000-020 Q&A / Study Guide / Testing Engine

Best IBM Certification Training and IBM Exams Training and more IBM exams log in to Certkingdom.com

---

QUESTION 1
An organization has decided to deploy an IBM Tivoli Access Manager for Enterprise Single-on
solution to help address security and productivity issues. Per their corporate security policy, the
organization has detailed requirements related to password management for their enterprise
applications. Which password requirements need to be captured?

A. details related to application user ID requirements
B. policy requirements related to the number of applications that a user can access
C. policy requirements for application and user initiated password resets and password complexity
D. do nothing as password policy requirements are best addressed within the application space
rather than in an Enterprise Single Sign-On project

Answer: C

---

QUESTION 2
Which operator allows specification of a case-sensitive regular expression comparison for
attributes in an AccessProfile signature?

A. Tilde (~)
B. Hash (#)
C. Equals (=)
D. Asterisk (*)

Answer: A

---

QUESTION 3
What are the directory details of Relational Database backup files created by IBM Tivoli Access
Manager for Enterprise Single Sign-On V8.0.1 housekeeping?

A. The directory must exist with one subdirectory (general).
B. The directory must exist with two subdirectories (daily, weekly).
C. The directory must exist with three subdirectories (daily, weekly, monthly).
D. The directory must exist with four subdirectories (general, daily, weekly, monthly).

Answer: C

---

QUESTION 4
System, machine, and user policies can be configured though AccessAdmin. How are changes
synchronized with the AccessAgent?

A. written by the Administrators on the INI files
B. propagated only with the Active Directory network service
C. propagated to the clients on the next Administrator access
D. propagated to clients the next timeAccessAgent synchronizes with the IMS Server

Answer: D

---

QUESTION 5
An SSL VPN can be used in conjunction with IBM Tivoli Access Manager for Enterprise Single
Sign-On to provide remote access to business critical information. Which statement is true about
the Mobile ActiveCode (MAC) when it is used with a VPN Solution for remote access?

A. The MAC can only be delivered to a mobile phone and is good for a single use only.
B. The MAC can be delivered by mobile phone, e-mail, or fax, and it is good for one time
authentication only.
C. The MAC can only be delivered to a mobile phone and it is good until the expiration time is
reached, as set by an administrator.
D. The MAC can be delivered by mobile phone, email, or fax, and it is good until the expiration
time is reached, as set by an administrator.

Answer: B

---

Best IBM Certification Training and IBM Exams Training and more IBM exams log in to Certkingdom.com

Patch Tuesday: Microsoft to release 6 patches, 1 critical

Patch Tuesday: Microsoft to release 6 patches, 1 critical
Microsoft, Patch Tuesday for March: A continued drop in critical security bulletins has the security community overlooking a rise in total patches issued this year.

Microsoft announced today that next week's Patch Tuesday will be the lightest of 2012, with six security bulletins and just one rated critical.

More: Windows 8's 8 top apps (so far)

RELATED: Microsoft patch blows 'perfect game' but sends important message

The critical patch will pertain to all Windows customers as it addresses a vulnerability that affects the entire family of the operating system, up to and including Windows 7.

Four of the patches address vulnerabilities in Windows, including the critical patch for a remote code execution vulnerability and the moderate patch for a denial-of-service exploit. The remaining two patches, both rated important, target an elevation of privilege vulnerability in Visual Studio and a remote code execution in Expression Design, respectively.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

With six patches this month, Microsoft's total for the year will reach 22, up from the 17 bulletins issued through March of 2011. The total for the month also exceeded that of last year, when Microsoft issued just three bulletins.

The year-over-year increase comes just one month after Microsoft was able to reduce its total number of bulletins issued in February from 12 in 2011 to nine this year. And while the year is still young, Microsoft is in danger of surpassing the 100 bulletins issued in all of 2011.

However, Lumension security and forensic analyst Paul Henry says those numbers are a poor representation of Microsoft's progress with security. Citing recent improvements, as well as the novelty that its Internet Explorer web browser went "at least somewhat spared" during the Pwn2Own conference at which Google Chrome took a beating, Henry says the main point to focus on is the decrease in severity of vulnerabilities.

"I think they're doing a better job. They've got the processes in place to better manage their software development in line with security," Henry says. "They really have put a great deal of effort into this, and if you look at the longer-term trend, I think they're really starting to bear some fruit from it."

Both the security community and IT support professionals will welcome an increase in total patches issued if it means the number of critical patches remains low, Henry says.

"Part of the reason for that is that Microsoft, having cleared a large number of critical issues, is now focusing a lot of its attention on moderate and important issues and is just trying to clean things up," Henry says. "So the number of bulletins won't actually go down, but the critical bulletins absolutely will."

Just 32 of the 100 patches Microsoft issued throughout 2011 were deemed critical, the lowest rate since the Patch Tuesday routine launched in 2004. So far this year, Microsoft has issued six critical vulnerabilities, putting it on pace to reduce that rate by 25%.

Colin Neagle covers Microsoft security and network management for Network World. Keep up with his blog: Rated Critical, follow him on Twitter: @ntwrkwrldneagle. Colin's email is cneagle@nww.com.

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com