IBM Security Access Manager V9.0 Deployment — Question 61

The IBM Security Access Manager (ISAM) V9.0 deployment professional is setting up a new junction. The back-end junctioned server listens on port 443 (SSL), but does not require mutual certificate authentication.
Which keystore does the deployment professional need to update?

Answer options

• A. The WebSEAL signer certificate needs to be imported into the keystore used by the back-end server.
• B. The WebSEAL Test-Only certificate needs to be imported into the keystore used by the back-end server.
• C. The back-end signer certificate needs to be imported into the WebSEAL keystore on the ISAM appliance.
• D. The back-end signer certificate needs to be imported into the "Imi_trust_store" keystore on the ISAM appliance.

Correct answer: A

Explanation

The correct answer is A because the WebSEAL signer certificate must be in the keystore of the back-end server to establish a secure connection. Options B and C are incorrect because the Test-Only certificate and the back-end signer certificate respectively do not fulfill the requirement for this specific scenario. Option D is also incorrect as the 'Imi_trust_store' is not the right keystore for this setup.