1. IBM 000-013
Applying Fundamentals of Enterprise Solutions
Using IBM
97 Q&A
Version : I9.0
www.CertifyMe.com
2.
1. In security solution design development, when do you document the business and IT organizational
structure map?
A.when establishing the customer's baseline for planning purposes
B.when identifying opportunities for business partner security offerings
C.when evaluating the customer's IT processes, people and technologies
D.when defining a long-term vision for the future direction of the customer's security solutions
Answer: A
2. Which specification has completed the OASIS standardization process as of July, 2008?
A.WS-Policy
B.WS-Security
C.WS-Federation
D.WS-SecureConversation
Answer: B
3. A current IBM Tivoli security customer is very satisfied with their current IBM Tivoli Identity Manager
(ITIM) and IBM Tivoli Access Manager (ITAM) implementations. The customer has benefited greatly from
the user management and provisioning, authentication, authorization and Web single sign-on processes
now in place.
The customer sees the value of Web services and wants to leverage their business partnerships to greatly
expand their online services, for a relatively small investment. They are expecting that their existing ITIM
and ITAM investments can simply be stretched to include these business-to-business (B2B) flows.
IBM Tivoli Federated Identity Manager should be added to this scenario to address which security
requirement?
A.the blocking of threats that might otherwise cross enterprise boundaries
B.the handling of potentially millions of users, which neither ITIM nor ITAM was built to address
C.the integration with firewalls that control security between any two businesses involved in these B2B
flows
D.the handling of multiple types of standards-based protocols and user tokens that need to be passed
between participating businesses
www.CertifyMe.com
3.
Answer: D
4. Which network client software collects policy data from collectors and summarizes this data to provide its
version information and the number of policy violations that form the posture credentials to the CISCO Trust
Agent client software?
A.CISCO Access Control Server
B.CISCO Trust Agent running on the network client system
C.Remediation Manager client running on the network client system
D.Tivoli Security Compliance Manager client running on the network client system
Answer: D
5. Which tasks need to be accomplished during an initial meeting with the customer when reviewing a
company organizational chart?
A.determine the products to be used and provide Proof of Concept of the products in the solution
B.document the key players and their roles and provide Proof of Concept of the products in the solution
C.identify key decision makers and determine the products to be used
D.identify key decision makers and document the key players and their roles
Answer: D
6. Which tasks need to be accomplished during an initial meeting with the customer when reviewing a
company organizational chart?
A.identify key decision makers and document the key players and their roles
B.identify key decision makers and provide a detailed analysis of the current customer configuration
C.determine which products are to be used and document the key players and their roles
D.determine which products are to be used and identify key decision makers
Answer: A
7. You meet with the customer and compile the following list concerning security:
- customers business requirements
www.CertifyMe.com
4.
- immediate business/security needs
- customers long-term business/security vision
- customers stated security requirements
What should also be included in this list?
A.list of products to be deployed
B.government security standards
C.existing change control processes
D.companys complete organizational chart
Answer: B
8. In order to correctly understand the data protection requirements, which two groups of people must be
interviewed? (Choose two.)
A.all managers
B.IT department personnel
C.Business Unit management
D.Legal department personnel
E.Human Resource department
Answer: CD
9. Which two business goals are accomplished through the implementation of a successful automated
security management process? (Choose two.)
A.increase data availability
B.increase data duplication
C.reduce impact of threats
D.eliminate any risk of frauds
E.reduce Total Cost of Ownership (TCO) for account management
Answer: CE
10. What needs to be defined for the Identity Management aspect of a Security Solution?
A.processes
www.CertifyMe.com
5.
B.driver's licenses
C.password selection
D.employee pay bands
Answer: A
11. What is the purpose of the context diagram for a security solution?
A.It provides a detailed listing of the software used in the solution and how the software is connected.
B.It provides a detailed listing of the hardware used in the solution and how the hardware is connected.
C.It scopes the security system's responsibilities and provides a black box view of the system interface.
D.It provides a listing of the hardware and software used in the system and how they are interconnected.
Answer: C
12. Who must approve a requirements specification?
A.the customer and the sales team
B.the customer and the implementation team
C.the implementation team and the sales team
D.the implementation team and the product support team
Answer: B
13. Which document describes what needs to be addressed in a security solution for a customer?
A.Installation History
B.Design Specification
C.Interface Specification
D.Requirements Specification
Answer: D
14. Business Rules catalogs are effective in gathering requirements for what items?
A.user registry layout
B.password strength policies
C.user interaction with the system
www.CertifyMe.com
6.
D.administrator interaction with the system
Answer: B
15. A customer has resources being managed in different facilities.
When configuring a security solution, what is the most important element to consider in the design of the
system?
A.use of a fiber optic backbone
B.the encryption protocol to be used
C.location of firewalls in the internal network
D.the time zone in which each facility is located
Answer: C
16. What is the most common impediment to designing an automated security solution?
A.an unreliable connection to remote systems
B.too many firewalls between managed systems
C.an application interface that is unavailable on managed systems
D.nonstandard encryption protocols used for secure communications
Answer: C
17. Which programming languages need to be available to manage an unsupported operating system with
an IBM Tivoli Identity Manager adapter?
A.Java and C
B.Cobol and REXX
C.C++ and Javascript
D.Visual Basic and C#
Answer: A
18. The following information is important when creating a diagram of a customers organization:
- divisions
- location(s) / geographical information
www.CertifyMe.com
7.
- reporting chains
What additional information is important to have when creating this diagram?
A.business units
B.email addresses
C.Help Desk functions
D.whether or not the customer has a dedicated operations center
Answer: A
19. What information is needed when creating a document concerning a customer's IT and business
organizational structure? (Choose two.)
A.number of business units
B.annual expenditure on IT assets
C.number of employees in IT organization
D.list of divisions within the IT department
E.total number of systems used by the company
Answer: AD
20. What is the objective of documenting the business and IT organizational structure of a company?
A.It helps the solution advisor identify the number of products that need to be deployed.
B.This step is essential to identify key areas of the business processes that relate to security.
C.It indicates the approximate number of licenses required for each product the company purchases.
D.The business organizational structure must match certain specifications for the product to be usable.
Answer: B
21. A good user management process includes the following tasks:
- receive new user identity requests
- receive requests for changes to user identities
- use access policies to evaluate requests
- gather approvals
- place users in groups
www.CertifyMe.com
8.
- update accounts
- synchronize passwords
Which additional step is essential in a good user management process?
A.back up directory information
B.check that existing accounts are valid
C.verify user management process ownership
D.grant or block access to programs, based on access policy
Answer: B
22. After a number of interviews with various customer personnel, the term "user productivity logon and
transaction experience" comes up as a business process. Other than the word "logon", the description does
not provide much insight into how this process relates to security.
Which list of security (and related) elements relate most strongly to this customer business process?
A.firewall, filtering router, intrusion detection
B.SSL acceleration, content filtering, pop-up blockers
C.single sign-on, personalization, scalability, availability
D.identification, public-key infrastructure, multi-factor authentication
Answer: C
23. Which security capability is most strongly associated with the customer business process "deployment
of new or updated application initiatives"?
A.firewalls, because they protect the deployed applications from attack
B.PKI, because it makes it easy to drive single sign-on to the deployed applications
C.compliance management, because it guarantees the application will be running in a safe environment
D.callable authentication and access services, because they eliminate the need to include authentication
and access code in the applications
Answer: D
24. In describing their business processes, the customer provides the following aspects of
"audit/compliance":
www.CertifyMe.com
9.
1. Physical building access security
2. Security of servers
3. Security of desktops
4. Audit of user identities/accounts
5. Audit of access control (policy and actuals)
6. Audit of security of business partners
7. Revoke compromised certificates
From this list, what can be addressed by IBM Tivoli security solutions?
A.2, 3, 5, 7
B.2, 3, 4, 5
C.2, 3, 4, 6
D.4, 5, 6, 7
Answer: B
25. For single sign-on (SSO), a customer has only a Web SSO solution in place.
Given this information, what can you conclude in your gap analysis?
A.Their SSO requirement is satisfied, as no one ever does SSO to non-Web based applications.
B.They need a provisioning solution, because customers who have Web SSO require a provisioning
solution as well.
C.There is a gap related to their SSO requirements being met, as they are not yet addressing client-server
or host applications that are not Web based.
D.They ought to remove the Web SSO solution, in favor of a PKI solution, since PKI solutions have the
capability of providing comprehensive SSO.
Answer: C
26. Which statement is true about "new initiative deployment"?
A.New initiatives typically involve advanced authentication, and advanced authentication must be properly
provisioned.
B.New initiatives are typically coded in Java, .NET or C++, and each of these requires a tool that measures
security compliance.
www.CertifyMe.com
10.
C.All new initiatives require a service-oriented architecture (SOA), and SOA standards demand that a
security component be present.
D.When you deploy new applications, you can get them coded, tested and updated more quickly if you use
an authentication and authorization solution that avoids coding security into the application.
Answer: D
27. A customer shows a good level of maturity regarding IT security compliance when they understand two
essential elements as a basis for achieving and demonstrating compliance. One element is a security policy
that clearly states goals.
What is the second essential element?
A.audit
B.workflow
C.data integrity
D.administration
Answer: A
28. You are examining a customers IT process maturity as it relates to security. You find that the customer
has privacy statements on their websites. It appears that only manual processes support these privacy
statements.
Which process change do you recommend that provides support for the customers privacy statement?
A.They need to back up their privacy statements with purpose-based, fine-grained authorization at a data
level.
B.They need to address encryption of data, in order to keep it private, both while stored on disk and while in
transit.
C.They need to back up their privacy statements with server and desktop compliance tools to ensure they
meet their privacy goals.
D.They do not need to make a change since they are making statements to their customers regarding their
position regarding privacy.
Answer: A
www.CertifyMe.com
11. Pass Your Exam at First Attempt with 100% Pass Guarantee
Buy Full Version of 000-013 Exam
at
http://www.certifyme.com/000-013.htm