NEW QUESTION 1
A Guardium administrator needs to build new appliances with the latest version of Guardium. How should the administrator obtain the ISO image?

• A. Contact IBM Support.
• B. Download from ibm.com
• C. Download from IBM Fix Central.
• D. Download from IBM Passport Advantage.

Answer: D

NEW QUESTION 2
During a Guardium deployment planning meeting, a database administrator indicated that the mission critical databases were clustered. How should the Guardium administrator handle S-TAP installation and configuration with respect to clustered databases?

• A. Install S-TAP agents on all active node
• B. Set ALL_CAN_CONTROL=l to failover the S-TAP process to the passive nodes when a database failover occurs.
• C. install S-TAP agents on all active nodes Set WAIT_FOR_DB_EXEC=-l to set the agent process to failover to the passive node when a database failover occurs.
• D. Install S-TAP agents on all active and passive node
• E. Set ALL_CAN_CONTROL=0 to disable all passive nodes until a database failover occurs.
• F. Install S-TAP agents on all active and passive nodes: Set WAIT_FOR_DB_EXEC>0 on all nodes to start S-TAP processes without waiting for a correct DB home.

Answer: A

NEW QUESTION 3
During a Guardium deployment planning meeting, the team decides to deploy all S-TAP agents on all Unix/Linux database systems. A Unix/Linux system administrator team manager asks a Guardium administrator if there are any differences between Guardium S-TAPs for AIX and Linux systems that the team should be aware of.
What should be the Guardium administrator's response?

• A. A-TAP is required on all AIX DB Servers.
• B. a server reboot is required to capture shared memory traffic from all databases on AIX.
• C. K-TAP is required on the AIX DB server
• D. The exact uname -a output is required to determine the correct K-TAP module for the server.
• E. K-TAP is required on the Linux DB server
• F. The exact uname -a output is required to determine the correct K-TAP module for the server.

Answer: B

NEW QUESTION 4
An administrator just installed the Guardium product using the Guardium ISO image. Which step must the administrator perform as part of the initial set-up of the new appliance?

• A. Generate the GUI certificate request.
• B. Configure network settings on the appliance.
• C. Restart the sniffer process from the CLI command prompt.
• D. Obtain the passwords for the databases to be monitored by the appliance.

Answer: B

NEW QUESTION 5
During the initial phase of the Guardium deployment, the Guardium administrator wants to figure out an ideal time period to purge data from the appliance based on the data load.
Which predefined Guardium report(s) allows the administrator to determine the current database disk usage of the Guardium Appliance?

• A. Disk UtiI report
• B. Aggregation/Archive log
• C. DB Server throughput report
• D. Buff Usage Monitor and System Monitor reports

Answer: D

NEW QUESTION 6
A Guardium administrator handles a large environment and has been asked to restore old data for auditors to review. This old data needs to be restored so that it does not impact the current data being collected or any merge settings. In order to keep the reports separate (old datavs current data), the administrator sets up an Investigation Center.
Which is a key requirement for users of the Investigation Center?

• A. The user must be in one of the groups INV_l, INV_2, or INV_3 (case-sensitive).
• B. The users must login as one of the predefined user accounts INV_l, INV_2, orlNV_3 (case-sensitive).
• C. A separate user must be used with a role of either INV_l, INV_2, or INV_3 (case-sensitive).
• D. To correctly configure an investigation user, the user's Last Name must be set to the name of one of the three investigation databases, INV_l, INV_2, or INV_3 (case-sensitive).

Answer: D

NEW QUESTION 7
A Guardium administrator needs to monitor an Oracle database on a production database server.
Which component does the administrator need to install on this database server that will monitor the traffic?

• A. S-TAP
• B. Guardium Collector
• C. Guardium Installation Manager (GIM)
• D. Configuration Auditing System (CAS)

Answer: D

NEW QUESTION 8
A Guardium administrator must configure real time policy alerts to be sent to a remote SIEM for every SQL statement run on a sensitive object. There is no requirement for the data to be viewed or reported on in the Guardium appliance.
Which policy action would achieve that task and store the least amount of data in the Guardium internal database?

• A. Log Only
• B. Alert Only
• C. Alert Daily
• D. Alert Per Match

Answer: C

NEW QUESTION 9
A Guardium administrator observes certain changes to the configuration and policies. How would the administrator identify the changes that were made and who made them?

• A. Review the Audit Process Log report.
• B. Review the sniffer buffer usage report.
• C. Review the /var/log/messages log file.
• D. Review the results of 'Detailed Guardium User Activity' report.

Answer: D

NEW QUESTION 10
While looking at the S-TAP Status report on a Collector, a Guardium administrator notices that the status of the S-TAPs is changing every few minutes. The administrator suspects that the sniffer is restarting every few minutes and that is why the status change is happening.
How can the Guardium administrator confirm if the sniffer is restarting every few minutes?

• A. Review the Audit Process Log for 'Sniffer stopped' message.
• B. Review the Aggregation/Archive Log for 'Sniffer is restarting message.
• C. Review the Scheduled Jobs Exceptions for 'Sniffer process failed' message.
• D. Review the Buff Usage Monitor for the column TID to see if it changed every few minutes.

Answer: D

NEW QUESTION 11
A Guardium administrator has rebuilt an appliance, and wants nowto restore a backup image of the entire database, audit data, and all definitions from Data backup.Which CLI command should the administrator use to accomplish this?

• A. restore config
• B. restore system
• C. restore pre-patch-backup
• D. restore certificate sniffer backup

Answer: B

NEW QUESTION 12
A Guardium administrator needs to install and configure a physical appliance to ensure network redundancy. Which port should the administrator use to configure IP teaming (bonding)?

• A. ethl only
• B. eth2 only
• C. eth3 only
• D. any port

Answer: D

NEW QUESTION 13
A Guardium administrator manages an environment containing four standalone Collectors. The administrator has been asked to provide a weekly report showing all Data Manipulation Language (DML) SQL statements performed by all database administrators on all databases. The administrator does not want to run the report on each Collector. What should the administrator do to simplify this task and run the report in only one place every week?

• A. Replace the 4 Collectors with one Aggregator.
• B. Create an Enterprise Report on one Collector combining the data.
• C. Add a Guardium Aggregator to the environmen
• D. Create and run the report on the Aggregator.
• E. install a Configuration Auditing System (CAS) on each Database Serve
• F. Configure the CAS Client to send data to a Collecto
• G. Create and run the report on the Collector.

Answer: C

NEW QUESTION 14
Guardium reports are showing multiple records with client ip as 0.0.0.0. Users are unable to identify which client the connections came from. The Guardium administrator has identified that the databases are using encryption.
Which column can the administrator add that would help users to better identify the client?

• A. Client OS
• B. Client MAC
• C. Access ID
• D. Analyzed Client IP

Answer: B

NEW QUESTION 15
A Guardium administrator noticed that while the data activity monitoring is working fine, the Guardium appliance is slower than usual. The administrator wants to check the current CPU load of the Guardium appliance.
Which predefined Guardium report(s) allows the administrator to determine the current system CPU load of the Guardium Appliance?

• A. CPU Util report
• B. CPU Tracker report
• C. Unit summary and CPU Util report
• D. Buff Usage Monitor and System monitor report

Answer: D

NEW QUESTION 16
In a centrally managed environment, while executing the report 'Enterprise Buffer Usage Monitor', a Guardium administrator gets an empty report. Why is the report empty?

• A. Sniffers are not running on the Collectors.
• B. The report is not executed with a remote source on the Collector.
• C. The report is not executed with a remote source on the Aggregator.
• D. Correct custom table upload is not scheduled on the Central Manager.

Answer: C

NEW QUESTION 17
An administrator has a new standalone Guardium appliance that will be placed into production next week. The appliance will monitor traffic from a number of databases with a high volume of traffic. The administrator needs to configure the schedule to ensure the appliance internal database does not get full with incoming data.
Which data management function does the administrator need to configure?

• A. Purge
• B. Data Export
• C. Data Restore
• D. System Backup

Answer: A

NEW QUESTION 18
A Guardium administrator is planning to build an environment that contains an S-TAP with one primary Collector and one failover Collector. What must the administrator ensure when setting up this environment?

• A. Both Collectors are centrally managed.
• B. There is network connectivity between the S-TAP and both Collectors.
• C. Guardium Installation Manager (GIM) is installed on the Database Server.
• D. in the guard_tap.ini file of the S-TAP set participate_in_load_balancing=l

Answer: B

NEW QUESTION 19
A Guardium policy has been configured with the following two rules:

A Guardium administrator is required to check for SQL statements from client IP 9.4.5.6 executed on object "TABLET.
What domain(s) can the administrator create a report in to see the SQL?

• A. Access
• B. Policy Violations
• C. Access and Access Policy
• D. Access and Policy Violations

Answer: A

NEW QUESTION 20
Which port must be open for encrypted communication between UNIX S-TAP and Collector?

• A. 9500
• B. l60l6
• C. l60l7
• D. l60l8

Answer: D

NEW QUESTION 21
A Guardium administrator is preparing commands to install or upgrade an S-TAP using the command line method. Which operating system can use the ktap_allow_module_combos parameter for the installation and upgrade?

• A. AIX
• B. Linux
• C. Solaris
• D. HP-UX

Answer: B

NEW QUESTION 22
A Guardium administrator is using the Classification, Entitlement and Vulnerability assessment features of the product. Which of the following are correct with regards to these features? (Select two.)

• A. Vulnerability Assessment reports are populated to the Guardium appliance via S-TAP.
• B. Classification for databases and files use the same mechanisms and patterns to search for sensitive data.
• C. Entitlement reports are predefined database privilege reports and are populated to the Guardium appliance via S-TAP.
• D. Vulnerability Assessment identifies and helps correct security vulnerabilities and threats in the database infrastructures.
• E. The classification feature discovers sensitive assets including credit card numbers or national card numbers from various data sources.

Answer: DE

NEW QUESTION 23
A Guardium administrator has an issue with Guardium. The administrator has not seen this particular issue before and needs to get it fixed. To get this resolved, what should the administrator do?

• A. Log a PMR and request an answer from IBM Support.
• B. Log a PMR so IBM Support can contact the custome
• C. Then, while waiting, do a search of the Guardium Knowledge Center and Technotes for known issues and resolutions.
• D. Request IBM Support to initiate a remote session and collect what they need to resolve the issue.
• E. Search Guardium Knowledge Center and Technotes for known issues and resolution
• F. Then, if still needed, collect must_gather information and full problem details required for a new PMR so that IBM Support can review the Problem before contacting the customer.

Answer: D

NEW QUESTION 24
The Quick Search window does not show up on the GUI of a standalone Collector What technical feature should the Guardium administrator check first?

• A. That the Collector has at least 24 GB.
• B. That the Collector has at least 32 GB.
• C. That the Collector has at least 64 GB.
• D. Check the contract and verify whether that feature was purchased.

Answer: A

NEW QUESTION 25
......