Professional Documents
Culture Documents
000‐006
IBM Tivoli Identity Manager V5.1 Implementation
Ver 6.40
Q&A 158
itchanakya@hotmail.com
itcertification39@gmail.com
Chanakya was founded in 2008. The safer, easier way to help you
pass any IT Certification exams. We provide high quality IT
Certification exams practice questions and answers (Q&A).
Especially Adobe, Apple, Citrix, Comptia, EMC, HP,IBM, Cognos,
Microsoft, Business Objects ,Symantec, Juniper, LPI, Nortel,
Oracle, SUN, VMware and Many more and help you pass any IT
Certification exams at the first try.
You can reach us at any of the email addresses listed below.
http://doallcertificationhere.blogspot.com
Exam A
QUESTION 1
Which two join directives can be used when multiple provisioning policies affect the same account?
(Choose two.)
A. Xor
B. Not
C. And
D. None
E. Union
s"
Answer: CE
n
io
QUESTION 2
at
Which two options should be included in a custom adapter design document? (Choose two.)
ic
A. supported platforms, Java version, log file locations
tif
B. input requirements, installation instructions, prerequisites
C. process flow diagram, debugging information and log file information
er
D. prerequisites, supported platforms, process flow diagrams, source code
C
E. security certificate configuration, installation location, input requirements
IT
Answer: BC
of
QUESTION 3
Click the Exhibit button.
ng
Ki
he
"T
a
ky
na
ha
C
Based on the organization chart and list of roles, which option is correct for this IBM Tivoli Identity Manager
V5.1 configuration?
A. A user in the On Demand Incorporated business unit can be granted the DESIGNER organizational
role.
Answer: A
QUESTION 4
Which information is stored in a certificate used to secure the connection between IBM Tivoli Identity
s"
Manager Server and its adapters?
n
A. certificate expiration date
io
B. certificate encryption type
at
C. certificate requester's name
D. certificate encryption strength
ic
tif
Answer: A
er
QUESTION 5
C
The Business Continuity Review describes the system availability characteristics of the solution design. In
a typical high availability (HA) configuration, a load balancer is configured in front of several peer masters
IT
for the directory server. Which statement is true regarding load balancing in an IBM Tivoli Identity Manager
(Tivoli Identity Manager) HA solution design?
of
A. If a primary master goes down, all traffic to that master is held until the master is available.
B. Load balancing of write traffic is unwise, because it leads to a possibility of an update conflict.
ng
C. If the primary system goes down, the remaining systems do not need to be able to bear the work load.
Ki
D. The Tivoli Identity Manager dataservices component will assist the load balancer in the redirecting of
requests to one of the other replicated Tivoli Identity Manager servers.
he
Answer: B
"T
QUESTION 6
Which steps are needed to create the password policy design?
a
ky
A. define password policy scope, select password settings, document password policy design
B. define password policy requirements, analyze password settings, document password policy design
na
C. gather current password settings, analyze password policy, define password scope, document
password policy design
ha
D. gather password policy requirements, define password policy scope, define password settings,
document password policy design
C
Answer: D
QUESTION 7
Which option is relevant to gathering requirements and creating an IBM Tivoli Identity Manager (Tivoli
Identity Manager) system architecture document?
A. formulate list of questions, identify interviewees, identify timelines for project phases, and delegate
responsibility
Answer: B
QUESTION 8
Which sequence of actions best describes a secure practice for sensitive data in an IBM Tivoli Identity
s"
Manager (Tivoli Identity Manager) database?
n
A. Schedule periodic database backups regularly in order to prevent losing sensitive data.
io
B. Enable security on the WebSphere Application Server and disallow running the WebSphere Application
at
Server using a non-root account.
C. Restrict network traffic to those ports or systems needed by the deployment only. If you write your own
ic
application and use a Tivoli Identity Manager API to retrieve sensitive data, encrypt the data before
tif
sending it over the network.
D. Restrict operating system access to database files. Limit the privileges of the operating system
er
accounts (administrative, root-privileged, or DBA) to the least privileges needed, change the default
passwords, and enforce periodic password changes.
Answer: D
C
IT
QUESTION 9
of
Given the desired services list and organization structure design, which two options are essential to create
a service design? (Choose two.)
ng
Answer: CD
a
ky
QUESTION 10
In which formats can reports from the IBM Tivoli Identity Manager user interface be generated?
na
A. PDF, CSV
ha
B. TXT, XML
C. PDF, TXT
C
D. HTML, PDF
Answer: A
QUESTION 11
A simple IBM Tivoli Identity Manager (Tivoli Identity Manager) implementation running on a Windows-
based server includes a single AIX platform with two adapters (UNIX and DB2). What are two necessary
considerations when creating an upgrade planning document for this scenario?
Answer: C
QUESTION 12
Which two options describe components of the Self-Service User Interface that can be included in the
customization design? (Choose two.)
s"
B. changing the banner colors
n
C. creating a custom workflow approval process
io
D. changing the default lifecycle management flow
at
E. creating new views for IBM Tivoli Identity Manager groups
ic
Answer: AB
tif
QUESTION 13
er
When performing analysis for designing a global identity policy, which considerations are essential?
C
A. UID constraints of each managed service type, and the erglobalid of the person object
IT
B. which managed service has the least restrictive UID constraints, and the erglobalid of the person
objects
C. UID constraints of each managed service type, and which attributes are available from the person
of
objects
D. which managed service has the least restrictive UID constraints, and which attributes are available from
ng
Answer: C
he
QUESTION 14
Given the information in the sample Organization Chart, which three pairs of roles are valid in a rule of a
"T
Answer: ADF
C
QUESTION 15
In preparation for an initial identity or Identity feed to IBM Tivoli Identity Manager (Tivoli Identity Manager)
V5.1 „ which two person attributes are required as a minimum in the feed? (Choose two.)
Answer: AB
QUESTION 16
A customer has chosen to separate the administration in IBM Tivoli Identity Manager (Tivoli Identity
Manager) of some target application services and provisioning parameters using Tivoli Identity Manager
groups. Which two options will be required, as a minimum, to implement security in this instance? (Choose
two.)
A. group-based ACIs
s"
B. service-based ACIs for the application services
C. account-based ACIs for the application targets
n
io
D. provisioning policy ACIs for the provisioning policies
E. organizational unit ACIs with services and policies defined at that level
at
Answer: BD
ic
tif
QUESTION 17
er
In a CSV identity feed, what is the definition of the name attribute?
C
A. the attribute that uniquely identifies the person
B. the attribute that contains the full name of the person
IT
C. the attribute that is used by IBM Tivoli Identity Manager to resolve account ownerships during
reconciliations
of
D. the attribute that contains the fully qualified DN of the person in the IBM Tivoli Identity Manager
ou=person container
ng
Answer: A
Ki
QUESTION 18
he
The account and password design document indicates that new accounts and passwords are initially set
up by a designated security officer Therefore, the notification is sent to the security officer and Is not sent
to each account owner. Which two options can be configured to meet this requirement? (Choose two.)
"T
A. Modify the existing e-mail notification templates to add the custom recipient.
a
B. Design a new e-mail notification template and add to the list of available workflow notification
ky
templates.
C. Configure a mail node in the operation workflow where the participant is a person with an e-mail
na
account.
D. The IBM Tivoli Identity Manager administrator would disable the New Account Notification template and
ha
the New Password template in Configuration > Properties > Notification Templates.
E. The IBM Tivoli Identity Manager administrator would disable the New Account Notification template and
the New Password template in Configure System > Workflow Notification Properties.
C
Answer: CE
QUESTION 19
What is the proper ordering of tasks during an IBM Tivoli Identity Manager V5.1 solution project?
Answer: D
QUESTION 20
When can an IBM Tivoli Identity Manager (Tivoli Identity Manager) functional test case be executed on a
Tivoli Identity Manager adapter?
s"
D. after test cases on the Tivoli Identity Manager server configuration have been completed
n
Answer: D
io
at
QUESTION 21
ic
A backup design requiring backups of all IBM Tivoli Identity Manager (Tivoli Identity Manager)-related
tif
components (WebSphere, LDAP, database) to occur at midnight has been created. All Tivoli Identity
Manager processes are quiesced for the duration of the backups. The backups run successfully, and Tivoli
er
Identity Manager is restarted. During the night an identity feed runs, creating 1000 new employees. The
identify feed specifies Use Workflow on the service definition and both a Tivoli Identity Manager account
C
and an AD account are automatically provisioned for each person. Both services specify that non-
compliance must be corrected. The related provisioning policies use UID from the person object for eruid
IT
on both services. An adoption policy exists for AD to search person objects for UIDs matching eruid during
reconciliation. The identify feed and all of its provisioning operations are completed by 3 a.m. At 7 a.m., a
catastrophic hardware failure occurs against the Tivoli Identity Manager LDAP and a restoration from the
of
B. Rerun the identify feed with Use Workflow disabled. Then perform reconciliation against the Tivoli
Identity Manager service specifying policy checking.
he
C. Rerun the identify feed, disabling Use Workflow. Then perform reconciliation against the AD service
specifying that policy checking not be performed during the reconciliation.
"T
D. Make the AD provisioning policy manual. Rerun the identify feed as it was originally run. Then perform
reconciliation against the AD service specifying that policy checking be performed during the
reconciliation. Make the AD provisioning policy automatic.
a
ky
Answer: D
na
QUESTION 22
ha
Answer: DE
QUESTION 23
Answer: ADF
s"
QUESTION 24
n
Which steps are needed to create an organization structure design from an existing organization and
io
reporting structure?
at
A. define organization structure, review organization structure with customer, document organization
structure
ic
B. review organization and reporting structure, formalize organization structure, document organization
tif
structure
er
C. gather organization structure requirements, discuss alternatives, formalize organization structure,
document organization structure
C
D. gather organization structure requirements, formalize organization structure, review organization
structure with customer, document organization structure
IT
Answer: C
of
QUESTION 25
ng
Answer: B
a
QUESTION 26
ky
Answer: D
QUESTION 27
A. The request is escalated to the first-line manager peer, and the remaining workflows continue.
B. The Enterprise LDAP User account will not be created, and the remainder of the workflow continues.
ng
C. The Enterprise LDAP Global Administrator account will not be created, and the remainder of the
workflow continues.
Ki
D. All accounts for the user are created except for the Enterprise LDAP Global Administrator account, and
an escalation is sent to the Service Desk.
he
Answer: C
"T
QUESTION 28
Where do the assembly lines associated with RMI-based adapter functions reside?
a
ky
Answer: A
C
QUESTION 29
Which three database servers are supported by IBM Tivoli Identity Manager V5.1? (Choose three.)
A. Oracle
B. MySQL Enterprise Edition
C. IBM DB2 Enterprise Edition
D. IBM Informix Dynamic Server
E. Sybase Adaptive Server Enterprise
Answer: ACF
QUESTION 30
On a single-server WebSphere configuration, where is the SelfServiceUI.properties file located?
A. <ITIM_HOME>/data
B. <WAS_PROFILE_HOME>\installedApps\<node_name>\itim_self_service.war
C. <WAS_PROFILE_HOME>\installedApps\<node_name>\ITIM.ear\itim_self_service.war
s"
D. <WAS_PROFILE_HOME>\installedApps\<node_name>\ITIM.ear\itim_self_seivice.war/custom
n
Answer: A
io
at
QUESTION 31
The process of creating a Certificate Signing Request with the adapter certificate tool would only apply to
ic
which class of adapters?
tif
A. JAAS-based
er
B. DAML-based
C. TDI/RMI-based
D. Secure FTP-based
C
IT
Answer: B
of
QUESTION 32
ng
Which two steps are required to independently install IBM Tivoli Directory Integrator (Tivoli Directory
Integrator) on a separate computer? (Choose two.)
Ki
A. Read the IBM Tivoli Identity Manager (Tivoli Identity Manager) release notes relating to support levels
of Tivoli Directory Integrator and fixes required.
he
B. After Tivoli Identity Manager is installed, the agentless adapters and the adapter profiles are
automatically installed on the computer that hosts Tivoli Identity Manager.
"T
C. After Tivoli Identity Manager is installed, the agentless adapters are automatically installed. Manually
install the adapter profiles on the computer that hosts Tivoli Identity Manager.
D. After Tivoli Identity Manager is installed, manually install the 5.1 agentless adapters provided with the
a
product on the computer that hosts Tivoli Directory Integrator. Manually install the adapter profiles on
ky
computer that hosts Tivoli Identity Manager. Import the adapter profiles using the Import/Export facility
on the Tivoli Identity Manager administrative console.
ha
Answer: AD
C
QUESTION 33
In a cluster installation, which option should be used to create the IBM Tivoli Identity Manager V5.1
installation directories?
QUESTION 34
Which two commands are used to schedule a report in IBM Tivoli Common Reporting? (Choose two.)
A. trcmd -run
B. scheduler -run
C. scheduler -set
D. trcmd -distribute
E. scheduler -distribute
s"
Answer: AD
n
io
QUESTION 35
at
What is the initial logon password for the itim manager user?
ic
A. reset
tif
B. admin
C. secret
er
D. itim mana
Answer: C
C
IT
QUESTION 36
of
Answer: A
"T
QUESTION 37
a
Which statement is true regarding the function that post office configuration can provide?
ky
A. The post office template can be cloned to reuse as different types of aggregate templates.
B. It allows a test of aggregation to be performed with chosen notification style from the administrative
na
console. C. It controls the volume of e-mail notifications if post office is enabled globally and Is not
disallowed by Workflow activities.
ha
C. It provides the capability to configure an alert facility to indicate that e-mail notifications are not being
sent to the mail server
C
Answer: C
QUESTION 38
Where are the challenge-response questions and Answer:s stored?
A. enRole.properties file
B. IBM Tivoli Identity Manager Database
C. WebSphere Application Server database
D. IBM Tivoli Identity Manager LDAP Directory
QUESTION 39
Which statement is true of Email Notification templates in IBM Tivoli Identity Manager (Tivoli Identity
Manager) V5.1?
A. JavaScript content or tags are only available to Plaintext and XHTML bodies when customizing a
Workflow Notification template.
B. The Tivoli Identity Manager Administrative Console will throw a parsing error if it finds a dynamic
content tag Is not recognized when saving an edited template.
s"
C. The Manual Activity templates can be disabled by choosing the Disable option for the template under
Configure System > Workflow Notification Properties.
n
D. Mail templates saved using the Tivoli Identity Manager Mail activity template in Entitlement or
io
Operational Workflows are available under Configure System > Workflow Notification Properties.
at
Answer: B
ic
tif
QUESTION 40
er
Which two tasks can be included as direct URL links on the IBM Tivoli Identity Manager V5.1
Administrative Console home page? (Choose two.)
Answer: AC
Ki
QUESTION 41
he
Which option describes the choices for defining an e-mail activity template?
Answer: D
na
QUESTION 42
ha
The join directive behavior for the provisioning policy for the ITIMService needs to be customized. Which
option is the correct method to change the join behavior?
C
A. From the navigation tree, select Manage Services> ITIMService > Configure Policy Join Behaviors.
B. From the navigation tree, select Manage Policies > Manage Provisioning Policies, and click Service
Type to select ITIMService.
C. From the Tivoli Identity Manager administrative console, select Configuration > Policy, and click Service
Type to select ITIMService
D. From the navigation tree, select Configure System > Configure Policy Join Behaviors, and click Service
Type to select ITIMService.
Answer: D
s"
E. False: e-mail notification of a password change is sent to the user. The e-mail contains a URL where
n
the user can obtain the password by entering his shared secret.
io
Answer: AE
at
ic
QUESTION 44
Which two of these entities can be customized? (Choose two.)
tif
er
A. Person
B. Location
C
C. Admin Domain
IT
D. Identity Manager User
E. BPerson (Business Partner Person)
of
Answer: AE
ng
QUESTION 45
Where can a password policy for a service reside in the organizational chart in relation to its target
Ki
service?
he
A. It can only reside in the same business unit that contains the service.
B. It can reside in the same business unit that contains the service or above the business unit that
"T
D. It can reside anywhere in relation to its target service because the location of the password policy is
ky
Answer: B
ha
QUESTION 46
What JavaScript engine is used by IBM Tivoli Identity Manager V5.1 as a script interpreter?
C
A. IBM JSEngine
B. Windows Scripting Host
C. Rhino JavaScript Engine
D. PHP JavaScript Interpreter
Answer: A
QUESTION 47
Answer: C
n s"
QUESTION 48
io
Which option is vital to ensuring that IBM Tivoli Identity Manager is properly tuned?
at
A. Minimize the use of static roles.
ic
B. Use dynamic roles whenever possible.
tif
C. Ensure that all attributes used in searches are indexed in LDAP.
D. Place all ACIs as high as possible in the organization tree to ensure maximum coverage
er
Answer: C
C
IT
QUESTION 49
Afresh copy of IBM Tivoli Identity Manager (Tivoli Identity Manager) has been installed and the Active
of
Directory (AD) adapter profile has been imported. Where are the labels for the attributes on the AD
account form stored?
ng
C. Formtemplates.properties in <$itim_home>/data
D. CustomLabels.properties file in <$itim_home>/data
he
Answer: A
"T
QUESTION 50
a
Which three types of files control the appearance of the Self-Service user interface? (Choose three.)
ky
Answer: AEF
QUESTION 51
Which two actions cause dynamic roles to be reevaluated? (Choose two.)
Answer: AC
QUESTION 52
Which IBM Tivoli Identity Manager service types are available by default?
s"
B. RMI dispatcher, DAML service, Hosted service
C. DSML identity feed, CSV identity feed, Hosted service
n
D. LDAP service, Windows service, inetOrgPerson identity feed
io
Answer: C
at
ic
QUESTION 53
tif
Custom workflow elements are registered with IBM Tivoli Identity Manager by editing which file in the
$ITIM_HOME/data directory?
er
A. enRole.properties
B. workflowextensions.xml
C
IT
C. workflowDataSyntax.xm!
D. workflowextensions.properties
of
Answer: B
ng
QUESTION 54
Ki
Which list displays all the entitlement workflow design elements available in IBM Tivoli Identity Manager?
B. Approval, Mail, RFI, Operation, Loop, Extension, Script, Work Order, Subprocess
C. Approval, Loop, Subprocess, RFI, Operation, Event Notification, Script, Extension
"T
D. Approval, Denial, Suspend, Subprocess, RFI, Operation, Work Order, Script, Extension
a
Answer: B
ky
QUESTION 55
na
Which two fields are required when an identity policy is defined? (Choose two.)
ha
A. Name
B. Prefix
C
C. Business Unit
D. Common Name
E. Organizational Name
Answer: AC
QUESTION 56
Which option describes valid memberships for a Report ACI (an ACI that protects a Report category item)
in IBM Tivoli Identity Manager (Tivoli Identity Manager)?
Answer: B
QUESTION 57
The administrator has modified the system-defined add operation for the person entity type by adding an
approval node to the workflow. The requirements have changed, and the approval for adding a new person
s"
is no longer required. The administrator would like to remove the approval node from the workflow. Which
n
activity should the administrator perform?
io
A. From Configuration > Entities, select the person entity. Select Define Operations. Select the Add
at
operation and Delete pushbutton option.
B. From Configure System > Manage Operations, select Entity type level and the Entity type of Person.
ic
Select the Add operation and the Delete pushbutton option.
tif
C. From Design Workflows > Manage Person Request Workflows, search for the Person Add Workflow.
Select the Default Person Add Workflow of type Entity override and Delete pushbutton option.
er
D. From Configure System > Manage Operations, select Entity type level and the Entity type of Person.
Select the Add operation and the Change pushbutton option. Then remove the approval node from the
C
operation diagram.
IT
Answer: D
of
QUESTION 58
Which IBM Tivoli Identity Manager (Tivoli Identity Manager) users can approve exemptions to Separation
ng
A. Only the Policy owner can approve exemptions to Separation of Duty violations.
B. Approval of exemptions to Separation of Duty policy violations is not allowed in Tivoli Identity Manager.
he
C. Only members of the Tivoli Identity Manager Administrator Group can approve exemptions to
Separation of Duty violations.
"T
D. Both members of the Tivoli Identity Manager Administrator Group and the Policy owner can approve
exemptions to Separation of Duty violations.
a
Answer: D
ky
na
QUESTION 59
Which two statements are true of service selection policies? (Choose two.)
ha
A. Any JavaScript entered in the service selection script Is syntax-checked before saving.
B. Deleting a service selection policy may result in the removal of previous accesses provided by this
C
policy.
C. Deleting a service selection policy will not result in the removal of previous accesses provided by this
policy.
D. After a policy is saved, it will perform an immediate evaluation, regardless of whether it is enabled or
disabled.
E. As a result of a service selection evaluation, IBM Tivoli Identity Manager V5.1 access entitlements can
be provisioned
Answer: BE
A. All users on the system can only have an account of the specified service.
B. Any user in the system is authorized to have an account on the specified service.
C. This policy overrides any automatic policy for the same service for all users in the system.
D. All users in the system will be provisioned an account on the specified service when the policy is
evaluated
Answer: B
s"
QUESTION 61
n
For IBM Tivoli Identity Manager (Tivoli Identity Manager) 5.1 DAML-based adapters, what item relating to
io
reconciliations can be configured using agentCfg?
at
A. use of xforms.xml
ic
B. use of LDAP v3 reconciliation filters
tif
C. specification of supporting-data-only reconciliation parameters
D. use of SSL communication with the Tivoli Identity Manager server
er
Answer: D
C
IT
QUESTION 62
Which default objectclass will IBM Tivoli Identity Manager V5.1 expect during an identity feed?
of
A. inetOrgPerson
ng
B. hruserOrgPerson
C. distinguishedName
Ki
D. userPrincipalName
Answer: A
he
"T
QUESTION 63
A company uses PeopleSoft to generate a unique employee designator as each new employee is entered
Into the HR system. IBM Tivoli Identity Manager has been configured to import the HR data from
a
PeopleSoft, including the unique Identifier (gbculd). As a policy, the company has used the gbcuid attribute
ky
as the UID of its managed targets. During the implementation, which action would the IBM consultants take
to match the AD accounts to their corresponding person entities and minimize any orphans?
na
D. Mimic the gbcuid algorithm with JavaScript for generating the uid attribute on the AD entitlements form
Answer: A
QUESTION 64
Click the Exhibit button. Based on the logical architecture, which action can be considered to enforce
provisioning policies on target resources during the identity feed process?
D. Schedule a reconciliation to run at a specific interval. During the reconciliation, IBM Tivoli Identity
Manager automatically enforces provisioning policies.
ng
Answer: B
Ki
QUESTION 65
he
Which two statements are true when enabling increased trace logging to help determine a problem in IBM
Tivoli Identity Manager? (Choose two.)
"T
Answer: CD
ha
QUESTION 66
C
Which statement is true of message, trace, and authentication log formats in IBM Tivoli Identity Manager
(Tivoli Identity Manager)?
Answer: A
s"
Answer: C
n
io
QUESTION 68
at
Which command can be used on a UNIX system to collect data to be sent to a support representative?
ic
A. ffdc.sh
tif
B. itiittbackup. sh
er
C. collect_ffdc.sh
D. serviceability.sh
Answer: D C
IT
of
QUESTION 69
Which statement is true when evaluating a placement rule on an identity feed service?
ng
A. The placement rule is only evaluated if the "Use workflow" option is checked.
B. The placement rule determines the placement of the identity into organizational roles.
Ki
C. The placement rule returns the organizational container where the identity is to be anchored.
D. The placement rule returns a true or false value to determine if an identity can be placed into IBM Tivoli
he
Answer: C
a
QUESTION 70
ky
When migrating IBM Tivoli Identity Manager (Tivoli Identity Manager) from a test to a production
environment, which task is valid?
na
B. Use the Import/Export feature to migrate the Tivoli Identity Manager configuration.
C. Assign the Tivoli Identity Manager test server the same host name as the production server.
C
D. Copy all the IBM Tivoli Directory Server data files to the Tivoli Identity Manager production system
Answer: B
QUESTION 71
New accounts that are reconciled from a remote platform are put up for adoption through the applicable
adoption policy, or they are orphaned. What person attribute Is matched against the account eruid attribute
by the default global adoption policy in IBM Tivoli Identity Manager V5.1?
A. the sn attribute
Answer: C
QUESTION 72
After testing the SSL connection between the IBM Tivoli Identity Manager V5.1 server and the directory
server, the login fails. Which two options should be checked? (Choose two.)
s"
B. The truststore file is corrupted.
n
C. The path to the .der file is valid.
io
D. The path to the truststore file is valid.
at
E. The path to the IdapConfig file is valid
ic
Answer: BD
tif
QUESTION 73
er
What are the correct steps to set up a reconciliation of only supporting data after the service definition has
C
been created and reconciliation was not initially defined? IT
A. Supporting data can only be reconciled when the service is created
B. Existing service definitions are displayed by selecting Configure System > Managing Service Types.
C. Existing service definitions are displayed by selecting Manage Services and then searching for the
of
specific service. When the service is listed, click the service name hyperlink to specify the Query to
Reconcile supporting data only.
ng
D. Existing service definitions are displayed by selecting Manage Services and then searching for the
specific service. When the service is listed, selecting the icon next to the name of the service will allow
Ki
the administrator to set up Reconciliation and specify the Query to Reconcile supporting data only.
Answer: D
he
"T
QUESTION 74
IBM Tivoli Identity Manager (Tivoli Identity Manager) development has released a fix pack to address a
specific problem that was found with the reporting module. Which three components, at a minimum, should
a
A. JDK/SDK
na
B. Database
C. JMS queues
ha
D. LDAP Directory
E. WebSphere Application Server configuration files
C
Answer: BDF
QUESTION 75
When an AD Adapter is being upgraded, what consideration must be given to the ADK component?
Answer: B
QUESTION 76
The IBM Tivoli Identity Manager (Tivoli Identity Manager) system has been installed and configured with
the initial default parameter settings. The administrator detects rollback errors in the trace.log.Which area
of the Tivoli Identity Manager system should the administrator review in order to eliminate the rollback
errors?
s"
A. Transaction rollbacks can be reduced or eliminated by creating additional indexes for the Directory
Server.
n
B. Transaction rollbacks can be reduced or eliminated by increasing the number of max_connections for
io
the IBM HTTP Server.
at
C. Transaction rollbacks can be reduced or eliminated by adjusting the database storage space or
database locking or database memory.
ic
D. Transaction rollbacks can be reduced or eliminated by increasing the value of the
tif
SearchAIUmUsedTimeout parameter for the RMI Dispatcher
er
Answer: C
QUESTION 77
C
IT
Which two options are correct for configuring the recycle bin in IBM Tivoli Identity Manager (Tivoli Identity
Manager)? (Choose two.)
of
A. The recycle bin is disabled by default in Tivoli Identity Manager and must be enabled explicitly.
B. The recycle bin age limit is the number of days, after which the recycle bin is emptied automatically.
ng
C. The recycle bin can be explicitly emptied by running the Tivoli Identity Manager runConfig script and
setting the Recycle Bin Age Limit parameter to 0 (zero).
Ki
D. The recycle bin age limit is the number of days after which an object in the recycle bin is eligible for
deletion by the Tivoli Identity Manager IdapClean cleanup script.
he
E. The recycle bin holds data objects that are deleted from the Tivoli Identity Manager LDAP repository
and the Tivoli Identity Manager database during the course of operations.
"T
Answer: AD
a
ky
QUESTION 78
Which option describes a prerequisite for installing an IBM Tivoli Identity Manager (Tivoli Identity Manager)
fix pack?
na
A. Stop the LDAP server that is used to contain the Tivoli Identity Manager data.
ha
B. Install the WebSphere Update installer for the appropriate WebSphere version.
C. Make sure that the WebSphere server that is running the Tivoli Identity Manager application is running.
C
D. Ensure that the SOAP request timeout value is set to 150 or less by using the com.ibm.SOAP.
requestTimeout property
Answer: B
QUESTION 79
What is the main purpose of the IBM Tivoli Identity Manager recycle bin?
Answer: B
QUESTION 80
IBM Tivoli Identity Manager (Tivoli Identity Manager) development has released a fix pack to address a
specific problem that was found with the reporting module. Which three components, at a minimum, should
be backed up? (Choose three.)
s"
A. JDK/SDK
n
B. Database
io
C. JMS queues
D. LDAP Directory
at
E. WebSphere Application Server configuration files
ic
F. Data subdirectory of Tivoli Identity Manager installation directory
tif
Answer: BDF
er
C
QUESTION 81
The e-rnail business process design indicates that there will be a large number of e-mail transactions. The
IT
IBM Tivoli Identity Manager (Tivoli Identity Manager) administrator has configured the system to enable
store forwarding with a collection interval of 60. Which of these scenarios will occur?
of
A. When the collection interval expires and notifications are aggregated, and there is only one notification
for a given group e-mail topic, the message will be delivered using the post office e-mail template.
ng
B. All activities that generate e-mail notifications will be intercepted and held for 60 minutes. After that
time, notifications are aggregated into one e-mail based on the group e-mail topic value and sent to the
Ki
recipients.
C. All manual activities that generate e-mail notifications that have the Use Group E-mail Topic enabled
will be intercepted and held for up to 60 minutes. After that time, notifications are aggregated into one
he
e-mail based on the group e-mail topic value and sent to the recipients.
D. All manual activities that generate e-mail notifications that have the Use Group E-mail Topic enabled
"T
will be intercepted and held for up to 60 seconds. After that time, notifications are aggregated into one
e-mail based on the group e-mail topic value and sent to the recipients.
a
Answer: C
ky
na
QUESTION 82
Which three statements are valid regarding the IBM Tivoli Identity Manager organization tree? (Choose
ha
three.)
Answer: ACD
QUESTION 83
approval request is sent to the Payroll system owner for approval of the Payroll account. An approval
request is sent to the Sales system owner for approval of the Sales account. An approval request is
ng
sent to the Information Technology Risk group for approval of the Global Administrator account and for
justification information.
Ki
B. Accounts for Active Directory, Enterprise LDAP User, and Exchange are provisioned immediately. An
approval request is sent to the employee's first-line manager for approval of the Payroll account. An
approval request is sent to the Sales system owner for approval of the Sales account. An approval
he
request is sent to the Information Technology Risk group for approval of the Global Administrator
account and for justification information.
"T
C. Accounts for Active Directory, Enterprise LDAP User, and Exchange are provisioned immediately. An
approval request is sent to the peer of the employee's first-line manager for approval of the Payroll
account. An approval request is sent to the Sales system owner for approval of the Sales account. An
a
approval request is sent to the Information Technology Risk group for approval of the Global
ky
immediately. An approval request Is sent to the peer of the employee's first-line manager for approval
of the Payroll account. An approval request is sent to the Sales system owner for approval of the Sales
ha
account. An approval request Is sent to the Information Technology Risk group for approval of the
Global Administrator account and for justification information.
C
Answer: B
QUESTION 84
What is the key area of concern when considering the high availability (HA) design for the IBM Tivoli
Identity Manager (Tivoli Identity Manager) Application Server?
A. the directory server replication framework to eliminate single points of failure and provide peer-to-peer
failover for the Tivoli Identity Manager application server
B. the configuration of DB2 high availability disaster recovery (HADR) to eliminate single points of failure
and provide peer-to-peer failover for the Tivoli Identity Manager application server
Answer: D
QUESTION 85
Which two options should be included in a custom adapter design document? (Choose two.)
s"
B. input requirements, installation instructions, prerequisites
n
C. process flow diagram, debugging information and log file information
io
D. prerequisites, supported platforms, process flow diagrams, source code
E. security certificate configuration, installation location, input requirements
at
Answer: BC
ic
tif
QUESTION 86
er
Which option would be included in the lifecycle management design?
identity feed
ng
Answer: D
Ki
QUESTION 87
Which methodology can be used to extend the standard password rules?
he
D. Password rules can be extended using the Pluggable Authentication Module (PAM) framework
ky
Answer: C
na
QUESTION 88
ha
Which two options are part of the customization design process? (Choose two.)
C
Answer: DE
QUESTION 89
Which two statements are true in relation to designing custom person entities? (Choose two.)
Answer: BE
s"
QUESTION 90
Click the Exhibit button.
n
io
at
ic
tif
er
C
IT
of
ng
Ki
he
"T
a
A customer wants to translate the logical architecture into a physical model the IBM Tivoli Identity Manager
ky
(Tivoli Identity Manager) configuration? Which change must be made to increase the security and
performance of the IBM Tivoli Identity Manager (Tivoli Identity Manager) configuration?
na
B. Move the HTTP server to a standalone computer that has no other Tivoli Identity Manager omponent.
C. Remove the HTTP server component and use built-in WAS HTTP service to improve performance and
avoid a security breach.
C
D. Establish a two-way SSL channel between the HTTP server and Tivoli Identity Manager. Gain
performance by keeping the HTTP server in the same Tivoli Identity Manager computer.
Answer: B
QUESTION 91
Which information is stored in a certificate used to secure the connection between IBM Tivoli Identity
Manager Server and its adapters?
Answer: A
QUESTION 92
Which file in English locale contains the definition for the IBM Tivoli Identity Manager screen text that can
be customized?
s"
A. enRole.properties
n
B. CustomLabels. properties
io
C. CustomScreenText_en.propeities
at
D. SelfServiceScreenText_en.properties
ic
Answer: D
tif
QUESTION 93
er
Which statement is correct regarding separation of duty rules?
D. Each rule must have one or more roles listed, the number of roles to which a user can belong depends
on the number in the list
ng
Answer: C
Ki
QUESTION 94
he
A customer is setting up a role-based access control (RBAC) model. Which relationship (between
organizational roles and another entity) must be primarily factored in when designing organizational roles?
"T
Answer: A
ha
QUESTION 95
C
What are the primary sources for gathering identity policy requirements?
A. IBM Tivoli Identity Manager System Architecture and IT Security account creation procedures
B. IBM Tivoli Identity Manager Solution Design Document and IT Security account creation procedures
C. IBM Tivoli Identity Manager System Architecture and the access control policies for the customer's
Web space
D. IBM Tivoli Identity Manager Solution Design Document and the access control policies for the
customer's Web space
Answer: B
A. All(*)
B. None
C. Others
D. All other users
E. Organizational role
F. All users in the organization
s"
Answer: DEF
n
io
QUESTION 97
During an architecture discussion, a customer states that their company already has an extensive LDAP
at
infrastructure in place that supports the Enterprise Directory project. The Enterprise Directory is currently
provisioned by a feed from a human resources system. The eventual goal is for IBM Tivoli Identity
ic
Manager (Tivoli Identity Manager) to provision the Enterprise Directory so that other external applications
tif
can use It for authentication and authorization. As a result, a significant amount of data interaction is
expected to occur between Tivoli Identity Manager and the Enterprise Directory.
er
Which option would be appropriate for a Tivoli Identity Manager architecture at the customer site?
C
A. Create a separate instance of the LDAP directory server to use for Tivoli Identity Manager.
B. Create a new suffix for Tivoli Identity Manager in the existing Enterprise Directory LDAP directory
IT
server.
C. Create a new root for Tivoli Identity Manager under one of the existing suffixes in the Enterprise
of
positioned as the Enterprise Directory by augmenting its person and account attributes.
Answer: A
Ki
he
QUESTION 98
When using the IBM Tivoli Identity Manager user interface, which categories can the report templates be
applied to?
"T
Answer: C
ha
QUESTION 99
C
A customer requires additional attributes as per their IBM Tivoli Identity Manager solution design. Which
base LDAP objectclass is used to extend the schema to add new attributes to create a custom person
class?
A. person
B. erPerson
C. erPersonltem
D. inetOrgPerson
Answer: D
A. Adoption policies
B. Account re certification
C. Organization administration
D. Provisioning policy join directives
Answer: B
n s"
QUESTION 101
io
Which post-upgrade validation test would verify that the custom entity object was intact?
at
A. creating a new person
ic
B. modifying an existing ACI
tif
C. creating a new dynamic role
D. scanning completed requests
er
Answer: A
C
IT
QUESTION 102
Which two statements are true of groups and ACIs in an out-of-the box IBM Tivoli Identity Manager (Tivoli
of
Identity Manager) environment populated with some users and some basic services reconciled? (Choose
two.)
ng
A. The default HelpDesk Assistant group allows members of that group to manage entitlement workflows.
B. Groups define what tasks Tivoli Identity Manager users will see on the administrative console through
Ki
Answer: CD
na
QUESTION 103
ha
Answer: ADF
QUESTION 104
Answer: A
QUESTION 105
Which test phase should occur first in an IBM Tivoli Identity Manager acceptance plan?
n s"
A. system testing
io
B. functional testing
C. performance testing
at
D. user acceptance testing
ic
Answer: B
tif
er
QUESTION 106
C
A customer requires that mission-critical LDAP-based applications like IBM Tivoli Identity Manager (Tivoli
Identity Manager) use LDAP replication. The Tivoli Identity Manager recovery design implements an LDAP
master/replica topology. Which statement describes the actions that must be taken to most quickly recover
IT
from a failure of the master LDAP?
of
A. Tivoli Identity Manager must be quiesced and pointed to the correct LDAP.
B. WebSphere must be stopped, pointed to the correct LDAP, and restarted.
ng
C. Tivoli Identity Manager must be quiesced while the master LDAP is re-created from the subordinate.
D. Tivoli Identity Manager will fail over automatically to the subordinate LDAP because of properties
Ki
Answer: A
he
"T
QUESTION 107
Which task is least likely to be affected by client delays?
a
A. installation
ky
B. assessment
C. customization
na
D. solution design
ha
Answer: D
C
QUESTION 108
Which two LDAP directory servers does IBM Tivoli Identity Manager V5.1 support? (Choose two.)
A. OpenLDAP
B. Novel! eDirectory
C. Microsoft Active Directory
D. Sun ONE Directory Server
E. IBM Tivoli Directory Server
QUESTION 109
Why will a test of a DAML-based adapter fail?
Answer: D
n s"
QUESTION 110
io
What configuration file is used to set up the default values for IBM Tivoli Common Reporting?
at
A. config.xml
ic
B. defaults .xml
tif
C. defaultsConfig .xml
D. reportingConfig.xml
er
Answer: D
C
IT
QUESTION 111
When installing IBM Tivoli Identity Manager V5.1 on a UNIX system, what is the log-in account type
of
requirement?
ng
A. Root
B. Superuser
Ki
C. Administrator
D. Root Equivalent
he
Answer: A
"T
QUESTION 112
A customer has created a new custom True64 UNIX RMI-based agentless adapter profile using a toolkit
a
capability. The customer is ready to use this profile. If IBM Tivoli Directory Integrator is installed on the
ky
same computer as IBM Tivoli Identity Manager, what is required for the customer to use this particular
profile?
na
A. Import the custom jar file using Import/Export from the administrative console; install the adapter on the
target.
ha
B. Import the custom jar file using Import/Export from the administrative console; the adapter profile is
ready for use.
C
C. Import the custom jar file and the Service Definition file using the Import button on Manage Services
Types on the administrative console.
D. Click Create under Manage Service Types, define the new Service Type name, and then browse for
the new custom service schema on the LDAP class search facility.
Answer: C
QUESTION 113
Generating a Certificate Signing Request (CSR) is Option A of which utility?
Answer: B
QUESTION 114
Which file must be modified to change the background color in the IBM Tivoli Identity Manager V5.1 Self-
Service user interface?
s"
A. nav.jsp
n
B. Home.jsp
io
C. console.css
at
D. SelfServiceUI.properties
ic
Answer: C
tif
QUESTION 115
er
Which files can be checked to verify that IBM Tivoli Directory Server is running normally?
Answer: C
ng
Ki
QUESTION 116
Which option lists a set of valid membership items for an ACI to protect a static organizational role in IBM
Tivoli Identity Manager (Tivoli Identity Manager)?
he
A. the owner of the role, the role members, and the administrator of the domain in which the roles resides
"T
B. the owner of the role, the supervisor of the business unit in which the role resides, and members of
Tivoli Identity Manager groups
a
C. the supervisor of the role owner, the supervisor of the business unit in which the role resides, and
ky
grants access using provisioning policy, and members of Tivoli Identity Manager groups
Answer: B
ha
C
QUESTION 117
Afresh copy of IBM Tivoli Identity Manager (Tivoli Identity Manager) has been installed and the Active
Directory (AD )adapter profile has been imported. Extension attributes are added to customize the AD
profile. The account form labels for the new attributes are specified in which two places? (Choose two.)
QUESTION 118
Where are the challenge-response questions and Answer:s stored?
A. enRole.properties file
B. IBM Tivoli Identity Manager Database
C. WebSphere Application Server database
D. IBM Tivoli Identity Manager LDAP Directory
Answer: D
n s"
QUESTION 119
io
Under which three conditions are service selection policies evaluated? (Choose three.)
at
A. whenever a service instance is deleted
ic
B. whenever the service selection policy script is changed
tif
C. whenever an IBM Tivoli Identity Manager user's attributes are modified
D. whenever a provisioning policy that targets a service selection policy is changed
er
E. whenever a user is added to an organizational unit where a provisioning policy is defined
C
F. whenever a user is added to an organizational role (static or dynamic) that is a member of a
provisioning policy that targets such a service selection policy
IT
Answer: BCF
of
QUESTION 120
ng
Which two Configure View options can be set for the IBM Tivoli Identity Manager V5.1 Administrative
Console? (Choose two.)
Ki
A. View Accounts
B. Request Accounts
he
C. Change Passwords
D. Manage Adoption Policies
"T
Answer: CD
ky
QUESTION 121
na
A priority-based provisioning policy join directive is in place. According to the information in the table, which
definition of erdivision, a single-valued attribute, will be valid during policy validation including reconciliation
with policy checking enabled?
Answer: C
QUESTION 122
Which option describes the initial setting of the recycle bin in IBM Tivoli Identity Manager (Tivoli Identity
Manager) V5.1?
s"
D. The recycle bin settings cannot be modified in Tivoli Identity Manager V5.1
n
Answer: A
io
at
QUESTION 123
ic
Which option describes the processing when two provisioning policies apply to a user for the same
tif
service?
er
A. The provisioning request fails.
B. The policy with the lowest priority is the only one that is processed.
C.
C
The policy with the highest priority is the only one that is processed.
IT
D. The policies are joined according to the current join directives, and the resulting attribute elements are
provisioned
of
Answer: D
ng
QUESTION 124
When the IBM Tivoli Identity Manager administrator is searching for a user from the Manage User > Select
Ki
a User panel, the default value for Search By is set to Last Name. The administrator would like to set the
default value to MyCoUid, which is a unique identifier used at MyCo. Which action must the administrator
he
perform?
A. Using the Directory tools, remove the Last Name attribute and add the MyCoUid attribute.
"T
B. From Manage Users > Advanced Search, modify the default search attribute for the Person User type.
C. From Configure System > Manage Entities, modify the default search attribute on the Entity Detail
a
Information form.
ky
D. From the Manage Users > Select a User panel, select MyCoUid from the drop-down Search By list box
and click Save
na
Answer: C
ha
QUESTION 125
C
QUESTION 126
Which two rules apply when two or more access control items conflict? (Choose two.)
A. An explicit denial (using a Deny selection) by one access control item overrides an explicit grant by
other access control items.
B. An implied denial (using a None selection) by one access control item overrides an explicit grant by
other access control items.
C. An explicit grant by one access control item overrides an implied denial (using a None selection) by
other access control items.
s"
D. An implied grant by one access control item overrides an implied denial (using a None selection) by
other access control items.
n
E. An explicit grant by one access control item at the organization level overrides an implied denial (using
io
a None selection) by other access control items.
at
Answer: AC
ic
tif
QUESTION 127
er
An organization would like the End User community to be able to change personal profile information. To
accomplish this change in the self-service application, which two tasks would the administrator need to
C
perform IBM Tivoli Identity Manager (Tivoli Identity Manager)? (Choose two.)
IT
A. No changes are needed to the Access Control Item.
B. Change the Access Control Item and grant the modify permission for person.
of
C. Change the Access Control Item and grant the modify permission for account.
D. From the Tivoli Identity Manager Self-Service User Interface, enable the Change My Personal Profile
from Set System Security > Manage Views > User Views > Configure Views > Self Service Console.
ng
E. From the Tivoli Identity Manager Administrative Console, enable the Change My Personal Profile from
Set System Security > Manage Views > User Views > Configure Views > Self Service Console.
Ki
Answer: BE
he
QUESTION 128
"T
Which two statements are true for service type account defaults? (Choose two.)
a
B. Service type account defaults must be specified for each created service.
C. Service type account defaults are global and are inherited by a service when the service is created.
na
D. Subsequent changes to the account defaults on the service type are not reflected in existing services.
E. Account defaults for an existing service can be modified by changing the service type account defaults
ha
Answer: CD
C
QUESTION 129
What is separation of duty in IBM Tivoli Identity Manager V5.1?
Answer: A
n s"
io
at
ic
tif
er
C
From the code snippet displayed in the exhibit, what will be the result for a new identity if the base Identity
IT
variable is null or empty?
D. An identity will be created based on the person's last initial and first name
Ki
Answer: C
he
QUESTION 131
Click the Exhibit button. What impact will the value of the enrole.ui.pageLinkMax properly have on the
"T
A. This property determines the number of page links displayed for multipage result sets.
ky
B. This property determines the maximum time period before a timeout occurs when a user clicks a link on
the Self Service Console.
na
C. This property determines the number of page links displayed for multipage result sets. It cannot exceed
the value specified by the enrole.ui.pageLinkMax property specified in the ITIM_HOME/data/ui.
properties file.
ha
D. This property determines the maximum number of Web page links to tasks that will be displayed in a
section. If more page links exist, the Self Service Console will display a More link that can be clicked to
C
Answer: A
QUESTION 132
Transfer between different business units is supported by which entity type?
A. Person
B. Service
C. Provisioning policy
Answer: A
QUESTION 133
A company has a policy not to notify users directly when they have a new account and password; instead,
they want the respective department security administrators to inform the employees when a new account
and password is created. Each of the five departments has its own administrator which has been granted
the IBM Tivoli Identity Manager (Tivoli Identity Manager) Group Dept Admin. Additionally, every department
administrator has the isAdmin check box checked on the Tivoli Identity Manager person profile. The
company wants only the department administrator to be notified when a new account is created for any
s"
employee in their department. Which step would not be required in implementing a solution for the above
scenario?
n
io
A. Disabling the New Account notification base template.
B. Disabling the New Password notification base template.
at
C. Modifying the add person operational workflow by adding a work order to the department administrator.
ic
D. Modifying the add account operational workflow by adding a work order to the department administrator
tif
Answer: C
er
C
QUESTION 134
When multiple password policies apply to a service, which option describes how password policy is applied
IT
to the service?
A. All the password policies that target the service are joined and applied.
of
B. The password policy that most specifically targets the service is applied.
C. The global password policy (that applies to All Service Types) is joined with the password policy that
ng
policy that
targets the service at the same specificity, they are joined and applied.
he
Answer: B
"T
QUESTION 135
When adding an e-mail activity to a workflow, which option is a valid system template from which e-mail
a
A. RFISubmitted
na
B. ActivityRejected
C. ActivityApproved
ha
D. WorkflowCornplete
C
Answer: A
QUESTION 136
The IBM Tivoli Identity Manager system-wide Escalation Limit is set to 2 days 0 hours 0 minutes. The
Reminder Interval is set to 1 day and an entitlement workflow approval activity (Escalation participant:
Branch Manager) set to an escalation period of 3 days, 12 hours, 0 minutes. Assuming that Post office is
turned off, no approval for the Access request has taken place and default Approval activity notification
settings apply, which statement is true?
A. The Branch Manager will receive two reminder e-mails before receiving the escalation e-mail.
Answer: D
QUESTION 137
What is one drawback when using dynamic roles versus static roles?
s"
A. Dynamic roles add a performance hit.
n
io
B. Dynamic roles can only be used for assigning membership to provisioning policies.
C. Membership (assignments) cannot be viewed from the Person Entity Information panel.
at
D. Membership (assignments) cannot be viewed from the organizational roles information panel
ic
Answer: A
tif
er
QUESTION 138
Which two workflows have notification templates? (Choose two.)
A. new person
C
IT
B. new account
C. suspend person
of
D. change password
E. password expiration
ng
Answer: BD
Ki
QUESTION 139
he
What is the response from the IBM Tivoli Identity Manager logon page when the LDAP directory server is
not currently running?
"T
D. CTGIM <error code> The specified user ID and password are not valid. CTGIM <error code> The
directory server is not available.
ha
Answer: D
C
QUESTION 140
A company has a requirement that all account creations be logged into the Remedy tracking system. As a
result, a custom JavaScript extension developed to send the new account information to Remedy in near-
real-time. The new extension Java class, gbcUtilitiesExtension, in package com.ibm.itim.script.extensions
was developed by the IBM consulting team and packaged into gbcUtilities.jar. Which addition to the
scriptframework.properties file would be the most appropriate for integrating the new extension?
A. ITIM .interpreter.Workflow=gbcUtilities
B. ITIM .extension .Workflow.gbcUtils=com .ibm .itim .script.extensions .gbcUtilities
C. ITIM .extension .Workflow.gbcUtils=com .ibm .itim .script.extensions .gbcUtilitiesExtension
Answer: C
QUESTION 141
Click the Exhibit button.
n s"
io
at
ic
tif
er
C
IT
of
ng
Based on the logical architecture, which two services can be used to import the identity feed file into IBM
Ki
A. AD
he
B. CSV
"T
C. DSML
D. IDI Data Feed
E. Hosted Service
a
ky
Answer: BC
na
QUESTION 142
ha
Which default objectclass will IBM Tivoli Identity Manager V5.1 expect during an identity feed?
A. inetOrgPerson
C
B. hruserOrgPerson
C. distinguishedName
D. userPrincipalName
Answer: A
QUESTION 143
A company uses PeopleSoft to generate a unique employee designator as each new employee is entered
into the HR system. IBM Tivoli Identity Manager has been configured to import the HR data from
A. In the Add workflow, set the erllases values to both the gbcuid and the value generated by the older
algorithm; then rerun the data feed from PeopleSoft.
B. Create an adoption rule that includes logic for returning people that correspond to both eraliases and
the older algorithm; then rerun the AD reconciliation.
C. Create an adoption rule that includes logic for returning people that correspond to both eraliases and
s"
the older algorithm; then rerun the data feed from PeopleSoft.
D. Create an adoption rule that includes logic for returning people that correspond to the older algorithm,
n
and in the Add workflow, set the erliases values to the gbcuid; then rerun the AD reconciliation
io
Answer: B
at
ic
QUESTION 144
tif
For IBM Tivoli Identity Manager (Tivoli Identity Manager) 5.1 DAML-based adapters, what item relating to
reconciliations can be configured using agentCfg?
er
C
A. use of xforms.xml
B. use of LDAP v3 reconciliation filters
IT
C. specification of supporting-data-only reconciliation parameters
D. use of SSL communication with the Tivoli Identity Manager server
of
Answer: D
ng
QUESTION 145
Ki
Which file contains the output for Java extensions that use system, out. println() methods?
A. msg.log
he
B. trace.log
"T
C. SystemOut.log
D. System Err. out
a
Answer: C
ky
na
QUESTION 146
Which two log files found under the WAS_HOME/profiles/<profile name>/logs/server1 directory are useful
in troubleshooting an IBM Tivoli Identity Manager application problem with a standard installation using
ha
A. msg.log
B. trace.log
C. SystemErr.log
D. SystemOut.log
E. cfg_itim_mw.log
Answer: CD
QUESTION 147
While testing communications to a DAML managed resource in the Manage Services screens, a message
Answer: AD
s"
QUESTION 148
Which two statements are true when enabling increased trace logging to help determine a problem in IBM
n
Tivoli Identity Manager? (Choose two.)
io
A. Set logger.trace.level=DEBUG_MAX in errorLogging.properties.
at
B. Set logger trace.com.iom=DEBUG_MAX in errorLogging.properties.
ic
C. Set logger trace level=DEBUG_MAX in the file enRoleLogging properties.
D. Turn on the setting logger trace.logging=true in enRoleLogging properties.
tif
E. Configure the setting logger.trace.level=IO for maximum detail in the trace log
er
Answer: CD
C
IT
QUESTION 149
A functioning IBM Tivoli Identity Manager (Tivoli Identity Manager) test environment has been configured
and tested and is ready to move into production. The information in the Tivoli Identity Manager Directory
of
Server has been migrated to production. Additional configuration information should be promoted from the
Tivoli Identity Manager server file system. Which additional data would need to be promoted to production?
ng
Answer: C
"T
a
QUESTION 150
ky
When migrating IBM Tivoli Identity Manager (Tivoli Identity Manager) from a test to a production
environment, which task is valid?
na
C. Assign the Tivoli Identity Manager test server the same host name as the production server.
D. Copy all the IBM Tivoli Directory Server data files to the Tivoli Identity Manager production system
C
Answer: B
QUESTION 151
After testing the SSL connection between the IBM Tivoli Identity Manager V5.1 server and the directory
server, the login fails. Which two options should be checked? (Choose two.)
Answer: BD
QUESTION 152
Consider an identity synchronization scenario at a customer where the customer wants to pull in identities
at scheduled times, and push emergency identity deletes to IBM Tivoli Identity Manager (Tivoli Identity
Manager) for offboarding in near real time. Which statement is true in this scenario?
s"
A. A DSML identity feed service in Tivoli Identity Manager can onboard and offboard identities.
n
B. Identities deleted in Tivoli Identity Manager during an identity feed are never placed into the Recycle
io
Bin.
C. Reconciling an identity feed service with the Use Workflow option enabled will allow provisioning and
at
separation of duty policies to be evaluated during processing.
D. An IDI data feed identity service can be reconciled to pull in identities into Tivoli Identity Manager, and
ic
can be contacted by an external process to push identities to Tivoli Identity Manager.
tif
Answer: D
er
C
QUESTION 153
A manual service has been created to provision voice mail accounts in IBM Tivoli Identity Manager (Tivoli
IT
Identity Manager). Which reconciliation strategy is available to reconcile voice mail accounts?
of
A. The voice mail accounts can be reconciled with a CSV file that contains voice mail account attribute
and group information.
B. Reconciliation is a redundant concept for manual services because Tivoli Identity Manager does not
ng
account data and use the Tivoli Identity Manager API to perform reconciliation.
D. The voice mail account and group data must be sent over as a form submittal using HTTP or HTTPS to
he
the Tivoli Identity Manager 5.1 Reconcile Manual Service servlet at http(s)://itimServer:port/itim/
reconcileManualServlet.
"T
Answer: A
a
ky
QUESTION 154
What are two means of testing connectivity to the IBM Tivoli Identity Manager LDAP directory? (Choose
two.)
na
A. DBConfig
ha
B. runConflg
C. Idapsearch
C
D. SetupEnrole
E. WebSphere administrative console
Answer: BC
QUESTION 155
Which statement is true for the use of V4.6 adapters with IBM Tivoli Identity Manager (Tivoli Identity
Manager) V5.1?
Answer: D
QUESTION 156
In IBM Tivoli Identity Manager (Tivoli Identity Manager), which two data can the DBPurge utility affect?
(Choose two.)
n s"
A. Orphaned accounts
io
B. Auditing data in the Tivoli Identity Manager database
C. identities which have been unused for a period of time
at
D. The current error backlog in the WebSphere Messaging Queue
ic
E. Transactional / Reconciliation data in the Tivoli Identity Manager database
tif
Answer: BE
er
C
QUESTION 157
IBM Tivoli Identity Manager (Tivoli Identity Manager) reconciliations are resource-intensive operations that
IT
can take a long time for services with a large account population. Which option will improve reconciliation
performance?
of
Answer: D
he
QUESTION 158
"T
Which option correctly describes a task to be done before the installation of a fix pack on the IBM Tivoli
Identity Manager V5.1 server?
a
Answer: D
C