C2150-606 IBM Security Guardium V10.0 Administration - Practice Questions

Question 4

Which use cases are covered with the File Activity Monitoring feature? (Select two.)

Select all that apply, then click Submit answer.

○
Classify sensitive files on mainframe systems.
○
Encrypts database data files on file systems based on policies.
○
Selectively redacts sensitive data patterns in files based on policies.
○
Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
○
Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Reference / correct answer:

Classify sensitive files on mainframe systems.

Identifies files containing Personally Identifiable Information (PII) or proprietary confidential information on Linux Unix Windows (LUW) systems.

A: Use case example:

Critical application files can be accessed, modified, or even destroyed through back-end access to the application or database server

Solution: File Activity Monitoring can discover and monitor your configuration files, log files, source code, and many other critical application files and alert or block when unauthorized users or processes attempt access.

E: Use case example:

Need to protect files containing Personally Identifiable Information (PII) or proprietary information while not impacting day-to-day business.

Solution: File Activity Monitoring can discover and monitor access to your sensitive documents stored on many file systems. It will aggregate the data, give you a view into the activity, alert you in case of suspicious access, and allow you to block access to select files and folders and from select users.

Note: File activity monitoring consists of the following capabilities:

* Discovery to inventory files and metadata.

* Classification to crawl through the files to look for potentially sensitive data, such as credit card information or personally identifiable information.

* Monitoring, which can be used without discovery and classification, to monitor access to files and, based on policy rules, audit and alert on inappropriate access, or even block access to the files to prevent data leakage.

Reference: https://www-01.ibm.com/support/knowledgecenter/SSMPHH_10.0.0/com.ibm.guardium.doc/protect/fam_intro.html

Question 5

A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that it does not impact the current data being collected or any merge settings. In order to keep the reports separate (old data vs current data), the administrator sets up an Investigation Center.

Which is a key requirement for users of the Investigation Center?

Select an option, then click Submit answer.

○
The user must be in one of the groups INV_1, INV_2, or INV_3 (case-sensitive).
○
The users must login as one of the predefined user accounts INV_1, INV_2, or INV_3 (case-sensitive).
○
A separate user must be used with a role of either INV_1, INV_2, or INV_3 (case-sensitive).
○
To correctly configure an investigation user, the user’s Last Name must be set to the name of one of the three investigation databases, INV_1, INV_2, or INV_3 (case-sensitive).

Question 6

Which port must be open for encrypted communication between UNIX S-TAP and Collector?

Select an option, then click Submit answer.

○
9500
○
16016
○
16017
○
16018

C2150-606 – IBM Security Guardium V10.0 Administration