NEW QUESTION 1
A company wants to deploy S-TAPs for 2 groups of database servers located in 2 different data centers. The current set of Collectors are fully utilized. The Aggregators and Central Manager can handle more load.
What should a Guardium administrator recommend?

• A. Deploy 2 new Collectors, l in each data center.
• B. Connect S-TAPs directly to Aggregators to avoid network latency.
• C. Connect S-TAPs directly to the Central Manager to avoid network latency.
• D. Deploy 2 new Collectors in the third data center located in between the 2 data centers.

Answer: A

NEW QUESTION 2
AGuardium environment is set up to send daily reports to users. The users are complaining that their report has not been delivered to their inbox for the past week. What is the first action the Guardium administrator should take in order to diagnose the problem?

• A. Open a ticket with IBM Support.
• B. Pause the User Portal Sync process.
• C. Check in the Aggregation/Archive log.
• D. Check in the Scheduled Job Exceptions.

Answer: D

NEW QUESTION 3
A Guardium administrator is setting up a Collector schedule to export data to an Aggregator and Archive its data to an Archive storage unit for additional data safety.
Given this scenario, which is true regarding the purge schedule?

• A. The Archive and the Export have independent purge schedules but should not be run at the same time.
• B. The Guardium unit would run the Export and Archive before any purge, so you would only see the last purge run each day.
• C. it would not be possible to configure both on a Collector, the Aggregator should do the archiving and only export from the Collector.
• D. Any time that Data Export and Data Archive are both configured, the purge age must be greater than both the age at which to export and the age at which to archive.

Answer: D

NEW QUESTION 4
A Guardium administrator needs to use both CLI and GrdAPI functions to manage the system.
Which are the two commands that the administrator can use to search for the required commands and their syntax from within either CLI or GrdAPI?

• A. CLI: commands <search option> GrdApi: grdapi <search option> --help
• B. CLI: help <search option> GrdApi: grdapi --help <search option>
• C. CLI: commands <search option> GrdAPI: grdapi command <search option>
• D. CLI: <search option> -help GrdApi: grdapi <search option> -help=true

Answer: D

NEW QUESTION 5
A Guardium administrator manages portal user synchronization by using a Central Manager.
When a change is made on the Central Manager such as, for example, adding a Guardium user to a Guardium group, how long should be allowed for the update to be synced with the managed units in a fully working environment?

• A. 0 minutes
• B. l5 minutes
• C. 30 minutes
• D. 60 minutes

Answer: D

NEW QUESTION 6
The last Vulnerability Assessment tests performed in a company were run one year ago. The company wants to ensure the Vulnerability Assessment tests keep up with the latest database common vulnerabilities. The company wants to use the Guardium default tests instead of customer designed tests.
What should the Guardium administrator do to update the tests that will be run?

• A. install the latest patch on the Guardium appliance.
• B. Install the latest released Database Activity Monitor Content.
• C. Ask the database administrators to provide the default tests.
• D. Ask the Company Security Provider to supply the default tests

Answer: B

NEW QUESTION 7
A company is installing S-TAPS on new Database Clusters. The Guardium administrator was provided with the PVU load of each node. The clusters are in active/passive mode. The administrator is associating S-TAPs to Collectors using the PVU count.
How should the administrator treat the PVUs of passive nodes?

• A. include the PVU load of passive nodes.
• B. include half of the passive nodes PVU load.
• C. include a third of the passive nodes PVU load.
• D. Not include the PVU load of passive nodes.

Answer: D

NEW QUESTION 8
An infrastructure manager is presented with a few new servers that are available to deploy as a Guardium Collector appliance as part of Guardium project expansion. The Guardium administrator is asked which server option is best for a Guardium Collector.
Which server option can the Guardium administrator use for the new Collector?

• A. ja64 Intel Processor with quad-core CPU, 32GB memory, 4 NICs, 2TB disk
• B. x86_64 Intel Processor with 8-core CPU, 32GB memory, 2 NICs, l TB disk
• C. x86_64 Intel Processor with dual-core CPU, 24GB memory, and 2 NICs, and 200GB disk
• D. Iinuxppc64 Power Processor with 8-core CPU, 24GB memory, and 4 NICs, and 4TB disk

Answer: B

NEW QUESTION 9
Which use cases are covered with the File Activity Monitoring feature? (Select two.)

• A. Classify sensitive files on mainframe systems.
• B. Encrypts database data files on file systems based on policies.
• C. Selectively redacts sensitive data patterns in files based on policies.
• D. Provides audit trail of access to files, alert and/or block when unauthorized users or processes attempt access.
• E. Identifies files containing Personally Identifiable Information (Pll) or proprietary confidential information on Linux Unix Windows (LUW) systems.

Answer: AE

NEW QUESTION 10
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 11
An administrator previously had an issue with a Guardium system. This was resolved with the assistance from the IBM Guardium support team, who provided the shell script, a CLI command and the encrypted key to execute the uploaded shell script.
Which CLI command should the administrator use to review the commands that were previously run?

• A. fjieserver
• B. support execute showlog
• C. show log external state
• D. support must_gather system_db_info

Answer: B

NEW QUESTION 12
Which port must be open for encrypted communication between UNIX S-TAP and Collector?

• A. 9500
• B. l60l6
• C. l60l7
• D. l60l8

Answer: D

NEW QUESTION 13
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy. Which port should the administrator use to configure IP teaming (bonding)?

• A. ethl only
• B. eth2 only
• C. eth3 only
• D. any port

Answer: D

NEW QUESTION 14
A Guardium administrator has rebuilt an appliance, and wants nowto restore a backup image of the entire database, audit data, and all definitions from Data backup.Which CLI command should the administrator use to accomplish this?

• A. restore config
• B. restore system
• C. restore pre-patch-backup
• D. restore certificate sniffer backup

Answer: B

NEW QUESTION 15
The Quick Search window does not show up on the GUI of a standalone Collector What technical feature should the Guardium administrator check first?

• A. That the Collector has at least 24 GB.
• B. That the Collector has at least 32 GB.
• C. That the Collector has at least 64 GB.
• D. Check the contract and verify whether that feature was purchased.

Answer: A

NEW QUESTION 16
AGuardium administrator is registering a new Collector to a Central Manager (CM). The registration failed. As part of the investigation, the administrator wants to identify if the firewall ports are open-How can the administrator do this?

• A. Ask the company's network administrators.
• B. Ask IBM technical support to login as root and verify.
• C. Login as CLI and execute telnet <ip address> <port number>
• D. Login as CLI and execute support show port open <ip address> <port number>

Answer: D

NEW QUESTION 17
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector. What must the administrator ensure when setting up this environment?

• A. Both Collectors are centrally managed.
• B. There is network connectivity between the S-TAP and both Collectors.
• C. Guardium Installation Manager (GIM) is installed on the Database Server.
• D. in the guard_tap.ini file of the S-TAP set participate_in_load_balancing=l

Answer: B

NEW QUESTION 18
A Guardium administrator plans to use the Guardium Installation Manager (GIM) to install and upgrade agents. Where should the administrator manually install the GIM client for the first time?

• A. Collector
• B. Aggregator
• C. Database server
• D. Central Manager

Answer: C

NEW QUESTION 19
A Guardium administrator is preparing a command to install Configuration Auditing System (CAS) on a Linux server using the command line method. Which parameter is required?

• A. dir
• B. tapip
• C. java-home
• D. sqlguardip

Answer: D

NEW QUESTION 20
AGuardium administrator must configure a policy to ignore all traffic from an application with a known client IP. Due to the high amount of traffic from this application, performance of the S-TAP and sniffer is a concern.
What action should the administrator use in the rule?

• A. Ignore Session
• B. ignore S-TAP Session
• C. ignore SQL per Session
• D. ignore Responses per Session

Answer: B

NEW QUESTION 21
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?

• A. Client OS
• B. Client MAC
• C. Access ID
• D. Analyzed Client IP

Answer: B

NEW QUESTION 22
A Guardium administrator needs to use CLI commands to maintain the internal database, clean static orphans, produce static system reports and to monitor live network traffic filtered by IP addresses and port numbers.
Which combination of commands should the administrator use for these tasks?

• A. diag and iptraf
• B. diag and trace_route
• C. jptraf and support must_gather
• D. support must_gather and show network verify

Answer: C

NEW QUESTION 23
Auditors request a report of all unsuccessful login attempts to a database monitored by Guardium. How should a Guardium administrator create such a report?

• A. Add a failed login rule to the policy.
• B. Create a failed login query and report using access domain in Guardium.
• C. Create a failed login query and report using exceptions domain in Guardium.
• D. Create a failed login query and report using application data domain in Guardium.

Answer: C

NEW QUESTION 24
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?

• A. Log Only
• B. Alert Only
• C. Alert Daily
• D. Alert Per Match

Answer: C

NEW QUESTION 25
......