Session: 146 Questions 1. The Offline Authentication feature is intended to allow A.

the capability for a user to temporarily disable the Agent software while the user is working offline. B. an RSA SecurID authentication to be processed by a Replica server when the Primary server is offline. C. a user to complete an RSA SecurID authentication through the local Agent if the local Agent computer is offline. D. several users to use a single RSA SecurID token so that they can share another user's computer if their own computer is offline. Answer: C 2. If manual load balancing has just been set up for an Authentication Agent and it appears that the Agent is not contacting the desired servers, it might be helpful to verify the contents of the A. sdopts.rec file. B. sdconf.rec file. C. sdstatus.12 file. D. sdagent.rec file. Answer: A 3. If an RSA Authentication Manager database server uses a stand-alone database A. a custom schema must be applied prior to the server installation. B. the stand-alone database must be an LDAP compliant directory server. C. the stand-alone database must be installed prior to the server installation. D. all Primary and Replica database servers must attach to the same database. Answer: C 4. If a user inadvertently enters their RSA SecurID tokencode followed by their PIN, what would be the likely log message for this event? A. Authentication method failed B. Authentication method successful C. Bad PIN but good tokencode detected D. Authentication method failed, passcode format error Answer: A 5. Which of the following are required when installing the RSA Authentication Manager RADIUS Server on a separate host machine (separate from an Authentication Manager server)? (Choose four) A. Authentication Manager license file B. Authentication Manager server key file C. Authentication Manager certificate files D. Authentication Manager RADIUS package file E. Authentication Manager RADIUS configuration file F. Authentication Manager sdconf.rec configuration file G. Authentication Manager user profile and attributes file Answer: ABCD Leading the way in IT testing and certification tools, www.examkiller.net

6. If the option to sign RSA Authentication Manager log archives is not enabled during installation, A. audit logs will be created to track system activity but can not be archived. B. the signing function can only be enabled buy a Super Admin administrator. C. Authentication Manager must be re-installed to enable the signing function. D. the signing function must be applied manually whenever archive files are created. Answer: C 7. If an LDAP directory is arranged with the Organizational Units shown in the exhibit, how can two Authentication Manager Realms be structured such that Realm 1 contains the users in ou=B and Realm 2 contains the users in ou=C? A. Create an Identity Source for all ou=A users in the default SystemDomain realm then move the desired users to Realm 1 and Realm 2. B. Create an Identity Source for ou=B and associate it with Realm 1; create another Identity Source for ou=C and associate it with Realm 2. C. Create an Identity Source for all ou=A users, create separate Security Domains for ou=B and ou=C users, and associate each Security Domain with a realm. D. Create an Identity Source for ou=A and associate it with both Realm 1 and Realm 2 then filter each realm to include only the desired users for ou=B and ou=C. Answer: B 8. RSA Authentication Manager installation on a UNIX platform is similar to installation on a Linux platform because both platforms require A. an Enterprise license B. the installer to run as 'root' C. internet access to download security patch files D. the use of a command line console during installation Answer: B 9. RSA Authentication Manager time synchronous calculation A. uses UTC (GMT) time to calculate an RSA SecurID tokencode. B. is based on the offset between the user's local time zone and UTC (GMT) time. C. uses the NTP (Network Time Protocol) to calculate an RSA SecurID tokencode. D. depends on an accurate time setting of the RSA Authentication Agent host computer. Answer: A 10. If an RSA Authentication Manager deployment has two Replica servers ?Replica A and Replica B ?how does an authentication transaction performed on Replica A move to the audit database of Replica B? A. The Adjudicator service reconciles transactions from one Replica to another. B. Transactions performed on one server are broadcast to all servers in the deployment. C. Transactions are first sent to the Primary instance and are then sent out to Replica instances. D. A Transaction Job that is scheduled to run on an hourly basis sends transaction data from one server to other servers in the deployment. Answer: C Leading the way in IT testing and certification tools, www.examkiller.net

11. The ACME Company has a Primary server instance located in New York and a Replica server instance located in Los Angeles. How is a new user in the Los Angeles office added to the RSA Authentication Manager database? A. The user must be manually added to both the Los Angeles and the New York instances. B. The Administrator adds the user to the New York instance, which replicates the data to the Los Angeles instance. C. The Administrator adds the user locally to the Los Angeles instance, which replicates the data to the New York instance. D. The user is automatically added to both the Los Angeles and New York instances when they first authenticate with a token. Answer: B 12. RSA SecurID two-factor authentication requires A. two valid user-defined passwords. B. an RSA SecurID PASSCODE and PIN. C. an RSA SecurID token's tokencode and PIN. D. a Realm Administrator account and an Authentication Agent. Answer: C 13. For what installation situations is creating a 'package' file necessary before installation can begin? (Choose three) A. for RADIUS client installation B. for a Server Node installation C. for a RADIUS server installation D. for an Authentication Agent installation E. for a Replica database server installation F. for a Primary database server installation Answer: BCE 14. To administer an RSA Authentication Manager remotely (from a browser not on the Authentication Manager host computer), you must (Choose two) A. connect to Authentication Manager through a secure HTTPS protocol. B. assign at least one administrative role to the user that is logging in remotely. C. assign an RSA SecurID token to the administrator that is logging in remotely. D. configure the Administrative Policy to allow remote access through a browser. E. create a Server Certificate and store it in the remote browser prior to logging in. Answer: AB 15. The addition of an RSA Authentication Manager Server Node to a Replica instance requires A. an Authentication Manager Enterprise license. B. a connection to the Primary instance database. C. a Node Verification key file from the Replica database. D. the Replica server to be shut down during the installation procedure. Answer: A Leading the way in IT testing and certification tools, www.examkiller.net

16. In a Primary/Replica environment, administrative changes can be made only on a server in the Primary instance. A. True B. False Answer: A 17. RSA Authentication Agents are typically installed and configured A. only outside a corporate or internet firewall. B. according to a general security policy and access control plan. C. before the installation of the RSA Authentication Manager server. D. before users have been assigned and trained on the use of RSA SecurID tokens. Answer: B 18. If the ACME Company has a disaster recovery facility for their information systems, which statement best describes the installation strategy for Primary and Replica RSA Authentication Manager instances? A. The Primary Instance should be located at the disaster recovery facility; a Server Node should be installed in the headquarters facility for easy access by Administrators. B. The Primary Instance should be located in the headquarters facility for easy access by Administrators; a Replica Instance should be installed at the disaster recovery facility. C. A Primary and Replica Instance should both be located in the headquarters facility for easy access by Administrators; a Server Node should be installed at the disaster recovery facility. D. The Primary Instance should be located at the headquarters facility and configured only for Online Authentication; a Replica Instance should be installed at the disaster recovery facility and configured only for Offline Authentication. Answer: B 19. Token expiration dates A. vary according to the date contained in the license.rec file. B. are established when the new user first uses the token to log on. C. are programmed into a token's record at the time the record is created. D. are re-set by the Administrator using the 'Resynchronize Token' function. Answer: C 20. Microsoft Active Directory users can be assigned RSA SecurID tokens without using the Authentication Manager Security Console A. by establishing a read/write LDAP connection to Active Directory. B. if the Microsoft Management Console (MMC) RSA snap-in utility is installed. C. by editing the user Devices property in the Microsoft Users and Computers console. D. by enabling the Auto-Assign function in the Authentication Agent for Windows Security Center. Answer: B 21. If the RSA RADIUS server is NOT installed at the time of the RSA Authentication Manager software installation and the RADIUS function is needed at a later date, (choose two)

Leading the way in IT testing and certification tools, www.examkiller.net

A. it can be added to the Authentication Manager server through the Operations Console. B. it can be added to the Authentication Manager server using the add_rad_svr command line utility. C. it can be installed on a separate host and connected to the existing Authentication Manager server. D. Authentication Agents can be configured to proxy RADIUS transactions without the need for a RADIUS server E. it cannot be added to the Authentication Manager server without uninstalling then re-installing the server software. Answer: CE 22. In RSA Authentication Manager version 7.1, the Credential Manager function allows A. user self-service only if the deployment has an Enterprise license. B. business continuity options only if the deployment has a Base license. C. authenticator provisioning only if the deployment has an Enterprise license. D. authenticator provisioning and distribution only if the deployment has a CM-extended license. Answer: C 23. The RSA Credential Manager function allows A. users to self-register for RSA SecurID tokens. B. managers to control the deployment of Replica servers. C. administrators to install software token packages remotely. D. Agents to determine what credentials are valid for authentication. Answer: A 24. A Contact List rebalance procedure would typically be performed A. after installing an Authentication Agent. B. after installing a Replica server or Server Node. C. after restarting an Authentication Manager server. D. before adding an Authentication Agent to the database. Answer: B 25. What configuration settings are helpful to allow Agent-Server communications through firewalls and Network Address Translation? A. Node rebalance setting and Agent IP Verification setting B. Server instance alias and Agent Alternate IP Address values C. Primary instance Package contents and Agent name resolution priority setting D. Server instance Preference value and Agent Translated Node Secret (ATNS) setting Answer: B 26. If RSA Authentication Manager indicates that the license is not in compliance (the number of allowed active users is exceeded), what action can be expected? A. Authentications are suspended until the license is upgraded. B. The user and log databases are locked until the license is upgraded. C. Users without token assignments cannot have new tokens assigned until the license is upgraded. D. Additional users can not be added to the RSA Authentication Manager database until the license is Leading the way in IT testing and certification tools, www.examkiller.net

upgraded. Answer: C 27. Which of the following statements is true concerning the configuration of logging levels in the Authentication Manager Operations Console? A. Logging levels apply to the Authentication Manager realm in which they are configured. B. Logging levels apply to the Authentication Manager instance in which they are configured. C. Logging levels configured in the Primary apply to any Replica instances in the same deployment. D. Logging levels configured in the Operations Console become the default settings for the System Activity Monitor. Answer: B 28. Which are standard Activity Monitor menu options for RSA Authentication Manager version 7.1? (Choose three) A. Error B. System C. Incident D. Accounting E. Administrator F. Authentication Answer: BEF 29. The password policy associated with a Security Domain defines the A. parameters for user-created PINs. B. parameters for user Emergency Access Codes. C. password structure for authentication to the Self-service console. D. password structure for authentication through an Authentication Agent. Answer: C 30. During RSA Authentication Manager installation, you are prompted for (choose two) A. the identity of a DHCP server, if used. B. Authentication Manager digital certificate files. C. the current system time of the host computer. D. Super Admin account username and password. E. Operating System Administrator or Root user credentials. Answer: BD 31. Which of these statements about the RSA Authentication Manager LDAP interface is NOT true? A. Different LDAP directory servers can be specified as primary and failover data sources. B. A link to an LDAP directory can be established during Authentication Manager server installation. C. A single Authentication Manager Realm may be linked to several different LDAP directory servers. D. User and group data as well as user attributes can be linked from LDAP to Authentication Manager. Answer: B

Leading the way in IT testing and certification tools, www.examkiller.net

32. During installation of the RSA Authentication Agent for Microsoft Windows 6.x, the native msgina.dll file is A. renamed "aceclnt.dll". B. replaced (overwritten) by "aceclnt.dll". C. unchanged and an "aceclnt.dll" file is added. D. moved to the RSA Authentication Manager server. Answer: C 33. When planning an RSA SecurID system deployment in a Windows environment, the Windows Authentication Agent can be configured to A. prompt for RSA SecurID authentication based on the user's group membership. B. disable itself when the domain controller is disconnected from the Authentication Manager server. C. prompt for RSA SecurID authentication only if the user is a member of a Remote Access Server (RAS) group. D. log the user off the Windows domain if inactive for a period of 5 to 900 minutes ?as configured in the Logoff Policy. Answer: A 34. Ninety (90) days after installation, if the initial Super Admin user's password is not changed, the initial Super Admin user A. is required to change their password before accessing both the Operations Console and Security Console. B. can access both the Operations Console and Security Console but is reminded to change passwords after logon. C. is allowed to access the Operations Console but is required to change their password before accessing the Security Console. D. is locked out of both the Operations Console and the Security Console until another administrator re-sets the password and unlocks the account. Answer: C 35. As part of the Primary server installation, the installer automatically backs up certain files in the RSA Authentication Manager/backup/ directory. These files A. include the system private key file. B. hold the contents of the embedded database. C. are used to install Replica servers and Server Nodes. D. are deleted after the Primary services successfully start. Answer: A 36. When Windows Password Integration is enabled for a given Microsoft Windows implementation, what changes are required to the native Windows password policy? A. No changes are required to the native Windows password policies. B. The user profile must be configured such that a user's Windows password 'never expires'. C. The user profile must be configured such that a user 'cannot change' their Windows password. D. Windows passwords must be the same length as user passcodes (PIN length + tokencode length). Leading the way in IT testing and certification tools, www.examkiller.net

Answer: A 37. Which of the following is NOT a component of the technology used within an RSA SecurID token? A. algorithm B. private key C. time source D. seed record Answer: B 38. When an RSA SecurID for Microsoft Windows 6.x Agent is installed in a Windows domain environment, what action is taken to allow using the Windows Password Integration feature? A. a Windows server certificate must be available to the Agent installer to allow password integration B. users' Windows passwords must be re-set to conform to Authentication Manager password policy C. Authentication Manager Offline Authentication Policy must be configured to enable password integration D. users who will use integrated passwords must have membership in the Active Directory group specified during Agent installation Answer: C 39. When setting up an RSA Authentication Manager deployment, it is important that each Authentication Agent is installed with A. a server.cer certificate file. B. an agent_lic.xml license file. C. an sdconf.rec configuration file. D. a node_sec.dat node secret file. Answer: C 40. Designating an " Alternate IP Address " value in an Agent record in the Authentication Manager Security Console allows A. an Authentication Agent to use multiple node secret files. B. an Authentication Agent to seek the fastest responding server. C. an Authentication Agent to communicate with multiple servers simultaneously. D. Authentication Manager to recognize IP addresses for Agent authentication requests. Answer: D 41. Which are pre-defined administrative roles in RSA Authentication Manager? (Choose three) A. Site Administrator B. User Administrator C. Realm Administrator D. RADIUS Administrator E. Help Desk Administrator F. Identity Source Administrator Answer: BCE

Leading the way in IT testing and certification tools, www.examkiller.net

42. If you suspect there may be network communication problems within an RSA Authentication Manager clustered environment, what command line utility is helpful in identifying such problems? A. the node-ping utility B. the test-multicast utility C. the svr-comm-test utility D. the manage-nodes utility Answer: B 43. When using an RSA Authentication Agent for PAM, which of the following statements is true? A. Users designated for RSA SecurID authentication must have root privileges. B. A user's account must specify 'sdshell' to allow RSA SecurID authentication. C. When installing the Agent for PAM, the services file must be edited to add "securid_pam" as a TCP service. D. Service, rule and module information to support RSA SecurID authentication are contained in the pam.conf file. Answer: D 44. Which of the following statements is true regarding restriction of user access by time of day? A. Restricted times can only be set by using an Access Time template. B. Time restrictions are established according to user group membership. C. Fractional times zones can be selected for setting allowed access times. D. Time restrictions are enforced for both restricted and unrestricted Agents. Answer: B 45. In what way is the RSA Authentication Manager "Internal Database" different from an external Identity Source? A. The Internal Database contains policy and token data in addition to user and group data. B. The Internal Database is a read/write datastore while the external Identity Source is always read-only. C. The external Identity Source is a read/write datastore while the Internal Database is always read-only. D. The Internal Database utilizes LDAP while the external Identity Source can be configured for either LDAP or RDMBS. Answer: A 46. An RSA SecurID Offline Emergency Passcode A. can be used in place of a Lost Token Password for network-connected authentication. B. can contain a combination of alphabetic characters, numbers and punctuation characters. C. allows a one-time authentication and must be re-issued for each logon while the user remains offline. D. requires a user to supply their secret PIN with the Emergency Code to complete an authentication request. Answer: B 47. Which are essential requirements for successful communication between the RSA Authentication Manager server and RSA Authentication Agents? (Choose two)

Leading the way in IT testing and certification tools, www.examkiller.net

A. TCP/IP B. NETBIOS C. Ethernet LAN D. DNS or hosts files E. WINS or LMHOSTS Answer: AD 48. In Authentication Manager version 7.1 terminology, a "Server Node" is used to A. Replicate the database in either a Primary or Replica instance cluster. B. Gather and re-direct authentication requests from Agents to an available server. C. Provide a stand-alone database available to either a Primary or Replica instance. D. Provide additional authentication services in either a Primary or Replica instance cluster. Answer: D 49. In an RSA Authentication Manager version 7.1 environment, data replication to provide failover capability can take place between (choose two) A. Server Nodes B. RADIUS servers C. Database servers D. Offline data stores E. Authentication Agents Answer: BC 50. How many RSA Authentication Manager servers represents the maximum for an instance cluster? A. 1 database server and up to 4 Server Nodes B. 1 database server and up to 4 Replica servers C. 1 Primary server and up to 15 Replica servers D. 1 Primary server, 1 Replica server, and up to 4 Server Nodes Answer: A 51. An organization would like to deploy RSA Authentication Manager to allow two redundant connection points for daily administration and a Replica instance that can easily be promoted to a Primary by headquarters personnel in the event of disaster recovery. Which solution illustrated in the exhibit represents the best solution for these requirements? A. Solution A B. Solution B C. Solution C D. Solution D Answer: C 52. RSA Authentication Manager Replica servers A. can be promoted to a Primary server through a command line utility. B. require that promotion to a Primary server be initiated on the Replica. C. allow the Super Admin administrator to perform user account changes if the Primary server is offline. Leading the way in IT testing and certification tools, www.examkiller.net

D. can be configured to take over as a Primary server if x number of heartbeat signals are not detected within a specified time interval t. Answer: B 53. The RSA Authentication Agent for Web is intended to A. prevent designated web content from being downloaded to an end user's computer. B. challenge a user for authentication if the user attempts to access a protected web resource. C. challenge a user for authentication if the user attempts to log on locally to the web server host computer. D. allow users to access low risk resources using a password and high risk resources using two factor authentication. Answer: B 54. What default ports need to be opened if a company wants to implement and/or administer RSA SecurID behind a firewall? (Choose two) A. 5500 UDP B. 5500 TCP C. 5510 TCP D. 5520 UDP E. 1024 -65535 UDP Answer: AE 55. If Offline Authentication is enabled for a given RSA Authentication Manager deployment, a user who attempts to log on to an Agent while Offline A. will be prompted to set a PIN if this is their first time authentication. B. can authenticate without a token if an Offline Emergency Passcode is supplied to the user. C. can use an On-demand tokencode if the user has not yet been added to the Authentication Manager database. D. can authenticate without a PIN if the Authentication Agent has been configured for Tokencode-Only mode. Answer: B 56. A user can not successfully authenticate using a local Agent installed on their Windows Workstation. Log entries indicate a "Node secret mismatch". What actions will re-establish a node secret match? (Choose two) A. The user clears the node secret through the RSA Authentication Agent test utility. B. A Windows Administrator clears the node secret through the RSA Security Center console. C. An Authentication Manager administrator purges the Offline Authentication "Dayfiles" from the user's workstation. D. A Windows Administrator sets the node secret value to "null' in the domain "Users and Computers" management console. E. An Authentication Manager administrator clears the node secret through the Security Console Authentication Agent > Manage Node Secret screen. F. The user enters their RSA SecurID tokencode without a PIN to trigger a "Node Secret Sent" response Leading the way in IT testing and certification tools, www.examkiller.net

from Authentication Manager. Answer: BE 57. What types of events are recorded by default in the Authentication Activity Report? A. file mappings B. time of logout C. login requests D. network failures E. administrative logins Answer: CE (Choose two)

58. What is the maximum number of RSA SecurID tokens that can be simultaneously assigned and enabled on one RSA Authentication Manager user account? A. 1 B. 2 C. 3 D. 4 Answer: C 59. Results output from report queries in RSA Authentication Manager version 7.1 are customized A. through creating SQL statements using the SQL Wizard. B. by modifying report templates in the administrative console. C. by editing the Events database files and digitally re-signing them. D. through use of the Report Manager utility in the Operations Console. Answer: B 60. If Offline Authentication parameters are configured to require that Offline user passcodes be at least 12 characters in length and a user creates a 4-character PIN to be used with their 6-digit token, which of the following statements is true? A. The user can authenticate in both online and offline situations. B. The user can authenticate only online, offline authentication will be prevented. C. The user can authenticate only offline, online authentication will be prevented. D. The user can NOT authenticate either online or offline with their current PIN length. Answer: B 61. The number of days of offline data a user is allowed to download A. can not exceed thirty (30) days. B. is configured by the offline authentication policy. C. is dictated by the total length of the user's PIN + Tokencode. D. is determined by the offline cache size of the Authentication Agent. Answer: B 62. If an RSA Authentication Manager deployment plan indicates that an organization is best served by installing a Primary instance with one Server Node and one Replica instance, which of the following Leading the way in IT testing and certification tools, www.examkiller.net

statements is true? A. A Base license will allow installation of these three servers. B. An Enterprise license is required to install these three servers. C. A Server Cluster Option (SCO) license is required to install a Server Node. D. A Business Continuity Option (BCO) license is required to install a Replica instance. Answer: B 63. What are three minimal administrative steps that must be taken before a user can authenticate to a new RSA Authentication Manager installation? (Choose three) A. Create a user group B. Import token records C. Create a user account D. Create a new Identity Source E. Create a new Security Domain F. Create an Authentication Agent record G. Create a Super Admin administrator role Answer: BCF 64. Acme Company currently uses 8-character passwords consisting of letters and numbers. When they deploy RSA SecurID tokens, can the same policy (combination of 8 letters and numbers) be applied to user PINs? A. No, PINs must be 4 characters in length. B. No, PINs can only contain letters, not numbers. C. Yes, if they are using Standard cards or Key FOBs. D. Yes, if they are using Software tokens or PIN Pad cards. Answer: C 65. RSA SecurID "Event-based" tokens are different from "Time-synchronous" tokens in that A. Event-based tokens can not be used with a PIN B. Event-based tokens do not require a clock function to create a tokencode C. Event-based tokens cannot be resynchronized through the administrative console D. Event-based tokencodes can be used multiple times until the user increments the display Answer: B 66. When Windows Password Integration is enabled for an RSA SecurID system, an RSA Authentication Manager administrator can A. require a user to use their Windows password as their RSA SecurID PIN. B. clear/reset a user's Windows password through the RSA Authentication Manager administration console. C. view a user's Windows password through a remote Microsoft Management Console (MMC) session by using the Authentication Manager MMC snap-in. D. determine if a user's Windows password is updated in the RSA Authentication Manager database by viewing the Authentication Activity Log Monitor or running an Authentication Report. Answer: D Leading the way in IT testing and certification tools, www.examkiller.net

67. To use an LDAP directory server as a source for user and group data in an RSA Authentication Manager database, A. an Identity Source can be mapped to the LDAP directory through the Authentication Manager Operations Console. B. individual data transfer jobs can be scheduled through the Scheduled Jobs function of the Authentication Manager Security Console. C. a data export can be initiated on the directory server to export users and groups to the Authentication Manager database over a secure SSL connection. D. a new LDAP schema is applied to the directory server to include the attribute "cn=securid" to designate users to be transferred to Authentication Manager. Answer: A 68. The Adjudicator service is a process designed to A. lock the RSA SecurID token if it is suspected stolen. B. securely store and update the database encryption key. C. prevent the same passcode from being used on different servers. D. resolve database differences between an Authentication Manager server and Server Node. Answer: C 69. Some RSA Authentication Agents allow the use of a "Reserve Password". Under what circumstances is it recommended that the Reserve password be used? A. When the Agent is configured to "Challenge All Users". B. When the Agent is configured to use only Offline Authentication. C. When the Agent is installed on the same host as the RSA RADIUS server. D. When the Agent is configured to challenge certain users by name or by group. Answer: A 70. If a user is issued an RSA SecurID SID800 token ("USB token"), the user must log in using a computer with a USB 2.0 port and the SID800 token must be plugged in to that port. A. True B. False Answer: B 71. Identity Sources can be added to a deployment A. through the attach_id_source command line utility. B. through the Authentication Manager Security Console. C. by duplicating and copying from one realm to another. D. through the Authentication Manager Operations Console. Answer: D 72. To allow a laptop computer user to dial in to his/her office via a Remote Access Server (RAS), what are the minimum configurations required to provide RSA SecurID protection? (Choose two)

Leading the way in IT testing and certification tools, www.examkiller.net

A. RSA Authentication Agent software installed on the RAS server B. An RSA SecurID token or Fixed Passcode assigned to the user C. RSA Authentication Manager software installed on the RAS server D. RSA Authentication Agent software installed on the user's laptop computer E. The laptop computer added as an Authentication Agent in the Authentication Manager database Answer: AB 73. Which of the following statements is true about the RSA RADIUS Server in an RSA Authentication Manager version 7.1 environment? A. A single RADIUS server can be configured to support multiple realms across a single Authentication Manager deployment. B. Once the RADIUS server is installed in an Authentication Manager environment, all users default to using the RADIUS protocol for authentication. C. If RADIUS is integrated with an Authentication Manager deployment, all users who authenticate via RADIUS must be issued an RSA SecurID token. D. If a RADIUS server is not installed at the same time as a Primary or Replica server, it can NOT be added later without uninstalling and re-installing the Primary or Replica software. Answer: D 74. The RSA Authentication Agent for Web is intended to A. prevent designated web content from being downloaded to an end user's computer. B. challenge a user for authentication if the user attempts to access a protected web resource. C. challenge a user for authentication if the user attempts to log on locally to the web server host computer. D. allow users to access low risk resources using a password and high risk resources using two factor authentication. Answer: B 75. RSA Authentication Manager installation on a UNIX platform is similar to installation on a Linux platform because both platforms require A. an Enterprise license B. the installer to run as 'root' C. internet access to download security patch files D. the use of a command line console during installation Answer: B 76. Which of the following is NOT a component of the technology used within an RSA SecurID token? A. algorithm B. private key C. time source D. seed record Answer: B 77. Microsoft Active Directory users can be assigned RSA SecurID tokens without using the Leading the way in IT testing and certification tools, www.examkiller.net

Authentication Manager Security Console A. by establishing a read/write LDAP connection to Active Directory. B. if the Microsoft Management Console (MMC) RSA snap-in utility is installed. C. by editing the user Devices property in the Microsoft Users and Computers console. D. by enabling the Auto-Assign function in the Authentication Agent for Windows Security Center. Answer: B 78. If an RSA Authentication Manager deployment has two Replica servers ?Replica A and Replica B ?how does an authentication transaction performed on Replica A move to the audit database of Replica B? A. The Adjudicator service reconciles transactions from one Replica to another. B. Transactions performed on one server are broadcast to all servers in the deployment. C. Transactions are first sent to the Primary instance and are then sent out to Replica instances. D. A Transaction Job that is scheduled to run on an hourly basis sends transaction data from one server to other servers in the deployment. Answer: C 79. If the RSA RADIUS server is NOT installed at the time of the RSA Authentication Manager software installation and the RADIUS function is needed at a later date, (choose two) A. it can be added to the Authentication Manager server through the Operations Console. B. it can be added to the Authentication Manager server using the add_rad_svr command line utility. C. it can be installed on a separate host and connected to the existing Authentication Manager server. D. Authentication Agents can be configured to proxy RADIUS transactions without the need for a RADIUS server E. it cannot be added to the Authentication Manager server without uninstalling then re-installing the server software. Answer: CE 80. For what installation situations is creating a 'package' file necessary before installation can begin? (Choose three) A. for RADIUS client installation B. for a Server Node installation C. for a RADIUS server installation D. for an Authentication Agent installation E. for a Replica database server installation F. for a Primary database server installation Answer: BCE 81. When setting up an RSA Authentication Manager deployment, it is important that each Authentication Agent is installed with A. a server.cer certificate file. B. an agent_lic.xml license file. C. an sdconf.rec configuration file. D. a node_sec.dat node secret file. Leading the way in IT testing and certification tools, www.examkiller.net

Answer: C 82. In RSA Authentication Manager version 7.1, the Credential Manager function allows A. user self-service only if the deployment has an Enterprise license. B. business continuity options only if the deployment has a Base license. C. authenticator provisioning only if the deployment has an Enterprise license. D. authenticator provisioning and distribution only if the deployment has a CM-extended license. Answer: C 83. The ACME Company has a Primary server instance located in New York and a Replica server instance located in Los Angeles. How is a new user in the Los Angeles office added to the RSA Authentication Manager database? A. The user must be manually added to both the Los Angeles and the New York instances. B. The Administrator adds the user to the New York instance, which replicates the data to the Los Angeles instance. C. The Administrator adds the user locally to the Los Angeles instance, which replicates the data to the New York instance. D. The user is automatically added to both the Los Angeles and New York instances when they first authenticate with a token. Answer: B 84. If an RSA Authentication Manager database server uses a stand-alone database A. a custom schema must be applied prior to the server installation. B. the stand-alone database must be an LDAP compliant directory server. C. the stand-alone database must be installed prior to the server installation. D. all Primary and Replica database servers must attach to the same database. Answer: C 85. In an RSA Authentication Manager version 7.1 environment, data replication to provide failover capability can take place between (choose two) A. Server Nodes B. RADIUS servers C. Database servers D. Offline data stores E. Authentication Agents Answer: BC 86. If a user is issued an RSA SecurID SID800 token ("USB token"), the user must log in using a computer with a USB 2.0 port and the SID800 token must be plugged in to that port. A. True B. False Answer: B 87. The RSA Credential Manager function allows Leading the way in IT testing and certification tools, www.examkiller.net

A. users to self-register for RSA SecurID tokens. B. managers to control the deployment of Replica servers. C. administrators to install software token packages remotely. D. Agents to determine what credentials are valid for authentication. Answer: A 88. As part of the Primary server installation, the installer automatically backs up certain files in the RSA Authentication Manager/backup/ directory. These files A. include the system private key file. B. hold the contents of the embedded database. C. are used to install Replica servers and Server Nodes. D. are deleted after the Primary services successfully start. Answer: A 89. When planning an RSA SecurID system deployment in a Windows environment, the Windows Authentication Agent can be configured to A. prompt for RSA SecurID authentication based on the user's group membership. B. disable itself when the domain controller is disconnected from the Authentication Manager server. C. prompt for RSA SecurID authentication only if the user is a member of a Remote Access Server (RAS) group. D. log the user off the Windows domain if inactive for a period of 5 to 900 minutes ?as configured in the Logoff Policy. Answer: A 90. Token expiration dates A. vary according to the date contained in the license.rec file. B. are established when the new user first uses the token to log on. C. are programmed into a token's record at the time the record is created. D. are re-set by the Administrator using the 'Resynchronize Token' function. Answer: C 91. RSA SecurID "Event-based" tokens are different from "Time-synchronous" tokens in that A. Event-based tokens can not be used with a PIN B. Event-based tokens do not require a clock function to create a tokencode C. Event-based tokens cannot be resynchronized through the administrative console D. Event-based tokencodes can be used multiple times until the user increments the display Answer: B 92. RSA Authentication Manager time synchronous calculation A. uses UTC (GMT) time to calculate an RSA SecurID tokencode. B. is based on the offset between the user's local time zone and UTC (GMT) time. C. uses the NTP (Network Time Protocol) to calculate an RSA SecurID tokencode. D. depends on an accurate time setting of the RSA Authentication Agent host computer. Answer: A Leading the way in IT testing and certification tools, www.examkiller.net

93. During RSA Authentication Manager installation, you are prompted for (choose two) A. the identity of a DHCP server, if used. B. Authentication Manager digital certificate files. C. the current system time of the host computer. D. Super Admin account username and password. E. Operating System Administrator or Root user credentials. Answer: BD 94. A Contact List rebalance procedure would typically be performed A. after installing an Authentication Agent. B. after installing a Replica server or Server Node. C. after restarting an Authentication Manager server. D. before adding an Authentication Agent to the database. Answer: B 95. If an RSA Authentication Manager deployment plan indicates that an organization is best served by installing a Primary instance with one Server Node and one Replica instance, which of the following statements is true? A. A Base license will allow installation of these three servers. B. An Enterprise license is required to install these three servers. C. A Server Cluster Option (SCO) license is required to install a Server Node. D. A Business Continuity Option (BCO) license is required to install a Replica instance. Answer: B 96. Some RSA Authentication Agents allow the use of a "Reserve Password". Under what circumstances is it recommended that the Reserve password be used? A. When the Agent is configured to "Challenge All Users". B. When the Agent is configured to use only Offline Authentication. C. When the Agent is installed on the same host as the RSA RADIUS server. D. When the Agent is configured to challenge certain users by name or by group. Answer: A 97. When Windows Password Integration is enabled for a given Microsoft Windows implementation, what changes are required to the native Windows password policy? A. No changes are required to the native Windows password policies. B. The user profile must be configured such that a user's Windows password 'never expires'. C. The user profile must be configured such that a user 'cannot change' their Windows password. D. Windows passwords must be the same length as user passcodes (PIN length + tokencode length). Answer: A 98. To use an LDAP directory server as a source for user and group data in an RSA Authentication Manager database, A. an Identity Source can be mapped to the LDAP directory through the Authentication Manager Operations Console. Leading the way in IT testing and certification tools, www.examkiller.net

B. individual data transfer jobs can be scheduled through the Scheduled Jobs function of the Authentication Manager Security Console. C. a data export can be initiated on the directory server to export users and groups to the Authentication Manager database over a secure SSL connection. D. a new LDAP schema is applied to the directory server to include the attribute "cn=securid" to designate users to be transferred to Authentication Manager. Answer: A 99. If Offline Authentication parameters are configured to require that Offline user passcodes be at least 12 characters in length and a user creates a 4-character PIN to be used with their 6-digit token, which of the following statements is true? A. The user can authenticate in both online and offline situations. B. The user can authenticate only online, offline authentication will be prevented. C. The user can authenticate only offline, online authentication will be prevented. D. The user can NOT authenticate either online or offline with their current PIN length. Answer: B 100. Which of the following statements is true concerning the configuration of logging levels in the Authentication Manager Operations Console? A. Logging levels apply to the Authentication Manager realm in which they are configured. B. Logging levels apply to the Authentication Manager instance in which they are configured. C. Logging levels configured in the Primary apply to any Replica instances in the same deployment. D. Logging levels configured in the Operations Console become the default settings for the System Activity Monitor. Answer: B 101. What is the maximum number of RSA SecurID tokens that can be simultaneously assigned and enabled on one RSA Authentication Manager user account? A. 1 B. 2 C. 3 D. 4 Answer: C 102. The password policy associated with a Security Domain defines the A. parameters for user-created PINs. B. parameters for user Emergency Access Codes. C. password structure for authentication to the Self-service console. D. password structure for authentication through an Authentication Agent. Answer: C 103. An organization would like to deploy RSA Authentication Manager to allow two redundant connection points for daily administration and a Replica instance that can easily be promoted to a Primary by headquarters personnel in the event of disaster recovery. Which solution illustrated in the exhibit Leading the way in IT testing and certification tools, www.examkiller.net

represents the best solution for these requirements? A. Solution A B. Solution B C. Solution C D. Solution D Answer: C 104. If an LDAP directory is arranged with the Organizational Units shown in the exhibit, how can two Authentication Manager Realms be structured such that Realm 1 contains the users in ou=B and Realm 2 contains the users in ou=C? A. Create an Identity Source for all ou=A users in the default SystemDomain realm then move the desired users to Realm 1 and Realm 2. B. Create an Identity Source for ou=B and associate it with Realm 1; create another Identity Source for ou=C and associate it with Realm 2. C. Create an Identity Source for all ou=A users, create separate Security Domains for ou=B and ou=C users, and associate each Security Domain with a realm. D. Create an Identity Source for ou=A and associate it with both Realm 1 and Realm 2 then filter each realm to include only the desired users for ou=B and ou=C. Answer: B 105. During installation of the RSA Authentication Agent for Microsoft Windows 6.x, the native msgina.dll file is A. renamed "aceclnt.dll". B. replaced (overwritten) by "aceclnt.dll". C. unchanged and an "aceclnt.dll" file is added. D. moved to the RSA Authentication Manager server. Answer: C 106. If Offline Authentication is enabled for a given RSA Authentication Manager deployment, a user who attempts to log on to an Agent while Offline A. will be prompted to set a PIN if this is their first time authentication. B. can authenticate without a token if an Offline Emergency Passcode is supplied to the user. C. can use an On-demand tokencode if the user has not yet been added to the Authentication Manager database. D. can authenticate without a PIN if the Authentication Agent has been configured for Tokencode-Only mode. Answer: B 107. Which of the following are required when installing the RSA Authentication Manager RADIUS Server on a separate host machine (separate from an Authentication Manager server)? (Choose four) A. Authentication Manager license file B. Authentication Manager server key file C. Authentication Manager certificate files D. Authentication Manager RADIUS package file Leading the way in IT testing and certification tools, www.examkiller.net

E. Authentication Manager RADIUS configuration file F. Authentication Manager sdconf.rec configuration file G. Authentication Manager user profile and attributes file Answer: ABCD 108. If the option to sign RSA Authentication Manager log archives is not enabled during installation, A. audit logs will be created to track system activity but can not be archived. B. the signing function can only be enabled buy a Super Admin administrator. C. Authentication Manager must be re-installed to enable the signing function. D. the signing function must be applied manually whenever archive files are created. Answer: C 109. What configuration settings are helpful to allow Agent-Server communications through firewalls and Network Address Translation? A. Node rebalance setting and Agent IP Verification setting B. Server instance alias and Agent Alternate IP Address values C. Primary instance Package contents and Agent name resolution priority setting D. Server instance Preference value and Agent Translated Node Secret (ATNS) setting Answer: B 110. The Offline Authentication feature is intended to allow A. the capability for a user to temporarily disable the Agent software while the user is working offline. B. an RSA SecurID authentication to be processed by a Replica server when the Primary server is offline. C. a user to complete an RSA SecurID authentication through the local Agent if the local Agent computer is offline. D. several users to use a single RSA SecurID token so that they can share another user's computer if their own computer is offline. Answer: C 111. When an RSA SecurID for Microsoft Windows 6.x Agent is installed in a Windows domain environment, what action is taken to allow using the Windows Password Integration feature? A. a Windows server certificate must be available to the Agent installer to allow password integration B. users' Windows passwords must be re-set to conform to Authentication Manager password policy C. Authentication Manager Offline Authentication Policy must be configured to enable password integration D. users who will use integrated passwords must have membership in the Active Directory group specified during Agent installation Answer: C 112. Which of these statements about the RSA Authentication Manager LDAP interface is NOT true? A. Different LDAP directory servers can be specified as primary and failover data sources. B. A link to an LDAP directory can be established during Authentication Manager server installation. C. A single Authentication Manager Realm may be linked to several different LDAP directory servers. D. User and group data as well as user attributes can be linked from LDAP to Authentication Manager. Leading the way in IT testing and certification tools, www.examkiller.net

Answer: B 113. In Authentication Manager version 7.1 terminology, a "Server Node" is used to A. Replicate the database in either a Primary or Replica instance cluster. B. Gather and re-direct authentication requests from Agents to an available server. C. Provide a stand-alone database available to either a Primary or Replica instance. D. Provide additional authentication services in either a Primary or Replica instance cluster. Answer: D 114. Which are pre-defined administrative roles in RSA Authentication Manager? (Choose three) A. Site Administrator B. User Administrator C. Realm Administrator D. RADIUS Administrator E. Help Desk Administrator F. Identity Source Administrator Answer: BCE 115. How many RSA Authentication Manager servers represents the maximum for an instance cluster? A. 1 database server and up to 4 Server Nodes B. 1 database server and up to 4 Replica servers C. 1 Primary server and up to 15 Replica servers D. 1 Primary server, 1 Replica server, and up to 4 Server Nodes Answer: A 116. The addition of an RSA Authentication Manager Server Node to a Replica instance requires A. an Authentication Manager Enterprise license. B. a connection to the Primary instance database. C. a Node Verification key file from the Replica database. D. the Replica server to be shut down during the installation procedure. Answer: A 117. The number of days of offline data a user is allowed to download A. can not exceed thirty (30) days. B. is configured by the offline authentication policy. C. is dictated by the total length of the user's PIN + Tokencode. D. is determined by the offline cache size of the Authentication Agent. Answer: B 118. If you suspect there may be network communication problems within an RSA Authentication Manager clustered environment, what command line utility is helpful in identifying such problems? A. the node-ping utility B. the test-multicast utility C. the svr-comm-test utility Leading the way in IT testing and certification tools, www.examkiller.net

D. the manage-nodes utility Answer: B 119. To allow a laptop computer user to dial in to his/her office via a Remote Access Server (RAS), what are the minimum configurations required to provide RSA SecurID protection? (Choose two) A. RSA Authentication Agent software installed on the RAS server B. An RSA SecurID token or Fixed Passcode assigned to the user C. RSA Authentication Manager software installed on the RAS server D. RSA Authentication Agent software installed on the user's laptop computer E. The laptop computer added as an Authentication Agent in the Authentication Manager database Answer: AB 120. What default ports need to be opened if a company wants to implement and/or administer RSA SecurID behind a firewall? (Choose two) A. 5500 UDP B. 5500 TCP C. 5510 TCP D. 5520 UDP E. 1024 -65535 UDP Answer: AE 121. Which are essential requirements for successful communication between the RSA Authentication Manager server and RSA Authentication Agents? (Choose two) A. TCP/IP B. NETBIOS C. Ethernet LAN D. DNS or hosts files E. WINS or LMHOSTS Answer: AD 122. Which are standard Activity Monitor menu options for RSA Authentication Manager version 7.1? (Choose three) A. Error B. System C. Incident D. Accounting E. Administrator F. Authentication Answer: BEF 123. In a Primary/Replica environment, administrative changes can be made only on a server in the Primary instance.

Leading the way in IT testing and certification tools, www.examkiller.net

A. True B. False Answer: T 124. What are three minimal administrative steps that must be taken before a user can authenticate to a new RSA Authentication Manager installation? (Choose three) A. Create a user group B. Import token records C. Create a user account D. Create a new Identity Source E. Create a new Security Domain F. Create an Authentication Agent record G. Create a Super Admin administrator role Answer: BCF 125. To administer an RSA Authentication Manager remotely (from a browser not on the Authentication Manager host computer), you must (Choose two) A. connect to Authentication Manager through a secure HTTPS protocol. B. assign at least one administrative role to the user that is logging in remotely. C. assign an RSA SecurID token to the administrator that is logging in remotely. D. configure the Administrative Policy to allow remote access through a browser. E. create a Server Certificate and store it in the remote browser prior to logging in. Answer: AB 126. Which of the following statements is true about the RSA RADIUS Server in an RSA Authentication Manager version 7.1 environment? A. A single RADIUS server can be configured to support multiple realms across a single Authentication Manager deployment. B. Once the RADIUS server is installed in an Authentication Manager environment, all users default to using the RADIUS protocol for authentication. C. If RADIUS is integrated with an Authentication Manager deployment, all users who authenticate via RADIUS must be issued an RSA SecurID token. D. If a RADIUS server is not installed at the same time as a Primary or Replica server, it can NOT be added later without uninstalling and re-installing the Primary or Replica software. Answer: D 127. Designating an " Alternate IP Address " value in an Agent record in the Authentication Manager Security Console allows A. an Authentication Agent to use multiple node secret files. B. an Authentication Agent to seek the fastest responding server. C. an Authentication Agent to communicate with multiple servers simultaneously. D. Authentication Manager to recognize IP addresses for Agent authentication requests. Answer: D

Leading the way in IT testing and certification tools, www.examkiller.net

128. Which of the following statements is true regarding restriction of user access by time of day? A. Restricted times can only be set by using an Access Time template. B. Time restrictions are established according to user group membership. C. Fractional times zones can be selected for setting allowed access times. D. Time restrictions are enforced for both restricted and unrestricted Agents. Answer: B 129. What types of events are recorded by default in the Authentication Activity Report? A. file mappings B. time of logout C. login requests D. network failures E. administrative logins Answer: CE (Choose two)

130. A user can not successfully authenticate using a local Agent installed on their Windows Workstation. Log entries indicate a "Node secret mismatch". What actions will re-establish a node secret match? (Choose two) A. The user clears the node secret through the RSA Authentication Agent test utility. B. A Windows Administrator clears the node secret through the RSA Security Center console. C. An Authentication Manager administrator purges the Offline Authentication "Dayfiles" from the user's workstation. D. A Windows Administrator sets the node secret value to "null' in the domain "Users and Computers" management console. E. An Authentication Manager administrator clears the node secret through the Security Console Authentication Agent > Manage Node Secret screen. F. The user enters their RSA SecurID tokencode without a PIN to trigger a "Node Secret Sent" response from Authentication Manager. Answer: BE 131. An RSA SecurID Offline Emergency Passcode A. can be used in place of a Lost Token Password for network-connected authentication. B. can contain a combination of alphabetic characters, numbers and punctuation characters. C. allows a one-time authentication and must be re-issued for each logon while the user remains offline. D. requires a user to supply their secret PIN with the Emergency Code to complete an authentication request. Answer: B 132. If manual load balancing has just been set up for an Authentication Agent and it appears that the Agent is not contacting the desired servers, it might be helpful to verify the contents of the A. sdopts.rec file. B. sdconf.rec file. C. sdstatus.12 file. D. sdagent.rec file. Leading the way in IT testing and certification tools, www.examkiller.net

Answer: A 133. Ninety (90) days after installation, if the initial Super Admin user's password is not changed, the initial Super Admin user A. is required to change their password before accessing both the Operations Console and Security Console. B. can access both the Operations Console and Security Console but is reminded to change passwords after logon. C. is allowed to access the Operations Console but is required to change their password before accessing the Security Console. D. is locked out of both the Operations Console and the Security Console until another administrator re-sets the password and unlocks the account. Answer: C 134. In what way is the RSA Authentication Manager "Internal Database" different from an external Identity Source? A. The Internal Database contains policy and token data in addition to user and group data. B. The Internal Database is a read/write datastore while the external Identity Source is always read-only. C. The external Identity Source is a read/write datastore while the Internal Database is always read-only. D. The Internal Database utilizes LDAP while the external Identity Source can be configured for either LDAP or RDMBS. Answer: A 135. If a user inadvertently enters their RSA SecurID tokencode followed by their PIN, what would be the likely log message for this event? A. Authentication method failed B. Authentication method successful C. Bad PIN but good tokencode detected D. Authentication method failed, passcode format error Answer: A 136. When using an RSA Authentication Agent for PAM, which of the following statements is true? A. Users designated for RSA SecurID authentication must have root privileges. B. A user's account must specify 'sdshell' to allow RSA SecurID authentication. C. When installing the Agent for PAM, the services file must be edited to add "securid_pam" as a TCP service. D. Service, rule and module information to support RSA SecurID authentication are contained in the pam.conf file. Answer: D 137. When Windows Password Integration is enabled for an RSA SecurID system, an RSA Authentication Manager administrator can

Leading the way in IT testing and certification tools, www.examkiller.net

A. require a user to use their Windows password as their RSA SecurID PIN. B. clear/reset a user's Windows password through the RSA Authentication Manager administration console. C. view a user's Windows password through a remote Microsoft Management Console (MMC) session by using the Authentication Manager MMC snap-in. D. determine if a user's Windows password is updated in the RSA Authentication Manager database by viewing the Authentication Activity Log Monitor or running an Authentication Report. Answer: D 138. Acme Company currently uses 8-character passwords consisting of letters and numbers. When they deploy RSA SecurID tokens, can the same policy (combination of 8 letters and numbers) be applied to user PINs? A. No, PINs must be 4 characters in length. B. No, PINs can only contain letters, not numbers. C. Yes, if they are using Standard cards or Key FOBs. D. Yes, if they are using Software tokens or PIN Pad cards. Answer: C 139. Results output from report queries in RSA Authentication Manager version 7.1 are customized A. through creating SQL statements using the SQL Wizard. B. by modifying report templates in the administrative console. C. by editing the Events database files and digitally re-signing them. D. through use of the Report Manager utility in the Operations Console. Answer: B 140. RSA SecurID two-factor authentication requires A. two valid user-defined passwords. B. an RSA SecurID PASSCODE and PIN. C. an RSA SecurID token's tokencode and PIN. D. a Realm Administrator account and an Authentication Agent. Answer: C 141. The Adjudicator service is a process designed to A. lock the RSA SecurID token if it is suspected stolen. B. securely store and update the database encryption key. C. prevent the same passcode from being used on different servers. D. resolve database differences between an Authentication Manager server and Server Node. Answer: C 142. If RSA Authentication Manager indicates that the license is not in compliance (the number of allowed active users is exceeded), what action can be expected? A. Authentications are suspended until the license is upgraded. B. The user and log databases are locked until the license is upgraded. C. Users without token assignments cannot have new tokens assigned until the license is upgraded. Leading the way in IT testing and certification tools, www.examkiller.net

D. Additional users can not be added to the RSA Authentication Manager database until the license is upgraded. Answer: C 143. RSA Authentication Agents are typically installed and configured A. only outside a corporate or internet firewall. B. according to a general security policy and access control plan. C. before the installation of the RSA Authentication Manager server. D. before users have been assigned and trained on the use of RSA SecurID tokens. Answer: B 144. If the ACME Company has a disaster recovery facility for their information systems, which statement best describes the installation strategy for Primary and Replica RSA Authentication Manager instances? A. The Primary Instance should be located at the disaster recovery facility; a Server Node should be installed in the headquarters facility for easy access by Administrators. B. The Primary Instance should be located in the headquarters facility for easy access by Administrators; a Replica Instance should be installed at the disaster recovery facility. C. A Primary and Replica Instance should both be located in the headquarters facility for easy access by Administrators; a Server Node should be installed at the disaster recovery facility. D. The Primary Instance should be located at the headquarters facility and configured only for Online Authentication; a Replica Instance should be installed at the disaster recovery facility and configured only for Offline Authentication. Answer: B 145. Identity Sources can be added to a deployment A. through the attach_id_source command line utility. B. through the Authentication Manager Security Console. C. by duplicating and copying from one realm to another. D. through the Authentication Manager Operations Console. Answer: D 146. RSA Authentication Manager Replica servers A. can be promoted to a Primary server through a command line utility. B. require that promotion to a Primary server be initiated on the Replica. C. allow the Super Admin administrator to perform user account changes if the Primary server is offline. D. can be configured to take over as a Primary server if x number of heartbeat signals are not detected within a specified time interval t. Answer: B

Leading the way in IT testing and certification tools, www.examkiller.net