Limited Time Discount Offer 30% Off - Ends in 02:00:00

×

IBM C2150-575 Exam - IBM Tivoli Federated Identity Manager V6.2.2 Implementation

Questions & Answers for IBM C2150-575

Showing 1-15 of 134 Questions

Question #1

When using WebSEAL as the point of contact for IBM Tivoli Federated Identity Manager
V6.2, what type of junction should be used?

A. A TCP junction

B. A standard junction

C. A virtual host junction

D. A transparent junction

Question #2

Which function(s) are provided when using WebSEAL as a point of contact server?

A. WebSEAL is used as a forward proxy for HTTP(S) access to IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) endpoints to provide user authentication, and to manage user sessions for Web Single Sign-On (SSO).

B. WebSEAL is used as a reverse proxy for HTTP(S) access to TFIM endpoints, to provide user authentication, and to manage user sessions for Web SSO.

C. WebSEAL is used as a forward proxy for HTTP(S) access to TFIM endpoints, to validate IVCred tokens, to provide user authentication, and to manage user sessions for Web SSO.

D. WebSEAL is used as a reverse proxy for HTTP(S) access to TFIM endpoints, to validate IVCred tokens, to provide user authentication, and to manage user sessions for WebSSO.

Question #3

Which IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) configuration step is always
required for the Alias Service, assuming SSL is used for the connection to the directory
server?

A. Selecting port 389 for the directory server port.

B. Configuringthe directory server trust store with the default TFIM SSL certificate.

C. Creating a self-signed certificate and install the certificate on the directory server.

D. Selecting the trusted keystore that contains the directory server certificate or CA certificate.

Question #4

Users of a SAML Single Sign-On federation that was previously operating properly are now
experiencing errors. The administrators of both partners insist that no configuration
changes have been made. Whatare two obvious items to check? (Choose two.)

A. The validity period in a partner certificate may have been reset.

B. The subject attribute in a partner certificate may have become invalid.

C. The NotBefore/NotAfter window in a partner certificate mayhave been exceeded.

D. The partner system clocks may have fallen out of sync beyond the NotBefore/NotOnOrAfter window.

E. The partner system clocks may have fallen out of sync beyond the allowable 30 second SAML tolerance

Question #5

What is the cryptographic requirement when configuring IBM Tivoli Federated Identity
Manager V6.2.2 for Information Card support?

A. Information Card uses SHA-384 hashes. This means that the Java security file java.security must be edited to include the option sha.options = SHA2, 384.

B. The encryption used by Information Card is AES/CBC with PKCS5Padding.This means that the Java security file java.security must be edited to include the option aes.options=CBC, pkcss Pad.

C. The encryption used by Information Card is DESede/ECB with PKCS5Padding. This means that the Java security file java.security must be edited to include the option des.options=EDE, pkcss Pad.

D. The encryption algorithms used by Information Card require strong cryptographic library support. This means that a replacement is needed for the default Javasecurity files local_policy.jar and US_export_policyjar.

Question #6

A SAML 2.0 federation has been previously configured and a recent change was made to
the configuration to support an additional profile. Errors are now being seen. What is
appropriate to check?

A. If using a Web server such as IBM HTTP Server as a front-end to IBM WebSphere Application Server (WAS), the WAS plug-in configuration may require updating.

B. The source IDs for both partners may require updating. Also, if using a Web server such as IBM HTTP Server as a front-end to WAS, the WAS plug-in configuration may require updating.

C. The partners may need to exchange updated metadata. Also, if using WebSEAL as the point of contact, the tfimcfg utility should also have been re-executed to assure the appropriate objects and ACLs are defined.

D. The source IDs for both partners may require updating. Also, if using WebSEAL as the point of contact, the tfimcfg utility should also have been re-executed to ensurethe appropriate objects and ACLs are defined.

Question #7

With regard to the SAML standards, which statement describesan assertion?

A. A piece of data produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to a specified resource.

B. A signed and encrypted token produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to a specified resource.

C. A SOAP message containing an artifact produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to aspecified resource.

D. A SOAP message containing an artifact produced by a SAML identity provider regarding either an act of authentication performed on a user, attribute information about the user, or authorization permissions applying to the user with respect to a specified application.

Question #8

A company wants to establish a Federated Single Sign-On (FSSO) relationship with a
partner identity provider to allow partner administrator access. This company provides
services for credit card processing. What isthe most secure choice for the FSSO protocol?

A. OpenID using Associate Mode

B. SAML 2.0 using HTTP Redirect/POST bindings, signed response, and signed assertion

C. SAML 1.1 using a Browser/POST profile, signed response and assertion, and a narrow assertion validity window of only a few seconds

D. SAML 2.0 using an HTTP-Artifact binding, signed response and assertion, an encrypted assertion, and a narrow assertion validity window of only a few seconds

Question #9

Which mechanism does IBM Tivoli Federated Identity Manager V6.2.2 provide for
supporting configuration of a custom module?

A. Java Propertiesclass

B. User Interface using GUIXML

C. XSLT-based configuration file

D. Java Class Loader abstraction

Question #10

Which three main types of information taken from the Security Token Service Universal
User object will be included in the work object provided as input to an IBM Tivoli Directory
Integrator (TDI) assemblyline used as an IBM Tivoli Federated Identity Manager V6.2.2
mapping function? (Choose three.)

A. principal

B. attribute list

C. claims provider

D. token target type

E. resource requester

F. security token request

Question #11

A corporate intranet supports single sign-on (SSO) for internally facing Web applications
accessed by employees. The company also has an external facing product support site
used by customers, business partners, and company employees. Employee IDs are
maintained in a user registry which is separate from the user registry for the support site.
To use the support site, employees must register in the same manner other users do.
The customer has chosen to use IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) to
provide SSO for employees between the intranet and the external facing support site so
that an intranet SSO login can be leveraged for support site access. How can this capability
be provided?

A. SAML 2.0 using persistent Name Identifiers can be used along with the TFIM Name Identifier Linking Service to link intranet and support accounts for employees. The intranet TFIM can be configured as an identity provider (IdP) in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 service provider (SP).

B. SAML 2.0 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.

C. SAML 1.1 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and supportaccounts for employees. The intranet TFIM can be configured as an IdP in a SAML 1.1 federation, and the support site TFIM can be configured as a SAML 1.1 SP.

D. SAML 2.0 using persistent Consent Identifiers and Name Identifier Management can be used alongwith the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.

Question #12

What is required to add an attributerequest partner to an IBM Tivoli Federated Identity
Manager V6.2.2 SAML 2.0 federation configured as an attribute authority?

A. Run the manageItfimPartner Command.

B. Run the manageItfimAttributePartner Command.

C. The Add Partner wizard can be used. Itwill recognize that the federation is configured as an attribute authority and provide the option to configure an attribute request partner.

D. The Add Partner wizard can be used. But it will not display the option to configure an attribute request partnerunless the Federation is an Attribute Authority box is checked.

Question #13

What are the roles defined by OAuth 2.0?

A. Clientapplication, resource owner, resource server

B. User, client application, resource owner, resource server

C. User, resource owner, resource server, authorization server

D. Client application, resource owner, resource server, authorization server

Question #14

Using IBM Tivoli Federated Identity Manager V6.2.2 as an OpenID provider (OP), an error
is being reported indicating that a required attribute is missing. What might be the problem?

A. The relying party (RP) may have not included the attribute in the encoded attribute request object sent to the OP AX endpoint, and it was not included in the response.

B. The OP may have not supplied a value for the attribute in the encoded attribute response list sent to the RP attribute exchange (AX) endpoint.

C. A required attributemay have been solicited via Simple Registration (SREG) in the initial request POSTed to the OP login endpoint, and the OP mapping rule/function did not supply a value.

D. A required attribute may have been solicited via SREG in the initial request POSTedto the RP login endpoint, and the OP mapping rule/function did not supply a value.

Question #15

What is always required when deploying the IBM Tivoli Federated Identity Manager V6.2.2
runtime and management service?

A. WebSEAL

B. IBM HTTP Server

C. IBM Tivoli Identity Manager

D. IBM WebSphere Application Server

You Need Avanset VCE Player in Order to Open VCE Files

AUTUMN SALE: 30% DISCOUNT
This is ONE TIME OFFER

You save
30%

Enter Your Email Address to Receive Your 30% Discount Code

AUTUMN SALE: 30% DISCOUNT

You save
30%

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from support@exam-labs.com and follow the directions.