All About Validated C2150-606 Actual Exam

NEW QUESTION 1
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The Aggregators and Central Manager can handle more load.
What should a Guardium administrator recommend?

• A. Deploy 2 new Collectors, l in each data center.
• B. Connect S-TAPs directly to Aggregators to avoid network latency.
• C. Connect S-TAPs directly to the Central Manager to avoid network latency.
• D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.

Answer: A

NEW QUESTION 2
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses support show db-top-tables all and finds the size of the largest tables has decreased significantly.
What should the administrator do?

• A. Increase the retention period and rerun the purge.
• B. Rebuild the appliance and restore from the backup.
• C. Login to CLI and execute stop inspection-core.
• D. Optimize the internal TURBINE database using diag CLI command.

Answer: D

NEW QUESTION 3
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector. What must the administrator ensure when setting up this environment?

• A. Both Collectors are centrally managed.
• B. There is network connectivity between the S-TAP and both Collectors.
• C. Guardium Installation Manager (GIM) is installed on the Database Server.
• D. in the guard_tap.ini file of the S-TAP set participate_in_load_balancing=l

Answer: B

NEW QUESTION 4
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?

• A. include the PVU load of passive nodes.
• B. include half of the passive nodes PVU load.
• C. include a third of the passive nodes PVU load.
• D. Not include the PVU load of passive nodes.

Answer: D

NEW QUESTION 5
AGuardium administrator just finished installing the Guardium product to build a Collector. The administrator wants to make sure the Collector has the licenses needed to provide functionality for data activity monitoring, masking and blocking (terminate).
Which of the following lists the minimum licenses the administrator needs to install?

• A. Base Collector license.
• B. None, the licenses required are already installed automatically by the Guardium product installer.
• C. Base Collector license plus IBM Security Guardium Standard Activity Monitor for Databases (DAM Standard).
• D. Base Collector license plus IBM Security Guardium Advanced Activity Monitor for Databases (DAM Advanced).

Answer: D

NEW QUESTION 6
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?

• A. Log Only
• B. Alert Only
• C. Alert Daily
• D. Alert Per Match

Answer: C

NEW QUESTION 7
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?

• A. Client OS
• B. Client MAC
• C. Access ID
• D. Analyzed Client IP

Answer: B

NEW QUESTION 8
A Guardium administrator needs to build new appliances with the latest version of Guardium. How should the administrator obtain the ISO image?

• A. Contact IBM Support.
• B. Download from ibm.com
• C. Download from IBM Fix Central.
• D. Download from IBM Passport Advantage.

Answer: D

NEW QUESTION 9
A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to Standard Guardium DAM offering.
Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)

• A. Run Vulnerability Assessment reports
• B. Generate audit reports using PCI-DSS Accelerator
• C. Block and quarantine an unauthorized database connection
• D. Mask sensitive PCI-DSS information from web application interface
• E. Log and alert all database activities that access PCI-DSS Sensitive Objects.

Answer: AB

NEW QUESTION 10
AGuardium administrator is checking the scheduled jobs exceptions report on a standalone Collector The following error is repeating every l5 minutes.
java.lang.NumberFormatException: empty String
The administrator also notices that the anomaly detection polling interval is l5 minutes. What should the administrator do next to contribute troubleshooting the problem?

• A. Pause all scheduled jobs and check if the exception comes back.
• B. identify the alert that is causing the problem by deactivating one alert at a time.
• C. Check in the alert builder to see which alerts have accumulation interval of l5 minutes.
• D. in the CLI run support must_gather aggjssues and send the file to IBM support.

Answer: B

NEW QUESTION 11
Which use cases are covered with the File Activity Monitoring feature? (Select two.)

• A. Classify sensitive files on mainframe systems.
• B. Encrypts database data files on file systems based on policies.
• C. Selectively redacts sensitive data patterns in files based on policies.
• D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
• E. Identifies files containing Personally Identifiable Information (Pll) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Answer: AE

NEW QUESTION 12
AGuardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open-How can the administrator do this?

• A. Ask the company's network administrators.
• B. Ask IBM technical support to login as root and verify.
• C. Login as CLI and execute telnet <ip address> <port number>
• D. Login as CLI and execute support show port open <ip address> <port number>

Answer: D

NEW QUESTION 13
A Guardium policy has been configured with the following two rules:

A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object "TABLET.
What domain(s) can the administrator create a report in to see the SQL?

• A. Access
• B. Policy Violations
• C. Access and Access Policy
• D. Access and Policy Violations

Answer: A

NEW QUESTION 14
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?

• A. fjieserver
• B. support execute showlog
• C. show log external state
• D. support must_gather system_db_info

Answer: B

NEW QUESTION 15
During a Guardium deployment planning meeting, the team decides to deploy all S-TAP agents on all Unix/Linux database systems. A Unix/Linux system administrator team manager asks a Guardium administrator if there are any differences between Guardium S-TAPs for AIX and Linux systems that the team should be aware of.
What should be the Guardium administrator's response?

• A. A-TAP is required on all AIX DB Servers.
• B. a server reboot is required to capture shared memory traffic from all databases on AIX.
• C. K-TAP is required on the AIX DB server
• D. The exact uname -a output is required to determine the correct K-TAP module for the server.
• E. K-TAP is required on the Linux DB server
• F. The exact uname -a output is required to determine the correct K-TAP module for the server.

Answer: B

NEW QUESTION 16
A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that it does not impact the current data being collected or any merge settings. In order to keep the reports separate (old datavs current data), the administrator sets up an Investigation Center.
Which is a key requirement for users of the Investigation Center?

• A. The user must be in one of the groups INV_l, INV_2, or INV_3 (case-sensitive).
• B. The users must login as one of the predefined user accounts INV_l, INV_2, orlNV_3 (case-sensitive).
• C. A separate user must be used with a role of either INV_l, INV_2, or INV_3 (case-sensitive).
• D. To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases, INV_l, INV_2, or INV_3 (case-sensitive).

Answer: D

NEW QUESTION 17
A Guardium administrator needs to configure EMC Centera for Archive and/or Backup.
In addition to the server IP address, what else is required to establish connection with an EMC Centera on the network?

• A. ciipID
• B. PEA file
• C. Shared secret
• D. Certificate signed request (CSR)

Answer: B

NEW QUESTION 18
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 19
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?

• A. ja64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
• B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, l TB disk
• C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
• D. Iinuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk

Answer: B

NEW QUESTION 20
AGuardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from this application, performance of the S-TAP and sniffer is a concern.
What action should the administrator use in the rule?

• A. Ignore Session
• B. ignore S-TAP Session
• C. ignore SQL per Session
• D. ignore Responses per Session

Answer: B

NEW QUESTION 21
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incoming data.
Which data management function does the administrator need to configure?

• A. Purge
• B. Data Export
• C. Data Restore
• D. System Backup

Answer: A

NEW QUESTION 22
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:


The administrator must create a policy that will terminate the session on the delete statement in the below scenario: A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
What actions should the administrator configure?

• A. Rule l - S-GATE Attach Rule 2 - S-GATE Detach
• B. Rule l - S-GATE Detach Rule 2 - S-GATE Terminate
• C. Rule l - S-GATE Attach Rule 2 - S-GATE Terminate
• D. Rule l - S-TAP Terminate Rule 2 - S-GATE Terminate

Answer: A

NEW QUESTION 23
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update to be synced with the managed units in a fully working environment?

• A. 0 minutes
• B. l5 minutes
• C. 30 minutes
• D. 60 minutes

Answer: D

NEW QUESTION 24
AGuardium environment is set up to send daily reports to users. The users are complaining that their report has not been delivered to their inbox for the past week. What is the first action the Guardium administrator should take in order to diagnose the problem?

• A. Open a ticket with IBM Support.
• B. Pause the User Portal Sync process.
• C. Check in the Aggregation/Archive log.
• D. Check in the Scheduled Job Exceptions.

Answer: D

NEW QUESTION 25
A Guardium administrator needs to check the traceroute information between one appliance and its Central Manager. Which CLI command should the administrator run?

• A. iptraf
• B. support show iptables
• C. show network routes operational
• D. support must_gather network_issues

Answer: D

NEW QUESTION 26
......