IBM 000-003

Version

QUESTION NO: 1
What is another piece of essential information, in addition to the list below,
which can be used to create a diagram of the customer organization?What is another
piece of essential information, in addition to the list below, which can be used to
create a diagram of the customer? organization? - divisions - location(s) /
geographical information - reporting chains

A. business units
B. e-mail addresses
C. Help Desk functions
D. whether or not the customer has a dedicated Operations Center
Answer: A

QUESTION NO: 2
Which document describes what needs to be addressed in a security solution for a
customer?

A. Installation History
B. Design Specification
C. Interface Specification
D. Requirements Specification
Answer: D

QUESTION NO: 3
How can a user bypass the strong authentication mechanism provided by IBM Tivoli
Access Manager for Enterprise Single Sign-On?

A. Get an authorization code from help desk.

B. Access the application using Web Workplace
C. There is no way to bypass strong authentication.
D. Reboot the system disabling the strong authentication.
Answer: A

QUESTION NO: 4
Which three actions should be taken to improve the performance and availability of
IBM Tivoli Directory Server? (Choose three.)

A. partition the directory if local applications require access to the full

directory content
B. use a cascade replication topology to off-load replication work from the replica
server
C. partition the directory if remote applications require access to the full
directory content
D. distribute multiple replicas into other LANs with slow network connections to
the master
E. partition the directory if local applications require access to a subset of
directory content
F. use a peer-to-peer replication topology if any of the applications perform
several updates to the directory
Answer: D,E,F
QUESTION NO: 5
What is the authoritative source of identity information about a user in an
identity federation?

A. the SAML V1.1 protocol

B. the identity provider only
C. the service provider only
D. both the service and identity providers
Answer: B

QUESTION NO: 6
A customer wants to consolidate authentication information for all existing
products, such as IBM WebSphere, IBM Tivoli Access Manager, and IBM Tivoli Identity
Manager with a single product. Which product can be an authentication information
server for the customer?

A. IBM DB2
B. Tivoli Data Warehouse
C. IBM Tivoli Directory Server
D. IBM Tivoli Directory Integrator
Answer: C

QUESTION NO: 7
With which other IBM product does IBM Tivoli Key Lifecycle Manager work seamlessly?

A. IBM Tivoli Backup Manager

B. IBM Tivoli Storage Manager
C. IBM Tivoli Encryption Manager
D. IBM Tivoli System Storage Archive Manager
Answer: B

QUESTION NO: 8
After meeting with the customer, the following list concerning security is
compiled: - customer business requirements- customer? business requirements -
immediate business/security needs - customer long-term business/security vision-
customer? long-term business/security vision - customer stated security
requirements- customer? stated security requirements What should also be included
in this list?

A. list of products to be deployed

B. recognized security standards
C. existing change control processes
D. company complete organizational chartcompany? complete organizational chart
Answer: B

QUESTION NO: 9
Which two types of information are needed when creating a document on a customer's
IT and business organizational structure? (Choose two.)

A. number of business units

B. annual expenditure on IT assets
C. number of employees in IT organization
D. list of divisions within the IT department
E. total number of systems used by the company
Answer: A,D
QUESTION NO: 10
The solution advisor is analyzing a customer business processes, and focusing on a
subset dealing with cross-enterprise Web transactions, bothThe solution advisor is
analyzing a customer? business processes, and focusing on a subset dealing with
cross-enterprise Web transactions, both HTML- and SOAP-based. Which three
corresponding security requirements can be addressed by IBM Tivoli Federated
Identity Manager? (Choose three.)

A. federated (cross-enterprise) Web single sign-on

B. federated (cross-enterprise) provisioning of users
C. federated (cross-enterprise) authorization of access to Web resources (SOAP
only)
D. federated (cross-enterprise) authorization of access to Web resources (HTML
only)
E. federated (cross-enterprise) authorization of access to Web resources (SOAP and
HTML)
F. federated (cross-enterprise) assurance of compliance for both enterprises?
desktops and servers
Answer: A,B,E

QUESTION NO: 11
What are the two ways of configuring federation with IBM Tivoli Federated Identity
Manager? (Choose two.)

A. LTPA
B. Browser Post
C. Shared Cookies
D. Credential Cache
E. Artifact Resolution
Answer: B,E

QUESTION NO: 12
Which three IBM products have achieved Common Criteria Evaluation Assurance Level
certification as of July 2009? (Choose three.)

A. IBM Tivoli Directory Server

B. IBM Tivoli Identity Manager
C. IBM Tivoli Directory Integrator
D. IBM Tivoli Security Compliance Manager
E. IBM Tivoli Access Manager for e-business
F. IBM Tivoli Access Manager for Enterprise Single Sign-On
Answer: A,B,E

QUESTION NO: 13
After a number of interviews with various customer personnel, the term ser
productivity ?logon and transaction experience?came up as a businessAfter a number
of interviews with various customer personnel, the term ?ser productivity ?logon
and transaction experience?came up as a business process. Other than the word ogon?
there is not much in the way of additional description that gives insight into how
that process relates to security.process. Other than the word ?ogon? there is not
much in the way of additional description that gives insight into how that process
relates to security. What is a good list of security (and related) elements that
relate most closely to the process as identified above?
A. firewall, filtering router, and intrusion detection
B. SSL acceleration, content filtering, and pop-up blockers
C. single sign-on, personalization, scalability, and availability
D. identification, public-key infrastructure, and multi-factor authentication
Answer: C

QUESTION NO: 14
What are three featured capabilities of IBM Tivoli Security Policy Manager? (Choose
three.)

A. authors, administers, transforms, and distributes security policies

B. imports application roles and integrates with existing identity systems
C. simple authentication capability across all systems, services, and applications
D. delivers mainframe-class security and auditing in a lightweight, easy-to-use
product
E. enforces policies across multiple policy enforcement points using runtime
security services
F. centralizes security management and makes it easy and more cost effective to
deploy secure applications
Answer: A,B,E

QUESTION NO: 15
Which three pieces of information should be given to a customer to help them
prepare for the long-range vision and the future direction of their security
solutions? (Choose three.)

A. Biometrics should be used for authentication.

B. Public-key infrastructure is the correct identity/authentication approach.
C. There must be a continued evolution towards standards-based solutions.
D. End-to-end security is needed, with no ecurity gaps?in common scenarios.End-to-
end security is needed, with no ?ecurity gaps?in common scenarios.
E. Integrated security solutions are preferable to oint solutions" that are linked
together.Integrated security solutions are preferable to ?oint solutions" that are
linked together.
F. Plug-in access control enforcement will eventually achieve dominance over proxy
solutions.
Answer: C,D,E

QUESTION NO: 16
Which technology needs to be available when managing a nonstandard database with an
IBM Tivoli Identity Manager adapter?

A. SQL
B. JDBC
C. ODBC
D. TCP/IP
Answer: B

QUESTION NO: 17
Which skills are necessary to implement IBM Tivoli Directory Integrator to
synchronize data between different registries and databases?

A. Java, JavaScript, DSML, SQL, and JNDI

B. C/C++, Perl Script, XSL, SSL, and LDAP
C. Java, JavaScript, HTML,SAML, and POP3/IMAP
D. WS-Provisioning, WS-Federation, SAML, and Liberty V1.2
Answer: A

QUESTION NO: 18
A customer has the following requirements: a. System Administrators are allowed to
log in to AIX servers any time of the day. b. Database administrators are only
allowed to log in to AIX servers between 6:00 a.m. and 6:00 p.m. local time. Which
IBM Tivoli product is capable of enforcing login policies that will satisfy the
above requirements?

A. IBM Tivoli Identity Manager

B. IBM Tivoli Federated Identity Manager
C. IBM Tivoli Access Manager for Operating Systems
D. IBM Tivoli Access Manager for Enterprise Single Sign-On
Answer: C

QUESTION NO: 19
Which two requirements are addressed by implementing IBM Tivoli Identity Manager?
(Choose two.)

A. authentication of users
B. enterprise single sign-on
C. role-based account provisioning
D. automation of account approvals
E. system-wide security compliance reporting
Answer: C,D

QUESTION NO: 20
Which encryption method is used by IBM Tivoli Access Manager (Tivoli Access
Manager) for e-business when Tivoli Access Manager is configured with the FIPS mode
enabled?

A. SSLv3
B. TLSv1
C. WPAv2
D. Kerberos
Answer: B

QUESTION NO: 21
Which information should a customer baseline document include?Which information
should a customer? baseline document include?

A. proof that there are no existing orphan accounts

B. the naming convention in place for all current users
C. the customer key business processes related to securitythe customer? key
business processes related to security
D. a list of all authentication mechanisms used by the customer
Answer: C

QUESTION NO: 22
What is the recommended approach to map custom attributes in the HR Feed to the new
IBM Tivoli Identity Manager (Tivoli Identity Manager) person attributes?

A. Create new LDAP attributes and add them to the inetOrgPerson objectclass.
B. Create new LDAP attributes and add them to the base person class(erPersonItem).
C. Map the new attributes to unused person attributes and edit the
CustomLabels.properties file to reflect new names.
D. Create a new object class, add the new attributes to it, and register it as a
person entity in Tivoli Identity Manager.
Answer: D

QUESTION NO: 23
Click the Exhibit button. The customer list of requirements includes this
exhibit.The customer? list of requirements includes this exhibit. Which security
scenario is indicated by the word nforcer?that appears several times in the
exhibit?Which security scenario is indicated by the word ?nforcer?that appears
several times in the exhibit?

A. audit
B. authorization
C. authentication
D. confidentiality
Answer: B

QUESTION NO: 24
Which two security requirements are addressed by IBM Tivoli Access Manager for e-
business? (Choose two.)

A. authorization
B. authentication
C. intrusion detection
D. password management
E. mandatory access control
Answer: A,B

QUESTION NO: 25
Which security measure most effectively addresses users?fears of privacy misuse in
a biometric technology?

A. biometric information stored in a smart-card and carried by the user

B. biometric information stored in a distributed database and protected by company
policy
C. biometric information stored in a secure central database, secured by physical
access controls
D. secure authentication between the users?biometric information and a central
database over an SSL protocol
Answer: A

QUESTION NO: 26
Which technologies are the most likely to influence a company future direction
regarding IT security?Which technologies are the most likely to influence a
company? future direction regarding IT security?

A. Passport, SPML, and NTLM

B. OSPF, CORBA, and RFID
C. EDIFACT, SSH, and Key Recovery
D. WS-Federation, XACML, and J2EE
Answer: D
QUESTION NO: 27
Which two actions should be accomplished during an initial meeting with the
customer when reviewing a company organizational chart? (Choose two.)

A. Identify key decision makers.

B. Determine the available budget.
C. Identify the products to be used.
D. Document the key players and their roles.
E. Proof of Concept of the products in the solution
Answer: A,D

QUESTION NO: 28
What are two main functions of IBM Tivoli Security Information and Event Manager?
(Choose two.)

A. integration with a CCMDB

B. Enterprise-wide Log Management
C. security related data analysis and reporting
D. integration with vulnerability management tools
E. Service Desk integration for incident management
Answer: B,C

QUESTION NO: 29
IBM is using the Enhanced Value Based Pricing principle for the IBM Tivoli
products. What does this mean?

A. The pricing is determined by what is managed.

B. The pricing is only determined by the number of users.
C. The pricing is determined by the number of products installed.
D. The pricing is determined by the number of server installations.
Answer: A

QUESTION NO: 30
Which statement is true about new initiative deployment?

A. New initiatives typically involve advanced authentication, and advanced

authentication must be properly provisioned.
B. New initiatives are typically coded in Java, .NET or C++, and each of these
requires a tool that measures security compliance.
C. All new initiatives require a service-oriented architecture (SOA), and SOA
standards demand that a security component be present.
D. Newly deployed applications can be coded, tested and updated more quickly if an
authentication and authorization solution is used that avoids
coding security into the application.
Answer: D

QUESTION NO: 31
What are three benefits of deploying the IBM Tivoli Identity and Access Manager
bundle? (Choose three.)

A. manages network areas that are segmented by highly restrictive firewalls

B. monitors and audits privileged users for databases, applications, servers and
mainframes
C. provides secured policy-based access control of business critical applications,
files, and operating platforms
D. provides flexible single sign-on to Web-based applications and can reduce help-
desk calls associated with multiple passwords
E. corrects noncompliant access rights through recertification workflows or
automatically through role-based access control policies
F. provides centralized and automated management of users, authentication, access
rights, audit policy and provisioning of user services
Answer: D,E,F

QUESTION NO: 32
Which product best addresses these requirements: 1.Fast access to corporate
information with improvements up to 90% by automating workflows on shared and
personal workstations 2.Automation of access workflows ?application launch, single
sign-on (SSO), user switching, drive mapping, single sign-off, and more
3.Automation of walk-off security policies ?configurable screen locks, application
logout policies, graceful unlock, and more 4.Comprehensive support for HIPAA,
Sarbanes-Oxley, GLBA, California SB 1386, and Basel II with user centric access
tracking of all SSO events for audit reports

A. IBM Tivoli Identity Manager

B. IBM Tivoli Access Manager for Enterprise SSO
C. IBM Tivoli Identity Manager and IBM Tivoli Access Manager for e-business
D. IBM Tivoli Federated Identity Manager and IBM Tivoli Access Manager for
Operating Systems
Answer: C

QUESTION NO: 33
Based on IBM best practices, what are three IBM Tivoli Access Manager for e-
business authentication capabilities that indicate a higher level ofBased on IBM?
best practices, what are three IBM Tivoli Access Manager for e-business
authentication capabilities that indicate a higher level of authentication
maturity? (Choose three.)

A. basic authentication
B. shared authentication
C. step-up authentication
D. forced re-authentication
E. multi-factor authentication
F. forms-based authentication
Answer: C,D,E

QUESTION NO: 34
For single sign-on (SSO), a customer has only a Web SSO solution in place. What can
be concluded in the gap analysis?

A. Their SSO requirement is satisfied, as no one ever does SSO to non-Web-based

applications.
B. They need a provisioning solution, because every customer who has Web SSO
requires a provisioning solution as well.
C. There is a gap related to their SSO requirements being met, as they are not yet
addressing client-server or host applications that are not
Web-based.
D. They ought to remove the Web SSO solution, in favor of a PKI solution, since PKI
solutions have the capability of providing comprehensive
SSO.
Answer: C
QUESTION NO: 35
Which statement is true about IBM Tivoli Directory Server?

A. IBM Tivoli Directory Server does not meet FIPS encryption requirements
B. IBM Tivoli Directory Server provides single password policy enforcement
settings.
C. IBM Tivoli Directory Server supports the RCF2307 scheme but cannot be extended.
D. IBM Tivoli Directory Server can integrate Linux, SunOS, HP-UX, and AIX operating
system user authentication on a single directory server
instance.
Answer: D

QUESTION NO: 36
While reviewing the current security policies for a company, it is discovered that
a standard exists, which dictates that information access must conform to HIPAA.
Currently the customer has no automated method to verify adherence to this policy.
Which IBM Tivoli security solution is recommended to provide the customer with the
ability to report on exceptions to this policy?

A. IBM Tivoli Identity Manager

B. IBM Tivoli Security Compliance Manager
C. IBM Tivoli Access Manager for e-business
D. IBM Tivoli Access Manager for Enterprise Single Sign-On
Answer: B

QUESTION NO: 37
A current IBM Tivoli security customer is highly satisfied with their current IBM
Tivoli Identity Manager (Tivoli Identity Manager) and IBM Tivoli Access Manager
(Tivoli Access Manager) implementations. The customer has benefited greatly from
their user management and provisioning, authentication, authorization and Web
single sign-on processes now in place. The customer sees the value of Web services
and wants to leverage their business partnerships to greatly expand their online
services, for a relatively small investment. They are expecting that their existing
Tivoli Identity Manager and Tivoli Access Manager investments can simply be
stretched to include these business-to-business (B2B) flows. IBM Tivoli Federated
Identity Manager should be added to this scenario to address which security
requirement?

A. the blocking of threats that might otherwise cross enterprise boundaries

B. the integration with firewalls that control security between any two businesses
involved in these B2B flows
C. the handling of potential millions of users, which neither Tivoli Identity
Manager nor Tivoli Access Manager is built to address
D. the handling of multiple types of standards-based protocols and user tokens that
need to be passed between participating businesses
Answer: D

QUESTION NO: 38
Which customer solution strategy is addressed by IBM Tivoli Identity Manager?

A. implementation of a standard where all requests for access to financial systems

must be electronically approved and documented by a
separate individual
B. implementation of an automated tool to collect and compare all system
configurations to the organization defined baseline for computerimplementation of
an automated tool to collect and compare all system configurations to the
organization? defined baseline for computer
systems in specific security ones?of controlsystems in specific security ?ones?of
control
C. implementation of an automated system for collecting and correlating all
security events from systems across the enterprise including firewalls,
IDS systems, operating system logs and other security logs
D. implementation of database-level controls to monitor and manage all access,
updates, inserts and deletions made to the financial data from the
accounting applications as well as other desktop tools such as Microsoft Excel
Answer: A

QUESTION NO: 39
In order to correctly understand the data protection requirements, which two groups
of people must be interviewed? (Choose two.)

A. all managers
B. IT department personnel
C. Business Unit management
D. Legal department personnel
E. Human Resource department
Answer: C,D

QUESTION NO: 40
Which programming languages need to be available to manage an unsupported operating
system with an IBM Tivoli Identity Manager adapter?

A. Java and C
B. Cobol and REXX
C. C++ and Javascript
D. Visual Basic and C#
Answer: A

QUESTION NO: 41
Which three identity stores are supported by IBM Tivoli zSecure Audit? (Choose
three.)

A. X.500
B. LDAP
C. ACF2
D. RACF
E. TopSecret
F. ActiveDirectory
Answer: C,D,E

QUESTION NO: 42
A client wants to use CAPTCHA authentication for their Web application access over
the internet. Which WebSEAL authentication method will meet the needs of the
client?

A. Step-Up Authentication
B. External Authentication
C. HTTP header Authentication
D. X.509 Client Certificate Authentication
Answer: B

QUESTION NO: 43
During the analysis of a failed audit report, a number of special attention events
indicating non-compliance by several employees have been revealed. These employees
have been accessing online versions of documents that they otherwise are not
allowed to access. Which IBM Tivoli security product will be recommended to address
this problem?

A. IBM Tivoli Identity Manager

B. IBM Tivoli Access Manager for e-Business
C. IBM Tivoli Access Manager for Operating Systems
D. IBM Tivoli Access Manager for Enterprise Single Sign-On
Answer: B

QUESTION NO: 44
Which statement is true about interoperability?

A. Liberty Alliance will provide SAML V2.0 OASIS Standard interoperability.

B. Microsoft and IBM will be the only companies providing SAML V2.0
interoperability for their products.
C. Liberty Alliance standards will be the de-facto standards for Web services
interoperability in the future.
D. Microsoft identity management products have successfully undergone Liberty
Alliance Liberty ID-FF V1.2 interoperability tests.
Answer: A

QUESTION NO: 45
What is considered the lowest maturity level in identity management maturity?

A. password management
B. access rights accountability
C. provisioning approval and process automation
D. connectors to access controlled systems (one tool managing multiple systems)
Answer: D

QUESTION NO: 46
Which statement is true about IBM Tivoli Security Compliance Manager (Tivoli
Security Compliance Manager)?

A. Tivoli Security Compliance Manager can be configured to manage security device

configurations.
B. Tivoli Security Compliance Manager can group systems and middleware, and compare
them against only one security policy.
C. Tivoli Security Compliance Manager extracts system and middleware security
information using endpoint specific java collectors.
D. Tivoli Security Compliance Manager can be configured so as to prevent unwanted
system and middleware security modifications.
Answer: C

QUESTION NO: 47
What are two main functions of IBM Tivoli Compliance Insight Manager? (Choose two.)

A. Monitor Compliancy
B. IP-based event filtering
C. Real time event processing
D. Consistent Log management
E. Change Management reporting
Answer: A,D

QUESTION NO: 48
A current IBM Tivoli Access Manager for e-business customer wants to add the
ability to provide services to a third-party company employees. TheA current IBM
Tivoli Access Manager for e-business customer wants to add the ability to provide
services to a third-party company? employees. The customer does not want to create
accounts and manage passwords for the third-party company employees.customer does
not want to create accounts and manage passwords for the third-party company?
employees. How can the customer achieve this?

A. implement a process for the customer to manually create the accounts

B. use IBM Tivoli Directory Integrator to synchronize the accounts between the two
companies
C. install IBM Tivoli Identity Manager on the third-party company side, and
provision accounts back to the customer user registry.
D. use IBM Tivoli Federated Identity Manager on the customer side as a service
provider, and use a guest account for all the companyuse IBM Tivoli Federated
Identity Manager on the customer side as a service provider, and use a guest
account for all the company?
employees when they access the site
Answer: D

QUESTION NO: 49
A customer wants an early warning system which identifies security vulnerabilities
and security policy violations. Which product should the customer use? AIBM Tivoli
NetView

A. IBM Tivoli Enterprise Console

B. IBM Tivoli Access Manager for e-business
C. IBM Tivoli Security Information and Event Manager
Answer: C

QUESTION NO: 50
Which option best classifies IBM Tivoli Security Operations Manager?

A. Security Event Management Platform

B. Secure Multi-platform Management Platform
C. Security Integration and Entitlement Platform
D. Centralized Security Management Architecture
Answer: A

QUESTION NO: 51
What are two benefits of IBM Tivoli Directory Integrator? (Choose two.)

A. It provides a simple interface for improving Active Directory content and making
this content available for other uses.
B. It performs real time synchronization between identity data sources to establish
an authoritative identity data infrastructure.
C. It provides a framework for rapid integration development and relieves what the
customer typically has to hand-code from scratch.
D. It makes building data flow fast and easy, which eliminates the need for
traditional design and implementation decisions inherent in other
productions.
E. It provides a framework that enables a company to integrate multiple security
software into existing structures, as opposed to forcing the
company to develop new IT infrastructure.
Answer: B,C

QUESTION NO: 52
The solution advisor is analyzing customer business processes to determine security
requirements. Under the heading eb TransactionsmployeesThe solution advisor is
analyzing customer business processes to determine security requirements. Under the
heading ?eb Transactions?mployees and Customers,?is a business requirement
described as nhance User Productivity.?and Customers,?is a business requirement
described as ?nhance User Productivity. What is the corresponding security
requirement?

A. audit
B. authorization
C. single sign-on
D. user provisioning
Answer: C

QUESTION NO: 53
What is an accurate description of a highly mature company, in the area of
authorization?

A. They are highly mature, because they use a single authorization engine, shared
by many applications.
B. Their approach to authorization is in a leadership position, because they
address WS-Provisioning, SAML and Liberty.
C. They are addressing authorization optimally because they are handling
authorization within the application, and it is best to address
authorization decisions close to the decision point.
D. Their approach to authorization is highly secure and therefore highly mature,
because their infrastructure uses many different authorization
standards and thus is least likely to be penetrated.
Answer: A

QUESTION NO: 54
What are three main functionalities of the IBM Tivoli zSecure Admin product ?
(Choose three.)

A. RACF administration from a CICS interface

B. Automate routine tasks to simplify administration.
C. Display data from the active (live) RACF database.
D. Store non-RACF data to reduce organizational costs.
E. Track and monitor baseline changes for RACF and ACF2.
F. Analyze RACF profiles and ACF2 entries to get fast answers.
Answer: B,C,D

QUESTION NO: 55
What is an indication that the deployment of IBM Tivoli Identity Manager have
reached its maturity phase?
A. All significant applications are covered.
B. Password synchronization is implemented.
C. Role-based access control is fully implemented.
D. Full workflow for account management is implemented and the organizational tree
is established.
Answer: C