Here you have the best IBM C2150-609 practice exam questions
A customer has a developed an OAuth 2.0 Client application to access resources on behalf of a user. The customer states that the OAuth client has the following two constraints:
1. The OAuth client is not capable of maintaining its credentials confidential for authentication with the authorization server.
2. The resources owner does not have a trust relationship with the client.
What is the suitable OAuth 2.0 grant type for the API Protection Policy if the user resource accessed by the OAuth 2.0 client is to be protected by IBM Security
Access Manager V9.0?
The suitable OAuth 2.0 grant type for the described client constraints is the Implicit Grant. This is because the Implicit Grant flow is designed for clients that are incapable of maintaining the confidentiality of their credentials and where there is no trust relationship with the resource owner. The Implicit Grant flow does not require the client secret, making it suitable for applications like single-page apps or mobile apps where client secrets cannot be securely stored.
In a customer environment, a REST API client is being developed to carry out Reverse Proxy configuration and maintenance. As part of one of the activities the customer needs to update the junction information with an additional Backend Server. The customer has written a REST API client but is not able to modify the junction.
Which HTTP headers should the customer pass?
To modify the junction information using a REST API client, the proper HTTP headers to pass should include Authorization for security purposes and content-type: application/json to indicate the format of the data being sent in the request body. Authorization is essential for granting the necessary permissions, while content-type ensures that the server understands the format of the incoming data. Therefore, the correct headers are content-type: application/json and Authorization.
During installation WebSEAL provides a default certificate key database that is used to authenticate both clients and junctioned servers.
Which stanza entry of the WebSEAL configuration file points to the default certificate key database (i.e. kdb file)?
The correct stanza entry in the WebSEAL configuration file that points to the default certificate key database is 'ssl-keyfile'. This entry specifies the location of the key database file (kdb file) that WebSEAL uses for SSL operations, including client and server authentication.
A company has a large number of users who use mobile applications. The company wants to implement context-aware access controls for these resources.
Which module of IBM Security Access Manager V9.0 should the company enable to support this requirement?
To support context-aware access controls for mobile applications, the company should enable the Mobile Access Control module of IBM Security Access Manager V9.0. This module is specifically designed to manage and secure mobile access, ensuring that users on mobile devices have the appropriate level of security based on their context.
A request for a virtual host junction shows an unexpected source IP address.
Which troubleshooting tool can be used to investigate this issue?
Packet Tracing is the appropriate tool to use for investigating an unexpected source IP address in a request for a virtual host junction. This tool captures all data packets traveling over a network, allowing for detailed analysis of the entire communication process, including the identification of source and destination IP addresses. This would help in determining why an unexpected IP address is being seen.