Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

IBM 000-013 Exam -

Free 000-013 Sample Questions:

Q: 1 A good user management process includes the following tasks:
- receive new user identity requests
- receive requests for changes to user identities
- use access policies to evaluate requests
- gather approvals
- place users in groups
- update accounts
- synchronize passwords
Which additional step is essential in a good user management process?
A. back up directory information
B. check that existing accounts are valid
C. verify user management process ownership
D. grant or block access to programs, based on access policy
Answer: B

Q: 2 What is considered the lowest maturity level in Identity Management maturity?
A. password management
B. access rights accountability
C. provisioning approval and process automation
D. connectors to access controlled systems (one tool managing multiple systems)
Answer: D

Q: 3 After a number of interviews with various customer personnel, the term"user productivity logon and transaction experience" comes up as a business process. Other than the word "logon", the description does not provide much insight into how this process relates to security.
Which list of security (and related) elements relate most strongly to this customer business process?
A. firewall, filtering router, intrusion detection
B. SSL acceleration, content filtering, pop-up blockers
C. single sign-on, personalization, scalability, availability
D. identification, public-key infrastructure, multi-factor authentication
Answer: C

Q: 4 What information should a customer baseline document include?
A. proof that there are no existing orphan accounts
B. the naming convention in place for all current users
C. the customer key business processes related to security
D. a list of all authentication mechanisms used by the customer
Answer: C

Q: 5 A customer has resources being managed in different facilities. When configuring a security solution, what is the most important element to consider in the design of the system?
A. use of a fiber optic backbone
B. the encryption protocol to be used
C. location of firewalls in the internal network
D. the time zone in which each facility is located
Answer: C

Q: 6 What is the objective of documenting the business and IT organizational structure of a company?
A. It helps the solution advisor identify the number of products that need to be deployed.
B. This step is essential to identify key areas of the business processes that relate to security.
C. It indicates the approximate number of licenses required for each product the company purchases.
D. The business organizational structure must match certain specifications for the product to be usable.
Answer: B

Q: 7 What needs to be defined for the Identity Management aspect of a Security Solution?
A. processes
B. driver's licenses
C. password selection
D. employee pay bands
Answer: A

Q: 8 Good workflow capability is a sign of maturity related to which aspect of security?
A. provisioning
B. authorization
C. authentication
D. new initiative deployment
Answer: A

Q: 9 Who must approve a requirements specification?
A. the customer and the sales team
B. the customer and the implementation team
C. the implementation team and the sales team
D. the implementation team and the product support team
Answer: B

Q: 10 What is the purpose of the context diagram for a security solution?
A. It provides a detailed listing of the software used in the solution and how the software is connected.
B. It provides a detailed listing of the hardware used in the solution and how the hardware is connected.
C. It scopes the security system's responsibilities and provides a black box view of the system interface.
D. It provides a listing of the hardware and software used in the system and how they are interconnected.
Answer: C

Q: 11 What information is needed when creating a document concerning a customer's IT and business organizational structure? (Choose two.)
A. number of business units
B. annual expenditure on IT assets
C. number of employees in IT organization
D. list of divisions within the IT department
E. total number of systems used by the company
Answer: A, D

Q: 12 In describing their business processes, the customer provides the following aspects of "audit/compliance":
1. Physical building access security
2. Security of servers
3. Security of desktops
4. Audit of user identities/accounts
5. Audit of access control (policy and actuals)
6. Audit of security of business partners
7. Revoke compromised certificates
From this list, what can be addressed by IBM Tivoli security solutions?
A. 2, 3, 5, 7
B. 2, 3, 4, 5
C. 2, 3, 4, 6
D. 4, 5, 6, 7
Answer: B

Q: 13 Based on IBM best practices, what are three IBM Tivoli Access Manager for e-business authentication capabilities that indicate a higher level of authentication maturity? (Choose three.)
A. Basic authentication
B. Shared authentication
C. Step-up authentication
D. Forced re-authentication
E. Multi-factor authentication
F. Forms-based authentication
Answer: C, D, E

Q: 14 Which programming languages need to be available to manage an unsupported operating system with an IBM Tivoli Identity Manager adapter?
A. Java and C
B. Cobol and REXX
C. C++ and Javascript
D. Visual Basic and C#
Answer: A

Q: 15 Which tasks need to be accomplished during an initial meeting with the customer when reviewing a company organizational chart?
A. determine the products to be used and provide Proof of Concept of the products in the solution
B. document the key players and their roles and provide Proof of Concept of the products in the solution
C. identify key decision makers and determine the products to be used
D. identify key decision makers and document the key players and their roles
Answer: D

Q: 16 Which is an accurate description of a highly mature company, in the area of authorization?
A. They are highly mature, because they use a single authorization engine, shared by many applications.
B. Their approach to authorization is in a leadership position, because they address WS-Provisioning, SAML and Liberty.
C. They are addressing authorization optimally because they are handling authorization within the application, and it best to address authorization decisions close to the decision point.
D. Their approach to authorization is highly secure and therefore highly mature, because their infrastructure uses many different authorization standards and thus is least likely to be penetrated.
Answer: A

Q: 17 While reviewing the current security policies for a company, you find that a standard exists, which dictates that information access must conform to HIPAA. Currently the customer has no automated method to verify adherence to this policy. Which IBM Tivoli security solution should you recommend to provide the customer with the ability to report on exceptions to this policy?
A. IBM Tivoli Identity Manager
B. IBM Tivoli Security Compliance Manager
C. IBM Tivoli Access Manager for e-business
D. IBM Tivoli Access Manager for Enterprise Single Sign-On
Answer: B

Q: 18 A current IBM Tivoli security customer is very satisfied with their current IBM Tivoli Identity Manager (ITIM) and IBM Tivoli Access Manager (ITAM) implementations. The customer has benefited greatly from the user management and provisioning, authentication, authorization and Web single sign-on processes now in place.
The customer sees the value of Web services and wants to leverage their business partnerships to greatly expand their online services, for a relatively small investment. They are expecting that their existing ITIM and ITAM investments can simply be stretched to include these business-to-business (B2B) flows.
IBM Tivoli Federated Identity Manager should be added to this scenario to address which security
A. the blocking of threats that might otherwise cross enterprise boundaries
B. the handling of potentially millions of users, which neither ITIM nor ITAM was built to address
C. the integration with firewalls that control security between any two businesses involved in these B2B flows
D. the handling of multiple types of standards-based protocols and user tokens that need to be passed between participating businesses
Answer: D

Q: 19 What is an important guideline to follow when considering security audit and security compliance scenarios?
A. avoid consolidating audit information, as that can dilute the value of the collected information and possibly render it useless
B. align the scope with the capabilities of Tivoli Security Compliance Manager, compliance of servers and desktops to stated security policies
C. avoid considering all rules, regulations, laws and internal customer requirements, as this can consume a lot of time while not yielding much useful information
D. consider compliance from multiple points of view, including desktop security, server security, access control policy, provisioning policy, authentication policy and risk management policy
Answer: D

Q: 20 Which three actions provide relevant input to customer authentication scenarios? (Choose three.)
A. The customer wants to digitally sign all messages.
B. The customer runs a successful PKI project and now wants to more fully adopt PKI.
C. The customer partially implements single sign-on, and wants to more fully implement it.
D. The customer feels they have too many places where audit data is kept, and they want to consolidate it.
E. The customer needs to issue identification tokens to people holding certain special job categories, for use in Web transactions.
F. The customer wants to cipher (encrypt) sensitive data while it is stored on servers, on desktops and while in transit in message flows and Web transactions.
Answer: B, C, E

Q: 21 Which two requirements are addressed by implementing IBM Tivoli Identity Manager? (Choose two.)
A. authentication of users
B. enterprise single sign-on
C. role-based account provisioning
D. automation of account approvals
E. system-wide security compliance reporting
Answer: C, D

Q: 22 As you analyze a customer business processes, you focus on a subset dealing with cross-enterprise Web transactions, both HTML- and SOAP-based.
Which three corresponding security requirements can be addressed by IBM Tivoli Federated Identity Manager? (Choose three.)
A. federated (cross-enterprise) Web single sign-on
B. federated (cross-enterprise) provisioning of users
C. federated (cross-enterprise) authorization of access to Web resources (SOAP only)
D. federated (cross-enterprise) authorization of access to Web resources (HTML only)
E. federated (cross-enterprise) authorization of access to Web resources (SOAP and HTML)
F. federated (cross-enterprise) assurance of compliance for both enterprises?desktops and servers
Answer: A, B, E

Q: 23 Which encryption method is used by IBM Tivoli Access Manager for e-business (ITAMeb) when ITAMeb is configured with the FIPS mode enabled?
A. SSLv3
B. TLSv1
C. WPAv2
D. Kerberos
Answer: B

Q: 24 Which two security requirements are addressed by IBM Tivoli Access Manager for e-business? (Choose two.)
A. authorization
B. authentication
C. intrusion detection
D. password management
E. mandatory access control
Answer: A, B

Q: 25 When the "Open Group" certifies an IBM product, what advantage does the certification bring to IBM?
A. IBM can begin to publish certification exams of that product.
B. IBM has the international license to position the product as IBM certified.
C. IBM can begin to sell the product world-wide without legal restrictions.
D. IBM has a stamp of approval guaranteeing the interoperability of the certified aspect of the product.
Answer: D

Q: 26 In a conversation about business requirements, a customer states:
"We are going through the latest big initiative right now. The focus is on time to market with new, bigger and better Web-based business applications. We have no time for implementing stronger security and we do not see how you can help us with this."
What is the primary security requirement indicated by the customer statement?
A. Standards-based federated Identity Management tools are required.
B. User management and provisioning can help this customer achieve more efficient and effective processes.
C. Strong risk management infrastructure will eliminate the need for security in these applications, allowing the focus to be on business logic.
D. More consistent authentication and authorization service-oriented architecture is needed for the
applications, saving application development time, which otherwise would have gone into building ad-hoc security into the applications.
Answer: D

Q: 27 A current IBM Tivoli Access Manager for e-business customer wants to add the ability to provide services to a third-party company employees. The customer does not want to create accounts and manage passwords for the third-party company employees.
What should you do to help the customer achieve this?
A. implement a process for the customer to manually create the accounts
B. use IBM Directory Integrator to synchronize the accounts between the two companies
C. install IBM Tivoli Identity Manager on the third-party company side, and provision accounts back to the customer user registry.
D. use IBM Tivoli Federated Identity Manager on the customer side as a service provider, and use a guest account for all the company employees when they access the site
Answer: D

Q: 28 Which protocol was developed jointly by IBM, Microsoft, and VeriSign?
A. Liberty
B. SAML V1.1
C. WS-Federation
D. Web Services Description Language (WSDL)
Answer: C

Q: 29 A business-partner of IBM, specializing in security products, is interested in setting up a specific system configured to simulate a few common network services. They want to intentionally leave it exposed to the external network access, in order to attract would-be attackers and study their attack patterns. Which term is used to denote such a system?
A. proxy
B. honey pot
C. Web server
D. bastion host
Answer: B

© 2014, All Rights Reserved