Escolar Documentos
Profissional Documentos
Cultura Documentos
Version 3.0
QUESTION NO: 1
Which two join directives can be used when multiple provisioning policies affect the same
account? {Choose two.)
A. Xor
B. Not
C. And
D. None
E. Union
Answer: C, E
QUESTION NO: 2
Which two options should be included in a custom adapter design document? (Choose two.)
Answer: B, C
QUESTION NO: NO: 3
Based on the organization chart and list of roles, which option is correct for this IBM Tivoli
Identity Manager V5.1 configuration?
A. A user in the On Demand Incorporated business unit can be granted the DESIGNER
organizational role.
B. Only users in the Engineering and any sub tree business units can be granted the DESIGNER
organizational role.
D. Users in the On Demand Incorporated and sub tree business units will automatically be
granted the EMPLOYEE organizational role
Answer: A
QUESTION NO: 4
Which information is stored in a certificate used to secure the connection between IBM Tivoii
Identity Manager Server and its adapters?
Answer: A
QUESTION NO: 5
The Business Continuity Review describes the system availability characteristics of the solution
design. In a typical high availability (HA) configuration, a load balancer is configured in front of
several peer masters for the directory server. Which statement is true regarding load balancing in
an IBM Tivoii Identity Manager (Tivoii Identity Manager) HA solution design?
A. If a primary master goes down, all traffic to that master is hold until the master is available
B. Load balancing of write traffic is unwise, because it leads to a possibility of an update conflict
C. If the primary system goes down, the remaining systems do not need to be able to bear the
work load.
D. The Tivoii Identity Manager dataservices component will assist the load balancer in the
redirecting ot requests to one of the other replicated Tivoii Identity Manager servers.
Answer: B
QUESTION NO: 6
B. define password policy requirements, analyze password settings, document password policy
design
C. gather current password settings, analyze password policy, define password scope, document
password policy design
D. gather password policy requirements, define password policy scope, define password settings,
document password policy design
Answer: D
QUESTION NO: 7
Which option Is relevant to gathering requirements and creating an IBM Tivoli Identity Manager
(Tivoli Identity Manager) system architecture document?
A. formulate list of QUESTION NO:s, identify interviewees, identify timelines for project
phases, and delegate responsibility
B. formulate list of QUESTION NO:s, identify interviewees, identify network topology, and
ensure business continuity planning
D. discuss firewall rules, discuss certificate installations for HTTPS communication, and discuss
Tivoli Identity Manager Web application security and hljack-prevention features
Answer: B
QUESTION NO: 8
Which sequence of actions best describes a secure practice for sensitive data in an IBM Tivoll
Identity Manager (Tivoli Identity Manager) database?
A. Schedule periodic database backups regularly in order to prevent losing sensitive data.
B. Enable security on the WebSphere Application Server and disallow running the WebSphere
Application Server using a non-root account.
C. Restrict tietwutk traffic to those ports ur systems needed by the deployment only. If you write
your own application and use a Tivoli Identity Manager API to retrieve sensitive data, encrypt
the data before sending it over the network.
D. Restrict operating system access to database files. Limit the privileges of the operating system
accounts (administrative, root-privileged, or DBA) to the least privileges needed, change the
default passwords, and enforce periodic password changes.
Answer: D
QUESTION NO: 9
Given the desired services list and organization structure design, which two options are essential
to create a service design? (Choose two.)
Answer: C, D
QUESTION NO: 10
In which formats can reports from the IBM Tivoli Identity Manager user interface be generated?
A. PDF, CSV
B. TXT, XML
C. PDF, TXT
D. HTML, PDF
Answer: A
QUESTION NO: 11
A simple IBM Tivoli Identity Manager (Tivoli Identity Manager) implementation running on a
Windows-based server includes a single AIX platform with two adapters (UNIX and DB2).
What are two necessary considerations when creating an upgrade planning document for this
scenario?
Answer: C
QUESTION NO: 12
Which two options describe components of the Self-Service User Interface that can be included
in the customization design? (Choose two.)
Answer: A, B
QUESTION NO: 13
When performing analysis for designing a global identity policy, which considerations are
essential?
A. UID constraints of each managed service type, and the erglobalid of the person object
B. which managed service has the least restrictive UID constraints, and the erglobalid of the
person objects
C. UID constraints of each managed service type, and which attributes are available from the
person objects
D. which managed service has the least restrictive UID constraints, and which attributes are
available from the person object
Answer: C
QUESTION NO: 14
Given the information In the sample Organization Chart, which three pairs of roles are valid in a
rule of a separation of duty policy? (Choose three.)
Answer: A, D, F
QUESTION NO: 15
In preparation for an initial identity or Identity feed to I3M Tivoli Identity Manager (Tivoli
Identity Manager) V5.1 „ which two person attributes are required as a minimum in the feed?
(Choose two.)
Answer: A, B
QUESTION NO: 16
A customer has chosen to separate the administration in IBM Tivoli Identity Manager (Tivoli
Identity Manager) of some target application services and provisioning parameters using Tivoli
Identity Manager groups. Which two options will be required, as a minimum, to implement
security in this instance? (Choose two.)
A. group-based ACIs
B. service-based ACIs for the application services
E. organizational unit ACIs with services and policies defined at that level
Answer: B, D
QUESTION NO: 17
C. the attribute that is used by IBM Tivoli Identity Manager to resolve account ownerships
during reconciliations
D. the attribute that contains the fully qualified DN of the person in the IBM Tivoli Identity
Manager ou=person container
Answer: A
QUESTION NO: 18
The account and password design document indicates that new accounts and passwords are
initially set up by a designated security officer Therefore, the notification is sent to the security
officer and Is not sent to each account owner. Which two options can be configured to meet this
requirement? (Choose two.)
A. Modify the existing e-mail notification templates to add the custom recipient.
B. Design a new e-mail notification template and add to the list of available workflow
notification templates.
C. Configure a mail node in the operation workflow where the participant is a person with an e-
mail account.
D. The IBM Tivoli Identity Manager administrator would disable the New Account Notification
template and the New Password template in Configuration > Properties > Notification
Templates.
E. The IBM Tivoli Identity Manager administrator would disable the New Account Notification
template and the New Password template in Configure System > Workflow Notification
Properties.
Answer: C, E
QUESTION NO: 19
What is the proper ordering of tasks during an IBM Tivoli Identity Manager V5.1 solution
project?
Answer: D
QUESTION NO: 20
When can an IBM Tivoli Identity Manager (Tivoli Identity Manager) functional test case be
executed on a Tivoli Identity Manager adapter?
A. after performance tests on the adapter have been completed
B. after the adapter is installed and the corresponding service has been reconciled
C. when a remediation procedure exists as part of the risk assessment if the test case fails
D. after test cases on the Tivoli Identity Manager server configuration have been completed
Answer: D
QUESTION NO: 21
A backup design requiring backups of all IBM Tivoli Identity Manager (Tivoli Identity
Manager)-related components (WebSphere, LDAP, database) to occur at midnight has been
created. All Tivoli Identity Manager processes are quiesced for the duration of the backups. The
backups run successfully, and Tivoli Identity Manager is restarted. During the night an identity
feed runs, creating 1000 new employees. The identify feed specifies Use Workflow on the
service definition and both a Tivoli Identity Manager account and an AD account are
automatically provisioned for each person. Both services specify that noncompliance must be
corrected. The related provisioning policies use UID from the person object for eruid on both
services. An adoption policy exists for AD to search person objects for UIDs matching eruid
during reconciliation. The identify feed and all of its provisioning operations are completed by 3
a.m. At 7 a.m., a catastrophic hardware failure occurs against the Tivoli Identity Manager LDAP
and a restoration from the previous 12 a.m. backup must be performed.
Which actions must be taken to recover the updates to LDAP that occurred during the identity
feed and related provisioning activities?
B. Rerun the identify feed with Use Workflow disabled. Then perform reconciliation against the
Tivoli Identity Manager service specifying policy checking.
C. Rerun the identify feed, disabling Use Workflow. Then perform reconciliation against the AD
service specifying that policy checking not be performed during the reconciliation.
D. Make the AD provisioning policy manual. Rerun the identify feed as it was originally run.
Then perform reconciliation against the AD service specifying that policy checking be performed
during the reconciliation. Make the AD provisioning policy automatic.
Answer: D
QUESTION NO: 22
E. requirements for a service provider that will be used to interface with the managed platform
using Web Services
Answer: D, E
QUESTION NO: 23
QUESTION NO: 24
Which steps are needed to create an organization structure design from an existing organization
and reporting structure?
Answer: C
QUESTION NO: 25
Answer: B
QUESTION NO: 26
Answer: D
QUESTION NO: 27
A. The request is escalated to the first-line manager peer, and the remaining workflows continue.
B. The Enterprise LDAP User account will not be created, and the remainder of the workflow
continues.
C. The Enterprise LDAP Global Administrator account will not be created, and the remainder of
the workflow continues.
D. All accounts for the user are created except for the Enterprise LDAP Global Administrator
account, and an escalation is sent to the Service Desk.
Answer: C
QUESTION NO: 28
Where do the assembly lines associated with RMI-based adapter functions reside?
Answer: A
QUESTION NO: 29
Which three database servers are supported by IBM Tivoli Identity Manager V5.1? (Choose
three.)
A. Oracle
Answer: A, C, F
QUESTION NO: 30
A. <ITIM_HOME>/data
B. <WAS_PROFILE_HOME>\installedApps\<node_name>\itim_self_service.war
C. <WAS_PROFILE_HOME>\installedApps\<node_name>\ITIM.ear\itim_self_service.war
D.
<WAS_PROFILE_HOME>\installedApps\<node_name>\ITIM.ear\itim_self_seivice.war/custo
m
Answer: A
QUESTION NO: 31
The process of creating a Certificate Signing Request with the adapter certificate tool would only
apply to which class of adapters?
A. JAAS-based
B. DAML-based
C. TDI/RMI-based
D. Secure FTP-based
Answer: B
QUESTION NO: 32
Which two steps are required to independently install IBM Tivoli Directory Integrator (Tivoli
Directory Integrator) on a separate computer? (Choose two.)
A. Read the IBM Tivoli Identity Manager (Tivoli Identity Manager) release notes relating to
support levels of Tivoli Directory Integrator and fixes required.
B. After Tivoli Identity Manager is installed, the agentless adapters and the adapter profiles are
automatically installed on the computer that hosts Tivoli Identity Manager.
C. After Tivoli Identity Manager is installed, the agentless adapters are automatically installed.
Manually install the adapter profiles on the computer that hosts Tivoli Identity Manager.
D. After Tivoli Identity Manager is installed, manually install the 5.1 agentless adapters provided
with the product on the computer that hosts Tivoli Directory Integrator. Manually install the
adapter profiles on the computer that hosts Tivoli Identity Manager.
E. After Tivoli Identity Manager is installed, the agentless adapters are automatically installed on
the computer that hosts Tivoli Identity Manager. Import the adapter profiles using the
Import/Export facility on the Tivoli Identity Manager administrative console.
Answer: A, D
QUESTION NO: 33
In a cluster installation, which option should be used to create the IBM Tivoli Identity Manager
V5.1 installation directories?
C. Directory name must contain the host name of the cluster members.
D. Directory should be shared among cluster members on a storage area network (SAN) drive
Answer: B
QUESTION NO: 34
Which two commands are used to schedule a report in IBM Tivoli Common Reporting? (Choose
two.)
A. trcmd -run
B. scheduler-run
C. scheduler-set
D. trcmd -distribute
E. scheduler –distribute
Answer: A, D
QUESTION NO: 35
What is the initial logon password for the itim manager user?
A. reset
B. admin
C. secret
D. itim mana
Answer: C
QUESTION NO: 36
Answer: A
QUESTION NO: 37
Which statement is true regarding the function that post office configuration can provide?
A. The post office template can be cloned to reuse as different types of aggregate templates.
B. It allows a test of aggregation to be performed with chosen notification style from the
administrative console.
C. It controls the volume of e-mail notifications if post office is enabled globally and Is not
disallowed by Workflow activities.
D. It provides the capability to configure an alert facility to indicate that e-mail notifications are
not being sent to the mail server
Answer: C
QUESTION NO: 38
Answer: D
QUESTION NO: 39
Which statement is true of Email Notification templates in IBM Tivoli Identity Manager (Tivoli
Identity Manager) V5.1?
A. JavaScript content or tags are only available to Plaintext and XHTML bodies when
customizing a Workflow Notification template.
B. The Tivoli Identity Manager Administrative Console will throw a parsing error if it finds a
dynamic content tag Is not recognized when saving an edited template.
C. The Manual Activity templates can be disabled by choosing the Disable option for the
template under Configure System > Workflow Notification Properties.
D. Mail templates saved using the Tivoli Identity Manager Mail activity template in Entitlement
or Operational Workflows are available under Configure System > Workflow Notification
Properties.
Answer: B
QUESTION NO: 40
Which two tasks can be included as direct URL links on the IBM Tivoli Identity Manager V5.1
Administrative Console home page? (Choose two.)
A. Manage service types.
Answer: A, C
QUESTION NO: 41
Which option describes the choices for defining an e-mail activity template?
Answer: D
QUESTION NO: 42
The join directive behavior for the provisioning policy for the ITIMService needs to be
customized. Which option is the correct method to change the join behavior?
A. From the navigation tree, select Manage Services> ITIMService > Configure Policy Join
Behaviors.
B. From the navigation tree, select Manage Policies > Manage Provisioning Policies, and click
Service Type to select ITIMService.
C. From the Tivoli Identity Manager administrative console, select Configuration > Policy, and
click Service Type to select ITIMService
D. From the navigation tree, select Configure System > Configure Policy Join Behaviors, and
click Service Type to select ITIMService.
Answer: D
QUESTION NO: 43
What are the two valid settings or behaviors for the enrole.workflow.notify password property?
(Choose two.)
C. Sup: e-mail notification of a password change is not sent to the user; it is instead sent to his
supervisor (manager).
D. URL: e-mail notification of a password change is sent to the user. The e-mail contains a URL
where the user can obtain the password by entering his shared secret.
E. False: e-mail notification of a password change is sent to the user. The e-mail contains a URL
where the user can obtain the password by entering his shared secret.
Answer: A, E
QUESTION NO: 44
A. Person
B. Location
C. Admin Domain
Answer: A, E
QUESTION NO: 45
Where can a password policy for a service reside in the organizational chart in relation to its
target service?
A. It can only reside in the same business unit that contains the service.
B. It can reside in the same business unit that contains the service or above the business unit that
contains the service.
C. It can reside in the same business unit that contains the service, or below the business unit that
contains the service.
D. It can reside anywhere in relation to its target service because the location of the password
policy is driven by the location of the users to whose passwords it will apply.
Answer: B
QUESTION NO: 46
What JavaScript engine is used by IBM Tivoli Identity Manager V5.1 as a script interpreter?
A. IBM JSEngine
QUESTION NO: 47
The IBM Tivoli Identity Manager (Tivoli Identity Manager) Server uses a placement rule to
determine where in the organization chart a person should be placed. Which statement is true
regarding placement rules?
B. Placement rules are written with JavaScript that returns the organization path in a common
name (en) format.
C. Placement rules are written with JavaScript that returns the organization path in a
distinguished name (dn) format.
D. If organization information cannot be determined by the placement rule, then the person is not
added to the Tivoli Identity Manager directory
Answer: C
QUESTION NO: 48
Which option is vital to ensuring that IBM Tivoli Identity Manager is properly tuned?
D. Place all ACIs as high as possible in the organization tree to ensure maximum coverage
Answer: C
QUESTION NO: 49
Afresh copy of IBM Tivoli Identity Manager (Tivoli Identity Manager) has been installed and
the Active Directory (AD) adapter profile has been imported. Where are the labels for the
attributes on the AD account form stored?
C. Formtemplates.properties in <$itim_home>/data
Answer: A
QUESTION NO: 50
Which three types of files control the appearance of the Self-Service user interface? (Choose
three.)
Answer: A, E, F
QUESTION NO: 51
E. when an associated provisioning policy is modified (one for which the role defines
membership)
Answer: A, C
QUESTION NO: 52
Which IBM Tivoli Identity Manager service types are available by default?
Answer: C
QUESTION NO: 53
Custom workflow elements are registered with IBM Tivoli Identity Manager by editing which
file in the $ITIM_HOME/data directory?
A. enRole.properties
B. workflowextensions.xml
C. workflowDataSyntax.xm!
D. workflowextensions.properties
Answer: B
QUESTION NO: 54
Which list displays all the entitlement workflow design elements available in IBM Tivoli
Identity Manager?
B. Approval, Mail, RFI, Operation, Loop, Extension, Script, Work Order, Subprocess
D. Approval, Denial, Suspend, Subprocess, RFI, Operation, Work Order, Script, Extension
Answer: B
QUESTION NO: 55
Which two fields are required when an identity policy is defined? (Choose two.)
A. Name
B. Prefix
C. Business Unit
D. Common Name
E. Organizational Name
Answer: A, C
QUESTION NO: 56
Which option describes valid memberships for a Report ACI (an ACI that protects a Report
category item) in IBM Tivoli Identity Manager (Tivoli Identity Manager)?
D. the supervisor of the business unit in which the user resides, members of an Tivoli Identity
Manager group
Answer: B
QUESTION NO: 57
The administrator has modified the system-defined add operation for the person entity type by
adding an approval node to the workflow. The requirements have changed, and the approval for
adding a new person is no longer required. The administrator would like to remove the approval
node from the workflow. Which activity should the administrator perform?
A. From Configuration > Entities, select the person entity. Select Define Operations. Select the
Add operation and Delete pushbutton option.
B. From Configure System > Manage Operations, select Entity type level and the Entity type of
Person. Select the Add operation and the Delete pushbutton option.
C. From Design Workflows > Manage Person Request Workflows, search for the Person Add
Workflow. Select the Default Person Add Workflow of type Entity override and Delete
pushbutton option.
D. From Configure System > Manage Operations, select Entity type level and the Entity type of
Person. Select the Add operation and the Change pushbutton option. Then remove the approval
node from the operation diagram.
Answer: D
QUESTION NO: 58
Which IBM Tivoli Identity Manager (Tivoli Identity Manager) users can approve exemptions to
Separation of Duty policy violations?
A. Only the Policy owner can approve exemptions to Separation of Duty violations.
C. Only members of the Tivoli Identity Manager Administrator Group can approve exemptions
to Separation of Duty violations.
D. Both members of the Tivoli Identity Manager Administrator Group and the Policy owner can
approve exemptions to Separation of Duty violations.
Answer: D
QUESTION NO: 59
Which two statements are true of service selection policies? (Choose two.)
A. Any JavaScript entered in the service selection script Is syntax-checked before saving.
B. Deleting a service selection policy may result in the removal of previous accesses provided by
this policy.
C. Deleting a service selection policy will not result in the removal of previous accesses provided
by this policy.
E. As a result of a service selection evaluation, IBM Tivoli Identity Manager V5.1 access
entitlements can be provisioned
Answer: B, E
QUESTION NO: 60
When specifying All Users in the Organization as the membership type for a provisioning policy,
which option describes the operation of the policy when a single service is specified as the
manual entitlement?
A. All users on the system can only have an account of the specified service.
B. Any user in the system is authorized to have an account on the specified service.
C. This policy overrides any automatic policy for the same service for all users in the system.
D. All users in the system will be provisioned an account on the specified service when the
policy is evaluated
Answer: B
QUESTION NO: 61
For IBM Tivoli Identity Manager (Tivoli Identity Manager) 5.1 DAML-based adapters, what
item relating to reconciliations can be configured using agentCfg?
A. use of xforms.xml
Answer: D
QUESTION NO: 62
Which default objectclass will IBM Tivoli Identity Manager V5.1 expect during an identity feed?
A. inetOrgPerson
B. hruserOrgPerson
C. distinguishedName
D. userPrincipalName
Answer: A
QUESTION NO: 63
A company uses PeopleSoft to generate a unique employee designator as each new employee is
entered Into the HR system. IBM Tivoli Identity Manager has been configured to import the HR
data from PeopleSoft, including the unique Identifier (gbculd). As a policy, the company has
used the gbcuid attribute as the UID of its managed targets. During the implementation, which
action would the IBM consultants take to match the AD accounts to their corresponding person
entities and minimize any orphans?
D. Mimic the gbcuid algorithm with JavaScript for generating the uid attribute on the AD
entitlements form
Answer: A
QUESTION NO: 64
Click the Exhibit button. Based on the logical architecture, which action can be considered to
enforce provisioning policies on target resources during the identity feed process?
D. Schedule a reconciliation to run at a specific interval. During the reconciliation, IBM Tivoli
Identity Manager automatically enforces provisioning policies.
Answer: B
QUESTION NO: 65
Which two statements are true when enabling increased trace logging to help determine a
problem in IBM Tivoli Identity Manager? (Choose two.)
E. Configure the setting logger.trace.level=10 for maximum detail in the trace log
Answer: C, D
QUESTION NO: 66
Which statement is true of message, trace, and authentication log formats in IBM Tivoli Identity
Manager (Tivoli Identity Manager)?
Answer: A
QUESTION NO: 67
After making changes to a custom adapter and reloading the profile into IBM Tivoli Identity
Manager (Tivoli Identity Manager) using the import capability, a test is run on the adapter. The
test results show that the changes did not appear to make any difference in the results. After
inspecting the IBM Tivoli Directory Integrator (Tivoli Directory Integrator) log file for the
adapter, the logging statements that were added do not appear to be logging any output. What is
one possible explanation for this behavior?
B. The existing profile must be uninstalled before installing a new profile update.
C. The Tivoli Directory Integrator server was not restarted after the profile was reloaded.
D. Tivoli Identity Manager must be restarted after making any changes to the profile information
Answer: C
QUESTION NO: 68
Which command can be used on a UNIX system to collect data to be sent to a support
representative?
A. ffdc.sh
B. itiittbackup. sh
C. collect_ffdc.sh
D. serviceability.sh
Answer: D
QUESTION NO: 69
Which statement is true when evaluating a placement rule on an identity feed service?
A. The placement rule is only evaluated if the "Use workflow" option is checked.
B. The placement rule determines the placement of the identity into organizational roles.
C. The placement rule returns the organizational container where the identity is to be anchored.
D. The placement rule returns a true or false value to determine if an identity can be placed into
IBM Tivoli Identity Manager or not
Answer: C
QUESTION NO: 70
When migrating IBM Tivoli Identity Manager (Tivoli Identity Manager) from a test to a
production environment, which task is valid?
B. Use the Import/Export feature to migrate the Tivoli Identity Manager configuration.
C. Assign the Tivoli Identity Manager test server the same host name as the production server.
D. Copy all the IBM Tivoli Directory Server data files to the Tivoli Identity Manager production
system
Answer: B
QUESTION NO: 71
New accounts that are reconciled from a remote platform are put up for adoption through the
applicable adoption policy, or they are orphaned. What person attribute Is matched against the
account eruid attribute by the default global adoption policy in IBM Tivoli Identity Manager
V5.1?
A. the sn attribute
B. the en attribute
Answer: C
QUESTION NO: 72
After testing the SSL connection between the IBM Tivoli Identity Manager V5.1 server and the
directory server, the login fails. Which two options should be checked? (Choose two.)
Answer: B, D
QUESTION NO: 73
What are the correct steps to set up a reconciliation of only supporting data after the service
definition has been created and reconciliation was not initially defined?
C. Existing service definitions are displayed by selecting Manage Services and then searching for
the specific service. When the service is listed, click the service name hyperlink to specify the
Query to Reconcile supporting data only.
D. Existing service definitions are displayed by selecting Manage Services and then searching
for the specific service. When the service is listed, selecting the icon next to the name of the
service will allow the administrator to set up Reconciliation and specify the Query to Reconcile
supporting data only.
Answer: D
QUESTION NO: 74
IBM Tivoli Identity Manager (Tivoli Identity Manager) development has released a fix pack to
address a specific problem that was found with the reporting module. Which three components,
at a minimum, should be backed up? (Choose three.)
A. JDK/SDK
B. Database
C. JMS queues
D. LDAP Directory
Answer: B, D, F
QUESTION NO: 75
When an AD Adapter is being upgraded, what consideration must be given to the ADK
component?
C. The ADK must be at the same or higher level than the AD Adapter.
D. The AD Adapter and ADK are one component and are upgraded together
Answer: B
QUESTION NO: 76
The IBM Tivoli Identity Manager (Tivoli Identity Manager) system has been installed and
configured with the initial default parameter settings. The administrator detects rollback errors in
the trace.log.Which area of the Tivoli Identity Manager system should the administrator review
in order to eliminate the rollback errors?
A. Transaction rollbacks can be reduced or eliminated by creating additional indexes for the
Directory Server.
C. Transaction rollbacks can be reduced or eliminated by adjusting the database storage space or
database locking or database memory.
Answer: C
QUESTION NO: 77
Which two options are correct for configuring the recycle bin in IBM Tivoli Identity Manager
(Tivoli Identity Manager)? (Choose two.)
A. The recycle bin is disabled by default in Tivoli Identity Manager and must be enabled
explicitly.
B. The recycle bin age limit is the number of days, after which the recycle bin is emptied
automatically.
C. The recycle bin can be explicitly emptied by running the Tivoli Identity Manager runConfig
script and setting the Recycle Bin Age Limit parameter to 0 (zero).
D. The recycle bin age limit is the number of days after which an object in the recycle bin is
eligible for deletion by the Tivoli Identity Manager IdapClean cleanup script.
E. The recycle bin holds data objects that are deleted from the Tivoli Identity Manager LDAP
repository and the Tivoli Identity Manager database during the course of operations.
Answer: A, D
QUESTION NO: 78
Which option describes a prerequisite for installing an IBM Tivoli Identity Manager (Tivoli
Identity Manager) fix pack?
A. Stop the LDAP server that is used to contain the Tivoli Identity Manager data.
B. Install the WebSphere Update installer for the appropriate WebSphere version.
C. Make sure that the WebSphere server that is running the Tivoli Identity Manager application
is running.
D. Ensure that the SOAP request timeout value is set to 150 or less by using the com.ibm.SOAP.
requestTimeout property
Answer: B
QUESTION NO: 79
What is the main purpose of the IBM Tivoli Identity Manager recycle bin?
D. to provide a quick failover mechanism if IBM Tivoli Identity Manager LDAP fails
Answer: B
QUESTION NO: 80
IBM Tivoli Identity Manager (Tivoli Identity Manager) development has released a fix pack to
address a specific problem that was found with the reporting module. Which three components,
at a minimum, should be backed up? (Choose three.)
A. JDK/SDK
B. Database
C. JMS queues
D. LDAP Directory
Answer: B, D, F
QUESTION NO: 81
The e-rnail business process design indicates that there will be a large number of e-mail
transactions. The IBM Tivoli Identity Manager (Tivoli Identity Manager) administrator has
configured the system to enable store forwarding with a collection interval of 60. Which of these
scenarios will occur?
A. When the collection interval expires and notifications are aggregated, and there is only one
notification for a given group e-mail topic, the message will be delivered using the post office e-
mail template.
B. All activities that generate e-mail notifications will be intercepted and held for 60 minutes.
After that time, notifications are aggregated into one e-mail based on the group e-mail topic
value and sent to the recipients.
C. All manual activities that generate e-mail notifications that have the Use Group E-mail Topic
enabled will be intercepted and held for up to 60 minutes. After that time, notifications are
aggregated into one e-mail based on the group e-mail topic value and sent to the recipients.
D. All manual activities that generate e-mail notifications that have the Use Group E-mail Topic
enabled will be intercepted and held for up to 60 seconds. After that time, notifications are
aggregated into one e-mail based on the group e-mail topic value and sent to the recipients.
Answer: C
QUESTION NO: 82
Which three statements are valid regarding the IBM Tivoli Identity Manager organization tree?
(Choose three.)
E. There can be only one organization at the top of the organization tree.
F. Locations, organizational units, and business partner organizations are technically different
containers
Answer: A, C, D
QUESTION NO: 83
A. Accounts for Active Directory, Enterprise LDAP User, and Exchange are provisioned
immediately. An approval request is sent to the Payroll system owner for approval of the Payroll
account. An approval request is sent to the Sales system owner for approval of the Sales account.
An approval request is sent to the Information Technology Risk group for approval of the Global
Administrator account and for justification information.
B. Accounts for Active Directory, Enterprise LDAP User, and Exchange are provisioned
immediately. An approval request is sent to the employee's first-line manager for approval of the
Payroll account. An approval request is sent to the Sales system owner for approval of the Sales
account. An approval request is sent to the Information Technology Risk group for approval of
the Global Administrator account and for justification information.
C. Accounts for Active Directory, Enterprise LDAP User, and Exchange are provisioned
immediately. An approval request is sent to the peer of the employee's first-line manager for
approval of the Payroll account. An approval request is sent to the Sales system owner for
approval of the Sales account. An approval request is sent to the Information Technology Risk
group for approval of the Global Administrator account and for justification information.
D. Accounts for Active Directory, Enterprise LDAP User, and Human Resources are provisioned
immediately. An approval request Is sent to the peer of the employee's first-line manager for
approval of the Payroll account. An approval request is sent to the Sales system owner for
approval of the Sales account. An approval request Is sent to the Information Technology Risk
group for approval of the Global Administrator account and for justification information.
Answer: B
QUESTION NO: 84
What is the key area of concern when considering the high availability (HA) design for the IBM
Tivoli Identity Manager (Tivoli Identity Manager) Application Server?
A. the directory server replication framework to eliminate single points of failure and provide
peer-to-peer failover for the Tivoli Identity Manager application server
B. the configuration of DB2 high availability disaster recovery (HADR) to eliminate single
points of failure and provide peer-to-peer failover for the Tivoli Identity Manager application
server
C. the configuration of the WebSphere Application Server vertical clustering to eliminate single
points of failure and provide peer-to-peer failover for the Tivoli Identity Manager application
server
D. the WebSphere Application Server high availability framework and configuration to eliminate
single points of failure and provide peer-to-peer failover for the Tivoli Identity Manager
application server
Answer: D
QUESTION NO: 85
Which two options should be included in a custom adapter design document? (Choose two.)
Answer: B, C
QUESTION NO: 86
D. e-mail notification requirements when a new IBM Tivoli Identity Manager identity is created
with an identity feed
Answer: D
QUESTION NO: 87
D. Password rules can be extended using the Pluggable Authentication Module (PAM)
framework
Answer: C
QUESTION NO: 88
Which two options are part of the customization design process? (Choose two.)
Answer: D, E
QUESTION NO: 89
Which two statements are true in relation to designing custom person entities? (Choose two.)
C. ACIs for the new person entities must be defined before the entity is created.
D. An objectclass can be used by multiple person entities in IBM Tivoli Identity Manager.
E. An entity's objectclass in IBM Tivoli Identity Manager can be named the same as the
objectclass in the customer's authoritative source directory.
Answer: B, E
QUESTION NO: 90
A customer wants to translate the logical architecture into a physical model the IBM Tivoli
Identity Manager (Tivoli Identity Manager) configuration? Which change must be made to
increase the security and performance of the IBM Tivoli Identity Manager (Tivoli Identity
Manager) configuration?
A. Keep the configuration as it is, no changes are needed.
B. Move the HTTP server to a standalone computer that has no other Tivoli Identity Manager
component.
C. Remove the HTTP server component and use built-in WAS HTTP service to improve
performance and avoid a security breach.
D. Establish a two-way SSL channel between the HTTP server and Tivoli Identity Manager.
Gain performance by keeping the HTTP server in the same Tivoli Identity Manager computer.
Answer: B
QUESTION NO: 91
Which information is stored in a certificate used to secure the connection between IBM Tivoli
Identity Manager Server and its adapters?
Answer: A
QUESTION NO: 92
Which file in English locale contains the definition for the IBM Tivoli Identity Manager screen
text that can be customized?
A. enRole.properties
B. CustomLabels. properties
C. CustomScreenText_en.propeities
D. SelfServiceScreenText_en.properties
Answer: D
QUESTION NO: 93
B. With the use of a permit rule, a user can belong to all the roles in a given rule.
C. The number of roles that you allow to coexist must be at least one fewer than the number of
roles in the list.
D. Each rule must have one or more roles listed, the number of roles to which a user can belong
depends on the number in the list
Answer: C
QUESTION NO: 94
D. the relationship between organizational roles and IBM Tivoli Identity Manager groups
Answer: A
QUESTION NO: 95
What are the primary sources for gathering identity policy requirements?
A. IBM Tivoli Identity Manager System Architecture and IT Security account creation
procedures
B. IBM Tivoli Identity Manager Solution Design Document and IT Security account creation
procedures
C. IBM Tivoli Identity Manager System Architecture and the access control policies for the
customer's Web space
D. IBM Tivoli Identity Manager Solution Design Document and the access control policies for
the customer's Web space
Answer: B
QUESTION NO: 96
Which three options are valid membership types of a provisioning policy? (Choose three.)
A. All
B. None
C. Others
E. Organizational role
QUESTION NO: 97
During an architecture discussion, a customer states that their company already has an extensive
LDAP infrastructure in place that supports the Enterprise Directory project. The Enterprise
Directory is currently provisioned by a feed from a human resources system. The eventual goal is
for IBM Tivoli Identity Manager (Tivoli Identity Manager) to provision the Enterprise Directory
so that other external applications can use It for authentication and authorization. As a result, a
significant amount of data interaction is expected to occur between Tivoli Identity Manager and
the Enterprise Directory. Which option would be appropriate for a Tivoli Identity Manager
architecture at the customer site?
A. Create a separate instance of the LDAP directory server to use for Tivoli Identity Manager.
B. Create a new suffix for Tivoli Identity Manager in the existing Enterprise Directory LDAP
directory server.
C. Create a new root for Tivoli Identity Manager under one of the existing suffixes in the
Enterprise Directory LDAP directory server.
D. Phase out the Enterprise Directory, because the Tivoli Identity Manager LDAP directory can
be positioned as the Enterprise Directory by augmenting its person and account attributes.
Answer: A
QUESTION NO: 98
When using the IBM Tivoli Identity Manager user interface, which categories can the report
templates be applied to?
Answer: C
QUESTION NO: 99
A customer requires additional attributes as per their IBM Tivoli Identity Manager solution
design. Which base LDAP objectclass is used to extend the schema to add new attributes to
create a custom person class?
A. person
B. erPerson
C. erPersonltem
D. inetOrgPerson
Answer: D
Identification of target platform business processes is essential to which IBM Tivoli Identity
Manager configuration task?
A. Adoption policies
B. Account re certification
C. Organization administration
Answer: B
QUESTION NO: 101
Which post-upgrade validation test would verify that the custom entity object was intact?
Answer: A
Which two statements are true of groups and ACIs in an out-of-the box IBM Tivoli Identity
Manager (Tivoli Identity Manager) environment populated with some users and some basic
services reconciled? (Choose two.)
A. The default HelpDesk Assistant group allows members of that group to manage entitlement
workflows.
B. Groups define what tasks Tivoli Identity Manager users will see on the administrative console
through their group membership.
C. In the shipped product, default groups and default ACIs reflect the typical needs of
administrative users in Tivoli Identity Manager.
D. Access owners can access the basic services relating to their defined target group Accesses
without the need for additional ACIs.
E. Members of the default Auditor group need additional ACIs only to manage their directly
defined subordinates in Tivoli Identity Manager
Answer: C, D
QUESTION NO: 103
Answer: A, D, F
Which option describes best practices for scheduling recertification in large organizations?
D. Divide the accounts into quarters and schedule them on a quarterly basis
Answer: A
Which test phase should occur first in an IBM Tivoli Identity Manager acceptance plan?
A. system testing
B. functional testing
C. performance testing
Answer: B
A customer requires that mission-critical LDAP-based applications like IBM Tivoli Identity
Manager (Tivoli Identity Manager) use LDAP replication. The Tivoli Identity Manager recovery
design implements an LDAP master/replica topology. Which statement describes the actions that
must be taken to most quickly recover from a failure of the master LDAP?
A. Tivoli Identity Manager must be quiesced and pointed to the correct LDAP.
C. Tivoli Identity Manager must be quiesced while the master LDAP is re-created from the
subordinate.
D. Tivoli Identity Manager will fail over automatically to the subordinate LDAP because of
properties specified in the enRoleLDAPConnection .properties file.
Answer: A
A. installation
B. assessment
C. customization
D. solution design
Answer: D
Which two LDAP directory servers does IBM Tivoli Identity Manager V5.1 support? (Choose
two.)
A. OpenLDAP
B. Novel! eDirectory
Answer: D, E
What configuration file is used to set up the default values for IBM Tivoli Common Reporting?
A. config.xml
B. defaults .xml
C. defaultsConfig .xml
D. reportingConfig.xml
Answer: D
When installing IBM Tivoli Identity Manager V5.1 on a UNIX system, what is the log-in
account type requirement?
A. Root
B. Superuser
C. Administrator
D. Root Equivalent
Answer: A
A. Import the custom jar file using Import/Export from the administrative console; install the
adapter on the target.
B. Import the custom jar file using Import/Export from the administrative console; the adapter
profile is ready for use.
C. Import the custom jar file and the Service Definition file using the Import button on Manage
Services Types on the administrative console.
D. Click Create under Manage Service Types, define the new Service Type name, and then
browse for the new custom service schema on the LDAP class search facility.
Answer: C
A. CertCfg
B. CertTool
C. agentCfg
D. agentTool
Answer: B
A. nav.jsp
B. Home.jsp
C. console.css
D. SelfServiceUI.properties
Answer: C
Which files can be checked to verify that IBM Tivoli Directory Server is running normally?
Answer: C
Which option lists a set of valid membership items for an ACI to protect a static organizational
role in IBM Tivoli Identity Manager (Tivoli Identity Manager)?
A. the owner of the role, the role members, and the administrator of the domain in which the
roles resides
B. the owner of the role, the supervisor of the business unit in which the role resides, and
members of Tivoli Identity Manager groups
C. the supervisor of the role owner, the supervisor of the business unit in which the role resides,
and members of Tivoli Identity Manager groups
D. the supervisor of the business unit in which the role resides, the owner of the services that the
role grants access using provisioning policy, and members of Tivoli Identity Manager groups
Answer: B
Afresh copy of IBM Tivoli Identity Manager (Tivoli Identity Manager) has been installed and
the Active Directory (AD )adapter profile has been imported. Extension attributes are added to
customize the AD profile. The account form labels for the new attributes are specified in which
two places? (Choose two.)
Answer: B
A. enRole.properties file
B. IBM Tivoli Identity Manager Database
Answer: D
Under which three conditions are service selection policies evaluated? (Choose three.)
Answer: B, C, F
Which two Configure View options can be set for the IBM Tivoli Identity Manager V5.1
Administrative Console? (Choose two.)
A. View Accounts
B. Request Accounts
C. Change Passwords
D. Manage Adoption Policies
Answer: C, D
C. divisionA can exist on the erdivision attribute. All other values are also valid.
D. Any value other than divisionB will be invalid because enforcement = Mandatory
Answer: C
Which option describes the initial setting of the recycle bin in IBM Tivoli Identity Manager
(Tivoli Identity Manager) V5.1?
D. The recycle bin settings cannot be modified in Tivoli Identity Manager V5.1
Answer: A
Which option describes the processing when two provisioning policies apply to a user for the
same service?
B. The policy with the lowest priority is the only one that is processed.
C. The policy with the highest priority is the only one that is processed.
D. The policies are joined according to the current join directives, and the resulting attribute
elements are provisioned
Answer: D
When the IBM Tivoli Identity Manager administrator is searching for a user from the Manage
User > Select a User panel, the default value for Search By is set to Last Name. The
administrator would like to set the default value to MyCoUid, which is a unique identifier used at
MyCo. Which action must the administrator perform?
A. Using the Directory tools, remove the Last Name attribute and add the MyCoUid attribute.
B. From Manage Users > Advanced Search, modify the default search attribute for the Person
User type.
C. From Configure System > Manage Entities, modify the default search attribute on the Entity
Detail Information form.
D. From the Manage Users > Select a User panel, select MyCoUid from the drop-down Search
By list box and click Save
Answer: C
B. On the Post Office configuration panel, select the General tab, select workflow activities, and
save the post office configuration.
C. Select the Notification tab on the workflow activity in the Workflow Designer, check the Use
Group Email Topic, enter a value, and save the workflow.
D. Open the Post Office configuration panel, select the Workflow tab, select the workflows that
will use the post office using the check boxes, and save the post office configuration.
Answer: C
Which two rules apply when two or more access control items conflict? (Choose two.)
A. An explicit denial (using a Deny selection) by one access control item overrides an explicit
grant by other access control items.
B. An implied denial (using a None selection) by one access control item overrides an explicit
grant by other access control items.
C. An explicit grant by one access control item overrides an implied denial (using a None
selection) by other access control items.
D. An implied grant by one access control item overrides an implied denial (using a None
selection) by other access control items.
E. An explicit grant by one access control item at the organization level overrides an implied
denial (using a None selection) by other access control items.
Answer: A, C
An organization would like the End User community to be able to change personal profile
information. To accomplish this change in the self-service application, which two tasks would
the administrator need to perform IBM Tivoli Identity Manager (Tivoli Identity Manager)?
(Choose two.)
B. Change the Access Control Item and grant the modify permission for person.
C. Change the Access Control Item and grant the modify permission for account.
D. From the Tivoli Identity Manager Self-Service User Interface, enable the Change My
Personal Profile from Set System Security > Manage Views > User Views > Configure Views >
Self Service Console.
E. From the Tivoli Identity Manager Administrative Console, enable the Change My Personal
Profile from Set System Security > Manage Views > User Views > Configure Views > Self
Service Console.
Answer: B, E
Which two statements are true for service type account defaults? (Choose two.)
A. Account defaults must be hard-coded values or a person attribute.
B. Service type account defaults must be specified for each created service.
C. Service type account defaults are global and are inherited by a service when the service is
created.
D. Subsequent changes to the account defaults on the service type are not reflected in existing
services.
E. Account defaults for an existing service can be modified by changing the service type account
defaults
Answer: C, D
Answer: A
C. An identity will be created based on the person's first initial and last name
D. An identity will be created based on the person's last initial and first name
Answer: C
Click the Exhibit button. What impact will the value of the enrole.ui.pageLinkMax properly have
on the behavior of the Self Service Console?
A. This property determines the number of page links displayed for multipage result sets.
B. This property determines the maximum time period before a timeout occurs when a user
clicks a link on the Self Service Console.
C. This property determines the number of page links displayed for multipage result sets. It
cannot exceed the value specified by the enrole.ui.pageLinkMax property specified in the
ITIM_HOME/data/ui. properties file.
D. This property determines the maximum number of Web page links to tasks that will be
displayed in a section. If more page links exist, the Self Service Console will display a More link
that can be clicked to display the rest of the tasks.
Answer: A
A. Person
B. Service
C. Provisioning policy
Answer: A
A company has a policy not to notify users directly when they have a new account and password;
instead, they want the respective department security administrators to inform the employees
when a new account and password is created. Each of the five departments has its own
administrator which has been granted the IBM Tivoli Identity Manager (Tivoli Identity Manager)
Group Dept Admin. Additionally, every department administrator has the is Admin check box
checked on the Tivoli Identity Manager person profile. The company wants only the department
administrator to be notified when a new account is created for any employee in their department.
Which step would not be required in implementing a solution for the above scenario?
A. Disabling the New Account notification base template.
C. Modifying the add person operational workflow by adding a work order to the department
administrator.
D. Modifying the add account operational workflow by adding a work order to the department
administrator
Answer: C
When multiple password policies apply to a service, which option describes how password
policy is applied to the service?
A. All the password policies that target the service are joined and applied.
B. The password policy that most specifically targets the service is applied.
C. The global password policy (that applies to All Service Types) is joined with the password
policy that targets the service most specifically and applied.
D. The password policy that most specifically targets the service is applied. If there Is more than
one policy that targets the service at the same specificity, they are joined and applied.
Answer: B
When adding an e-mail activity to a workflow, which option is a valid system template from
which e-mail content can be created?
A. RFISubmitted
B. ActivityRejected
C. ActivityApproved
D. WorkflowComplete
Answer: A
The IBM Tivoli Identity Manager system-wide Escalation Limit is set to 2 days 0 hours 0
minutes. The Reminder Interval is set to 1 day and an entitlement workflow approval activity
(Escalation participant: Branch Manager) set to an escalation period of 3 days, 12 hours, 0
minutes. Assuming that Post office is turned off, no approval for the Access request has taken
place and default Approval activity notification settings apply, which statement is true?
A. The Branch Manager will receive two reminder e-mails before receiving the escalation e-
mail.
B. The Branch Manager will receive an escalation e-mail after 2 days 0 hours 0 minutes as no
approval has taken place.
C. The Branch Manager will receive an escalation e-mail after 3 days 0 hours 0 minutes as no
approval has taken place.
D. The Branch Manager will receive an escalation e-mail after 3 days, 12 hours, 0 minutes as no
approval has taken place
Answer: D
What is one drawback when using dynamic roles versus static roles?
A. Dynamic roles add a performance hit.
B. Dynamic roles can only be used for assigning membership to provisioning policies.
C. Membership (assignments) cannot be viewed from the Person Entity Information panel.
D. Membership (assignments) cannot be viewed from the organizational roles information panel
Answer: A
A. new person
B. new account
C. suspend person
D. change password
E. password expiration
Answer: B, D
What is the response from the IBM Tivoli Identity Manager logon page when the LDAP
directory server is not currently running?
C. CTGIM <error code> A communication error occurred: A remote host refused an attempted
connect operation
D. CTGIM <error code> The specified user ID and password are not valid. CTGIM <error code>
The directory server is not available.
Answer: D
A company has a requirement that all account creations be logged into the Remedy tracking
system. As a result, a custom JavaScript extension developed to send the new account
information to Remedy in near-real-time. The new extension Java class, gbcUtilitiesExtension, in
package com.ibm.itim.scriptextensions was developed by the IBM consulting team and packaged
into gbcUtilities.jar. Which addition to the scriptframework.properties file would be the most
appropriate for integrating the new extension?
A. ITIM .interpreter.Workflow=gbcUtilities
D. ITIM.extension.accountAdd.gbcUtils=com.ibm.itim.script.extensions.gbcUtilitiesExtension
Answer: C
A. AD
B. CSV
C. DSML
E. Hosted Service
Answer: B, C
Which default objectclass will IBM Tivoii Identity Manager V5.1 expect during an identity feed?
A. inetOrgPerson
B. hruserOrgPerson
C. distinguishedName
D. userPrincipalName
Answer: A
A company uses PeopleSoft to generate a unique employee designator as each new employee is
entered into the HR system. IBM Tivoii Identity Manager has been configured to import the HR
data from PeopleSoft, including the unique identifier (gbcuid). As a policy, the company has
used the gbcuid attribute as the DID of its managed targets. Recently, IBM consultants
implemented the AD service to manage the company's primary AD domain. During the
discovery phase, it was found that an older algorithm for generating AD UIDs had been used
before the company's policy of using the gbcuid attribute. The older algorithm concatenated the
last name with a serial number. Which action could the IBM consultants take to match all of the
AD accounts to their corresponding person entities?
A. In the Add workflow, set the erllases values to both the gbcuid and the value generated by the
older algorithm; then rerun the data feed from PeopleSoft.
B. Create an adoption rule that includes logic for returning people that correspond to both
eraliases and the older algorithm; then rerun the AD reconciliation.
C. Create an adoption rule that includes logic for returning people that correspond to both
eraliases and the older algorithm; then rerun the data feed from PeopleSoft.
D. Create an adoption rule that includes logic for returning people that correspond to the older
algorithm, and in the Add workflow, set the erliases values to the gbcuid; then rerun the AD
reconciliation
Answer: B
QUESTION NO: 144
For IBM Tivoli Identity Manager (Tivoli Identity Manager) 5.1 DAML-based adapters, what
item relating to reconciliations can be configured using agentCfg?
A. use of xforms.xml
Answer: D
Which file contains the output for Java extensions that use system, out. println() methods?
A. msg.log
B. trace.log
C. SystemOut.log
Answer: C
B. trace.log
C. SystemErr.log
D. SystemOut.log
E. cfg_itim_mw.log
Answer: C, D
While testing communications to a DAML managed resource in the Manage Services screens, a
message is displayed indicating failed communication What are two possible reasons for this
failure? (Choose two.)
Answer: A, D
Which two statements are true when enabling increased trace logging to help determine a
problem in IBM Tivoli Identity Manager? (Choose two.)
A. Set logger.trace.level=DEBUG_MAX in errorLogging.properties.
E. Configure the setting logger.trace.leveNIO for maximum detail in the trace log
Answer: C, D
A functioning IBM Tivoli Identity Manager (Tivoli Identity Manager) test environment has been
configured and tested and is ready to move into production. The information in the Tivoli
Identity Manager Directory Server has been migrated to production. Additional configuration
information should be promoted from the Tivoli Identity Manager server file system. Which
additional data would need to be promoted to production?
Answer: C
When migrating IBM Tivoli Identity Manager (Tivoli Identity Manager) from a test to a
production environment, which task is valid?
C. Assign the Tivoli Identity Manager test server the same host name as the production server.
D. Copy all the IBM Tivoli Directory Server data files to the Tivoli Identity Manager production
system
Answer: B
After testing the SSL connection between the IBM Tivoli Identity Manager V5.1 server and the
directory server, the login fails. Which two options should be checked? (Choose two.)
Answer: B, D
Consider an identity synchronization scenario at a customer where the customer wants to pull in
identities at scheduled times, and push emergency identity deletes to IBM Tivoli Identity
Manager (Tivoli Identity Manager) for offboarding in near real time. Which statement is true in
this scenario?
A. A DSML identity feed service in Tivoli Identity Manager can onboard and offboard identities.
B. Identities deleted in Tivoli Identity Manager during an identity feed are never placed into the
Recycle Bin.
C. Reconciling an identity feed service with the Use Workflow option enabled will allow
provisioning and separation of duty policies to be evaluated during processing.
D. An IDI data feed identity service can be reconciled to pull in identities into Tivoli Identity
Manager, and can be contacted by an external process to push identities to Tivoli Identity
Manager.
Answer: D
A manual service has been created to provision voice mail accounts in IBM Tivoli Identity
Manager (Tivoli Identity Manager). Which reconciliation strategy is available to reconcile voice
mail accounts?
A. The voice mail accounts can be reconciled with a CSV file that contains voice mail account
attribute and group information.
B. Reconciliation is a redundant concept for manual services because Tivoli Identity Manager
does not actually communicate with the remote platform.
C. Account data must be reconciled by using an external process or utility that can read voice
mail account data and use the Tivoli Identity Manager API to perform reconciliation.
D. The voice mail account and group data must be sent over as a form submittal using HTTP or
HTTPS to the Tivoli Identity Manager 5.1 Reconcile Manual Service servlet at
http(s)://itimServer:port/itim/ reconcileManualServlet.
Answer: A
What are two means of testing connectivity to the IBM Tivoli Identity Manager LDAP
directory? (Choose two.)
A. DBConfig
B. runConflg
C. Idapsearch
D. SetupEnrole
Answer: B, C
Which statement is true for the use of V4.6 adapters with IBM Tivoli Identity Manager (Tivoli
Identity Manager) V5.1?
B. All V4.X adapters are fully supported by Tivoli Identity Manager V5.1.
C. All V4.6 adapters based on RMI are fully supported by Tivoli Identity Manager V5.1.
D. All non-FTP V4.6 adapters can be used with Tivoli Identity Manager V5.1 (upgrade
scenario); the adapters will not support any new V5.1 adapter features.
Answer: D
In IBM Tivoli Identity Manager (Tivoli Identity Manager), which two data can the DBPurge
utility affect? (Choose two.)
A. Orphaned accounts
B. Auditing data in the Tivoli Identity Manager database
Answer: B, E
IBM Tivoli Identity Manager (Tivoli Identity Manager) reconciliations are resource-intensive
operations that can take a long time for services with a large account population. Which option
will improve reconciliation performance?
D. Limit the number of attributes returned by the adapter and processed by Tivoli Identity
Manager
Answer: D
Which option correctly describes a task to be done before the installation of a fix pack on the
IBM Tivoli Identity Manager V5.1 server?
Answer: D