NEW QUESTION 1
In a centrally managed environment, while executing the report 'Enterprise Buffer Usage Monitor', a Guardium administrator gets an empty report. Why is the report empty?

• A. Sniffers are not running on the Collectors.
• B. The report is not executed with a remote source on the Collector.
• C. The report is not executed with a remote source on the Aggregator.
• D. Correct custom table upload is not scheduled on the Central Manager.

Answer: C

NEW QUESTION 2
A Guardium administrator needs to monitor an Oracle database on a production database server.
Which component does the administrator need to install on this database server that will monitor the traffic?

• A. S-TAP
• B. Guardium Collector
• C. Guardium Installation Manager (GIM)
• D. Configuration Auditing System (CAS)

Answer: D

NEW QUESTION 3
A Guardium administrator needs to build new appliances with the latest version of Guardium. How should the administrator obtain the ISO image?

• A. Contact IBM Support.
• B. Download from ibm.com
• C. Download from IBM Fix Central.
• D. Download from IBM Passport Advantage.

Answer: D

NEW QUESTION 4
During a Guardium deployment planning meeting, the team decides to deploy all S-TAP agents on all Unix/Linux database systems. A Unix/Linux system administrator team manager asks a Guardium administrator if there are any differences between Guardium S-TAPs for AIX and Linux systems that the team should be aware of.
What should be the Guardium administrator's response?

• A. A-TAP is required on all AIX DB Servers.
• B. a server reboot is required to capture shared memory traffic from all databases on AIX.
• C. K-TAP is required on the AIX DB server
• D. The exact uname -a output is required to determine the correct K-TAP module for the server.
• E. K-TAP is required on the Linux DB server
• F. The exact uname -a output is required to determine the correct K-TAP module for the server.

Answer: B

NEW QUESTION 5
A Guardium administrator is creating a policy to alert on actions by users that are stored on an LDAP server. How can the administrator populate a group to use in the policy?

• A. Schedule the LDAP user import into the group.
• B. Schedule the LDAP user import from accessmgr and run portal user sync.
• C. Schedule the LDAP user import from accessmgr and populate the group from a query.
• D. Populate the group from a query in access domain with a condition on the LDAP server as the Server IP.

Answer: C

NEW QUESTION 6
A Guardium administrator installed the BUNDLE-STAP module and is monitoring the state of the install. Which state requires a database server reboot to complete the installation process?

• A. Ip
• B. IP-PR
• C. FAILED
• D. PENDING-UPDATE

Answer: B

NEW QUESTION 7
A Guardium administrator observes certain changes to the configuration and policies. How would the administrator identify the changes that were made and who made them?

• A. Review the Audit Process Log report.
• B. Review the sniffer buffer usage report.
• C. Review the /var/log/messages log file.
• D. Review the results of 'Detailed Guardium User Activity' report.

Answer: D

NEW QUESTION 8
AGuardium administrator needs to upgrade BUNDLE-STAP on a Linux server to the latest version using GIM. What parameter should the administrator set to ensure the upgrade will not require a reboot of the server?

• A. KTAP_ENABLED=l
• B. KTAP_NO_ROLLBACK=l
• C. KTAP_LIVE_UPDATE=Y
• D. KTAP_ALLOW_MODULE_COMBOS=Y

Answer: C

NEW QUESTION 9
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector. What must the administrator ensure when setting up this environment?

• A. Both Collectors are centrally managed.
• B. There is network connectivity between the S-TAP and both Collectors.
• C. Guardium Installation Manager (GIM) is installed on the Database Server.
• D. in the guard_tap.ini file of the S-TAP set participate_in_load_balancing=l

Answer: B

NEW QUESTION 10
The quard_tap.ini of a UNIX S-TAP is configured with the following parameters:


The administrator must create a policy that will terminate the session on the delete statement in the below scenario: A session is started to the monitored database from client IP 9.9.8.7. In the session the user plans to perform a select statement and then a delete statement.
What actions should the administrator configure?

• A. Rule l - S-GATE Attach Rule 2 - S-GATE Detach
• B. Rule l - S-GATE Detach Rule 2 - S-GATE Terminate
• C. Rule l - S-GATE Attach Rule 2 - S-GATE Terminate
• D. Rule l - S-TAP Terminate Rule 2 - S-GATE Terminate

Answer: A

NEW QUESTION 11
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?

• A. install the latest patch on the Guardium appliance.
• B. Install the latest released Database Activity Monitor Content.
• C. Ask the database administrators to provide the default tests.
• D. Ask the Company Security Provider to supply the default tests

Answer: B

NEW QUESTION 12
AGuardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open-How can the administrator do this?

• A. Ask the company's network administrators.
• B. Ask IBM technical support to login as root and verify.
• C. Login as CLI and execute telnet <ip address> <port number>
• D. Login as CLI and execute support show port open <ip address> <port number>

Answer: D

NEW QUESTION 13
The Quick Search window does not show up on the GUI of a standalone Collector What technical feature should the Guardium administrator check first?

• A. That the Collector has at least 24 GB.
• B. That the Collector has at least 32 GB.
• C. That the Collector has at least 64 GB.
• D. Check the contract and verify whether that feature was purchased.

Answer: A

NEW QUESTION 14
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product. Which of the following are correct with regards to these features? (Select two.)

• A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
• B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
• C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
• D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
• E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.

Answer: DE

NEW QUESTION 15
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?

• A. fjieserver
• B. support execute showlog
• C. show log external state
• D. support must_gather system_db_info

Answer: B

NEW QUESTION 16
A Guardium administrator needs to use both CLI and GrdAPI functions to manage the system.
Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI?

• A. CLI: commands <search option> GrdApi: grdapi <search option> --help
• B. CLI: help <search option> GrdApi: grdapi --help <search option>
• C. CLI: commands <search option> GrdAPI: grdapi command <search option>
• D. CLI: <search option> -help GrdApi: grdapi <search option> -help=true

Answer: D

NEW QUESTION 17
After a successful purge, a Guardium administrator observes that the full percentage of the Guardium internal database is not decreasing. The administrator uses support show db-top-tables all and finds the size of the largest tables has decreased significantly.
What should the administrator do?

• A. Increase the retention period and rerun the purge.
• B. Rebuild the appliance and restore from the backup.
• C. Login to CLI and execute stop inspection-core.
• D. Optimize the internal TURBINE database using diag CLI command.

Answer: D

NEW QUESTION 18
A Guardium administrator has rebuilt an appliance, and wants nowto restore a backup image of the entire database, audit data, and all definitions from Data backup.Which CLI command should the administrator use to accomplish this?

• A. restore config
• B. restore system
• C. restore pre-patch-backup
• D. restore certificate sniffer backup

Answer: B

NEW QUESTION 19
Auditors request a report of all unsuccessful login attempts to a database monitored by Guardium. How should a Guardium administrator create such a report?

• A. Add a failed login rule to the policy.
• B. Create a failed login query and report using access domain in Guardium.
• C. Create a failed login query and report using exceptions domain in Guardium.
• D. Create a failed login query and report using application data domain in Guardium.

Answer: C

NEW QUESTION 20
Which port must be open for encrypted communication between UNIX S-TAP and Collector?

• A. 9500
• B. l60l6
• C. l60l7
• D. l60l8

Answer: D

NEW QUESTION 21
A company has recently acquired Guardium software entitlement to help meet their upcoming PCI-DSS audit requirements. The company is entitled to Standard Guardium DAM offering.
Which of the following features can the Guardium administrator use with the current entitlement? (Select two.)

• A. Run Vulnerability Assessment reports
• B. Generate audit reports using PCI-DSS Accelerator
• C. Block and quarantine an unauthorized database connection
• D. Mask sensitive PCI-DSS information from web application interface
• E. Log and alert all database activities that access PCI-DSS Sensitive Objects.

Answer: AB

NEW QUESTION 22
A Guardium administrator installed an S-TAP but is not seeing any data in reports on the collector. The administrator discovered that an Inspection Engine is not configured for that S-TAP.
What is an Inspection Engine?

• A. A piece of software residing on the Collectors.
• B. Another software to be installed on the Database server.
• C. The same thing as the policy and it runs on the S-TAP to inspect the traffic in real-time.
• D. A set of parameters needed for the S-TAP to define how to monitor traffic for a particular database instance on a server.

Answer: C

NEW QUESTION 23
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incoming data.
Which data management function does the administrator need to configure?

• A. Purge
• B. Data Export
• C. Data Restore
• D. System Backup

Answer: A

NEW QUESTION 24
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 25
......