000 020

http://www.TwPass.com

000-020

IBM

IBM Tivoli Access Manager for Enterprise Single Sign-On V8.0.1

Implementation

http://www.twpass.com/twpass.com/exam.aspx?eCode= 000-020

The 000-020 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 000-020 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently.

The 000-020 exam is very challenging, but with our 000-020 questions and answers practice exam, you can feel confident in obtaining your success on the 000-020 exam on your FIRST TRY!

IBM 000-020 Exam Features

- Detailed questions and answers for 000-020 exam

- Try a demo before buying any IBM exam

- 000-020 questions and answers, updated regularly

- Verified 000-020 answers by Experts and bear almost 100% accuracy

- 000-020 tested and verified before publishing

- 000-020 exam questions with exhibits

- 000-020 same questions as real exam with multiple choice options

Acquiring IBM certifications are becoming a huge task in the field of I.T. More over these exams like 000-020 exam are now continuously updating and accepting this challenge is itself a task.

This 000-020 test is an important part of IBM certifications. We have the resources to prepare you for this. The 000-020 exam is essential and core part of IBM certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 000-020 Test and save time and money while developing your skills to pass your IBM 000-020 Exam? Let us help you climb that ladder of success and pass your 000-020 now!

000-020

QUESTION:

1

An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on solution to help address security and productivity issues Per their corporate security policy, the organization has detailed requirements related to password management for their enterprise applications Which password requirements need to be captured? A: details related to application user ID requirements B: policy requirements related to the number of applications that a user can access C: policy requirements for application and user initiated password resets and password complexity D: do nothing as password policy requirements are best addressed within the application space rather than in an Enterprise Single Sign-On project

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=1

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

2

Which operator allows specification of a case-sensitive regular expression comparison for attributes in an AccessProfile signature? A: Tilde (~) B: Hash (#) C: Equals (=) D:

Asterisk (*)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=2

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

3

What are the directory details of Relational Database backup files created by IBM Tivoli

Access Manager for Enterprise Single Sign-On V801 housekeeping? A: The directory must exist with one subdirectory (general) B: The directory must exist with two subdirectories

(daily, weekly) C: The directory must exist with three subdirectories (daily, weekly, monthly)

D: The directory must exist with four subdirectories (general, daily, weekly, monthly)

2

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=3

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

4

System, machine, and user policies can be configured though AccessAdmin How are changes

synchronized with the AccessAgent? A: written by the Administrators on the INI files B: propagated only with the Active Directory network service C: propagated to the clients on the next Administrator access D: propagated to clients the next time AccessAgent synchronizes with the IMS Server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=4

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

5

An SSL VPN can be used in conjunction with IBM Tivoli Access Manager for Enterprise

Single Sign-On to provide remote access to business critical information Which statement is true about the Mobile ActiveCode (MAC) when it is used with a VPN Solution for remote access? A: The MAC can only be delivered to a mobile phone and is good for a single use only B: The MAC can be delivered by mobile phone, e-mail, or fax, and it is good for one time authentication only C: The MAC can only be delivered to a mobile phone and it is good until the expiration time is reached, as set by an administrator D: The MAC can be delivered by mobile phone, email, or fax, and it is good until the expiration time is reached, as set by an administrator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=5

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

6

An application is upgraded and it has been determined that the AccessAgent no longer properly responds to the application It is understood that for a certain amount of time both the current version and the upgraded version of the application will be used by the end-users The executables for both versions are the same What should be the next step? A: Open

AccessStudio and change the existing AccessProfile to use only the new signatures for

Windows, control IDs, or HTML elements B: Open AccessStudio and create a new

AccessProfile for the upgraded version and overwrite the existing AccessProfile on the IMS

Server C: Open AccessStudio and edit the existing AccessProfile by using new triggers/actions associated with the new signatures for Windows, control IDs, or HTML elements D: Open AccessStudio and create a new AccessProfile for the upgraded version and upload it to the IMS Server so that two separate AccessProfiles may be used by the

AccessAgent

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=6

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

7

Which type of IBM Tivoli Access Manager for Enterprise Single Sign-On built-in application connector should be used to integrate with Novell eDirectory as a backend enterprise directory? A: Windows NT Connector B: Generic (LDAP) Connector C: Network

Information Service Connector D: Active Directory Service Interfaces Connector

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=7

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

8

What are two valid reasons for using IBM Tivoli Access Manager for Enterprise Single Sign-

On Graphical Identification and Authentication (GINA)? (Choose two) A: The customer needs to implement a shared desktop or private desktop environment B: The customer s

Active Directory passwords are synchronized with IBM Tivoli Access Manager for

Enterprise Single Sign-On C: The customer s PCs have a Novell GINA, and IBM Tivoli

Access Manager for Enterprise Single Sign-On does not support Novell GINA: D: The customer wants to use the IBM Tivoli Access Manager for Enterprise Single Sign-On Self-

Service Password Reset functionality from a locked machine E If the customer decides to use IBM Tivoli Access Manager for Enterprise Single Sign-On GINA, they will not be able to bypass IBM Tivoli Access Manager for Enterprise Single Sign-On and log in directly to

Windows in the event of an IBM Tivoli Access Manager for Enterprise Single Sign-On system failure

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=8

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

9

In the customer s environment, a group of five employees work within a room that has three

PCs The PCs have excellent hardware configurations, with considerable RAM and a fast

CPU The employees use these PCs only when they need to access an application, which is for a short duration of time For the rest of the time, they work with their tools on their desks

Which IBM Tivoli Access Manager for Enterprise Single Sign-On session management configuration should be used for these three PCs for optimum performance? A: Citrix workstation B: personal workstation C: shared workstation, private desktop D: shared workstation, shared desktop

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=9

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

10

Machine policy templates can be assigned based on certain attributes of a machine A customer organizes their machines based on the following requirements: The machines are all placed in specific Organizational Units in the Active Directory The customer has Citrix Servers, and they have a specific naming convention meant only for their Citrix Servers The customer has

DHCP enabled for all the client machines The customer has made it clear that they should not need to change anything in the existing infrastructure Given these requirements, which single assignment attribute would be chosen for assigning machine policy templates? A:

Hostnames B: IP Addresses C: Machine Group Tag D: Active Directory Groups

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=10

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

11

Which two APIs are published by IBM Tivoli Access Manager for Enterprise Single Sign-On

IMS Server? (Choose two) A: Data Mining API B: Provisioning API C: Cryptography

API D: API for Second Factors E SOAP API for Mobile ActiveCode

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=11

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

12

Which two situations necessitate integration of external systems with IBM Tivoli Access

Manager for Enterprise Single Sign-On using API published by IBM Tivoli Access Manager for Enterprise Single Sign-On IMS Server? (Choose two) A: to add second factor based authentication to a Web application B: to pre-populate user wallets with all their application credentials in one go C: to enhance out-of-the-box audit logging by creating custom audit log events D: to create reports from audit log trails collected by IBM Tivoli Access Manager for

Enterprise Single Sign-On E to configure automatic password change on expiry for an application so that the new password is a random string of specified strength

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=12

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

13

Which statement is true about the database and database-user used during installation of IMS

Server? A: A preexisting database user may be used but a new database has to be created

during installation B: A preexisting database may be used but a new database user has to be created during installation C: A preexisting database and user may be used or a new database and user are created during installation D: A preexisting database and user cannot be used; a new database and user are created during installation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=13

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

14

Which statement is true about a DB2 user that is to be used as the database user for IBM Tivoli

Access Manager for Enterprise Single Sign-On IMS Server? A: The database user must be created using DB2 Control Center B: The database user must be created using the DB2

Command Line Processor C: The database user may be created using DB2 Control Center or

DB2 Command Line Processor D: The database user must be created by IBM Tivoli Access

Manager for Enterprise Single Sign-On V801 IMS Installer

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=14

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

15

How can it be determined if the IMS Server (below Version 80) is configured for "Active

Directory (AD) deployment type 1" or "AD deployment type 2"? A: Check the serverxml on the IMS Server B: Check the database table IMSSyncDataType C: Check the System policies in the AccessAdmin D: Check the IMS Server settings of the IMS Configuration

Utility

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=15

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

16

When upgrading the AccessAgent and IMS Server from V36x or V800 to V801, which statement is true about the existing AccessAgent and IMS Server? A: The AccessAgent

DOES need to be uninstalled and the IMS Server software DOES need to be uninstalled B:

The AccessAgent DOES need to be uninstalled and the IMS Server software DOES NOT need to be uninstalled C: The AccessAgent DOES NOT need to be uninstalled and the IMS

Server software DOES need to be uninstalled D: The AccessAgent DOES NOT need to be uninstalled and the IMS Server software DOES NOT need to be uninstalled

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=16

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

17

Which important factor is taken into account when determining an estimate for the maximum network bandwidth to be used by a customer? A: the size of the hard drives for each PC connected to the client s network B: the average size of the wallet based on the number of profiles and accounts C: if any users will use IBM Tivoli Access Manager for Enterprise

Single Sign-On during non-work hours D: the number of users that will be connected using the wireless network, as opposed to a wired connection

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=17

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

18

By default what is the interval for synchronization of the wallet with the IMS Server? A: once a day B: once a week C: every minute D: every 30 minutes

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=18

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

19

The IBM Tivoli Access Manager for Enterprise Single Sign-On IMS is configured to cache user s wallets The SLA for network reliability between the IMS Server and the desktop machines is 95% The customer wants to use Graphical Identification and Authentication

(GINA) replacement, and has enabled Active Directory (AD) password synchronization The user has a cached wallet on their private desktop Which statement is true when the network is unavailable? A: The user would not be able to log in to the wallet B: The user is able to log in with their wallet password, but the wallet is not synchronized with the server C: A user must be re-assigned to another policy template in order to change any aspects of the applied policy D: The user experiences normal operation, but AccessAgent will be unable to store newly captured passwords

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=19

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

20

Which Web-based administration tools are available in IBM Tivoli Access Manager for

Enterprise Single Sign- On? A: AccessAdmin, AccessAssistant, and IMS Configuration

Utility B: AccessStudio, AccessAdmin, AccessAssistant, and IMS Configuration Utility C:

AccessManager Console, AccessAdmin, AccessAssistant, and IMS Configuration Utility

9 D: AccessEnabler,AccessStudio, AccessAdmin, AccessAssistant, and IMS Configuration

Utility

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=20

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

21

Which three database versions are supported by IBM Tivoli Access Manager for Enterprise

Single Sign-On? (Choose three) A: IBM DB2 81 B: IBM DB2 91 C: IBM DB2 95 D:

Oracle 9i/10g E Microsoft SQL server 2005 F Microsoft SQL server 2007

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=21

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

22

An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single

Sign-On solution to help address security and productivity issues Which two actions would be done by the implementer to successfully develop a single sign-on plan for the organization? (Choose two) A: Capture application server information for Web applications

B: Capture single sign-on application list and their corresponding logon and logoff process C:

Use the IBM Tivoli Access Manager for Enterprise Single Sign-On automatic profiling wizard

D: Capture all the UNIX-based server information (OS/version) for enabling single sign-on for command-line applications such as telnet and ftp E Capture password management policy requirements, application session management information, and internationalization requirements

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=22

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

23

Which two enterprise user registries are supported by IBM Tivoli Access Manager for

Enterprise Single Sign- On version 801? (Choose two) A: IBM DB2 B: Oracle Database

C: Microsoft SQL Server D: Windows Active Directory E IBM Tivoli Directory Server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=23

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

24

Which two things would the administrator have to do to set up a machine to automatically log in to the wallet when the user logs in to Windows on a machine which does not have the IBM

Tivoli Access Manager for Enterprise Single Sign-On V801 Graphical Interface and

Authentication (GINA)? (Choose two) A: Auto-Admin logon must be configured B:

Encentuate Network Provider must be configured C: The system must be configured to cache the wallets D: Active Directory password synchronization must be configured E Support for at least one second factor authenticator must be configured

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=24

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

25

A customer has requested a design for a high availability system that uses Microsoft Windows

2003 Enterprise Edition s Network Load Balancer (NLB) Which statement is true about the limitations of such a setup? A: For the NLB to work with the IMS Servers, the IMS cannot run on any ports other than 80 for HTTP and 443 for SSL B: To work with NLB, the two

IMS Servers need to be installed with unique Fully Qualified Domain Names (FQDN) and cannot share the same FQDNs 11 C: If the IMS Service hangs or crashes on one of the server machines, failover of incoming requests to other hosts will not be automatically activated by Microsoft NLB: D: The IMS Server does not work with the standard Microsoft NLB that is packaged with the Windows 2003 Enterprise Edition

OS It requires additional components to be installed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=25

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

26

Changes have been made on one of the IMS Servers configured to be highly available Which change requires replication of the changes to the other IMS Servers in the high availability configuration? A: a new AccessProfile that is added to the IMS Server B: one of the policies in the default user policy template that is changed C: server settings on the IMS

Server Configuration Utility that are changed D: one of the policies in the default Machine

Policy Templatethat is changed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=26

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

27

At a customer site, two IMS Servers have been configured in a highly available/load balanced setup The backend enterprise directory at this site is Microsoft Active Directory (AD), and the IMS Server has password synchronization enabled with the AD: There are two domain controllers at the site, and each of the IMS connects to one of the two domain controllers In this setup, a user changes his IBM Tivoli Access Manager for Enterprise Single Sign-On password on his local machine, and immediately moves to another machine to resume his work However the customer is unable to log in to that machine What is the most possible reason why the customer is not able to log in to IBM Tivoli Access Manager for Enterprise

Single Sign-On on the second machine? A: The cached wallet on the failing machine contains the new AD password B: All four machines, the two clients, and two IMS Server machines point to the same domain controller C: The first machine and the IMS the machine connects to point to different domain controllers The second machine and the IMS it connects to also point to the two different domain controllers D: The first machine and the IMS the machine connects to both point to the same domain controller, whereas the second machine and the second IMS that machine connects to both point to a different domain controller

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=27

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

28

If the policy to change IBM Tivoli Access Manager for Enterprise Single Sign-On password on first login for provisioned user is not set, the user may not be prompted to change the password on first logon Which administrator task would be done to mitigate risks? A: Log off and log on to AccessAgent again B: Cancel the change IBM Tivoli Access Manager for

Enterprise Single Sign-On password screen and try again C: Force provisioned users to change their IBM Tivoli Access Manager for Enterprise Single Sign-On passwords on first logon D: Export or show the password successfully if the user logs on using both the IBM

Tivoli Access Manager for Enterprise Single Sign-On password and fingerprint

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=28

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

29

Which system resource would be most critical in determining the number of concurrent sessions on a PC defined as a shared workstation with a private desktop through the IBM

Tivoli Access Manager for Enterprise Single Sign-On machine policy templates? A: the

CPU speed of the machine B: the total hard disk space of the machine C: the speed of the

Network Interface Card (NIC) D: the total Random Access Memory (RAM) of the machine

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=29

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

30

A customer has decided against using the IBM Tivoli Access Manager for Enterprise Single

Sign-On Graphical Identification and Authentication (GINA) for their deployment The backend enterprise directory is Active Directory (AD), and the AD password is synchronized with the IBM Tivoli Access Manager for Enterprise Single Sign-On password The customer has decided to only deploy Personal Workstations across the entire organization According to their requirements, each user would log in their own domain account on their Windows XP workstations, and expect to automatically be logged in to their IBM Tivoli Access Manager for

Enterprise Single Sign-On wallets Which component of IBM Tivoli Access Manager for

Enterprise Single Sign- On is responsible for this automatic logon to their wallets once they log on to their domain accounts? 13 A: Observer B:

DataProvider C: Network Provider D: SOCIAccess Windows Service

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=30

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

31

Which statement applies to IBM Tivoli Access Manager for Enterprise Single Sign-On Mobile

ActiveCode? A: There is no support for Web applications B: There is no centralized management of users C: It is not used for strong authentication purposes D: It improves access security through single-use passwords

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=31

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

32

Which two options can be configured as the bypass option in one-time password token deployment? (Choose two) A: Token B: Secret C: Username D: Authorization code

E Personal Identification Number

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=32

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

33

A Windows application, MyApp, needs F5 function key to be pressed to initiate the logon process after launching the application A customer wants to automate the entire logon process Which options will help in creating MyApp single sign-on profile using

AccessProfile Generator? A: None, as automating tasks such a sending an F5 key can be done only using Advance Profiling option of AccessStudio B: Use "Other" application template type in the AccessProfile Generator and then use Access Studio Wizard s "Other

Tasks"option to automate the logon process initiation by sending an F5 function key press event C: Use "Windows" application template type in the Access Studio Wizard and then use

Access Studio Wizard s "Other Tasks"option to automate the logon process initiation by sending an F5 function key press event D: Use "Windows" application template type in the

AccessProfile Generator and then use "Logon" task to generate a Logon profile for MyApp first Then use a separate plug-in or script to automate the F5 function key event

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=33

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

34

A customer wants IBM Tivoli Access Manager for Enterprise Single Sign-On to handle log on and Change Password scenarios for a Windows application called MyApp MyApp pops up a separate, simple dialog box for both log in and change passwords How would the user configure the IBM Tivoli Access Manager for Enterprise Single Sign-On application using

AccessProfile Generator? A: Develop an application profile for MyApp which includes log on and change password tasks with in the same profile B: Develop the log in AccessProfile using AccessProfile Generator and develop a script-based solution to capture the changed password and update the same in the user s wallet C: Develop two separate profiles with different authentication service - one for capturing the logon process and the other for capturing the Change Password process since Change Password is a separate dialog box D:

Develop two separate profiles with the same authentication service - one for capturing the logon process and the other for capturing the Change Password process since Change

Password is a separate dialog box

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=34

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

35

When trying to create an AccessProfile for login to a Windows application through the

AccessProfile Generator, it is noticed that dragging the crosshair over user name and password controls only identifies the containing window How would the AccessProfile for this application be generated? A: Restart the AccessProfile Generator and use TTY application as the Application type B: Restart the AccessProfile Generator and use Other

Applications as the Application type C: Continue creating the AccessProfile by identifying the containing window as the username and password controls Use the Edit signature functionality to fix the signature D: Continue creating the AccessProfile by identifying the containing window as the username and password controls Edit the XML in a text-editor and add /child::wnd to the generated username and password signatures

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=35

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

36

When would the extra-field in a logon window be specified while creating an AccessProfile using the AccessProfile Generator? A: to store another case-sensitive secret information for a credential B: to store another case-insensitive secret information for a credential C: to store another case-sensitive key-field information for a credential D: to store another caseinsensitive key-field information for a credential

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=36

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

37

Profiles, prof_notepad1 and prof_notepad2, are loaded together and both contain the site signature /child::exe[@exe_name="notepadexe"] When notepadexe is launched, which

AccessProfile will get loaded for it? A: None In case of a conflict, no profile is loaded and an error is logged in the General tab of AccessStudio logs B: Both prof_notepad1 and prof_notepad2 will be loaded and the state-machines specified inside the profiles will execute simultaneously C: prof_notepad1 will be loaded as its ID comes first when sorted alphabeticallyA warning will be logged in the General tab of AccessStudio realtime logs D: prof_notepad2 will be loaded as its ID comes later when sorted alphabeticallyA warning will be logged in the General tab of AccessStudio realtime logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=37

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

38

Which data does an account data bag contain? A: the authentication service ID, the account data template ID, the application ID, and the AccessProfile ID B: the application ID, the account data template ID, and pairs of account data item template ID and its corresponding value C: the AccessProfile ID, the account data template ID, and pairs of account data item template ID and its corresponding value D: the authentication service ID, the account data template ID, and pairs of account data item template ID and its corresponding value

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=38

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

39

In which scope is an AccessProfile loaded in a Web browser? A: per form element in the

Web page, so a Web page with two forms will load two AccessProfiles B: per containing document, which means that a Web page with two frames will load one AccessProfile C: per

Internet Explorer process, which means that one AccessProfile will be loaded for one instance of Internet Explorer D: per document, which means that a Web page with two frames will load three AccessProfiles, two for the frame documents and one for the containing document

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=39

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

40

What are two ways that VBScript/JScript is used in an AccessProfile? (Choose two) A: as a state B: as a trigger C: as an action D: as a signature E as a condition to a trigger firing

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=40

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

41

What is the order of state change, trigger firing, and action execution for a given event in

AccessProfile loaded in an application? A: The last trigger that can fire in the set of defined triggers in a state fires The actions in that trigger are executed and then the state transitions from the current state to the next state specified by the trigger B: The first trigger that can fire in the set of defined triggers in a state fires The actions in that trigger are executed and then the state transitions from the current state to the next state specified by the trigger C: The last trigger that can fire in the set of defined triggers in a state fires The state transitions from the

current state to the next-state specified by the trigger and then all the actions in that trigger are executed 18 D: The first trigger that can fire in the set of defined triggers in a state fires The state transitions from the current state to the next-state specified by the trigger and then all the actions in that trigger are executed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=41

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

42

Which two second factor authenticators are supported for Web Workplace? (Choose two) A:

Fingerprint B: USB Smartcard C: Mobile ActiveCode D: Authorization Code E Active

Radio Frequency Identification (RFID)

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=42

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

43

Which tool enables an administrator to create Web AccessProfiles for use with Web

Workplace? A: AccessAdmin B: AccessAgent C: AccessStudio D: Web Workplace

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=43

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

44

What are two tasks performed by the IMS Installer running on a host machine? (Choose two)

A: installs the IMS application onto the same machine B: installs DB2 onto the same machine and installs the IMS database schemas into it C: installs a self-contained LDAP server onto host machine and stores IMS configuration settings into it D: installs the IMS database schemas into a database instance running on the same or some other host machines

19 E deploys the IMS application onto multiple machines on the network and sets up load balancing across the machines

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=44

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

45

Which two tasks are supported by the AccessAdmin Setup Assistant? (Choose two) A: set the automatic sign up and self-service system policies B: enable password sync feature for deployment using Active Directory C: set up a set of machine policy templates for different machine groups D: set up an initial set of AccessProfiles to be distributed to all the

AccessAgents E set up a set of user policy templates to apply on new users from different user groups

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=45

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

46

What is required to install the AccessAgent in a Windows Vista environment without security problem? A: add the user in the Administrators group B: disable CTRL-ALT-DELin Active

Directory C: configure the Interactive logon so it requires CTRL+ALT+DEL D: configure the Interactive logon so it does not require CTRL+ALT+DEL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=46

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

47

Which parameter should be set in the setuphelpini file to set the IMS Server location during a typicalinstallation of AccessAgent? A: ImsLocation B: ImsSetupKey C: ImsServerName

D: ServerImsLocation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=47

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

48

What is a requirement for installing IBM Tivoli Access Manager for Enterprise Single Sign-On

AccessStudio? A: Microsoft NET Framework 20 B: SQL Server Management Studio C: a minimum of one Java Runtime Environment D: IBM Tivoli Access Manager for Enterprise

Single Sign-On IMS Server software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=48

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

49

What is a requirement for installing the IBM Tivoli Access Manager for Enterprise Single

Sign-On AccessStudio? A: 1 Gigabyte of RAM B: connection to the IMS Server C:

Microsoft NET Framework 20 D: IBM Tivoli Access Manager for Enterprise Single Sign-On

AccessAssistant

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=49

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

50

Why are the SOAP APIs for Server authentication and provisioning service required? A: to allow for wallet authentication B: to allow for provisioning of access controls C: to allow for provisioning service of the administrative accounts D: to allow for an identity provisioning system to provision user wallets and wallet credentials

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=50

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

51

How does the IMS bridge communicate with the IMS Server? A: without SSL B: two-way

SSL C: one-way SSL D: one-way and two-way SSL

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=51

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

52

Which minimum user role can access the Audit Reports? A: User role B: Help Desk role

C: Administrator role D: Active Directory Administrator role

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=52

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

53

Which policy must be modified to get the custom events tracked in the audit logs? A: LDAP policy B: System policy C: Machine policy D: Active Directory policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=53

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

54

Which statement is true about IMS Server housekeeping? A: Daily,weekly,and monthly housekeeping can be configured B: All database housekeeping tasks are only applicable to

Microsoft SQL Server C: IMS Server housekeeping option cleanupRdblogs always creates a full backup of log files D: Housekeeping can be configured through AccessAdmin ->

Advanced Settings -> IMS -> IMS Server -> housekeeping

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=54

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

55

Which two tasks must be performed before pushing an AccessAgent msi package through a software distribution tool? (Choose two) A: ensure the Enterprise Directory is correctly specified in the msi file B: ensure the Enterprise Directory is correctly specified in the

SetupHlpini file C: ensure the location of Reg and Config folders is correctly specified in the msi file D: ensure the IMS Server IP address and Graphical Identification and Authentication

(GINA) replacement option are correctly specified in the SetupHlpini file E ensure the IMS

Server name and GINA replacement option are correctly specified in the SetupHlpini file

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=55

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

56

Which three post-IMS installation tasks can be performed through the IMS Configuration Tool and not through the AccessAdmin? (Choose three) A: configuring Housekeeping tasks B: configuring Enterprise Directories C: configuring authentication service and application policies D: configuring Windows Session Management so that workstation behavior(s) is(are) as expected by the customer 23 E specifying initial administrators (before they have even used IBM Tivoli Access Manager for Enterprise

Single Sign-On) F promoting an existing account from IBM Tivoli Access Manager for

Enterprise Single Sign-On role User to IBM Tivoli Access Manager for Enterprise Single

Sign-On role Administrator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=56

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

57

Which three things should be checked to ensure that automation has been properly configured for an application? (Choose three) A: All users have valid working accounts for the application B: Log-off-from-application automation is configured in the AccessProfile as required C: Log on and Change Password workflows are automated through the

AccessProfile as required D: Random password injection and strength policies are configured on IMS AccessAdmin as required E Random username injection and strength policies are configured on IMS AccessAdmin as required F At least two separate AccessProfiles have been created for each application, if it is to be run on a personal workstation as well as on a shared workstation

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=57

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

58

A customer wants to install AccessAgent without introducing the IBM Tivoli Access Manager for Enterprise Single Sign-On Graphical Identification and Authentication (GINA) Which two conditions must be met for the Graphical Identification and Authentication-less

(GINAless) IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent installation to work? (Choose two) A: Active Directory password sync must be enabled B:

Machines with GINAless agent installations must be configured as shared kiosks C: Second factor authentication must be used for machines with GINAless agent installations D:

Machines with GINAless agent installations must be configured as single user workstations E

Second factor authentication to IBM Tivoli Access Manager for Enterprise Single Sign-On

V801 from GINA is not required

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=58

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

59

Where is configuration for the IMS Server Maximum database Connection pool size done?

A: AccessAdmin B: IMS Configuration Utility C: configuring the database D: changing the machine policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=59

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

60

Which two tools are used to configure Helpdesk or Administrator roles in IBM Tivoli Access

Manager for Enterprise Single Sign-On V801? (Choose two) A: AccessAgent B:

AccessAdmin C: Active Directory D: Web workplace E IMS Configuration Utility

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=60

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

61

In order for the one-time password (OTP) token to appear in the list of unassigned tokens in

AccessAdmin, what must be done? A: The OTP token must be used in any action B: The

OTP token must be used during a user sign up C: The OTP data file must be uploaded to the

IMS Server D: The OTP data file must be put directly into the database

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=61

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

62

What is the Open AuTHentication (OATH) look-ahead number used for? A: to determine the next OATH one-time password (OTP) token to initialize B: to specify the next number to appear on the OATH OTP token for the user C: to specify the number of consecutive button presses that a user can make before the OTP token must be reset D: to determine the number of consecutive button presses that a user must make on the OTP token in order to receive the valid OTP

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=62

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

63

What is the IBM Tivoli Access Manager for Enterprise Single Sign-On Mobile ActiveCode?

A: a one-time password (OTP) for strong authentication that is randomly generated (eventbased) on the IMS Server and delivered to users through a channel such as e-mail or SMS text on mobile phones B: a static password for strong authentication that is created and remembered by the user and is used for authentication by mobile users when they are not connected to their office networks C: an OTP for strong authentication that is randomly generated (event-based) on the IMS Server and can only be delivered through the secure channel of SMS on mobile phones D: an OTP for strong authentication that is generated

(time-based) on a token carried by the user and employed for authentication by mobile users

when they are not connected to their office networks

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=63

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

64

What are two essential tasks for setting up IBM Tivoli Access Manager for Enterprise Single

Sign-On Mobile ActiveCode (MAC) on the IMS Server? (Choose two) A: Enable MAC for all users B: Enable MAC for the target application C: Configure Remote Authentication

Dial In User Service settings D: Configure a message connector to enable the channel for receiving MACs at the IMS Server E Configure a message connector to enable the channel for sending MACs from the IMS Server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=64

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

65

A Helpdesk person has generated the offline authorization code as a user has forgotten his password Which component of IBM Tivoli Access Manager for Enterprise Single Sign-On is used to validate the offline authorization code? A: IMS Server B: AccessAgent C:

AccessAdmin D: IMS Connector

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=65

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

66

Which tool is used to revoke a second factor of authentication registered to a user? A:

AccessAgent B: AccessAdmin C: AccessAssistant D: AccessProfile Generator

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=66

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

67

What is the purpose of the offline authorization code? A: Register a new second factor authenticator B: Allow the user to reset their password while offline C: Display and save application credentials to a file for offline access D: Log on to a user s wallet until they can

connect to IMS to reset their password

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=67

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

68

When does an offline authorization code expire? A: 1 hour after issuance B: 5 minutes after issuance C: at the configured expiration time D: after the user uses the authorization code to unlock their wallet

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=68

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

69

A customer wants to allow only a subset of users to use AccessAssistant How can the IMS

Admin achieve this? A: visit the IMS Configurator and edit the List of Enabled

AccessAssistant/Web Workplace Users setting B: visit the admin page of AccessAssistant and edit the List of Enabled AccessAssistant/Web Workplace Users setting C: visit the IMS

Configurator and set the Allow access to wallet from AccessAssistant and Web Workplace policy for each user D: visit selected users profile on AccessAdmin and set the appropriate setting for Allow access to wallet from AccessAssistant and Web Workplace policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=69

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

70

What are two valid second factors for logon to AccessAssistant or Web Workplace? (Choose two) A: Smart card B: Mobile ActiveCode C: Fingerprint biometrics D: Proximity

Radio Frequency Identification card E Open AuTHentication-based one-time password

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=70

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

71

What are three types of logs available in the IMS Server? A: System, terminal, and user logs

B: network, applications, and user logs C: application, access, and system logs D:

user,system, and administrator logs

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=71

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

72

How can IBM Tivoli Access Manager for Enterprise Single Sign-On V801 tamper-evident audit logs be verified? A: manually examine the logs for errors B: check from IBM Tivoli

Access Manager for Enterprise Single Sign-On V801 IMS Server Configuration Utility C: check with tool available from IBM Tivoli Access Manager for Enterprise Single Sign-On

V801 AccessAdmin D: run a batch file that comes bundled with IBM Tivoli Access

Manager for Enterprise Single Sign-On IMS Server

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=72

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

73

Which statement is true about the installation of IBM Tivoli Access Manager for Enterprise

Single Sign-On Provisioning Agent? A: It must be installed on the same machine as Active

Directory Application Mode (ADAM) C: It must be installed on the same machine as ADAM and also configured to communicate directly with ActiveDirectory D: It can be installed on the same machine as ADAM but may also be configured to communicate directly with

ActiveDirectory 29

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=73

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

74

Which statement is true about the function of the IBM Tivoli Access Manager for Enterprise

Single Sign-On Provisioning Agent? A: When a user is provisioned in Active Directory

(AD), a corresponding IBM Tivoli Access Manager for Enterprise Single Sign-On user account is created immediately B: When a user is deprovisioned in AD, a corresponding IBM

Tivoli Access Manager for Enterprise Single Sign- On user account is deprovisioned immediately C: When a user is provisioned in AD, a corresponding IBM Tivoli Access

Manager for Enterprise Single Sign- On user account is created, but there may be a slight time lag depending on the agents polling interval D: When a user is deprovisioned in AD, a corresponding IBM Tivoli Access Manager for Enterprise Single Sign- On user account is deprovisioned, but there may be a slight time lag depending on the agents polling interval

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=74

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

75

What is used to manage priority for IBM Tivoli Access Manager for Enterprise Single Sign-On

V801 policies? A: Web Workplace B: AccessAssistant C: Active Directory Policies D: managepolicyprioritybatcommand-line tool

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=75

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

76

Which policy can be modified by the user in Help Desk role? A: User B: Syslog C:

System D: Machine

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=76

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

77

Where are the user credentials stored during single sign-on before being transferred to the wallet? A: injection bag B: account data bag C: injection bag template D: account data template

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=77

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

78

In signatures for what type of applications are the attributes "ctrl_id and control_name" normally used? A: Java applications B: Web applications C: Windows applications D:

Mainframe applications

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=78

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

79

A customer has deployed IBM Tivoli Identity Manager, and has configured it to provision employees according to their operational roles The customer now needs to configure IBM

Tivoli Access Manager for Enterprise Single Sign-On User roles In which two locations must the customer perform all IBM Tivoli Access Manager for Enterprise Single Sign-On User

Role management operations? (Choose two) A: IBM Tivoli Identity Manager Web

Administration GUI B: IBM Tivoli Directory Integrator AssemblyLine for the RMI

Dispatcher service C: IBM Tivoli Access Manager for Enterprise Single Sign-On

AccessAdmin interface D: IBM Tivoli Access Manager for Enterprise Single Sign-On IMS

Configuration Utility E IBM Tivoli Identity Manager workflow extensions provided by IBM

Tivoli Access Manager for Enterprise Single Sign-On V801

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=79

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

80

Within large IBM Tivoli Access Manager for Enterprise Single Sign-On deployments, it may be necessary to automatically assign users to roles A customer wants to use a role assignment attribute for one automatic role mapping to the Help Desk role This attribute is multi-valued within the directoryWhen a user registers and has values contained within the attribute, what will occur? A: The assignment will fail and the user is granted the Default User role B:

Multi-valued attributes cannot be used to perform role mapping functions C: All values returned in the list of values will be used to determine role membership D: The first value returned in the list of values will be used to determine role membership

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=80

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

81

Which repository cannot be used to store IMS Server Audit Logs? A: Syslog Daemon B:

MySQL database C: IBM DB2 database D: Microsoft SQL Express Edition

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=81

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

82

For a Microsoft SQL Server 2005, what is the collation that the IMS requires for the database?

A: Estonian_CI_AS B: Latin1_General_CI_AS C: SQL_Latin1_General_CP1_CI_AS D:

SQL_Latin1_General_CP1_CS_AS

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=82

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

83

When configuring the Active Directory Services Interface (ADSI) connector for Microsoft

Active Directory (AD), the lookup user name and password cannot be verified although they are correct The lookup user does not have domain administrator privileges What are two valid reasons for this issue? (Choose two) A: The ADSI connector is not meant for use with

AD: B: The lookup user s Distinguished Name is not correct C: The LDAP lookup time is too short resulting in a timeout D: The lookup user requires domain administrator privileges

E The lookup user can only be verified after the configuration has been applied and the IMS service has been restarted

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=83

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

84

What is the maximum number of Enterprise Directories that can be used for IBM Tivoli Access

Manager for Enterprise Single Sign-On user validation? A: 1 B: 2 C: 10 D: unlimited

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=84

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

85

What are two valid and generic mechanisms of optimizing the IBM Tivoli Access Manager for

Enterprise Single Sign-On IMS to search an LDAP directory for users? (Choose two) A: limiting the number of records returned by the LDAP user search B: shortening the LDAP user search timeouts to less than 5 seconds C: specifying wherever possible the search scope as "one_level" instead of "sub_tree" for the LDAP connector D: individually specifying the precise LDAP user tree Distinguished Names to be searched on the LDAP while validating users E installing the IBM Tivoli Access Manager for Enterprise Single Sign-On IMS Server on the domain controller

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=85

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

86

What is the maximum number of Active Directory domains supported by the IBM Tivoli

Access Manager for Enterprise Single Sign-On Active Directory Services Interface

Connector? A: one B: two C: five D: unlimited

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=86

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

87

An SSL VPN can be used in conjunction with IBM Tivoli Access Manager for Enterprise

Single Sign-On to provide remote access to business critical information What must be done to enable an SSL VPN to integrate with IBM Tivoli Access Manager for Enterprise Single

Sign-On? A: The SSL VPN must be configured to authenticate with the IMS Server B: The

IMS-Kerberos Key Distribution Center must be configured on the IMS Server C: The authentication endpoint (https://<imsserver>/ims/auth/vpn) must be enabled on the IMS Server

D: One-time password generators must be deployed to remote employees who require remote access

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=87

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

88

A customer has defined a number of user policy templates within AccessAdmin These policy templates must now be associated with IBM Tivoli Access Manager for Enterprise Single

Sign-On users What is the first step in creating this association? A: use AccessAdmin and assign the created templates to the attribute value specified in the directory B: use

AccessAdmin and assign the created templates to the native groups as specified in the directory

C: set the directory attribute name as the encentuateimsuitemplateAsgAttribute configuration item within the IMS configuration file 35 D: add the

IBM Tivoli Access Manager for Enterprise Single Sign-On directory users into appropriate

IBM Tivoli Access Manager for Enterprise Single Sign-On groups, as defined within the created user policy templates

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=88

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

89

A customer has defined the Advanced Settings -> AccessAdmin -> User Interface -> Policy assignment attribute within the IMS Configuration UtilityWhich statement is true about this attribute? A: There is no such option within the IMS Configuration Utility B: It provides the attribute within the directory schema that is used to assign users to user policy templates

C: It provides the translated language text for User Policy TemplateAssignment within the

AccessAdmin User Interface D: The group attribute must be specified within the directory scheme (eg groupOfUniqueNames) for User Policy TemplateAssignment

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=89

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

90

A customer has configured their IBM Tivoli Access Manager for Enterprise Single Sign-On

User Policy Attribute Assignment to reference the distinguished name (for either Active

Directory or LDAP) of the user in the Enterprise Directory The customer assigns o=ibm,c=us to the "IBM Employees" User Policy Template There are no Policy Template Assignments, other than the default template A user then performs an AccessAgent Sign Up operation The

Distinguished Name of the user performing the sign up is cn=sam, ou=users, o=ibm, c=us

What will be the result? A: The user will get the Default User Policy Templateassigned B:

The user will be registered with the IBM Employees User Policy Template C: The user will not be registered since no User Policy TemplateAssignment matches their distinguished name

D: The user will get a policy template assigned according to the union of the policies of both the default policy template and the IBM Employees policy template

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=90

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

91

A customer has a requirement that groups of users be given a predefined set of IBM Tivoli

Access Manager for Enterprise Single Sign-On V801 policies In order to achieve this, what should the customer need to do? A: Implement Group Membership Policies, and use the provisioning solution to drive these group memberships B: Implement User Policy

Templatesfor each unique set of policies, and apply these to users according to personal directory attributes C: Implement Role Assignments for each unique set of capabilities for the user, and apply these to users through their own personal directory attributes D: Implement native Group Membership Policies for each unique set of capabilities for the user, and apply these to users through their own directory attributes

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=91

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

92

Which wallet authentication options are supported in a private desktop environment? A: password only B: password and Fingerprint only C: USB Key, Fingerprint, password, digital certificates D: Password, password+RFID, password+ARFID, Fingerprint

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=92

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

93

A customer wants to allow users to lock/unlock their desktops without a password What are the supported second factors that allow this? A: Only RFID B: USB SmartCard C: Mobile

ActiveCode D: RFID or Fingerprint

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=93

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

94

If a machine policy template is modified after it has already been assigned to one or more machines, what must the administrator do? A: Reassign the modified template to the existing machines B: Reboot the end-users computers to force a synchronization of the updated machine policy C: Nothing, the machine policy will be synchronized during the scheduled synchronization interval D: Force a re-login to the end-users machines to force a synchronization of the updated machine policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=94

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

95

Which tool is used to create machine policy templates? A: PolicyAdmin B: AccessAdmin

C: TemplateAdmin D: IMS Configuration Utility

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=95

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

96

Which three criteria can be used to assign a machine policy template to a machine? (Choose three) A: IP Address B: Machine Tag C: Active Directory groups D: Windows

Operating System Version E Media Access Control Address F the second factor authenticator types attached to the machine

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=96

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

97

What are the three policy scopes defined in IBM Tivoli Access Manager for Enterprise Single

Sign-On? (Choose three) A: User B: Local C: Global D: System E Machine F

Application

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=97

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

98

Which actions are taken to set up roaming sessions with Radio Frequency Identification for a thin client? A: enable COM port mapping in Administrative Tools -> TerminalServices

Configuration on the IMS Server B: set the Citrix/TerminalServices server to use Microsoft

Graphical Identification and Authentication (GINA) as the GINA C: install AccessAgent on the client machine and set the client machine to auto-login with a set of default credentials for the machine D: set a shared desktop to launch automatically as an application through

Citrix/TerminalServer and Setup AccessAgent on the server to automatically launch a

Citrix/RDP session from the shared desktop

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=98

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

99

Which second-factor authentication device is supported by IBM Tivoli Access Manager for

Enterprise Single Sign-On on a thin client? A: Omnikey CardMan 3121 smart-card B:

DigitalPersonaUareU fingerprint reader C: RF Ideas pcProx 232 serial port Radio Frequency

Identification reader D: IBM Tivoli Access Manager for Enterprise Single Sign-On does not support second-factor authentication devices on the thin client

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=99

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

100

Does AccessAgent need to be installed on every Windows Terminalor Citrix Server that are serving applications for which single sign-on is enabled, if used in the integrated remote access deployment? A: No B: Yes C: Only on the first IMS Server D: Only on the

Active Directory Servers

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=100

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

101

With the IBM Tivoli Access Manager for Enterprise Single Sign-On Remote Access

Integration, where must the client software installed? A: on each client B: only on a shared folder C: on the TerminalServer D: no need to install client software

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=101

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

102

When upgrading an application, why is it important to test the new version with IBM Tivoli

Access Manager for Enterprise Single Sign-On AccessAgent? A: to make sure that the

AccessAgent can still synchronize B: to make sure that the IMS Server can still read the

AccessProfile C: to make sure that there are not any network performance issues during synchronization D: to make sure that the application fields or windows have not changed, breaking the AccessProfile

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=102

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

103

A customer wants to ensure high availability of the IBM Tivoli Access Manager for Enterprise

Single Sign-On IMS Server is deployed This requires that AccessAgents are able to communicate with an IMS Server at all times Which statement is true about the configuration of the IMS Server hostname at the AccessAgent for IMS high availability configuration? A:

The tomcat clustered IP address assigned during deployment of the high availability application server is used as the IMS Server location B: A virtual hostname of a load balancer interface,

such as Microsoft Network Load Balancer, is configured at the AccessAgent for the location of the IMS Server C: Multiple virtual hostnames, which rely on DNS round robin to manage the load balancing of servers, are configured at the AccessAgent for the location of the IMS

Server location D: There must only exist a single active IMS Server location within an IBM

Tivoli Access Manager for Enterprise Single Sign-On deployment, otherwise conflicts will occur that cannot be resolved

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=103

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

104

Which option is a valid approach for improving the performance of the IBM Tivoli Access

Manager for Enterprise Single Sign-On IMS Server? A: increasing the number of concurrent users above 900 B: optimizing memory for the IMS Server by setting the JVM memory size C: decreasing the maximum number of Remote Authentication Dial In User

Service packets D: decreasing the database pool size but enabling asynchronous database updates in the database pool configuration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=104

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

105

In order to have backup and restore of database faster, the administrator has configured two separate databases, one for the IMS operation and another for storing the Audit logs Which action helps an administrator to correctly point to the respective database? A: Reinstall of the IMS Server B: Modify entries in the startup file C: Configure the external attributes in the datasource D: Modify datasource entries in the IMS Server Configuration

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=105

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

106

Where can an administrator review the audit logs on one or more selected activities? A:

AccessAgent B: AccessAdmin C: Web Workplace D: Access Assistant

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=106

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

107

If the machine that IMS is running on is renamed and moved to a different DNS domain, which statement is true for the server move to be successful? A: The IMS Server certificate must be recreated B: The new domain must be a sub domain of the original domain C: The

Database must be updated with the hostname of the new IMS D: The Database must be moved so it exists in the same DNS domain

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=107

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

108

If the machine that IMS is running on is renamed and moved to a different DNS domain, which certificate is required to be updated? A: IMS Client Certificate B: IMS Server Certificate

C: IMS Application Certificate D: Device Property Certificate

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=108

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

109

Which method should be used for transferring an IMS database from one database instance/server to another? A: Use the "Import/Export Database" facility in the IMS

Configurator B: Back up the IMS application folder on any IMS host and restore it on the target host C: Recommended methods (eg backup/restore) for each respective database vendor should be used D: Back up the database application folder on the original database host and restore it on the target database host

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=109

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

110

A customer wants to move the IMS database to a different machine Which method is used to transfer the database from one machine to another? A: Use the "Import/Export Database" facility in the IMS Configurator B: Recommended methods (eg backup/restore) for each respective database vendor should be used C: Back up the database application folder on the original database host and restore it on the target database host D: Reinstall IMS and point to the new database location and then use the Transfer Database facility from AccessAdmin

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=110

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

111

Which valid setting can be tweaked to better the performance of the IBM Tivoli Access

Manager for Enterprise Single Sign-On AccessAgent? A: the number of previous Log files to store on the local hard disk B: not using IBM Tivoli Access Manager for Enterprise Single

Sign-On Graphical Identification and Authentication C: the IBM Tivoli Access Manager for Enterprise Single Sign-On AccessAgent Log Level in the local Windows registry D: changing the default installation directory of the IBM Tivoli Access Manager for Enterprise

Single Sign-On AccessAgent

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=111

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

112

Which valid setting can be tweaked to better the performance of the IBM Tivoli Access

Manager for Enterprise Single Sign-On IMS Server? A: the hard disk space allocated to the

IMS Server B: the minimum heap size of the Java Virtual Machine C: the maximum heap size of the Java Virtual Machine 44 D: changing the default HTTP port of the IMS Server from 80 to another value

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=112

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

113

In order to optimize the performance of AccessAgents at a customer site that is using fingerprint readers, which values should be limited and why? A: network connection timeout; because fingerprint data tends to be of large size, and often results in timeouts during exchange with the IMS Server B: inactivity time for wallet cache; because fingerprints often change over time and it makes sense to delete older inactive wallets since they will never be matched against by any users C: maximum number of cache wallets on a machine; because when a user taps her finger on the reader, AccessAgent compares the fingerprint against all the local cached fingerprints of all users and selects the matching one D: maximum number of fingerprints registered per person; because when a user taps her finger on the reader,

AccessAgent compares the fingerprint against only the cached fingerprints of that user and selects the matching one

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=113

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

114

An administrator has successfully installed the IMS Server on the machine along with

AccessAgents in the network, but when trying to open the AccessAdmin page, the page is not displayed to the administrator Which action needs to be performed to understand the problem and to define the solution? A: debug the database logs B: debug the AccessAgent Logs C: debug the stdout and stderr logs on the IMS Server D: verify if the permission is set correctly with certificates with Active Directory Application Mode Service

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=114

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

115

What can be used to find the specific error code information? A: IMS Configuration utility

B: IMS Server installation log C: https://imsserver/AccessAssistant/ D: https://imsserver/ims/ui/diagnostics

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=115

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

116

The client machine has a personal firewall or anti-spyware blocking traffic from AccessAgent

Which executable must be unblocked to allow AccessAgent access to the IMS Server? A: runexe B: syncexe C: obsserviceexe D: dataproviderexe

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=116

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

117

What is the most accurate test to check if the IMS Server is running ? A: Verify syncexe is running B: Verify DataProviderexe is running C: Verify IMSService is running in services

D: Verify SOCIAccess is running in services

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=117

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

118

Which two actions cannot be performed when AccessAgent is disconnected from the IMS

Server? (Choose two) A: track audit events B: register a second factor C: issue authorization code D: capture new credentials for applications E change IBM Tivoli Access

Manager for Enterprise Single Sign-On password

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=118

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

119

What is the limitation of installing AccessAgent on a client machine in offline mode? A:

Client machine does not have Cryptoboxes installed B: Client machine does not have

DataProvider installed C: Client machine does not have IMS Server certificate installed D:

Client machine does not have AccessAgent certificate installed

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=119

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

120

A workstation with password-based authentication enabled is at the IBM Tivoli Access

Manager for Enterprise Single Sign-On Graphical Identification and Authentication (GINA) screen; the machine is online Active Directory (AD) is set up on IMS Server as the Enterprise

Directory for user verification AD Password Sync is enabled and user-secrets are not required during sign up A user wants to log on but has forgotten her IBM Tivoli Access Manager for

Enterprise Single Sign-On password What is a valid recovery workflow for the user? A:

Have helpdesk reset her Active Directory password and then start using her new AD password with IBM Tivoli Access Manager for Enterprise Single Sign-On without performing any additional steps and irrespective of the self-service password reset policy

47 B: Have helpdesk reset her Active Directory password and then start using her new AD password with IBM Tivoli Access Manager for Enterprise Single Sign-On, but only if selfservice password reset is enabled and she successfully answers her previously set challenge questions C: Have helpdesk reset her IBM Tivoli Access Manager for Enterprise Single Sign-

On password and then start using her new IBM Tivoli Access Manager for Enterprise Single

Sign-On password without performing any additional steps but only if self-service password reset is disabled D: Have helpdesk reset his/her IBM Tivoli Access Manager for Enterprise

Single Sign-On password and then start by using his/her new IBM Tivoli Access Manager for

Enterprise Single Sign-On password, but only if self- service password reset is enabled and

she successfully answers her previously set challenge questions

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=120

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

121

A workstation with password-based authentication enabled is at the IBM Tivoli Access

Manager for Enterprise Single Sign-On Graphical Identification and Authentication (GINA) screen; the machine is offline A user wants to log on but has forgotten her IBM Tivoli Access

Manager for Enterprise Single Sign-On password What is a valid recovery workflow for the user? A: The user clicks "reset password" to obtain a request code which is provided to

Helpdesk over the phone to obtain a temporary password from the helpdesk in return This temporary password is valid for multiple logons on any workstation B: The user clicks

"reset password" to obtain a request code which is provided to Helpdesk over the phone to obtain a temporary password from the helpdesk in return This temporary password is valid for multiple logons on this workstation only C: The user clicks "reset password" to obtain a request code which is provided to Helpdesk over the phone to obtain an authorization code in return This authorization code can be used to create a temporary password valid for one logon each on any workstation D: The user clicks "reset password" to obtain a request code which is provided to Helpdesk over the phoneto obtain an authorization code in return This authorization code can be used to create a temporary password valid for multiple logons on this workstation only

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=121

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

122

In an IBM Tivoli Access Manager for Enterprise Single Sign-On installation, the IMS Server

(and colocated database) machine has crashed Which resources must be available for successful recovery of the installation? A: backup of the IMS Server keystore and configuration files only B: backup of the IMS database only, from which all other information can be derived C: backup of the IMS Server keystore and configuration files as well as a backup of the IMS database D: backup of the IMS Server keystore and configuration files as well as a backup of cached wallets from client workstations

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=122

-------------------------------------------------------------------------------------------------------------------------------------

QUESTION:

123

A user does not remember his credentials for an application Although the credentials are saved in his wallet, he is stuck at a workstation on the company network which does not have IBM

Tivoli Access Manager for Enterprise Single Sign-On installed What is a possible workflow for the user to recover his forgotten credentials? A: The user calls helpdesk and identifies himself The helpdesk can then go to IBM Tivoli Access Manager for Enterprise Single Sign-

On AccessAdmin Web page and look up his credentials, irrespective of any user policy B:

The user goes to the IBM Tivoli Access Manager for Enterprise Single Sign-On

AccessAssistant Web page and after authenticating himself, is given his application credentials, provided this is allowed by the corresponding user policy C: The user calls helpdesk and identifies himself The helpdesk can then go to IBM Tivoli Access Manager for

Enterprise Single Sign-On AccessAssistant Web page and look up his credentials, provided this is allowed by the corresponding user policy D: The user calls an IMS administrator and identifies himself Only a person with Administrator role can then go to IBM Tivoli Access

Manager for Enterprise Single Sign-On AccessAssistant Web page to look up his application credentials, provided this is allowed by the corresponding user policy

Answer:

http://www.twpass.com/twpass.com/exam.aspx?ecode=000-020&qno=123

-------------------------------------------------------------------------------------------------------------------------------------

TwPass Certification Exam Features;

- TwPass offers over

2500

Certification exams for professionals.

- More than

98,800

Satisfied Customers Worldwide.

- Average

99.8%

Success Rate.

- Over

120

Global Certification Vendors Covered.

- Services of Professional & Certified Experts available via support.

- Free 90 days updates to match real exam scenarios.

- Instant Download Access!

No Setup required.

- Price as low as $19, which is 80% more cost effective than others.

- Verified answers researched by industry experts.

- Study Material

updated

on regular basis.

- Questions / Answers are downloadable in

PDF

format.

- Mobile Device Supported (Android, iPhone, iPod, iPad)

-

No authorization

code required to open exam.

-

Portable

anywhere.

-

Guaranteed Success

.

- Fast, helpful support 24x7.

View list of All Exams (AE);

http://www.twpass.com/twpass.com/vendors.aspx

Download Any Certication Exam DEMO.

http://www.twpass.com/twpass.com/vendors.aspx

To purchase Full version of exam click below; http://www.TwPass.com/

Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement