IBM Information Integration & Governance Sales Mastery v1 試験
Question No : 1
Your customer does a lot of testing and development overseas. Which solution should you immediately recommend to him/her:
Explanation: Many organizations use production data to populate their test environments. The problem with this is that if there is sensitive data in your production environment, then you are exposing that data to software developers and testers. IBM® offers the following two solutions to solve this problem: The InfoSphere® Optim® Data Masking option for Test Data Management, and the InfoSphere DataStage Pack for Data Masking. Both mask data and depersonalize it while still maintaining it's realism.
Question No : 2
What are the overall main business drivers for the Infosphere Security and Privacy Solutions?
Explanation: *Database Activity Monitoring: Three Key Business Drivers 1.Prevent data breaches
. Mitigate external and internal threats
Question No : 3
The customer needs to provide PCI compliance controls to encrypt the PCI PAN data inside of DB2, Oracle and SQL Server. Which product do you recommend to the customer?
Explanation: The need: Prevent users from inappropriately accessing or jeopardizing the integrity of enterprise data. Protect financial and transactional data including: payment card primary account numbers (PAN data), automatic cleansing house (ACH) transaction data and human resources (HR) data. Comply with Sarbanes-Oxley, Payment Card Industry Data Security Standard (PCI-DSS) and other financial privacy and audit regulations.
The solution: Implement BIM InfoSphere Guardium Database Activity Monitor.
Question No : 4
The most compromised assets of an enterprise by percent of breaches for Web/application servers and Database Servers is small, but yet remain the most important to protect. Why is that?
Explanation: Database Servers Are The Primary Source of Breached Databecause: *Database servers contain your most valuable information
CCredit card and other account records
CPersonally identifiable information *High volumes of structured data Easy to access
Question No : 5
When is data masking in the test environment NOT an important consideration?
Explanation: *Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. Thepurpose is to protect the actual data while having a functional substitute for occasions when the real data is not required.
Question No : 6
Which is a benefit of using Guardium DAM instead of Database Logging?
Explanation: IBM InfoSphere Guardium Data Activity Monitor(DAM)prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect data across the enterprise without changes to databases or applications or performance impact.
Question No : 7
An S-TAP is:
Explanation: You must install InfoSphere GuardiumS-TAP on each database server that you plan to use for capturing or replaying workloads. InfoSphere Guardium S-TAP is a lightweight software agent that monitors database traffic and forwards information about that traffic to an InfoSphere Guardium appliance.
Question No : 8
Which of the following regulations does Guardium NOT help address?
Explanation: InfoSphere Guardium is used by over 400 organizations world-wide to automate the controls associated with a variety of mandates including: Financial regulations, such as the Sarbanes-Oxley Act (SOX), FIEL and C-SOX Data Privacy regulations including the EU Data Privacy Directive, PIPEDA, Garante della Privacy and the German Federal Data Protection Act PCI DSS (Payment Card Industry Data Security Standard), providing support for capabilities specified in sections 2,3,6,7, 8,10, 11 and 12 HIPAA
Question No : 9
If the customer asks an IBM sales rep if Guardium supports the following items: "Dynamic Profiling", "User Rights Management", and "SCUBA", what is the most likely competitor is in the account?
Explanation: *Dynamic Profiling, which is the core of Imperva's dynamic white list security model, enables SecureSphere to detect any changes in application or database usage.
* Scuba: A Free Database Vulnerability Scanner A free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels.
Question No : 10
Infosphere Guardium Data Encryption (GDE) addresses compliance at the files system level through?
Explanation: InfoSphere Guardium Data Encryption encrypts databases and files “in place” and avoids the need to re-architect databases, files, or storage networks. Inserted above the file system and/or logical volume layers, InfoSphere Guardium Data Encryption is transparent to users, applications, databases and storage subsystems. It requires no coding, no modification toapplications or databases, and consequently deployments can be managed in weeks rather than months.
Question No : 11
Your customer deals with a lot of FOIA (Freedom of Information Act) requests and need to keep some information confidential. Which solution should you immediately recommend to him/her?
Explanation: *InfoSphere Guardium Data Redaction is a product aimed at achieving a balance between openness and privacy. Often, the same regulations require organizations to share their documents with regulators, business partners, or customers, and at the same time to protect sensitive information which may be buried in these documents *
Question No : 12
Which of the following is qualifying question you should ask the first time you speak to a new prospect/client about IBM's Infosphere Privacy and Security Solutions?
Explanation: * IBM InfoSphereData Privacy and Security for Data Warehousing enables organizations to reduce risk and cost associated with protecting sensitive data. The solution provides a complete set of capabilities to mask or redact data, monitor and audit data activity and maintain sensitive data definitions within select data warehousing environments.
Question No : 13
Home grown solutions are typically costly and ineffective when compared to Guardium Database Activity Monitor. The following are all reasons for this except: