000 013


Published on

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

000 013

  1. 1.     IBM 000-013 Applying Fundamentals of Enterprise Solutions Using IBM 97 Q&A Version : I9.0 www.CertifyMe.com  
  2. 2.    1. In security solution design development, when do you document the business and IT organizationalstructure map?A.when establishing the customers baseline for planning purposesB.when identifying opportunities for business partner security offeringsC.when evaluating the customers IT processes, people and technologiesD.when defining a long-term vision for the future direction of the customers security solutionsAnswer: A2. Which specification has completed the OASIS standardization process as of July, 2008?A.WS-PolicyB.WS-SecurityC.WS-FederationD.WS-SecureConversationAnswer: B3. A current IBM Tivoli security customer is very satisfied with their current IBM Tivoli Identity Manager(ITIM) and IBM Tivoli Access Manager (ITAM) implementations. The customer has benefited greatly fromthe user management and provisioning, authentication, authorization and Web single sign-on processesnow in place.The customer sees the value of Web services and wants to leverage their business partnerships to greatlyexpand their online services, for a relatively small investment. They are expecting that their existing ITIMand ITAM investments can simply be stretched to include these business-to-business (B2B) flows.IBM Tivoli Federated Identity Manager should be added to this scenario to address which securityrequirement?A.the blocking of threats that might otherwise cross enterprise boundariesB.the handling of potentially millions of users, which neither ITIM nor ITAM was built to addressC.the integration with firewalls that control security between any two businesses involved in these B2BflowsD.the handling of multiple types of standards-based protocols and user tokens that need to be passedbetween participating businesses www.CertifyMe.com  
  3. 3.    Answer: D4. Which network client software collects policy data from collectors and summarizes this data to provide itsversion information and the number of policy violations that form the posture credentials to the CISCO TrustAgent client software?A.CISCO Access Control ServerB.CISCO Trust Agent running on the network client systemC.Remediation Manager client running on the network client systemD.Tivoli Security Compliance Manager client running on the network client systemAnswer: D5. Which tasks need to be accomplished during an initial meeting with the customer when reviewing acompany organizational chart?A.determine the products to be used and provide Proof of Concept of the products in the solutionB.document the key players and their roles and provide Proof of Concept of the products in the solutionC.identify key decision makers and determine the products to be usedD.identify key decision makers and document the key players and their rolesAnswer: D6. Which tasks need to be accomplished during an initial meeting with the customer when reviewing acompany organizational chart?A.identify key decision makers and document the key players and their rolesB.identify key decision makers and provide a detailed analysis of the current customer configurationC.determine which products are to be used and document the key players and their rolesD.determine which products are to be used and identify key decision makersAnswer: A7. You meet with the customer and compile the following list concerning security:- customers business requirements www.CertifyMe.com  
  4. 4.    - immediate business/security needs- customers long-term business/security vision- customers stated security requirementsWhat should also be included in this list?A.list of products to be deployedB.government security standardsC.existing change control processesD.companys complete organizational chartAnswer: B8. In order to correctly understand the data protection requirements, which two groups of people must beinterviewed? (Choose two.)A.all managersB.IT department personnelC.Business Unit managementD.Legal department personnelE.Human Resource departmentAnswer: CD9. Which two business goals are accomplished through the implementation of a successful automatedsecurity management process? (Choose two.)A.increase data availabilityB.increase data duplicationC.reduce impact of threatsD.eliminate any risk of fraudsE.reduce Total Cost of Ownership (TCO) for account managementAnswer: CE10. What needs to be defined for the Identity Management aspect of a Security Solution?A.processes www.CertifyMe.com  
  5. 5.    B.drivers licensesC.password selectionD.employee pay bandsAnswer: A11. What is the purpose of the context diagram for a security solution?A.It provides a detailed listing of the software used in the solution and how the software is connected.B.It provides a detailed listing of the hardware used in the solution and how the hardware is connected.C.It scopes the security systems responsibilities and provides a black box view of the system interface.D.It provides a listing of the hardware and software used in the system and how they are interconnected.Answer: C12. Who must approve a requirements specification?A.the customer and the sales teamB.the customer and the implementation teamC.the implementation team and the sales teamD.the implementation team and the product support teamAnswer: B13. Which document describes what needs to be addressed in a security solution for a customer?A.Installation HistoryB.Design SpecificationC.Interface SpecificationD.Requirements SpecificationAnswer: D14. Business Rules catalogs are effective in gathering requirements for what items?A.user registry layoutB.password strength policiesC.user interaction with the system www.CertifyMe.com  
  6. 6.    D.administrator interaction with the systemAnswer: B15. A customer has resources being managed in different facilities.When configuring a security solution, what is the most important element to consider in the design of thesystem?A.use of a fiber optic backboneB.the encryption protocol to be usedC.location of firewalls in the internal networkD.the time zone in which each facility is locatedAnswer: C16. What is the most common impediment to designing an automated security solution?A.an unreliable connection to remote systemsB.too many firewalls between managed systemsC.an application interface that is unavailable on managed systemsD.nonstandard encryption protocols used for secure communicationsAnswer: C17. Which programming languages need to be available to manage an unsupported operating system withan IBM Tivoli Identity Manager adapter?A.Java and CB.Cobol and REXXC.C++ and JavascriptD.Visual Basic and C#Answer: A18. The following information is important when creating a diagram of a customers organization:- divisions- location(s) / geographical information www.CertifyMe.com  
  7. 7.    - reporting chainsWhat additional information is important to have when creating this diagram?A.business unitsB.email addressesC.Help Desk functionsD.whether or not the customer has a dedicated operations centerAnswer: A19. What information is needed when creating a document concerning a customers IT and businessorganizational structure? (Choose two.)A.number of business unitsB.annual expenditure on IT assetsC.number of employees in IT organizationD.list of divisions within the IT departmentE.total number of systems used by the companyAnswer: AD20. What is the objective of documenting the business and IT organizational structure of a company?A.It helps the solution advisor identify the number of products that need to be deployed.B.This step is essential to identify key areas of the business processes that relate to security.C.It indicates the approximate number of licenses required for each product the company purchases.D.The business organizational structure must match certain specifications for the product to be usable.Answer: B21. A good user management process includes the following tasks:- receive new user identity requests- receive requests for changes to user identities- use access policies to evaluate requests- gather approvals- place users in groups www.CertifyMe.com  
  8. 8.    - update accounts- synchronize passwordsWhich additional step is essential in a good user management process?A.back up directory informationB.check that existing accounts are validC.verify user management process ownershipD.grant or block access to programs, based on access policyAnswer: B22. After a number of interviews with various customer personnel, the term "user productivity logon andtransaction experience" comes up as a business process. Other than the word "logon", the description doesnot provide much insight into how this process relates to security.Which list of security (and related) elements relate most strongly to this customer business process?A.firewall, filtering router, intrusion detectionB.SSL acceleration, content filtering, pop-up blockersC.single sign-on, personalization, scalability, availabilityD.identification, public-key infrastructure, multi-factor authenticationAnswer: C23. Which security capability is most strongly associated with the customer business process "deploymentof new or updated application initiatives"?A.firewalls, because they protect the deployed applications from attackB.PKI, because it makes it easy to drive single sign-on to the deployed applicationsC.compliance management, because it guarantees the application will be running in a safe environmentD.callable authentication and access services, because they eliminate the need to include authenticationand access code in the applicationsAnswer: D24. In describing their business processes, the customer provides the following aspects of"audit/compliance": www.CertifyMe.com  
  9. 9.    1. Physical building access security2. Security of servers3. Security of desktops4. Audit of user identities/accounts5. Audit of access control (policy and actuals)6. Audit of security of business partners7. Revoke compromised certificatesFrom this list, what can be addressed by IBM Tivoli security solutions?A.2, 3, 5, 7B.2, 3, 4, 5C.2, 3, 4, 6D.4, 5, 6, 7Answer: B25. For single sign-on (SSO), a customer has only a Web SSO solution in place.Given this information, what can you conclude in your gap analysis?A.Their SSO requirement is satisfied, as no one ever does SSO to non-Web based applications.B.They need a provisioning solution, because customers who have Web SSO require a provisioningsolution as well.C.There is a gap related to their SSO requirements being met, as they are not yet addressing client-serveror host applications that are not Web based.D.They ought to remove the Web SSO solution, in favor of a PKI solution, since PKI solutions have thecapability of providing comprehensive SSO.Answer: C26. Which statement is true about "new initiative deployment"?A.New initiatives typically involve advanced authentication, and advanced authentication must be properlyprovisioned.B.New initiatives are typically coded in Java, .NET or C++, and each of these requires a tool that measuressecurity compliance. www.CertifyMe.com  
  10. 10.    C.All new initiatives require a service-oriented architecture (SOA), and SOA standards demand that asecurity component be present.D.When you deploy new applications, you can get them coded, tested and updated more quickly if you usean authentication and authorization solution that avoids coding security into the application.Answer: D27. A customer shows a good level of maturity regarding IT security compliance when they understand twoessential elements as a basis for achieving and demonstrating compliance. One element is a security policythat clearly states goals.What is the second essential element?A.auditB.workflowC.data integrityD.administrationAnswer: A28. You are examining a customers IT process maturity as it relates to security. You find that the customerhas privacy statements on their websites. It appears that only manual processes support these privacystatements.Which process change do you recommend that provides support for the customers privacy statement?A.They need to back up their privacy statements with purpose-based, fine-grained authorization at a datalevel.B.They need to address encryption of data, in order to keep it private, both while stored on disk and while intransit.C.They need to back up their privacy statements with server and desktop compliance tools to ensure theymeet their privacy goals.D.They do not need to make a change since they are making statements to their customers regarding theirposition regarding privacy.Answer: A www.CertifyMe.com  
  11. 11. Pass Your Exam at First Attempt with 100% Pass Guarantee Buy Full Version of 000-013 Exam at http://www.certifyme.com/000-013.htm