Welcome to download the newest Pass4itsure CBAP dumps:
With the products IBM 000-575 for training and preparation of testing you would not only significantly reduce your fees, but pass your IBM 000-575 exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for IBM 000-575.
QUESTION NO: 21
What is required to use an IBM Tivoli Director/ Integrator (TDI) AssemblyLine as an IBM Tivoli Federated Identity Manager (TFIM) mapping function?
A. The TDI api.remote.on property for the solution must be set to True.
B. The TDI api.remote.on property for the solution must be set to False.
C. The TDI solution directory must be located under the TFIM TDI Mapping directory.
D. The DirectoryIntegratorSTSModule.jar file needs to be copied to the TDI solutions directory.
Answer: A Explanation:
QUESTION NO: 22
A customer would like to give third-party applications scoped access to a protected resource on behalf of the resource owner. What is the appropriate protocol?
A. SAML
B. OAuth
C. Liberty
D. WS-Federation
Answer: B Explanation:
QUESTION NO: 23
What is a registry configuration requirement when used with IBM Tivoli Federated Identity Manager V6.2.2 User Self Care (USC)?
A. IBM WebSphere Application Server (WAS) federated repositories must be used.
B. WAS federated repositories cannot be used.
C. The USC schema extensions must be applied to the managed registry.
D. The managed registry must support WS-Provisioning extensions, and the extensions must be enabled.
Answer: A Explanation:
QUESTION NO: 24
SAML responses passed to destination sites via Browser/POST utilize which form of encoding?
A. ROT13
B. Base64
C. urlencode
D. uuencode
Answer: B Explanation:
QUESTION NO: 25
In reviewing a IBM WebSphere Application Server IBM Tivoli Federated Identity Manager V6.2.2 diagnostic trace, which object type should be examined to determine how successive processing steps act upon the transaction information?
A. STSUniversalUser (STSUU)
B. SPSUniversalUser (SPSUU)
C. SPSUniversalCredential(SPSUC)
D. SSOCommonCredential(SSOCC)
Answer: A Explanation:
QUESTION NO: 26
What is a claim relative to security tokens?
A. Within a security token, it is a statement which establishes that the token was issued by a trusted party.
B. Within a security token, it is a statement which asserts policy governance for a resource such as an application, service endpoint, or other capability.
C. Within a security token, it is a statement which provides information about a resource such as a user identity, an entitlement, an attribute, capability, etc.
D. Within a security token, it is a statement which establishes ownership of or access to a resource such as an application, service endpoint, or other capability.
Answer: C Explanation:
QUESTION NO: 27
What is a correct statement regarding OpenID?
A. It supports a consumer-agnostic Federated Single Sign-On (FSSO) model that allows a relying party to control which OpenID provider(s) it is willing to trust.
B. It supports a user-centric FSSO model that allows a relying party to control which OpenID provider(s) it is willing to trust
C. It supports a user-centric FSSO model that allows an OpenID provider to select which relying parties to trust without creating a formal trust relationship in advance (such as is done with SAML).
D. It supports a provider-agnostic FSSO model that allows an OpenID provider to select which relying parties to trust without creating a formal trust relationship in advance (such as is done with SAML).
Answer: B Explanation:
QUESTION NO: 28
When installing IBM Tivoli Federated Identity Manager V6.2.2, which three point of contact configuration options are available? (Choose three.)
A. JBoss Application Server
B. generic point of contact server
C. Internet Information Services (IIS)
D. Apache Tomcat Application Server
E. IBM WebSphere Application Server
F. IBM Tivoli Access Manager WebSEAL
Answer: B,E,F Explanation:
QUESTION NO: 29
Users of a SAML Single Sign-On federation that was previously operating properly are now experiencing errors. The administrators of both partners insist that no configuration changes have been made. What are two obvious items to check? (Choose two.)
A. The validity period in a partner certificate may have been reset.
B. The subject attribute in a partner certificate may have become invalid.
C. The NotBefore/NotAfter window in a partner certificate may have been exceeded.
D. The partner system clocks may have fallen out of sync beyond the NotBefore/NotOnOrAfter window.
E. The partner system clocks may have fallen out of sync beyond the allowable 30 second SAML tolerance
Answer: C,D Explanation:
QUESTION NO: 30
What is correct regarding cookies received from a browser?
A. The browser determines which cookies to send and includes only the cookie names and values in the request.
B. The browser determines which cookies to send and includes only the cookie names, values, and expiration times in the request.
C. The browser determines which cookies are eligible to send, and then if a Cookies-Requested header is in the previous response from the server, only cookies named in the Cookies-Requested value will be sent. Only the cookie names and values are included in the request.
D. The browser determines which cookies are eligible to send, and then if a Cookies-Requested header is in the previous response from the server, only cookies named in the Cookies-Requested value will be sent. Only the cookie names, values, and expiration times are included in the request.
Answer: A Explanation: QUESTION NO: 31
Which WS-Trust binding issues new tokens, possibly with new proof information, based upon a proven credential provided in a request in a SOAP message?
A. Issue
B. Create
C. Renew
D. Generate
Answer: A Explanation:
QUESTION NO: 32
Assume IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) is installed in a clustered IBM WebSphere Application Server (WAS) environment. What is a concern with WAS TFIM runtime diagnostic trace analysis for Federated Single Sign-On (FSSO)?
A. The Common Audit Service component must be installed.
B. First Failure Data Capture timestamps may not be synchronized across cluster nodes.
C. SAML 2.0 artifact bindings and OpenID may cause diagnostic trace messages for a given FSSO transaction to span trace logs on multiple cluster nodes.
D. SAML 1.1 Browser/POST profile transactions may cause diagnostic trace messages for a given FSSO transaction to span trace logs on multiple cluster nodes.
Answer: C Explanation:
QUESTION NO: 33
What is an OpenID association?
A. a negotiated connection between provider and consumer
B. a required linkage between the claimed identifier and stateless user site
C. an optional URL/XRI string provided by the user established with the external site
D. a shared secret between a relying party and OpenID provider used to verify protocol messages and reduce round trips
Answer: D Explanation:
QUESTION NO: 34
What is the cryptographic requirement when configuring IBM Tivoli Federated Identity Manager V6.2.2 for Information Card support?
A. Information Card uses SHA-384 hashes. This means that the Java security file java.security must be edited to include the option sha.options = SHA2, 384.
B. The encryption used by Information Card is AES/CBC with PKCS5Padding.This means that the Java security file java.security must be edited to include the option aes.options=CBC, pkcss Pad.
C. The encryption used by Information Card is DESede/ECB with PKCS5Padding. This means that the Java security file java.security must be edited to include the option des.options=EDE, pkcss Pad.
D. The encryption algorithms used by Information Card require strong cryptographic library support. This means that a replacement is needed for the default Java security files local_policy.jar and US_export_policyjar.
Answer: D Explanation:
QUESTION NO: 35
A SAML 1.1 identity provider federation has been created in IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) and a service provider partner from XYZZY Corporation must be added. The partner includes the following information:
Provider ID: XYZZY SAML SP
Assertion Consumer Service (ACS) Endpoint: https://sp.xyzzycorp.com/apps/plugh/saml
Which statement is correct regarding these values?
A. These values may be used directly in the TFIM partner configuration.
B. Because Provider IDs must be domain names, the partner must supply a Provider ID value of sp.xyzzycorp.com.
C. Because Provider IDs must be single word identifiers, the partner must supply a different value which meets this requirement.
D. Because Provider IDs must be URLs, the partner must supply a Provider ID value which matches the context root of the Assertion Consumer Service endpoint.
Answer: A Explanation:
QUESTION NO: 36
The IBM Tivoli Federated Identity Manager V6.2.2 provisioning service supports which WS- Provisioning operations?
A. notify, subscribe, unsubscribe
B. provision, deprovision, cancelRequest
C. createAccount, restoreAccount,deleteAccount
D. requestAccount,deprovisionAccount, changePassword
Answer: B Explanation:
QUESTION NO: 37
A corporate intranet supports single sign-on (SSO) for internally facing Web applications accessed by employees. The company also has an external facing product support site used by customers, business partners, and company employees. Employee IDs are maintained in a user registry which is separate from the user registry for the support site. To use the support site, employees must register in the same manner other users do.
The customer has chosen to use IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) to provide SSO for employees between the intranet and the external facing support site so that an intranet SSO login can be leveraged for support site access. How can this capability be provided?
A. SAML 2.0 using persistent Name Identifiers can be used along with the TFIM Name Identifier Linking Service to link intranet and support accounts for employees. The intranet TFIM can be configured as an identity provider (IdP) in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 service provider (SP).
B. SAML 2.0 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.
C. SAML 1.1 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 1.1 federation, and the support site TFIM can be configured as a SAML 1.1 SP.
D. SAML 2.0 using persistent Consent Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.
Answer: B Explanation:
QUESTION NO: 38
Using IBM Tivoli Federated Identity Manager V6.2.2 as an OpenID provider (OP), an error is being reported indicating that a required attribute is missing. What might be the problem?
A. The relying party (RP) may have not included the attribute in the encoded attribute request object sent to the OP AX endpoint, and it was not included in the response.
B. The OP may have not supplied a value for the attribute in the encoded attribute response list sent to the RP attribute exchange (AX) endpoint.
C. A required attribute may have been solicited via Simple Registration (SREG) in the initial request POSTed to the OP login endpoint, and the OP mapping rule/function did not supply a value.
D. A required attribute may have been solicited via SREG in the initial request POSTed to the RP login endpoint, and the OP mapping rule/function did not supply a value.
Answer: D Explanation:
QUESTION NO: 39
Which mechanism does IBM Tivoli Federated Identity Manager V6.2.2 provide for supporting configuration of a custom module?
A. Java Properties class
B. User Interface using GUIXML
C. XSLT-based configuration file
D. Java Class Loader abstraction
Answer: B Explanation:
QUESTION NO: 40
Which IBM Tivoli Access Manager for e-Business component is always required when deploying WebSEAL as an IBM Tivoli Federated Identity Manager V6.2.2 point of contact?
A. NetSEAL
B. Policy Server (pdmgrd)
C. Web Portal Manager (wpm)
D. Authorization Server (pdacld)
Answer: B Explanation:
QUESTION NO: 41
A partner, in the context of Federated Single Sign-On, is a participating entity in a federated relationship which operates in the role of what?
A. a Trusted Provider
B. a Service Provider (SP)
C. the Identity Provider (IdP)
D. either an IdP or a SP
Answer: D Explanation:
QUESTION NO: 42
With regard to the SAML standards, which statement describes an assertion?
A. A piece of data produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to a specified resource.
B. A signed and encrypted token produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to a specified resource.
C. A SOAP message containing an artifact produced by a SAML authority regarding either an act of authentication performed on a subject, attribute information about the subject, or authorization permissions applying to the subject with respect to a specified resource.
D. A SOAP message containing an artifact produced by a SAML identity provider regarding either an act of authentication performed on a user, attribute information about the user, or authorization
permissions applying to the user with respect to a specified application.
Answer: A Explanation:
QUESTION NO: 43
Which two deployment scenarios are supported by Web Services Security Management? (Choose two.)
A. surrogation
B. authorization
C. validation of token types
D. conversion of token types
E. authentication and authorization
Answer: D,E Explanation:
QUESTION NO: 44
WebSEAL is used as the Single Sign-On point of contact for an IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) SAML 1.1 identity provider (IdP) configuration using Browser/Artifact with the service provider (SP). What is the action order in an IBM WebSphere Application Server diagnostic trace of the TFIM IdP when an inter-site transfer service request is received?
1.
Run the SAML token creation Security Token Service (STS) module to produce the assertion.
2.
Generate the artifact.
3.
Run the appropriate mapping function for the federation partnership against the STS Universal User (STSUU) object.
4.
Redirect the user to the SP Attribute Retrieval Service.
A. 3, 1, 4, 2
B. 2, 1, 3, 4
C. 3, 1, 2, 4
D. 2, 3, 1, 4
Answer: C
QUESTION NO: 45
What are the four core elements defined by the SAML 1.1 and SAML 2.0 standards?
A. assertions, bindings, profiles, protocols
B. assertions, subjects, profiles, protocols
C. assertions, bindings, attributes, protocols
D. subjects, attributes, protocols, authentication responses
Answer: A Explanation:
QUESTION NO: 46
Which IBM WebSphere Application Server (WAS) security properties must be configured so WAS can be used as an IBM Tivoli Federated Identity Manager V6.2.2 point of contact?
A. Application and container security are enabled
B. Application and JEE/J2EE security are enabled; Single Sign-On (SSO) is disabled
C. Server and cluster security are enabled; SSO (LTPA Token) are enabled
D. Application and administration security are enabled; SSO (LTPA Cookie) is enabled
Answer: D Explanation:
QUESTION NO: 47
Which component(s) of IBM Tivoli Federated Identity Manager V6.2.2 are compliant with the WS- Trust standard?
A. Secure Token Service (STS)
B. STS, Security Token Service Universal User (STSUU)
C. STS, WS-Trust Web Service Description Language (WSDL)
D. STS, WS-Trust WSDL, STSUU
Answer: A QUESTION NO: 48
Which component is included with IBM Tivoli Federated Identity Manager V6.2.2 for auditing data?
A. QRadar
B. IBM Cognos Server
C. Common Audit Service
D. Common Event Service
Answer: C Explanation:
QUESTION NO: 49
When performing an IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) deployment operation after creating a domain, this error is seen:
FBTCON137E: An error occurred during the deployment operation.
What is a possible cause of this error message and what action should be taken to address it?
A. This message is a generic description of any deployment failure and can be received even
when the operation is successful but the operation took longer than the specified SOAP request
timeout value.
To validate the deployment, perform these steps:
1.
Close the Runtime Node Management panel.
2.
Open the Runtime Node Management panel.
If the TFIM Runtime shows as deployed with a check mark in the status column proceed to
configuring the Runtime.
B. This message is a generic description of any deployment failure and can be received even
when the operation is successful but the operation took longer than the specified JSON-RPC
request timeout value.
To validate the deployment, perform these steps:
1.
Close the Runtime Node Management panel.
2.
Open the Runtime Node Management panel.
If the TFIM Runtime shows as deployed with a check mark in the status column proceed to
configuring the Runtime.
C. This message is related to the domain being created before the TFIM Runtime was configured.
To correct, perform these steps:
1.
Close the Runtime Node Management panel.
2.
Configure the Runtime.
3.
Open the Runtime Node Management panel.
4.
Perform the Deploy operation again.
D. This message is related to the domain being created before the TFIM Management Service
was started.
To correct, perform these steps:
1.
Close the Runtime Node Management panel.
2.
Start the Management Service.
3.
Open the Runtime Node Management panel.
4.
Perform the Deploy operation again.
Answer: A Explanation:
QUESTION NO: 50
Which additional configuration step must be done after creating a federation when using WebSEAL as the point of contact?
A. Run the wsconfig utility. This creates a WebSEAL virtual host junction to the federation endpoint and updates IBM Tivoli Access Manager (TAM) ACLs against federation endpoints.
B. Run the tfimcfg utility. This updates the WebSEAL configuration to support the specific federation being created, and it updates TAM ACLs against federation endpoints.
C. Run the wsconfig utility. This creates a WebSEAL transparent junction to the federation endpoint, adds an EAI trigger to the WebSEAL configuration to support the specific federation being created, and updates TAM ACLs against federation endpoints.
D. Run the tfimcfg utility. This creates a WebSEAL transparent path junction to the federation endpoint, adds an EAI trigger to the WebSEAL configuration to support the specific federation being created, and updates TAM ACLs against federation endpoints.
Answer: B Explanation:
QUESTION NO: 51
Consider this HTTP protocol response:
HTTP/1.1 302 Found
Location: https://www.jkenterprises.com/xyzzy.html
How will the browser respond?
A. The browser will issue an HTTP PUT to the URL specified by Location.
B. The browser will issue an HTTP GET to the URL specified by Location.
C. The browser will issue an HTTP POST to the URL specified by Location.
D. The browser will open a new window containing the content specified by Location.
Answer: B Explanation:
QUESTION NO: 52
What is an XSLT template?
A. It is a defined set of XSL rules executed against a collection of relational elements based on a pattern match, and may be called by other templates, which may pass input parameters by name.
B. It is a defined set of XSL rules executed against a collection of tree structured nodes in the input based on a pattern match, and maybe called by other templates, which may pass input parameters by name.
C. It is a defined set of XSL rules executed against a serialized list of input elements based on a pattern match, and may be called by other templates. Input parameters are passed by inference rather than explicitly.
D. It is a defined set of XSL rules executed against a collection of tree structured nodes based on a pattern match, and may be called by other templates. Input parameters are passed by inference rather than explicitly.
Answer: B Explanation:
QUESTION NO: 53
The Web Services Security Management component will be added to an existing IBM Tivoli Federated Identity Manager installation using WebSEAL as a point of contact for Federated Single Sign-On. What other additional components are also required?
A. IBM HTTP Server must be installed.
B. No other additional components are required.
C. IBM Tivoli Identity Manager must be installed.
D. IBM WebSphere Application Server network deployment version must be installed.
Answer: B Explanation:
QUESTION NO: 54
What are the roles defined by OAuth 2.0?
A. Client application, resource owner, resource server
B. User, client application, resource owner, resource server
C. User, resource owner, resource server, authorization server
D. Client application, resource owner, resource server, authorization server
Answer: D Explanation:
QUESTION NO: 55
Which two configuration types are available for use with the Alias Service? (Choose two.)
A. XML
B. LDAP
C. Active Directory
D. JDBC provider and data source
E. ODBC provider and data source
Answer: B,D Explanation:
QUESTION NO: 56
Using a browser traffic capture tool, a capture of the HTTP interactions between Internet Explorer and a federation endpoint was recorded. The IBM Tivoli Federated Identity Manager V6.2.2 deployment was configured with WebSEAL as the point of contact server. When looking through the trace, which cookie indicates that a session has been established with IBM Tivoli Access Manager?
Flydumps offers IBM 000-575 exam,the most comprehensive training exam with full of wonderful concepts and learning skills. The training tools on the site Flydumps.com prepares you with the same questions and answers for IBM 000-575 from the test center.You may have seen our products.Without hesitate to procure our products. Because it is the best choice for you and even for your career in the future. We promise you 100% pass guarantee.
Welcome to download the newest Pass4itsure CBAP dumps: https://www.pass4itsure.com/cbap.html
IBM 000-575 Study Material, Download IBM 000-575 PDF Is Your Best Choice