Prévia do material em texto
-------------------PROVA V11 J-------------------
1
R: A
2
R:A
3
R: A
O CAS (Configuration Auditing System, sistema de auditoria de configuração) rastreia e relata alterações no ambiente do servidor; por exemplo, arquivos de configuração modificados, variáveis de ambiente ou registro, ou outros componentes de banco de dados ou sistema operacional. A auditoria inclui arquivos ou scripts executáveis que são usados pelo sistema de gerenciamento de banco de dados ou pelo sistema operacional. Os dados estão disponíveis no sistema Guardium® e podem ser usados para relatórios e alertas.
4
R:A
5
R:A
https://www.ibm.com/docs/en/guardium/11.0?topic=balancing-viewing-enterprise-load-load-map
6
R:A
https://www.ibm.com/docs/en/guardium/11.0?topic=cas-start-up-failover
7
R:C
8
R:D
9
R:A
10
R:D
11
R:C
https://www.ibm.com/docs/en/guardium/11.0?topic=reports-data-mart
12
R:A,E?
https://www.ibm.com/docs/en/guardium/11.0?topic=functions-enterprise-load-balancing
13
R:B
14
R:B
15
R:C
https://www.ibm.com/docs/en/guardium/11.4?topic=audit-building-processes
16
R:D
17
R:B
18
R:B
19
R:A,D
20
R:A
21
R:A,C
22
R:A
23
R:D
24
R:C
25
R:A
26
R:A
27
R:A,E?
28
R:B
29
R:A
0 - only critical error information
1 - all above plus repeatable not critical error information
2 - all above plus lost data information (discontinued from version 4.03 and above)
3 - all above plus brief information about packets sent to a Guardium
4 - all above plus local sniffing log
5 - all above plus network sniffing log
6 - all above plus heartbeat receiving log
7 - all above plus miscellaneous debugging information
30
R:A,B,E
31
R:A
32
R:B,C
https://www.ibm.com/docs/en/guardium/11.0?topic=discover-database-auto-discovery
33
R:A
34
R:D
35
R:B
36
R:D
https://www.ibm.com/docs/en/guardium/11.1?topic=parameters-linux-unix-firewall
37
R:C
https://www.ibm.com/support/pages/unable-install-vmware-tools-guardium
38
R:B
https://www.ibm.com/docs/en/guardium/11.1?topic=parameters-linux-unix-firewall
39
R:A?
40
R:A
The query defines what information is gathered, and how it is displayed in the report.
https://www.ibm.com/docs/en/guardium/11.1?topic=reports
https://www.ibm.com/docs/en/guardium/11.0?topic=spotter-risk-risk-indicators
41
R:2,1,4,3?
42
R:D,E,F
43
R:B
44
R:A,C
https://www.ibm.com/docs/en/guardium/10.6?topic=data-what-discover
45
R:A
https://www.ibm.com/br-pt/products/ibm-guardium-vulnerability-assessment
46
R:D
47
R:D
The access manager defines roles, and assigns them to users and applications. When a role is assigned to an application or the definition of an item (a specific query, for example), only those Guardium users who are also assigned that role can access that component.
48
R:A,D
49
R:D
50
R:A
51
R:D
https://sendgrid.com/blog/whats-the-difference-between-ports-465-and-587/
https://kinsta.com/pt/blog/porta-smtp/
52
R:B
53
R:C
54
R:A,C
55
R:D
https://www.ibm.com/docs/en/guardium/11.4?topic=tap-linux-unix-preparing-install-k
56
R:D
57
R:A,C
https://www.ibm.com/docs/en/guardium/11.4?topic=commands-outliers-detection-apis
58
R:C
https://www.ibm.com/docs/en/guardium/11.3?topic=builder-opening-workflow-process-results
59
R:A
https://www.ibm.com/docs/en/igfa/10.0.0?topic=groups-overview
60
R:C
-------------------PROVA V11 E------------------
1. qual agente só pode ser instalado no servidor afetado?
a) FAMMonitor ERR
b) FAM ERR
c) stap ERR
d) gim -> R
2. Um administrados precisa fazer um restore de um back up de um coletor para outro, qual comando ele pode usar?
a) store db-from-prev-vesion ERR
b) import backup ERR
c) restore keystore ERR
d) restore backup -> R
3. Como o Policy Analyzer pode ser útil
https://www.ibm.com/docs/en/guardium/11.1?topic=policies-running-policy-analyzer-reviewing-results
Policy analyzer provides insights that help identify frequently fired rules, optimize rule order, and evaluate rule changes.
4. Qual role accout é habilitada para acessar o Acelerator
a) CLI ERR
b) admin ERR
c) accessmgr -> R
d) investigation_users ERR
e) datasec_exempt ERR
5. quando planejando um novo report, como o domain[...<qual a funcionalidade de um "domain" para um report?>]
a) determina os dados que aparecerão no report [...] -> R
b) escolhe um alerta para o report, e escolhe o dominio [...] ERR
c) determina quais usuários vão acessar o report[...] ERR
d) determina quais politicas vão linkar com o report, e escolhem [...] ERR
6. Um administrador precisa saber quando um banco de dados/stap deixa de ser monitorado. Qual alerta pode ajudar ele?
a) inactive stap since -> R
b) inactive managed unit ERR
c) stap configuration change history ERR
d) active staps changed ERR
7. Um administrador está tentando acessar a GUI mas não tem acesso ao admin nem ao accessmgr. O que ele pode fazer?
a) O appliance tem que ser reinstalado ERR
b) ele precisa resetar o accessmgr[...] ERR
c) A IBM pode prover a senha do accessmgr com o paskey -->R
d) quando o appliance é restartado, ele reseta o accessmgr ERR
8. Quando logando em um coletor usando LDAP em qual appliance o processo ocorre[se não me engano, era uma pergunta sobre onde o processo de autenticação era feito.]
a) none, the collector catches the information ERR
b) the collector performing the log-in ERR
c) the authentication broker host ERR
d) o sistema do Central Manager -> R
9. Um administrador encontra problemas ao atualizar o stap, como ele pode resolver isso? [não lembro exatamento o problema enfrentado]
- set ktap_live_update y, ktap enable
- ktap allow modules kombos ->
10. Qual tipo de regra usa regex
a) exception ERR
b) access ERR
c) qualquer regra que faz parte de session-level policy’s ERR
d) extrusion --> R
11. [Um admin precisa melhorar a performance no manejo de politicas pois um coletor está sobrecarregado] (que regra/ação ele deve usar)
a) secutiry-level policy ERR
b) tagging policy rules ERR
c) session-level policy -> R
d) Outlier detection ERR
12. (2 opções) Quais são os dois metodos de ver um mustgather
a) e-mail -> R
b) ibm guardium reports ERR
c) incident manager ERR
d) support information results -> r
e) must gather dashboard ERR
13. (3 opções) por definição os 3 tipos de threat categories identifica [...]
a) Massive revokes ERR
b) login failures ERR
c) Denial of service -->R
d) Unauthorized User ERR
e) OS command injection -->R
f) Cross-site scripting (xss) -->R
https://www.ibm.com/docs/en/guardium/11.1?topic=analytics-threat-descriptions
14. Quais os requisitos para instalar GIM no sistema UNIX
a) Perl 5.8 e 300 MB disk -> R
b) 300 MB disk space Only ERR
c) Java 1.8 (and up) and 300 MB disk space ERR
d) Python 3.9 (and up) and 300 MB disk space ERR
15. Qual comando retorna o Mac address
--> Show network interface inventory
16. Um administrador precisa tornar on o smartcard, qual é o comando correto?
--> store system websmartcard on
17. 3 tipos de erros da exception rule:
-4-> Sql Error, Login Failed, security incident e "timeout error"
18.Porta que realiza a agregação:
--> 22
19. 2 afirmações que correspodem com a função de rastreamento do CAS?
--> The Configuration Auditing System (CAS) tracks and reports changes to the server environment; for example, modified configuration files, environment or registry variables, or other database or operating system components. Auditing includes executable files or scripts that are used by the database management system or the operating system. The data is available on the Guardium® system and can be used for reports and alerts.
20.Na tentativa de instalar o FAM em um ambiente Linux se depara com um erro(obs apenas GIM instalado):
--> Sempre antes de instalar o Fam, deve-se instalar o agent S-tap
FAM instalação -> https://www.ibm.com/docs/en/guardium/10.5?topic=activity-fam-bundle-fails-install
21.Quais são os dois protocolos disponíveis no data Archive, para configuração?
--> SCP e IBM COS, Amazon S3,SFTP, Centera
22.Qual recurso do Guardium ajuda a organizar os reports?
--> Dashboard
23.Quais são os 3 componentes do Sniffer?
--> Parser, analyzer e Logger ou Sniffer engine
24.quaissão os 3 grupos do Risk Spotter?
--> watchlist users, random sampled users e top risks users
25. Quais são os 2 tipos de licenças de appliances no IBM Guardium?
--> Append License Key e Base License Key
26.Um Databse Oracle Rac no Windows Server está usando criptografia.... qual comando é o correto para liberar o tráfego ssl?
--> Ora_Driver_installed=1
27.Qual relatório no Guardium você consegue ver os processos do sensitive data discover?
--> Guardium Job Queue
28.qual patch contem às patches anteriores? verificar o releases notes.
--> GPU
-------------------IBM V11 Sample Test-------------------
1. Which two capabilities does IBM Guardium provide?
A. Endpoint monitoring of user's activities.
B. Monitoring of malicious traffic on the network.
C. Purpose-built tooling for ransomware protection.
D. Heterogeneous support across databases, data warehouses, files, and big data.
E. Single compliance reporting, analytics, and forensics solution for distributed and IBM System Z.
R:D,E
2. An aggregator in a client’s environment is at full capacity. The client does not want to reduce the amount of data that is kept online. What should the client do?
A. Add another aggregator and redirect some collectors to it.
B. Change the collectors' settings to only export SQL and not FULL SQL.
C. Expand the size of the Aggregator using the command grdapi expand_lvm.
D. Export the aggregator's current database and move it to a file server to enable linked queries.
R:A
3. Which agent relies on an additional proxy host in order for the IBM Guardium Collector to monitor traffic?
A. N-TAP
B. S-TAP for IMS on z/OS
C. Guardium Universal Connector
D. File Activity Monitor for NAS
R:D
4. An administrator needs to use Guardium's Distribute Configuration Profiles feature to simplify configuring new MUs. When they try to run the job, it fails with a network error. Which firewall port needs to be open to enable this feature?
A. 3306
B. 8443
C. 8446
D. 8447
R:D
5. On which IBM Guardium appliance is the monitoring policy installed?
A. collector
B. collection node
C. central manager
D. external S-TAP cluster
R:A
6. An organization is concerned about a user inappropriately accessing data in a specific table (EMPLOYEES). How can the IBM Guardium administrator best protect the EMPLOYEES table from the user?
A. Add the user to the Suspicious Users group so that the Risk Analyzer blocks him.
B. Run the Entitlement Optimization function to remove the user's access to the table.
C. Update the guard_tap.ini for the database server's Inspection Engines to include the line db_watch:
D. Add policy rules that apply S-GATE ATTACH every time the user logs in to the database and S-GATE Terminate if the user queries the EMPLOYEES table.
R:D
7. An administrator creates a policy rule that sends information to a SIEM. How do they configure the rule actions?
A. Add a query rewrite action.
B. Add an action to attach the session using S-GATE.
C. Add an alert action with the correct named template for the SIEM.
D. No action is necessary because IBM Guardium sends information to SIEM by default.
R:C
8. An S-TAP has been installed on a Linux database server. However, the inspection engine is not automatically created. How can an IBM Guardium administrator obtain the values to enter as the Inspection Engine parameters?
A. Reinstall a previous version of the inspection engine.
B. Ask the database administrator or manually run S-TAP Discovery.
C. Configure IBM Guardium to retrieve the parameters from the CMDB.
D. Access the database server with an admin user and read from the config file
R:B
9. What is the difference between a scan job and a probe job in Database Auto-discovery?
A. Scan job scans each specified host or hosts in a specified subnet and probe job uses the list of open ports compiled during the latest completed scan only.
B. Scan job determines if database services are running on those ports and probe job uses the list of open ports compiled during the latest completed scan only.
C. Scan job determines if database services are running on those ports and probe job compiles a list of open ports from the list of ports specified for that host.
D. Scan job compiles a list of open ports from the list of ports specified for that host and probe job discovers sensitive data for targeted databases on the server.
R:A
10. In IBM Guardium, which type of policy rule evaluates results of SQL requests?
A. Extrusion
B. Access
C. Exception
D. Session-level
R:A
11. What are the three types of policy rules available to include in an IBM Guardium policy?
A. Access rules
B. Session rules
C. Profile rules
D. Extrusion rules
E. Exception rules
F. Connection rules
R:A,D,E
12. For IBM Guardium environments with up to 3 collectors, which report is the primary source to check inspection core performance?
A. Inspection report B. Unit utilization report
C. Buffer usage monitor report
D. Unit utilization details report
R:C
13. Which two statements are true about Flat Log Requests?
A. Flat log requests are not associated with high traffic.
B. Flat log requests indicate that the sniffer is dropping packets.
C. Flat log requests are not related to analyzer queue overflow issues.
D. Flat log requests do not increase in a system that is working correctly.
E. The Flat log does not receive anything from the buffer, even if the buffer overflows.
R:B,D
14. Which IBM Guardium definition specifies what data is displayed as well as how and where it is displayed?
A. Alert
B. Policy
C. Query-Report
D. Vulnerability Assessment
R:C
15. Runtime parameters enable which two IBM Guardium Query-Report capabilities?
A. S-TAP limiting
B. data mart creation
C. attribute sort order
D. drill-down capability
E. specifying condition parameter values at report runtime
R:D,E
16. What needs to occur in order for an audit workflow to send files to an external server without sending an email and without adding results to the to-do list?
A. Define a dummy receiver.
B. Define an audit process without receivers.
C. Configure cli to allow audit external receivers.
D. Configure a master user to audit the receivers results with accessmgr.
R:B
17. How do Vulnerability Assessments help to harden databases?
A. They suggest remedial actions.
B. They automatically harden the databases.
C. They download the related patch for the database and install it.
D. They change database users' passwords to minimize the risks.
R:A
18. How can an IBM Guardium administrator track the Vulnerability Assessment DPS upload history and see its status?
A. Issue the command show dps.
B. Review in the Health Monitor.
C. Issue the command show VA history.
D. There is no way to track the upload history.
R:A
19. What are two types of CAS templates?
A. Time
B. Database
C. Agentless
D. Configuration
E. Operating System
R:B,E
20. An administrator needs to back-up the audit data from an IBM Guardium collector for the previous day to another location. They need to schedule this operation to run daily. Which operation would fulfill this requirement?
A. Data Import
B. Data Archive
C. Results Export
D. Definitions Export
R:B
21. When the IBM Guardium administrator adds a new inspection engine, the new settings remain for a few minutes and then disappear. What can be the issue in this scenario?
A. There is no connection to the database server.
B. There is an error in the inspection engine parameters.
C. The IBM Guardium system has reached the license limit to be monitored.
D. The IBM Guardium system has reached the Inspection Engine limit that it can handle.
R:B
22. When the IBM Guardium user interface from the system main page is refreshed, the user receives an HTTP 403 error. What can be the root cause in this situation?
A. There is a disk failure on the IBM Guardium appliance.
B. The browser cache has invalid information.
C. There is a network issue between the user and the IBM Guardium appliance.
D. Cross-Site Request Forgery (CSRF) protection is enabled by default.R:D
-------------------PROVA V11 L------------------
1-What IBM Guardium resource helps organize reports that are viewed regularly
A.Dashboard
B.Domain
C.Assessment
D.User Role
R:
2-Which IBM Guardium command checks the progresso f na installation patch?
A.diag
B.show system patch progress
C.show system patch install
D.store system patch install
R:
3-What will happen if na administrator tries to upgrade Windows S-TAP manually (using setup.exe) after it has been installed using GIM?
A.It will be successfully upgraded, but the GIM server will not reconize it. The user interface shows a previous version.
B.It will check the current installation first, and exit before trying the upgrade.
C.It will be successfully upgraded, and it will notify the GIM server.
D.It will fail to upgrade with an error message indicating GIM installation.
R:
4-Which two protocols are available for data archive in IBM Guardium?
A.SMTP
B.IBM COS(Formerly Cleversafe)
C.Microsoft Azure Cloud
D.SCP
E.Windows File Share
R:
5-By default, what are three types of threat categories identified by Active Threat Analytics?
A.Login Failures
B.Cross-site Scripting (XSS)
C.Denial of Service
D.Massive Revokes
E.Unauthorized Users
F.OS Command Injection
R:
6-In the IBM Guardium Vulnerability Assessment, assessments are halted after a test takes more than 30 minutes to execute. In such a scenario Guardium administrator do to re-run the assessment?
A.The admin has to open a ticket for IBM support to fix it.
B.The admin needs to run the Kill VA patch.
C.It will resume as soon as the assessment process comes back online.
D.The admin must re-run the entire assessment again.
R:
7-When planning a new report, how is the domain for the report determined?
A-Determine the data the report will display, then choose the domain that covers this data.
B-Choose an alert for the report, then choose the domain associated with that alert.
C-Determine which users will access the report, then choose a domani that contains the user’ roles.
D-Determine which policies will link to the report, then choose a domain that is linked to the policy.
R:
8-Na administrator needs to turn on smart card authentication. Which command activates this?
A- store system smartcard = true
B- store system network websmartcard on
C- store system websmartcard on
D- store smartcard on
R:
9-What is the difference between instance discovery e database auto-discovery in IBM Guardium?
A-The instance Discovery uses na S-TAP to discover running database instances on the particular server, and database auto-discovery {scans} and probes for open ports on the servers.
B-The instance Discovery finds all virtual machines with open ports information, and the database auto-discovery is na application that {scans and probes} ports on servers
C-The instance Discovery discovers sensitive data for instances on the server, and the database auto-discovery scans and probes {files}
D-The instance Discovery is na application that scans and probes for open ports on the servers, and database auto-discovery discovers {} databases on the server
R:
10-Which policy action will drop a database connection regardless of the state of the IBM Guardium firewall?
A- S-TAP Terminate
B- S-GATE Attach
C- S-GATE Terminate
D- S-TAP Block
R:
11- An IBM Guardium administrator noticed that a UNIX S-TAP could not start. The administrator receives the following erros:
“ The S-TAP cannot start and issues the dollowing message:
mmap: Not enough space
Can’t initialize: can’t mmap buffer file /tmp/stapbuf/*.buf
Error Initializing; Stap cannot initialize SQLGuard queue ”
How can the administrator solve this?
A- Reduce the buffer_file_size parameter.
B- Increase the buffer_reduce parameter.
C- Reduce the dynamic_buffer_increase parameter.
D- Increase the buffer_file_size parameter.
R:
12-Which two report report file formats can be emailed to receivers in Audit Process Builder?
A- DOCX
B- CSV
C- JSON
D- PDF
E- CEF
13-Which three components make up the inspection core?
A- Archive Process
B- Logger
C- Sniffer Engine
D- Purge Process
E- SNMP Engine
F- Analyzer/Parser
R:
14-What are two ways that the Policy Analyzer can be helpful?
A- optimize rule order
B- recommend new rules
C- identify blocked users
D- show high risk users
E- identify frequently fired rules
R:
15-Na IBM Guardium administrator lost the Guardium accessmgr password and cannot log in to the user interface. How should this problem be handled?
A- The Guardium administrator needs to reset the accessmgr password by using the cli.
B- IBM support can provide the accessmgr password When provided a passkey.
C- When the IBM Guardium administrator appliance is restarted. It resets the accessmgr password to default.
D- The IBM Guardium appliance has to be reinstalled when the accessmgr use ris lost.
R:
16- Which enterprise load balancer parameter allows for relocating na S-TAP to a managed unit that has a different policy?
A- EVALUATE_ADDITIONAL_LOAD_INDICATORS
B- ALLOW_POLICY_DIFFERENCE
C- ENABLE_DYNAMIC_POLICY_COLLECTION
D- ALLOW_POLICY_MISMATCH_BETWEEN_APPLIANCES
R:
17- What are the three error types in the exception rule?
A- SESSION_ERROR
B- UNKNOWN_USER
C- SQL_ERROR
D- REDACTION
E- TIMEOUT_ERROR
F- LOGIN_FAILED
R:
18- Which configuration parameter defines the time interval for when the Alerter will check to send messages?
A- time interval
B- poll interval
C- schedule
D- time period
R:B
19- A client needs to be alerted any time there are three authentication erros by the same user within 5 minutes. What type of rule should They implemente to meet the requirement?
A- Exception
B- Log Flat
C- Access
D- Extrusion
R:
20- Which role does a user account require to be able to access na Accelerator in the user interface?
A- cli
B- datasec-exempt
C- admin
D- DataPrivacy
R:
21- How can the report start and and end times be configured?
A- Configure runtime parameters
B- Configure report columns
C- Display options
D- Ad-hoc process for run-once now
R:
22- Which IBM Guardium patch contains the previous patches of all types?
A- Bundle
B- GPU
C- Upgrade
D- Health_Check
R:
23- When configuring an alert to send information to a SIEM, what determines the format of the data sent?
A- the attributes included in the associated report
B- the message template associated with the alert
C- the selection of SNMP, SMTP, or Syslog messages
D- the configuration of the data request packet on the SIEM
R:
24- An IBM Guardium administrator needs to search for sensitive table or column in a relational database. What type of rules should the administrator employ?
A- Search for data
B- Regular expression search
C- Catalog search
D- Search for sensitive data
R:
25- A customer needs a group that consolidates the members of three other groups. These Other groups have periodically changing members, how can this be created?
A- Use the import From query option to populate the group.
B- Create a hierarchical group, then schedule flattening.
C- Use the import From group option to populate the new group with each of the other groups.
D- Create a tuple group.
R:
26- An administrator needs to restore a backup system file in a new collector from another collector with a prior version. What IBM Guardium command should be used to restore the backup?
A- restore db-from-prev-version
B- import backup
C- restore backup
D- restore keystore
R:
27- In IBM Guardium, it is possible to specify one or more secondary Guardium systems when configuring the CAS cliente. In failover mode, CAS tries to reconect to its primary server until the time specified in the configuration is exceeded.
When the reconnecting time has been exceeded, which Guardium system does CAS try to reconnect to?
A- CAS waits for the Guardium administrator to manually switch to another Guardium server.
B- CAS tries to connect to the central manager to get the primary secondary server information.
C- CAS ties to connect to the primary secondary server.
D- CAS begins trying to connect to any of the secondary servers, as well as its primary server.
R:
28- When attempting to installthe FAM bundle on a Linux system, the system responds with the following message:
“-1,GIM – Failure point : dependancy_violation (Dependancy violation (FAM): Missing mandatory dependency – STAP at GIM.pm line 3176, Linux”
Wha tis likely cause of the problem?
A- GIM cannot be used to install the FAM bundle.
B- The Linux platform is unsuported.
C- The STAP bundle must be installed before installing the FAM bundle.
D- FAM and S-TAP cannot be installed on the same server.
R:
29- Which three types of users does IBM Guardium add to the Risk Spotter – Audited Risky Users Group?
A- Watchlist Users
B- Random Sampled Users
C- Top Risky Users
D- Service Account Users
E- Audit Users
F- Administrative Users
R:
30- What are the requirements to install only the GIM agent on a UNIX server?
A- 300 MB disk space only
B- Java 1.8 (and up) and 300 MB disk space
C- Perl 5.8 (and up) and 300 MB disk space
D- Python 3.9 (and up) and 300 MB disk space
R:
31- How can a group be created where each separate member contains multiple attributes?
A- use a hierarchical group
B- create two groups, each with a attribute
C- use a tuple group
D- create a managed unit group
R:
32- An IBM Guardium administrator requires a report showing all load balancer events, activities, and failures. Where can this information be viewed?
A- run the command show load_balance_stap_queue
B- in the S-TAP Event log
C- run the command grdapi get_load_balancer_map
D- in the report Enterprise Load Balancer Events
R:
33- What are the two types of IBM Guardium licence Keys?
A- Policy license key
B- Integration license key
C- Append license key
D- Report license key
E- Base license key
R: C,E