A system administrator needs to deploy a new enterprise application which requires that application security be enabled, but, the existing applications in the cell cannot be executed with application security enabled. The cell has the global security and Java 2 security disabled.
How can the administrator handle this requirement?

1. A. Enable Java 2 security for the cell.Create a security domain with application security enabled.Associate the security domain to the new application.
2. B. Enable Java 2 security for the cell.Create a security domain with application security enabled.Associate the security domain to a new cluster to be used to deploy the new application.
3. C. Enable administrative security for the cell.Create a security domain with application security enabled.Associate the security domain at the application level for the new application.
4. D. Enable administrative security for the cell.Create a security domain with application security enabled.Associate the security domain to the new cluster where the new application is deployed.

Correct Answer: C
When Java 2 security is enabled for a WebSphere Application Server, all the applications that run on WebSphere Application Server undergo a security check before accessing system resources. An application might need a was.policy file if it accesses resources that require more permissions than those granted in the default app.policy file
References: https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tsec_ waspolicy.html

A system administrator is required to monitor the application server logs for heap memory issues and determine if the heap memory usage is reaching close to 70% of the maximum heap. The application server is configured with an initial heap of 256 MB and a max heap of 1 GB.
How should the administrator determine if the application server is utilizing 70% of the max allocated heap memory?

1. A. Check the System logs for OutOfMemoryErrors.Trigger a heap dump from the Integrated Solutions Console (ISC).Analyze the heap dump.
2. B. Configure WebSphere Application Server to enable verbose garbage collection.Analyze the garbage collection cycles in the native logs.
3. C. Configure Initial heap to be equal to the max heap.Trigger a heap dump from theIntegrated Solutions Console (ISC).Analyze the heap dump.
4. D. Configure WebSphere Application Server to increase max heap.Trigger a heap dump from the Integrated Solutions Console (ISC).Analyze the heap dump.

Correct Answer: B
Enabling verboseGC (Garbage Collection) output is often required when diagnosing issues with WebSphere Application Server. Because verboseGC data is critical to troubleshooting memory and performance problems and the overhead is generally very low, you may want to consider proactively enabling it in your environment.
References: http://www-01.ibm.com/support/docview.wss?uid=swg21114927

A system administrator needs to view the list of certificates for unmanaged web server located on a remote system.
How should the administrator do this?

1. A. View the plugin-cfg.xml
2. B. Look at the SSL configuration in the httpd.conf
3. C. Use iKeyman to view the keyring.
4. D. Use the administrative console to check the content of the cell default keystore.

Correct Answer: C
You do not have a secure network connection until you have created a key for secure network communications and received a certificate from a certificate authority (CA) who is designated as a trusted CA on your server. Use IKEYMAN to create the key database file, public-private key pair, and certificate request. After you receive the CA-signed certificate, use IKEYMAN to receive the certificate into the key database where you created the original certificate request.
References: http://www- 01.ibm.com/software/webservers/httpservers/doc/v10/ibm/9atikeyu.htm

An organization updated their LDAP directories and modified user roles. The roles that were configured to have access to a highly secured enterprise application were deleted and new roles with new names were created. The application then had security related exceptions.
How can a system administrator resolve the exceptions and restore security for the
application?

1. A. Modify the mapping of security roles of the application to the new LDAP roles.
2. B. Modify the application and remove all security constraints and redeploy the application.
3. C. Modify the application to have a runAs role for each new LDAP role and redeploy the application.
4. D. Create an administrative authorization group with administrator privileges scoped for the application with an administrative group role for the new LDAP roles.

Correct Answer: A

A JAX-WS EJB stateless session bean web service needs to be accessed by consumers outside the corporate domain.
Which configuration will help a system administrator meet the requirement?

1. A. Open firewall ports for both bootstrap and orb listener ports within the cell.
2. B. Configure plug-in in the DMZ to send request to the cluster members.
3. C. Configure on demand router (ODR) in the DMZ to send requests to the cluster members.
4. D. Configure HTTP tunneling to send the client-side Object Request Broker (ORB) request to the server-side ORB.

Correct Answer: A