Blog for the love of learningLearn Quickly - implement immediately

CA SSO Certification EXAM Sample

Q1. Named expressions enable you to?

A. Examine core components
B. Define reusable expressions
C. Define the permissions on reports
D. Define ODBC user directory attributes

Q2. When using the Active Directory namespace, which Lightweight Directory Access Protocol (IDAP) feature can you implement?

A. IDAP paging
B. IDAP referrals
C. IDAP sorting operations
D. SSL connectivity using a native Windows Certificate database

Q3. Which feature applies to application roles?

A. They are limited to a single directory or directory type.
B. They define which resources, or group of resources, an application can access
C. They are a logical representation of a resource and how CA SiteMinder protects it.
D. They define a set of users who have access to an application resource or a group of application

Q4. When you install a CA SiteMinder Policy Server, you need to configure two service accounts. Which service account has privileges to create, read, modify, and delete objects in the IDAP tree underneath the policy store root object?

B. DN System
C. Administrative DN
D. Database Administrative Account

Q5. Which guideline applies when using a custom login page

A. Ensure the login page is protected.
B. Use the GET rather than the POST method
C. Place the target page in an unprotected directory.
D. Use an unprotected stub login page to reach the protected login page.

Q6. When using the Windows authentication scheme, the users Windows security context is asserted by:

A. The User Store
B. The Web Agent
C. Active Directory
D. The IIS server through the Web Agent

Q7. What happens if the AllowLocalConfig Agent parameter is set to Yes?

A. The Web Agent uses the local configuration file and disregards the Agent Configuration Object.
B. The Web Agent updates the local configuration file with settings from the Agent Configuration Object.
C. The Web Agent updates the Agent Configuration Object with additional parameters from the local configuration file but does not change any existing parameters.
D. The Web Agent searches the corresponding agent’s local configuration file for modified or additional parameters after downloading the Agent Configuration Object.

Q8. Which cache reduces the number of calls the Agent needs to make to the Policy Server?

A. Form Cache
B. Agent User Cache
C. Agent Resource Cache
D. User Authorization Cache

Q9. You will need to configure virtual servers in different cookie domains for protection by the Web Agent. You want to configure the Web Agent to identify the cookie domain of an incoming request based on the incoming host header. Which action do you need to perform?

A. Set CookieDomain to none.
B. Set CookieDomainScope to 1.
C. Set CookieDomainScope to auto
D. Set CookieDomain to

Q10. Which statement about the CA SiteMinder Extensible Policy Store (XPS) is TRUE?

A. It exports to .dtd files.
B. It cannot co-exist with legacy policy stores.
C. New applications can be added without altering the schema.
D. It uses the new CA SiteMinder Data Interchange Format (SMDIF).

Q11.A benefit of the Credential Selector is that it enables:?

A. users to choose different types of authentication credentials
B. temporary credentials to be assigned to users who log on anonymously
C. CA SiteMinder to authenticate users against one directory and authorize users against a separate directory
D. the Web Agent to compare the IP address stored in a cookie from the last request with the IP address in the current request to see if they match

12. What is the effect of setting only the PersistentCookies parameter to Yes?

A. All cookies will be persistent.
B. TransientIDCookies are set to No.
C. SMSESSION cookies will be persistent.
D. SMIDENTITY cookies will be persistent.

13. By default, CA SiteMinder session cookies:

A. are transient.
B. are persistent.
C. are stored on a web server..
D. are not associated with any particular domain

14. In your company, authentication information is stored in a central Oracle repository. However, authorization information is spread across several different SQL Server and Oracle user directories associated with specific applications. The Social Security Number (SSN) of employees is common to all user directories. You are likely to use Lightweight Directory Access Protocol (IDAP) directories in the near future. Which statement about CA SiteMinder directory mapping options is TRUE?

A. It is best to use the identical DN method to mapIDAP directories to the central Oracle repository.
B. When mapping relational database directories to each other, Universal ID is the only method available
C. When mappingIDAP user directories to the central Oracle repository, Universal ID is the only method available
D. You can choose between the Universal ID and Identical DN methods when mapping relational databases with the central Oracle repository for authentication.

15. User attribute mapping enables you to:

A. map policies to different user attributes.
B. map user groups to different administrator groups
C. map user classes to different user attribute names.
D. map one common name to different user attribute names in different user directories.

16. Which statement about the Credential Selector is TRUE?

A. It eliminates the need for password policies to manage password rules.
B. It is an add-on that cannot be used with all CA SiteMinder-protected applications.
C. It is implemented as a stand-alone component for any CA SiteMinder-protected application.
D. It chooses credential authentication schemes dynamically based on the type of resource being requested. 17. What does the AllowCacheHeaders parameter remove?

A. Proxy data
B. Session data
C. Expiration of session parameters
D. Headers from requests for protected resources

18. What is the purpose of IP checking?

A. It enables you to use persistent cookies.
B. It prevents unauthorized IP addresses from gaining access.
C. It enables you to use single sign-on (SSO) for multiple browser settings.
D. It enables you to start a new browser setting and still have the SSO capability.

19. What is the purpose of directory mapping?

A. List users in policy stores
B. Authorize a user without the need for authentication
B. Authorize a user without the need for authentication
D. Authenticate users against one directory, and authorize users against a separate directory

20. If your environment has four Policy Servers, how many shouID have Agent Key Generation enabled?

A. 1
B. 2
B. 3
D. 4

21. The session store can be used to store: (Choose two)

A. session variables
B. federation variables
C. user activity statistics
D. user language preferences

22. To fully utilize CA SiteMinder password services, what do you need to utilize in the user directory store?

A. Replication
B. A read only account
C. Access Control Lists (ACLs)
D. An administrator account with read/write capabilities

23. To configure local configuration for a Web Agent, you use AllowLocalConfig = yes. Where do you set this parameter?

A. In the Host Configuration File
B. In the Agent Configuration File
C. In the Hosts file on the web server
D. In the local configuration file on the system hosting the web server

24. Which features characterize the J2EE application server agent? (Choose two)

A. Supports IBM WebSphere and BEA WebLogic
B. Protects J2EE application server-based applications
C. Moves the point of trust from the web server to the ERP/CRM server
D. Makes calls to the Event Manager when authentication credentials are provided

25. The SMAUTHREASON parameter hoIDs the reason code associated with a login failure. What does SMAUTHREASON=7 signify?

A. User disabled
B. Unknown user
C. Password Expired
D. Password must change

26. In which circumstances do you need a customized .unauth file on a Web Agent server?

A. If you are collecting optional attributes
B. If the .fee file does NOT use the smerrorpage directive
C. If you are extending .fee pages using jsps or .asps scripts
D. If you are NOT using Secure Sockets Layer (SSL) protection

27. What does the Agent User Cache store?

A. Encrypted session tickets
B. Template data of .fee files
C. Information about recently accessed resources
D. Results of Lightweight Directory Access Protocol Directory (IDAP) searches

28. For a CA SiteMinder session store, you can use:

A. CA Directory
B. Template data of .fee files
C. Sun One Directory
D. Microsoft SQL Server

29. Two features of global policies are:

A. They are different for each domain and apply to users in all user directories
B. They are different for each domain and apply only to a single user directory
C. They belong to a generic global domain and apply to users in all user directories
D. They belong to a generic global domain and apply only to a single user directory.

30. When configuring Agent parameters, what is the purpose of setting the CSSChecking parameter to yes?

A. To instruct the Web Agent to check a script for references to blocked URLs
B. To permit the interpretation of double quotation marks as ASCII characters
C. To instruct Web Agent to check a URL for characters that may be part of an executable script
D. To specify that CA SiteMinder policies must apply to requests from the Web Agent to the web server

31. Which objects can you define for global policies? (Choose two)

A. Group
B. Response
C. Event rule
D. Access rule

32. Which happens if you set the FCCCompatMode Agent parameter to YES?

A. The Web Agent is unable to process impersonation requests
B. An extra redirect is needed during a form-based authentication
C. Form Authentication cannot be used in the mixed environment of v4.x agents
D. User authentication takes place at the Forms Credential Collector (FCC), where the response is triggered, but the text in the response is lost

33. Which log file hoIDs log records for the CA SiteMinder user interface (UI)?

A. SiteMinder trace log
B. Application Server log
C. SiteMinder web agent log
D. SiteMinder Policy Server log

34. You need to test and demonstrate the use of IP checking to show how you can prevent someone from stealing a cookie and using that cookie to access a system. You have chosen not to enable PersistentCookies. Which parameter shouID you set to Yes?

A. TransientIPCheck
B. PersistentIPCheck
C. SMIdentityIPCheck
D. SMSessionIPCheck

35. Which feature characterizes Policy Server clusters?

A. They have a default failover threshoIDof 50%.
B. They are defined as part of a Host Configuration Object (HCO).
C. They include a secure network channel between all Policy Servers and the Monitor processes
D. For distributed monitoring, each Policy Server monitors all the other Policy Servers in the cluster.

36. To turn on the tracing facility for all Policy Server actions, you:

A. Configure the smtracedefault.txt file
B. Modify the general_trace.template file
C. Set the Enable Profiling option on the Policy Server Profiler tab
D. Configure the Policy Server Management Consolelogging option.

37. The Active Directory Global Catalog feature is useful in a multi-domain forest where it provides a central repository of domain information for the forest by storing partial replicas of all domain directory partitions. When integrating Active Directory with CA SiteMinder, which Global Catalog-related limitation do you need to consider?

A. Load balancing and failover are not supported when you use Global Catalog.
B. Password Services is not supported because Global Catalog does not support writes
C. A Policy Server cannot communicate with an Active Directory Global Catalog User Store
D. A Policy Server can communicate with an Active Directory Global Catalog User Store but cannot operate in Federal Information Processing Standards (FTPS) mode

38. When you set the RequireCookies parameter, which cookie does the Web Agent set during basic authentication


39. Which tool can you use to identify bottlenecks?

A. XPSExplorer
B. OneView Monitor
C. OneClick Console
D. SiteMinder Test Tool

40. Which connection can use load balancing?

A. Policy Server to User Store
B. Reporting Server to Policy Server
C. Administrative UI to Policy Server
D. Reporting Server to Report Database

CA Single Sign-On Online Training, Tutorials, Interview Q&A

Post Tags - CA Siteminder online training, CA SSO Online Training, CA Siteminder Interview Q&A, CA SSO Certification Exam Sample paper
Visitor Number free web counter

Join CA Siteminder Online Training Now