IBM Security Guardium Data Protection v11.x Administrator Intermediate Practice Exam: Medium Difficulty 2025

A Guardium administrator needs to monitor a database environment with multiple S-TAP agents deployed across different servers. After deployment, some S-TAPs are not appearing in the Central Manager console. What is the MOST likely cause and resolution?

An organization requires different security policies for production and development databases. The administrator needs to ensure that SELECT statements on salary columns in production trigger alerts, but the same queries in development do not. What is the BEST approach to implement this requirement?

A security team needs to generate a compliance report showing all privileged user access to sensitive tables over the past 90 days. The report must include failed access attempts and be scheduled to run monthly. Which components must the administrator configure?

During a Guardium health check, the administrator notices that the Collector's disk usage is at 85% and growing rapidly. Audit data retention is set to 90 days, and archiving is not currently configured. What is the MOST appropriate immediate action to prevent system issues?

An administrator needs to implement a policy that blocks any user attempting to execute DROP TABLE commands on production databases during business hours (8 AM - 6 PM), but allows DBAs in a specific group to perform these operations. What policy components are required?

A Guardium deployment includes a Central Manager, three Collectors, and multiple S-TAPs. One Collector becomes unavailable due to hardware failure. What happens to the S-TAPs and audit data associated with that Collector?

An administrator needs to create a report showing all SQL queries that accessed credit card data, filtered by a specific application user. The application uses connection pooling with a shared database account. What Guardium feature must be configured to accurately track individual application users?

After implementing new security policies, the administrator notices increased false positive alerts for normal business operations. The security team wants to maintain strict monitoring but reduce alert fatigue. What is the BEST strategy to optimize the policy configuration?

An administrator troubleshooting performance issues discovers that the Collector's CPU utilization spikes to 95% during peak business hours. Analysis shows high volumes of SELECT statements being audited. What is the MOST effective approach to optimize performance while maintaining security monitoring?

A compliance auditor requests a report showing all database schema changes (CREATE, ALTER, DROP) performed by any user across all databases for the past year, including the full SQL text and timestamp. The administrator needs to verify this data is available. What must have been previously configured?