the application works.
B. Use AccessStudio to test the new application and understand what has changed in the
application’s signature. Update the AccessProfile to match the new updated application. Replace the AccessProfile on the IMS Server.
C. Erom AccessStudio, launch the updated application and use the AccessAgent.log file to understand what has changed in the application’s signature. Update the AccessProfile to match the new updated application. Replace the AccessProfile on the IMS Server.
D. Update the system policies to enable AccessProfile Test mode. Troubleshoot the updated application then update the AccessProfile on the IMS Server. Wait for the next AccessAgent synchronization for the profile to be sent from the IMS Server to the AccessAgent. Eventually disable the AccessProfile Test mode from the system policies.
Answer: B
QUESTION 6
What is the default log level for an installed AccessAgent on a client system?
A. Log Level 1
B. Log Level 2
C. Log Level 3
D. Log Level 4
Answer: A
QUESTION 7
Which rights are required for lookup user while configuring a user repository for IBM Security Access Manager for Enterprise Single Sign-On V8.2 users?
A. Admin rights
B. Lookup rights
C. Replication rights
D. Back Up Operator rights
Answer: B
QUESTION 8
If Gemalto is the middleware available in a customer environment, which second factor deployment will be appropriate along with IBM Security Access Manager Enterprise Single Sign-On V8.2?
A. ARFID
B. Biometric
C. MAC/OTP
D. Smart Card
Answer: D
QUESTION 9
How is it verified from AccessStudio if the AccessProfiles for applications are functioning correctly?
A. With the Test mode
B. With the Verify function
C. With the Simulate mode
D. Simulating a login and then checking the aa_observer.log log file
Answer: A
QUESTION 10
Which statements are correct regarding communication between the IMS Server and AccessAgent if default ports are used by IMS server host system?
1. The download port is only used to download the IMS Server certificate.
2. IMS Server certificate is required to create a SSL connection to the IMS Server.
3. If the certificate is manually installed on the client then the download port is not needed.
4. If the IMS Server cert is not available then there is no connection to port443.
A. 2, 3
B. 1, 3, 4
C. 1, 2, 4
D. 1, 2, 3, 4
Answer: D
Passleader Latest Sample Questions for IBM C2150-596 Test
