01. A Guardium administrator is notified by the Security Incident Event Manager (SIEM) administrator in the organization that Guardium is sending real time policy alerts to the SIEM in an incorrect format.
How can the Guardium administrator verify the format that is being used?
a) Check the policy violations report.
b) Check on the IBM Knowledge Center to find the template.
c) On the GUI Anomaly Detection page, find the active alerts and check their definitions.
d) On the GUI Global Profile page, check the Named Template used in the policy action.
02. Which port must be open for encrypted communication between UNIX S-TAP and Collector?
03. An audit process is currently scheduled to run with User1 as a receiver. User1 leaves the company and the Guardium administrator is asked to replace User1 with User2. How can the administrator achieve this?
a) Create another audit process with User2 as the receiver.
b) Modify the audit process to add the User2 as the receiver.
c) Clone the current audit process, remove User1, and add User2.
d) Modify the audit process, delete the User1 as the receiver, and add User2 as the receiver.
04. A Guardium administrator is building a policy to monitor files on a datasource. Which actions can the administrator use in the policy?
b) Audit only
c) Alert and Audit
d) Alert per match
e) Ignore S-TAP Session
05. In a centrally managed environment, while executing the report 'Enterprise Buffer Usage Monitor', a Guardium administrator gets an empty report. Why is the report empty?
a) The report is not executed with a remote source on the Aggregator.
b) Correct custom table upload is not scheduled on the Central Manager.
c) Sniffers are not running on the Collectors.
d) The report is not executed with a remote source on the Collector.
06. A Guardium administrator has a standalone Collector which is monitoring critical production databases during the working day.
Archives are taken daily before work starts and purges take place on all data older than 5 days. This is all working well. However, an auditor arrives at 10:00 am local time and wants to review data from 3 weeks ago.
When can the administrator restore the data for the auditor?
a) The restore can be done in the morning as it will not impact data collection.
b) The restore can be done at lunch time, to avoid a performance impact during high volume of current traffic.
c) The restore can only take place outside of working hours as the data cannot be captured during the restore process.
d) The restore can be done anytime, but might need to accept some data loss if the performance is impacted too much.
07. A Guardium administrator has a Collector exporting to an Aggregator. Both appliances are set to Eastern Standard Timezone (EST). The administrator runs a report at 9:00 am EST every day on the Aggregator to show activity for yesterday for all units exporting to the Aggregator.
However, the administrator does not see data for this Collector in the report output. The administrator looks at both screenshots below. First screen shot is the Data Export configuration on the Collector, and there is a schedule to run this every day at 11:00 am EST. Data Import runs every day at 7:00 am EST on the Aggregator.
What problem does the administrator see in the configuration that may be causing the issue? And what can the administrator do to fix it?
a) Problem: Export data older than and Ignore data older than are inverted. Solution: Invert the settings.
b) Problem: Export data older than and Ignore data older than are too low. Solution: Increase both settings by 1.
c) Problem: Reports are run after Data Import runs. Solution: Run the reports on the Aggregator before the Data Import runs.
d) Problem: The Data Export on the Collector runs after the Data Import on the Aggregator. Solution: Modify the schedules so Data Export on Collector runs before the Data Import on the Aggregator.
08. A Guardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open.
How can the administrator do this?
a) Ask the company’s network administrators.
b) Login as CLI and execute support show port open <ip address> <port number>
c) Login as CLI and execute telnet <ip address> <port number>
d) Ask IBM technical support to login as root and verify.
09. During the installation phase, the Guardium administrator ensured that the same S-TAP installation procedures were performed on both Oracle 11 and DB2 10.5 systems. They both run on servers with the same version of Linux.
However, during the testing, it was found that all local DB2 connection activities were not captured in the activity report. Meanwhile, all activities on Oracle and all DB2 TCP activities were captured.
What additional step should the administrator take on the database server to capture the missing DB2 shared memory traffic?
a) Reboot the Linux server.
b) Restart the DB2 instance.
c) Configure the DB2 EXIT Library.
d) Configure both the A-TAP and DB2 EXIT Library.
10. A Guardium administrator needs to configure daily purge. What is the default value for purge data older than configured on the Guardium appliance?
a) 60 days
b) 90 days
c) 180 days
d) 365 days