NEW QUESTION NO: 6
Which hypervisor supports hosting the IBM Security Access Manager (ISAM) 9.0 virtual appliance?
A. Hyper-V
B. VMware ESX
C. QNX
D. RHEL Workstation
Answer: C

NEW QUESTION NO: 7
An IBM Security Access Manager (ISAM) V9.0 deployment professional has downloaded a snapshot from an ISAM virtual appliance configured with reverse proxy. This snapshot is being applied to another virtual appliance.
Which condition must be met before applying a snapshot form one virtual appliance to another?
A. Both appliances must be in the same time zone
B. Both appliances must have the same activation keys applied
C. Both appliance must have same application database setting
D. Both appliances must be at the same firmware level
Answer: B

NEW QUESTION NO: 8
The IBM Security Access Manager V9.0 deployment professional has recently discovered an entire deployment of over 100 junctions was performed incorrectly.
How can a repair operation be scripted for this, and future deployment personnel?
A. Use the REST API interface https://{appliance_hostname}/isam/pdadmin, JSON files and the CURL utility.
B. Use the CLI SSH interface, navigating to isam->admin and authenticating as sec_master.
C. Use a text editor and create the correct junction XML files, then import them using the LMI.
D. Use the LMI Secure Web Settings -> Reverse Proxy -> Manage -> Junction Management interface.
Answer: C

NEW QUESTION NO: 9
A customer has deployed an IBM Security Access Manager V9.0 solution to protect web applications. After the initial authentication between the client and WebSEAL,WebSEAL can build a new BasicAuthentication header and use the -b option to provide the authenticated Security Access Manager user name (client's original identity) together with a predefined static password across the junction to the back-end server.
Which configuration option will accomplish this?
A. -b ignore
B. -b supply
C. -bgso
D. -b filter
Answer: A

NEW QUESTION NO: 10
The deployed IBM Security Access Manager (ISAM) V9.0 solution in a company already contains a federated LDAP server. However, the dynamic group support is disabled. A deployment professional is required to change the existing federated LDAP server configuration to support the dynamic groups.
How should the deployment professional do this?
A. Manually modify the activedir.conf file and add 'dynamic-groups-enabled = yes'
B. Manually modify the ldap.conf file and add 'dynamic-groups-enabled = yes'
C. Edit the federated directory configuration using LMI method and select the checkbox
"Enable dynamic group"
D. Re-federate the LDAP server with dynamic group support enabled
Answer: D

NEW QUESTION NO: 11
A deployment professional has created an Access Control Policy to protect sensitive businessinformation:

Which Policydecision is returned for a userwith a risk score of 35 andhas consented to registering adevice?
A. Permit with Authentication Consent Register Device
B. Permit with Obligation Register Device
C. Deny
D. Permit
Answer: C

NEW QUESTION NO: 12
A customer is migrating from TAM v6.1 running on AIX to IBM Security Access Manager (ISAM) V9.0 hardware appliances.
Which information from the TAM v6.1 environment will be useful in sizing the new ISAM V9.0 hardware configuration?
A. Number of LDAP replicas
B. WebSEAL request logs
C. Number of objects in the protected object space
D. WebSEAL CDAS specifics
Answer: C

NEW QUESTION NO: 13
A deployment professional has configured Federated Single Sign-On using IBM Security Access Manager V9.0 with WebSEAL as point of contact.
Which two things need to be configured to achieve Single Log Out (SLO) in the SAML 2.0 Federation?(Choose two.)
A. The URIs that receive a single signoff request ([acnt-mgt] single-signoff-uri
/applications/sign off)
B. The page displayed after pkmslogout is called (logout.html)
C. The appropriate extended attribute to the Federation junction (HTTP-Tag-Value user_session_id=user_session_id)
D. The passing of session cookies tojunctioned servers (-k option in the junction creation)
E. The creation of user session ID's ([session] user-session-ids = yes)
Answer: A,D

NEW QUESTION NO: 14
The appliance dashboard Reverse Proxy Health widget indicates a problem with the /snoop junction on the Test instance.
Which log file can be examined to find product errors?
A. agent.log
B. request.log
C. referer.log
D. msg___webseald-Test.log
Answer: B

NEW QUESTION NO: 15
A customer's IBM Security Access Manager V9.0 deployment consists of a cluster with Primary and Secondary masters. The Primary master fails and becomes unavailable and prevents any policy updates.
Which action is required to ensure policy updates can be applied?
A. Promote the Secondary to Primary
B. Enable the Policy server in Secondary master
C. Restore a backed up master policy database to the secondary master
D. Set the Policy DB in the secondary to read-write state
Answer: B

NEW QUESTION NO: 16
A deployment professional wants to ensure traffic from a Reverse Proxy toa junction backend applicationserver goes out over a specific interface.
How can this be accomplished?
A. Create a new application interface.
B. Create a new management interface.
C. Create a static route to the backend server.
D. Create a new interface in the reverse proxy configuration file.
Answer: B