[1/29] Which General Register might be trusted on entry to a PC routine?
[2/29] Which of the following could be susceptible to a buffer overflow if left unchecked?
PC routines with variable length parameters
All of them
Web servers with variable length interfaces
Null terminated strings
[3/29] Which information is NOT collected by zERT?
[4/29] In what security immune system domain does Data Set Encryption reside?
Identity and Access
[5/29] What is the name of the encryption hardware accelerator available on each microprocessor of the z14 providing up to 7x performance?
[6/29] Which is a way to access and modify RACF data from the network?
IBM Tivoli Directory Server for z/OS
[7/29] What is a common asymmetric key encryption algorithm?
All of them
[8/29] Which of the following is not a property of authorization?
[9/29] What is “privilege creep”?
A condition when access failures generate a large number of alerts
When the process to grant system access is really slow
When a system admin spies on other users without their knowledge
A gradual accumulation of access rights beyond what an individual needs to do his job
[10/29] Why should I subscribe to the IBM Z Security Portal?
To review all CVEs
To get notified of the latest security information
To gain access to CVSS data
To hack z/OS applications
[11/29] Which of the following is an attack where a malicious user attempts to either guess or confirm valid users in a system?
user enumeration attack
[12/29] Which of the below functions can a PKI Services administrator not perform?
Update a request
Modify a certificate
Approve a request
Revoke a certificate
[13/29] Which of the following is not found in the z/OS CVSS Data file available from the IBM Z Security Portal?
[14/29] Which keyword determines whether an unauthorized requester can invoke the PC?
[15/29] Which of the following fields is not in a digital certificate?
[16/29] Which of the following ENQ QNames is most appropriate for an authorized program?
[17/29] Your AT-TLS policy can specify which of the following?
All of these and more
Time of day
[18/29] Which of the following algorithms is NOT specified in a cipher suite definition?
[19/29] The ability to eliminate the storage administrator from the compliance scope is found at what layer of encryption?
File or data set
Full disk & tape
[20/29] How can a user configure the default priority of security providers?
Change the order of the provider jar files in the classpath
Change the order of the provider list in the java.policy file
A user cannot change the priority of security providers
Change the order of the provider list in the java.security file
[21/29] What is the recommended method for assigning superuser authority?
Using the BPX.DAEMON resource in the FACILITY class
Assigning a uid of 0
Using the BPX.SUPERUSER resource in the FACILITY class
Using UNIXPRIV profiles
[22/29] Which of the following is not considered a sensitive resource to RACF's health check of the same name?
System Rexx dataset
[23/29] When an authorized user requests data from Db2 using SQL that is encrypted on disk they will see...
Data in the clear
No data will be returned
An SQL Error code
[24/29] What is the best way to verify the address of a control block provided by an untrusted requester?
Run an independent chain to match the address
Test the storage key
Make a safe copy
Check the eye catcher
[25/29] How many levels of indirect parameters are trusted on entry to a PC available to unauthorized callers?
The first one
The first three
All of them
None of them
[26/29] Resource managers make security requests through the set of interfaces called the ____
CIA: Confidentiality Integrity and Availability subsystem
TCB: Trusted computing base
SAF: System Authorization Facility
ESM: External Security Manager
[27/29] Which of the following is not a type of KDS?
[28/29] What is the most important part of symmetric key encryption?
A different key is used for encrypt and decrypt operations
There is no key for this type of encryption
The same key is used for encrypt and decrypt operations
Each encryption creates a unique key
[29/29] After you are done reading and writing your data securely using System SSL APIs, what is the first step you should take?
Shutdown the environment
Shutdown the connection
Close the connection
Close the environment
Badge Certification Score