Number of questions: 60
Time allowed in minutes: 90
Required passing score: 63%
IBM Certified System Administrator – Security Network Protection (XGS) V5.3.2
The test consists of 5 sections containing a total of approximately 60 multiple-choice questions. The percentages after each section title reflect the approximate distribution of the total question set across the sections
Section 1 – Features and capabilities (13%)
Compute the available number of protected segments based on the model type, NIMs, and media types (fibre, copper, etc).
Demonstrate a deep knowledge of protection interface inspection modes and settings.
Given a scenario using a specific license type, demonstrate an understanding of what capabilities, settings, and objects are affected by the license.
Demonstrate an understanding of inspection, response capabilities, and deployment considerations.
Demonstrate how to obtain and apply X-Force Exchange-supplied OpenSignatures.
Demonstrate an understanding of User Authentication deployment considerations.
Section 2 – Plan and install (25%)
Given a requirement for network throughput, HA, SSL, bypass requirements and number of inspected segments, infer XGS sizing, network interface module required and licensing.
Demonstrate the use of the serial console and situations where it may be required (proper cabling of the appliance to achieve console access).
Examine the differences between the physical and virtual appliances, the scenarios where they can be used, and how they are deployed within their specific environments (e.g., distributed virtual switches).
Examine network topology to understand where to locate the XGS to achieve the required inspection and circumvent Inbound SSL Traffic Limitations.
Demonstrate an understanding of FIPS mode and how to configure it.
Construct an SSL Inspection implementation plan for both inbound and outbound traffic.
Produce a high availability architecture diagram demonstrating both an Active-Passive and an Active-Active deployment.
Perform first-time setup using Serial Console, CLI, & LMI.
Use the different methods for configuring the XGS, including the CLI, LMI, SiteProtector and know the compatible modes (strict vs. compatible mode).
Section 3 – Configure (28%)
Infer the proper setting to configure in-built hardware bypass, inspection mode, TCP reset, etc. on a protection interface.
Complete XGS registration in SiteProtector and verify all policies have been imported.
Modify Network Access Policy to demonstrate a knowledge of the different ways to inspect different traffic types and generate security events.
Manipulate policies to integrate with 3rd party products, (e.g., syslog, QRadar, SNMP, flow data).
Construct and manipulate IPS objects including changes to X-Force protection level and blocking.
Modify SSL Inspection Policy to inspect specific traffic, including outbound and inbound traffic.
Manipulate SSL encryption keys and certificates to enable inbound and outbound SSL inspection.
Use the PAM documentation to adjust signature rules behavior using advanced tuning parameters.
Modify the management access policy to restrict access to management interface.
Section 4 – Maintain (23%)
Modify Intrusion Prevention Policy to change default threat level and protection settings of signatures.
Modify system alerting policy to propagate certain types of logging events to local and remote logging mechanisms (remote syslog object vs local) and (management access policy).
Perform a snapshot and demonstrate an understanding of limitations when applying snapshots.
Infer appliance status via Log events, System Graphs, and Network Graphs.
Produce a backup of the system to the alternate partition and fail back.
Construct and apply new objects within the network access policy (eg. Address, Application, Inspection, Identity, Response).
Use IPS event Filters to ignore traffic and create exceptions.
Change update-related policies and apply updates to firmware, security content and application databases.
Section 5 – Support (10%)
Use tools available in the CLI to troubleshoot problems.
Perform hardware diagnostics using built-in capability as well as stand-alone diagnostics tool and physical examination of hardware, LEDs, etc.
Demonstrate how to reimage an XGS appliance and restore settings.
Perform a fixpack installation and demonstrate an understanding of the impact of doing so.
Use Service and Support feature to automatically open service requests and send log files to support.
IBM Certified System Administrator – Security Network Protection (XGS) V5.3.2
Job Role Description / Target Audience
This intermediate level certification is intended for network system administrators and system engineers working with IBM Security Network Protection (XGS) V5.3.2.
These system administrators require extensive hands-on experience with the product, are familiar with its features and capabilities, and understand how to plan for and install the product, configure, maintain and support it.
It is expected that these system administrators are generally self-sufficient and are able to perform the tasks involved in the job role with limited assistance from peers, product documentation and vendor support services.
To attain the IBM Certified System Administrator – Security Network Protection (XGS) V5.3.2 certification, candidates must pass 1 test. To prepare for the test, it is recommended to refer to the job role description and recommended prerequisite skills, and click the link to the test below to refer to the test objectives and the test preparation tab.
Recommended Prerequisite Skills
Basic knowledge of:
Intrusion prevention systems technology
Standard network protocols and practices, including the OSI model, secure network transmissions
Network design and architecture, including high availability (HA)
Security technologies such as firewalls, encryption using keys and certificates, SSL, HTTPS, SSH, intrusion detection, VLAN, Span Ports, etc.
Security vulnerabilities, exploits, and attack techniques
Different network media types and connectivity considerations (copper, fibre, transceiver)
SiteProtector agent authentication, policy management, event propagation
Installing firmware from USB
VMware vSphere administration
This certification requires 1 test(s).
Click on the link(s) below to see test details, test objectives, suggested training and sample tests.
Test C2150-620 – IBM Security Network Protection (XGS) V5.3.2 System Administration
contains questions requiring single and multiple answers. For multiple-answer questions, you need to choose all required options to get the answer correct. You will be advised how many options make up the correct answer.
is designed to provide diagnostic feedback on the Examination Score Report, correlating back to the test objectives, informing the test taker how he or she did on each section of the test. As a result, to maintain the integrity of each test, questions and answers are not distributed.
A System Administrator has been seeing a lot of SSLv2_Weak_Cipher attacks reported on the network and wants to Increase the severity of the events.
How can this be accomplished?
A. Modify the Threat Level of the signature
B. Create an Incident in SiteProtector for SSLv2_Weak_Cipher
C. Modify the Event Log response for the Intrusion Prevention Object
D. Increase the X-Force Protection Level for the Intrusion Prevention Object
A System Administrator has an XGS 4100 appliance that has a single 8-port RJ-45 copper Network Interface Module (NIM) installed.
What is the maximum number of in-line network segments, of any media type, that could be protected?
A System Administrator has a requirement to be able to pause and resume an XGS for VMware machine to allow the ESXi server to move the servers to another machine.
Which statements regarding VMware Tools functionality is relevant to this requirement?
A. VMware Tools can be used to suspend inspection on the XGS for VMware and traffic will be forced into an automatic bypass mode.
B. VMware Tools can be used to suspend inspection on the XGS for VMware and traffic will not be forced into an automatic bypass mode.
C. VMware Tools functionality can be added to the appliance to provide a more streamlined user experience when migrating to another ESXi host.
D. VMware Tools functionality is already included and will be used when called by the hypervisor to manage the XGS for VMware virtual machine.
The System Administrator of a banking organization has become aware of some malicious traffic to its IBM Security Network Protection (XGS) appliance. The logs show patterns of Denial of Service (DoS) attack and a lot of encrypted packets targeted to the M. 1 port of the XGS appliance coming from an internal laptop IP address.
What should the System Administrator do next?
A. Configure Management access policy to restrict access
B. Configure Inbound SSL policy to inspect and drop such traffic
C. Configure Management access policy to set the management port as TCP reset port
D. Configure Network access policy and Intrusion Prevention Policy to block DoS attacks