Exam Code: C2150-575 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: IBM Tivoli Federated Identity Manager V6.2.2 Implementation
Certification Provider: IBM
Free Today! Guaranteed Training- Pass C2150-575 Exam.
2021 Apr C2150-575 Study Guide Questions:
Q41. A partner, in the context of Federated Single Sign-On, is a participating entity in a federated relationship which operates in the role of what?
A. a Trusted Provider
B. a Service Provider (SP)
C. the Identity Provider (IdP)
D. either an IdP or a SP
Answer: D
Explanation:
Q42. When configuring a SAML 1.1 partner using Browser/POST, how can the assertion from the IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) Identity Provider (IdP) be tested using a browser capture tool (such as Fiddler) to ensure correct values are being sent?
A. An HTTP POST can be issued to the Service Provider (SP) login endpoint with the query string parameters IDP_PROVIDER_ID and TARGET. After the HTTP 302 redirect to the IdP, the ROT13 encoded SAML response can be extracted from the HTML form in the HTTP 200 response. After decoding, the SAML response may be examined.
B. An HTTP POST can be issued to the SP login endpoint with the query string parameters idp_provider_id and target. After the HTTP 302 redirect to the IdP, the Base64 encoded SAML response can be extracted from the HTML form in the HTTP 200 response. After decoding, the SAML response may be examined.
C. An HTTP GET can be issued to the IdP login endpoint with the query string parameters SP_PROVIDER_ID and target. The Base64 encoded SAML response can be extracted from the HTML form in the HTTP 200 response. After decoding, the SAML response may be examined. The SP does not need to be functional or accessible to perform the test.
D. An HTTP GET can be issued to the IdP login endpoint with the query string parameters IDP_PROVIDER_ID and target. The Base64 encoded SAML response can be extracted from theHTML form in the HTTP 200 response. After decoding, the SAML response may be examined. The SP does not need to be functional or accessible to perform the test.
Answer: C
Explanation:
Q43. What is a claim relative to security tokens?
A. Within a security token, it is a statement which establishes that the token was issued by a trusted party.
B. Within a security token, it is a statement which asserts policy governance for a resource such as an application, service endpoint, or other capability.
C. Within a security token, it is a statement which provides information about a resource such as a user identity, an entitlement, an attribute, capability, etc.
D. Within a security token, it is a statement which establishes ownership of or access to a resource such as an application, service endpoint, or other capability.
Answer: C
Explanation:
Updated C2150-575 exam question:
Q44. Which component(s) of IBM Tivoli Federated Identity Manager V6.2.2 are compliant with the WS-Trust standard?
A. Secure Token Service (STS)
B. STS, Security Token Service Universal User (STSUU)
C. STS, WS-Trust Web Service Description Language (WSDL)
D. STS, WS-Trust WSDL, STSUU
Answer: A
Explanation:
Q45. Which three main types of information taken from the Security Token Service Universal User object will be included in the work object provided as input to an IBM Tivoli Directory Integrator (TDI) assemblyline used as an IBM Tivoli Federated Identity Manager V6.2.2 mapping function? (Choose three.)
A. principal
B. attribute list
C. claims provider
D. token target type
E. resource requester
F. security token request
Answer: A,B,F
Explanation:
Q46. When creating a partner for an IBM Tivoli Federated Identity Manager V6.2.2 SAML 2.0 identity provider, the Default Post-Authentication Target URL is the location the user is redirected to under which condition?
A. after the partner validates the identity assertion if the partner does not provide a TARGET URL when the Single Sign-On protocol is initiated
B. after the partner validates the identity assertion if the partner does not provide a DEFAULT URL when the Single Sign-On protocol is initiated
C. after the Identity Provider validates the identity assertion if the partner does not provide a TARGET URL when the Single Sign-On protocol is initiated
D. after the Identity Provider authenticates the user and prior to assertion validation if the partner does not provide a TARGET URL when the Single Sign-On protocol is initiated
Answer: A
Explanation:
Precise C2150-575 free demo:
Q47. Assume IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) is installed in a clustered IBM WebSphere Application Server (WAS) environment. What is a concern with WAS TFIM runtime diagnostic trace analysis for Federated Single Sign-On (FSSO)?
A. The Common Audit Service component must be installed.
B. First Failure Data Capture timestamps may not be synchronized across cluster nodes.
C. SAML 2.0 artifact bindings and OpenID may cause diagnostic trace messages for a given FSSO transaction to span trace logs on multiple cluster nodes.
D. SAML 1.1 Browser/POST profile transactions may cause diagnostic trace messages for a given FSSO transaction to span trace logs on multiple cluster nodes.
Answer: C
Explanation:
Q48. A corporate intranet supports single sign-on (SSO) for internally facing Web applications accessed by employees. The company also has an external facing product support site used by customers, business partners, and company employees. Employee IDs are maintained in a user registry which is separate from the user registry for the support site. To use the support site, employees must register in the same manner other users do.
The customer has chosen to use IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) to provide SSO for employees between the intranet and the external facing support site so that an intranet SSO login can be leveraged for support site access. How can this capability be provided?
A. SAML 2.0 using persistent Name Identifiers can be used along with the TFIM Name Identifier Linking Service to link intranet and support accounts for employees. The intranet TFIM can be configured as an identity provider (IdP) in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 service provider (SP).
B. SAML 2.0 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.
C. SAML 1.1 using persistent Name Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 1.1 federation, and the support site TFIM can be configured as a SAML 1.1 SP.
D. SAML 2.0 using persistent Consent Identifiers and Name Identifier Management can be used along with the TFIM alias service to link intranet and support accounts for employees. The intranet TFIM can be configured as an IdP in a SAML 2.0 federation, and the support site TFIM can be configured as a SAML 2.0 SP.
Answer: B
Explanation:
Q49. What is an OpenID association?
A. a negotiated connection between provider and consumer
B. a required linkage between the claimed identifier and stateless user site
C. an optional URL/XRI string provided by the user established with the external site
D. a shared secret between a relying party and OpenID provider used to verify protocol messages and reduce round trips
Answer: D
Explanation:
Q50. When configuring the OAuth EAS for use with an IBM Tivoli Federated Identity Manager V6.2.2 (TFIM) OAuth federation, which capability is enabled?
A. OAuth decisions can be made part of the standard authorization on WebSEAL requests.
B. OAuth decisions can be made part of the standard authorization for a DataPowerXSL proxy.
C. OAuth decisions can be made part of the standard authorization for any policy enforcement point (PEP) which supports the WS-Authorization standard.
D. OAuth decisions can be made part of the standard authorization for the Tivoli Security Product Manager (TSPM) Runtime Security Services (RTSS) policy engine.
Answer: A
Explanation: