IBM Security Access Manager V9.0 Deployment — Question 49

An IBM Security Access Manager V9.0 deployment at a customer has enabled audit.authz, audit.authn, audit.http for meeting auditing requirements and results in large volume of audit records and poses significant data management challenges to the client. The customer wants to exclude the audit events to certain static resources such as images.
What action should be taken to implement this?

Answer options

• A. Disable audit.http events only
• B. Disable audit.http.unsuccessful events only
• C. Define a POP with the audithttp set to "no"; attach this to the static resources
• D. Define an ACL with the audithttp operation set to "no"; attach this to the static resources

Correct answer: D

Explanation

The correct answer is D because defining an ACL (Access Control List) with the audithttp operation set to 'no' specifically targets the static resources to exclude them from auditing. Options A and B do not address the requirement to exclude specific static resources, while option C would create a policy but does not directly utilize ACL, which is the standard method for managing access and audit settings in this context.