option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON CyberArk PAM-DEF Practice Exam

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
CyberArk PAM-DEF Practice Exam

Description:
CyberArk PAM-DEF Practice Exam

Author:
AVATAR
SL
Other tests from this author

Creation Date: 17/12/2024

Category: Computers

Number of questions: 188
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
What is the purpose of the CyberArk Event Notification Engine service? It sends email messages from the Central Policy Manager (CPM) It sends email messages from the Vault It processes audit report messages It makes Vault data available to components.
As long as you are a member of the Vault Admins group you can grant any permission on any safe. TRUE FALSE.
You are running a "Privileged Accounts Inventory" Report through the Reports page in PVWA on a specific safe. To show complete account inventory information, which permission/s are needed on that safe? A. List Accounts, View Safe Members B. Manage Safe Owners C. List Accounts, Access Safe without confirmation D. Manage Safe, View Audit.
What is the purpose of the HeadStartlnterval setting m a platform? It alerts users of upcoming password changes x number of days before expiration. It instructs the CPM to initiate the password change process X number of days before expiration. It instructs the AIM Provider to ‘skip the cache' during the defined time period It determines how far in advance audit data is collected tor reports.
For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down? The heartbeat is no longer detected on the private network. An alert is generated in the Windows Event log. The shared storage array is offline. The Digital Vault Cluster does not detect a node failure.
Secure Connect provides the following. Choose all that apply. Real-time live session monitoring. Session Recording PSM connections to target devices that are not managed by CyberArk. PSM connections from a terminal without the need to login to the PVWA.
Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time? A. Require dual control password access Approval B. Enforce check-in/check-out exclusive access C. Enforce one-time password access D. Enforce check-in/check-out exclusive access & Enforce one-time password access .
It is possible to restrict the time of day, or day of week that a reconcile process can occur. TRUE FALSE.
PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target systems A. Windows B. UNIX C. Oracle D. All of the above.
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens. Which piece of the platform is missing? A. PSM-SSH Connection Component B. UnixPrompts.ini C. UnixProcess.ini D. PSM-RDP Connection Component.
The Accounts Feed contains: A. Accounts that were discovered by CyberArk in the last 30 days B. Accounts that were discovered by CyberArk that have not yet been onboarded C. All accounts added to the vault in the last 30 days D. All users added to CyberArk in the last 30 days.
The Password upload utility can be used to create safes. TRUE FALSE.
CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault. TRUE FALSE.
Accounts Discovery allows secure connections to domain controllers. TRUE FALSE.
As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to. TRUE FALSE.
In the Private Ark client, how do you add an LDAP group to a CyberArk group? A. Select Update on the CyberArk group, and then click Add > LDAP Group. B. Select Update on the LDAP Group, and then click Add > LDAP Group. С. Select Member Of on the CyberArk group, and then click Add > LDAP Group. D. Select Member Of on the LDAP group, and then click Add > LDAP Group.
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy). A. True B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows.
You are onboarding an account that is not supported out of the box. What should you do first to obtain a platform to import? A. Create a service ticket in the customer portal explaining the requirements of the custom platform. B. Search common community portals like stackoverflow, reddit, github for an existing platform. C. From the platforms page, uncheck the ג€Hide non-supported platformsג€ checkbox and see if a platform meeting your needs appears. D. Visit the CyberArk marketplace and search for a platform that meets your needs.
Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property. TRUE FALSE.
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically? A. Configure the Provider to change the password to match the Vault's Password B. Associate a reconcile account and configure the platform to reconcile automatically. C. Associate a logon account and configure the platform to reconcile automatically. D. Run the correct auto detection process to rediscover the password.
Which onboarding method would you use to integrate CyberArk with your accounts provisioning process? A. Accounts Discovery B. Auto Detection C. Onboarding RestAPI functions D. PTA Rules.
In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX systems. What is the BEST way to allow Central Policy Manager (CPM) to manage root accounts? A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server's root account. B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account. C. Configure the Unix system to allow SSH logins. D. Configure the CPM to allow SSH logins.
Which report could show all accounts that are past their expiration dates? A. Privileged Account Compliance Status report B. Activity log C. Privileged Account Inventory report D. Application Inventory report.
What is the purpose of the PrivateArk Server service? A. Executes password changes. B. Makes Vault data accessible to components. C Maintains vault metadata. D. Sends email alert from the Vault.
You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment. Which security configuration should you recommend? A. Configure one-time passwords for the appropriate platform in Master Policy. B. Configure shared account mode on the appropriate safe. C. Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy. D. Configure object level access control on the appropriate safe.
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password. What is the least intrusive way to accomplish this? A. Use the "change" button on the usage’s details page B. Use the "change" button on the parent account’s details page C. Use the "sync" button on the usage's details page. D. Use the "reconcile" button on the parent account's details page.
When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online. A. True, this is the default behavior. B. False, this is not possible. C. True, if the 'AllowFailback' setting is set to yes in the PADR.ini file. D. True, if the 'AllowFailback' setting is set to yes in the dbparm.ini file.
What is the maximum number of levels of authorization you can set up in Dual Control? A. 1 B. 2 C. 3 D. 4.
Which usage can be added as a service account platform? A. Kerberos Tokens B. IIS Application Pools C. PowerShell Libraries D. Loosely Connected Devices.
According to the DEFAULT Web Options settings, which group grants access to the REPORTS page? A. PVWAUsers B. Vault Admins C. Auditors D. PVWAMonitor.
What is the easiest way to duplicate an existing platform? A. From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it. B. From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform. C. From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable. D. From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click ג€Save asג€ INSTEAD of save to duplicate and rename the platform.
You have been asked to identify the up or down status of Vault Services. Which CyberArk utility can you use to accomplish this task? A. PrivateArk Central Administration Console B. PAS Reporter C. PrivateArk Remote Control Agent D. Syslog.
VAULT authorizations may be granted to ____________________. (Choose all that apply.) A. Vault Users B. Vault Groups C. LDAP Users D. LDAP Groups.
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA? A. Vault Admins B. Security Admins C. Security Operators D. Auditors.
The password upload utility must run from the CPM server TRUE FALSE.
Which PTA sensors are required to detect suspected credential theft? A. Logs, Vault Logs B. Logs, Network Sensor, Vault Logs C. Logs, PSM Logs, CPM Logs D. Logs, Network Sensor, EPM.
Which of the following options is not set in the Master Policy? A. Password Expiration Time B. Enabling and Disabling of the Connection Through the PSM C. Password Complexity D. The use of ג€One-Time-Passwordsג€.
To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes. Which configuration is correct? Require privileged session monitoring and isolation = active; Record and save session activity = active. B Require privileged session monitoring and isolation = inactive; Record and save session activity = inactive. C Require privileged session monitoring and isolation = active; Record and save session activity = inactive. D Require privileged session monitoring and isolation = inactive; Record and save session activity = .
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request. What is the correct location to identify users or groups who can approve? A. PVWA > Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control > Approvers B. PVWA > Policies > Access Control (Safes) > Select the safe > Safe Members > Workflow > Authorize Password Requests C. PVWA > Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers D. PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership).
Your organization requires all passwords be rotated every 90 days. Where can you set this regulatory requirement? A. Master Policy B. Safe Templates C. PVWAConfig.xml D. Platform Configuration.
What is the primary purpose of Dual Control? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.
The System safe allows access to the Vault configuration files. TRUE FALSE.
Within the Vault each password is encrypted by: A. The Server Key B. The Recovery Public Key C. The Recovery Private Key D. Its own unique key.
Which user is automatically added to all Safes and cannot be removed? A. Master B. Administrator C. Auditor D. Operator.
Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account. TRUE FALSE.
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used? PSMAdminConnect Credentials stored in the Vault for the target machine PSMConnect Shadowuser.
Which report provides a list of account stored in the vault. Entitlement Report Active Log Privileged Accounts Compliance Status Privileged Accounts Inventory.
What is the primary purpose of One Time Passwords? To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization. Reduced risk of credential theft More frequent password changes Non-repudiation (individual accountability).
What is the chief benefit of PSM? Privileged session recording Privileged session isolation Automatic password management ‘Privileged session isolation’ and ‘Privileged session recording’.
Which certificate type do you need to configure the vault for LDAP over SSL? a CA signed Certificate for the PVWA server a self-signed Certificate for the Vault a CA signed Certificate for the Vault server the CA Certificate that signed the certificate used by the External Directory.
What is the purpose of the PrivateArk Database service? Executes password changes Communicates with components Sends email alerts from the Vault Maintains Vault metadata.
Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI). FALSE TRUE.
Which of the following logs contains information about errors related to PTA? ITAlog.log diamond.log WebApplication.log pm_error.log.
You are logging into CyberArk as the Master user to recover an orphaned safe. Which items are required to log in as Master? Operator CD, Master Password, console access to the Vault server, Recover.exe Master CD, Master Password, console access to the Vault server, Private Ark Client Master CD, Master Password, console access to the PVWA server, Recover.exe Operator CD, Master Password, console access to the PVWA server, PVWA access.
Platform settings are applied to . Network Areas The entire vault. Safes Individual Accounts.
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval. Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group. Create an exception to the Master Policy to exclude the group from the workflow process. On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization. On the safe in which the account is stored grant the group the’ Access safe without audit’ .
A Logon Account can be specified in the Master Policy. TRUE FALSE.
What is the purpose of a linked account? To allow more than one account to work together as part of a password management process. To ensure a particular set of accounts all change at the same time. To ensure that a particular collection of accounts all have the same password. To connect the CPNI to a target system.
In a rule using “Privileged Session Analysis and Response” in PTA, which session options are available to configure as responses to activities? Suspend, Terminate Suspend, Terminate, None Pause, Terminate, None Suspend, Terminate, Lock Account.
What is the purpose of the Immediate Interval setting in a CPM policy? To Control the maximum amount of time the CPM will wait for a password change to complete. To control how often the CPM rests between password changes. To control how often the CPM looks for System Initiated CPM work. To control how often the CPM looks for User Initiated CPM work.
The vault supports Subnet Based Access Control. FALSE TRUE.
A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights. Where can you check to verify that the Vault Admins directory mapping points to the correct AD group? PVWA > Administration > LDAP Integration > Mappings PVWA > User Provisioning > LDAP Integration > Mapping Criteria PVWA > Administration > LDAP Integration > AD Groups PVWA > User Provisioning > LDAP Integration > Map Name.
A user with administrative privileges to the vault can only grant other users privileges that he himself has. TRUE FALSE.
Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied? Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component. Yes, if a logon account is associated with the root account. Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction. No, it is not possible.
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests. ImmediateInterval Interval HeadStartInterval The CPM does not change the password under this circumstance.
A Reconcile Account can be specified in the Master Policy. TRUE FALSE.
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities? PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA) PSM for Windows (previously known as RDP Proxy) PSM for SSH (previously known as PSM SSH Proxy) All of the above.
Which report shows the accounts that are accessible to each user? Applications Inventory report Activity report Privileged Accounts Compliance Status report Entitlement report.
How much disk space do you need on the server for a PAReplicate? 500 GB 1 TB same as disk size on Primary Vault same as disk size on Satellite Vault.
You need to enable the PSM for all platforms. Where do you perform this task? Master Policy > Privileged Access Workflows Master Policy > Session Management Platform Management > (Platform) > UI & Workflows Administration > Options > Connection Components.
Dbparm.ini is the main configuration file for the Vault. False True.
Which of these accounts onboarding methods is considered proactive? Detecting accounts with PTA Accounts Discovery A DNA scan A Rest API integration with account provisioning software.
Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours. TRUE FALSE.
When on-boarding account using Accounts Feed, Which of the following is true? Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with. You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault. You must specify an existing Safe where are account will be stored when it is on boarded to the Vault You can specify the name of a new Platform that will be created and associated with the account.
In your organization the “click to connect” button is not active by default. How can this feature be activated? Policies > Master Policy > Allow EPV transparent connections > Active Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception Policies > Master Policy > Password Management Policies > Master Policy > Allow EPV transparent connections > Inactive.
When managing SSH keys, the CPM stored the Private Key A & B On the target server In the Vault Nowhere because the private key can always be generated from the public key.
Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases? Privileged Threat Analytics PrivateArk Client Export Vault Data Export Vault Information.
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions? DR Users Auditors Vault Admin Operators.
The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys. How are these keys managed? CyberArk stores both Private and Public keys and can update target systems with either key. CyberArk does not store Public or Private keys and instead uses a reconcile account to create keys on demand. CyberArk stores Private keys in the Vault and updates Public keys on target systems. CyberArk stores Public keys in the Vault and updates Private keys on target systems.
You want to generate a license capacity report. Which tool accomplishes this? RestAPI Password Vault Web Access DiagnoseDB Report PrivateArk Client.
When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by The number of persons specified by the Master Policy Any one person from that group Every person from that group That access cannot be granted to groups.
It is possible to leverage DNA to provide discovery functions that are not available with auto- detection. TRUE FALSE.
Time of day or day of week restrictions on when password verifications can occur configured in The Account Details The Platform settings The Master Policy The Safe settings.
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted . only those permissions that exist on the group added to the safe first. only those permissions that exist in all groups to which the user belongs. the vault will not allow this situation to occur. the cumulative permissions of all groups to which that user belongs.
Which Automatic Remediation is configurable for a PTA detection of a “Suspected Credential Theft”? Add to Pending Rotate Credentials Reconcile Credentials Disable Account.
To manage automated onboarding rules, a CyberArk user must be a member of which group? CPM User Administrators Auditors Vault Admins.
Which item is an option for PSM recording customization? Windows events text recorder with automatic play-back Windows events text recorder and universal keystrokes recording simultaneously Custom audio recording for windows events Universal keystrokes text recorder with windows events text recorder disabled.
You are creating a shared safe for the help desk. What must be considered regarding the naming convention? Safe owners should determine the safe name to enable them to easily remember it. Ensure your naming convention is no longer than 20 characters. Combine environments, owners and platforms to minimize the total number of safes created. The use of these characters V:*<>".| is not allowed.
In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to “Fast Forward” within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video. What could be the cause? You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less. The browser you are using is out of date and needs an update to be supported. Recording is of a PSM for SSH session. You do not have the “View Audit” permission on the safe where the account is stored.
You are creating a Dual Control workflow for a team’s safe. Which safe permissions must you grant to the Approvers group? List accounts, Authorize account request Retrieve accounts, Access Safe without confirmation List accounts, Unlock accounts Retrieve accounts, Authorize account request.
You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user? Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User PVWA > User Provisioning > LDAP Integration > Add Mapping Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add PVWA > User Provisioning > Users and Groups > New > User.
A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication. Which locations must you update? On the Vault server in the certificate store and on the PVWA server in the certificate store in the Private Ark client under Tools > Administrative Tools > Directory Mapping on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts.
Which option in the Private Ark client is used to update users’ Vault group memberships? Update > Authorizations tab Update > Group tab Update > Member Of tab Update > General tab.
A new HTML5 Gateway has been deployed in your organization. Where do you configure the PSM to use the HTML5 Gateway? A. Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway B. Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers C. Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway D. Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details.
In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA? Operators ReportUsers PVWAReports PVWAMonitor.
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts? Vault Platform Connection Component CPM.
You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission. Where do you update this permission for all auditors? Private Ark Client > Tools > Administrative Tools > Users and Groups > Auditors > Authorizations tab Private Ark Client > Tools > Administrative Tools > Directory Mapping > Vault Authorizations PVWA User Provisioning > LDAP integration > Vault Auditors Mapping > Vault Authorizations PVWA> Administration > Configuration Options > LDAP integration > Vault Auditors Mapping > .
Which command configures email alerts within PTA if settings need to be changed post install? /opt/tomcat/utility/emailConfiguration.sh /opt/PTA/emailConfiguration.sh /opt/tomcat/utility/emailSetup.sh /opt/PTA/utility/emailConfig.sh.
Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule? They are added to the Pending Accounts list and can be reviewed and manually uploaded. They cannot be onboarded to the Password Vault. They are not part of the Discovery Process. They must be uploaded using third party tools.
Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault. Which steps should you perform to restore DR replication to normal? A. Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault B. Shutdown PrivateArk Server on DR Vault > Start replication on DR vault C. Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault D. Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault.
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account. How should this be configured to allow for password management using least privilege? Configure the UNIX platform to use the correct logon account. Configure each CPM to use the correct reconcile account. Configure each CPM to use the correct logon account. Configure the UNIX platform to use the correct reconcile account.
If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account? Address ObjectName KeyFile KeyPath.
Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire? Activity Log Privileged Accounts Compliance Status Privileged Accounts Inventory Privileged Accounts CPM Status.
Your organization has a requirement to allow users to “check out passwords” and connect to targets with the same account through the PSM. What needs to be configured in the Master policy to ensure this will happen? Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive.
Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C. Which file should you edit? Vault.ini user.ini DBparm.ini TSparm.ini.
Which permissions are needed for the Active Directory user required by the Windows Discovery process? LDAP Admin Domain Admin Read/Write Read.
You receive this error: “Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.” Which root cause should you investigate? The account does not have sufficient permissions to change its own password. The CPM service is disabled and will need to be restarted. The password has been changed recently and minimum password age is preventing the change. The domain controller is unreachable.
To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need? List Accounts, Use Accounts, Retrieve Accounts List Accounts, Use Accounts List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation Use Accounts.
Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply. A. PACli.ini B. Vault.ini C. conf.ini D. A comma delimited upload file.
Which of the Following can be configured in the Master Poky? Choose all that apply. A. Dual Control B. One Time Passwords C. Exclusive Passwords D. Password Reconciliation E. Ticketing Integration F. Required Properties G. Custom Connection Components H. Password Aging Rules.
Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.) A. Store the CD in a physical safe and mount the CD every time Vault maintenance is performed B. Copy the entire contents of the CD to the system Safe on the Vault C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions D. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions.
You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1. What do you need to recover and decrypt the object? (Choose three.) A. Recovery Private Key B. Recover.exe C. Vault data D. Recovery Public Key E. Server Key F. Master Password.
Which utilities could you use to change debugging levels on the Vault without having to restart the Vault? (Choose two.) A. PAR Agent B. PrivateArk Server Central Administration C. Edit DBParm.ini in a text editor. D. Setup.exe.
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply. A. PSM connections to target devices that are not managed by CyberArk. B. Session Recording. C. real-time live session monitoring. D. PSM connections from a terminal without the need to login to the PVWA.
Which of the following properties are mandatory when adding accounts from a file? (Choose three.) A. Safe Name B. Platform ID C. All required properties specified in the Platform D. Username E. Address F. Hostname.
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.) A. OS Username B. Current machine IP C. Current machine hostname D. Operating System Type (Linux/Windows/HP-UX) E. Vault IP Address F. Time Frame.
Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support. Which logs will help the CyberArk Support Team debug the issue? (Choose three.) A. PSMConsole.log B. PSMDebug.log C. PSMTrace.log D. <Session_ID>.Component.log E. PMconsole.log F. ITALog.log.
Secure Connect provides the following. Choose all that apply. A. PSM connections to target devices that are not managed by CyberArk. B. Session Recording. C. real-time live session monitoring. D. PSM connections from a terminal without the need to login to the PVWA.
Which of the following PTA detections are included in the Core PAS offering? A. Suspected Credential Theft B. Over-Pass-The Hash C. Golden Ticket D. Unmanaged Privileged Access.
Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply) A. The PSM software must be installed on the target server. B. PSM must be enabled in the Master Policy (either directly, or through exception). C. PSMConnect must be added as a local user on the target server. D. RDP must be enabled on the target server.
Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller? A. Suspected credential theft B. Over-Pass-The-Hash C. Golden Ticket D. Unmanaged privileged access.
Which keys are required to be present in order to start the PrivateArk Server service? Select two A. Recovery public key B. Recovery private key C. Server key D. Safe key.
What is the purpose of EVD? A. To extract vault metadata into an open database platform. B. To allow editing of vault metadata. C. To create a backup of the MySQL database. D. To extract audit data from the vault.
When creating an onboarding rule, it will be executed upon ___________________. A. All accounts in the pending accounts list B. Any future accounts discovered by a discovery process C. Both ג€All accounts in the pending accounts listג€ and ג€Any future accounts discovered by a discovery processג€.
How does the Vault administrator apply a new license file? A. Upload the license.xml file to the system Safe and restart the PrivateArk Server service B. Upload the license.xml file to the system Safe C. Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service D. Upload the license.xml file to the Vault Internal Safe.
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online. ATrue; this is the default behavior BFalse, the Vault administrator must manually set the DR Vault to DR mode by setting ''FailoverMode=no'' in the padr.ini file CTrue, if the AllowFailback setting is set to ''yes'' in the padr.ini file DFalse, the Vault administrator must manually set the DR Vault to DR mode by setting ''FailoverMode=no'' in the dbparm.ini file.
Which of the following components can be used to create a tape backup of the Vault? A. Disaster Recovery B. Distributed Vaults C. Replicate D. High Availability.
Which credentials does CyberArk use when managing a target account? A. Those of the service account for the CyberArk Password Manager service B. A Domain Administrator account created for this purpose C. The credentials of the target account D. An account assigned by the Master Policy.
What is the process to remove object level access control from a Safe? A. Uncheck the 'Enable Object Level Access Control' on the Safe Details page in the PVWA. B. Uncheck the 'Enable Object Level Access Control' box in the Safe Properties in PrivateArk. C. This cannot be done. D. Remove all ACLs from the Safe.
What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? A. MinValidityPeriod B. Interval C. ImmediateInterval D. Timeout.
A safe was recently created by a user who is a member of the LDAP Vault Administrators group. Which of the following users does not have access to the newly created safe by default? A. Master B. Administrator C. Auditor D. Backup.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.) A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization.
You want to create a new onboarding rule. Where do you accomplish this? A. In PVWA, click Reports > Unmanaged Accounts > Rules B. In PVWA, click Options > Platform Management > Onboarding Rule C. In PrivateArk, click Tools > Onboarding Rules D. In PVWA, click Accounts > Onboarding Rules.
Which utilities could you use to change debugging levels on the vault without having to restart the vault? (Choose all that apply.) A. PAR Agent B. PrivateArk Server Central Administration C. Edit DBParm.ini in a text editor. D. Setup.exe.
Which one the following reports is NOT generated by using the PVWA? A. Accounts Inventory B. Application Inventory C. Sales List D. Convince Status.
PSM captures a record of each command that was executed in Unix. A. TRUE B. FALSE.
Platform settings are applied to . A. The entire vault. B. Network Areas C. Safes D. Individual Accounts.
Customers who have the ~Access Safe without confirmation safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account A. TRUE B. FALSE.
The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability). A. TRUE B. FALSE.
The System safe allows access to the Vault configuration files. A. TRUE B. FALSE.
Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply. A. Discovery and Audit (DMA) B. Auto Detection (AD) C. Export Vault Data (EVD) D. On Demand Privileges Manager (OPM) E. Accounts Discovery.
In order to connect to a target device through PSM, the account credenti ls used for the connection must be stored in the vault? A. True. B. False. Because the user can also enter credentials manually using Secure Connect. C. False. Because if credentials are not stored in the vau t, the PSM will log into the target device as PSM Connect. D. False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.
Which of the following PTA detections are includ d in the Core PAS offering? A. Suspected Credential Theft B. Over-Pass-The Hash C. Golden Ticket D. Unmanaged Privileged Access.
One can create exceptions to the Master Policy based on . A. Safes B. Platforms C. Policies D. Accounts.
The vault supports Role Based Access Control A. TRUE B. FALSE.
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply. A. PSM connections to target devices that are not managed by CyberArk. B. Session Recording. C. Real-time live session monitoring. D. PSM connections from a terminal without the need to login to the PVWA.
When managing SSH keys, the CPM stored the Private Key A. In the Vault B. On the target server C. A & B D. Nowhere because the private key can always be generated from the public key.
When managing SSH keys, the CPM stores the Public Key A. In the Vault B. On the target server C. A & B D. Nowhere because the public key can always be generated from the private key.
Accounts Discovery allows secure connections to domain controllers. A. TRUE B. FALSE.
Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed. A. HeadStartInterval B. Interval C. ImmediateInterval D. The CPM does not change the password under this circumstance.
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities? A. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA) B. PSM for Windows (previously known as RDP Proxy) C. PSM for SSH (previously known as PSM SSH Proxy) D. All of the above.
Time of day or day of week restrictions on when password verifications can occur configured in . A. The Master Policy B. The Platform settings C. The Safe settings D. The Account Details.
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests. A. HeadStartInterval B. Interval C. ImmediateInterval D. The CPM does not change the password under this circumstance.
Which Master Policy Setting must be active in order to have an account checked-out by one user for a predetermined amount of time? A. Require dual control password access Approval B. Enforce check-in/check-out exclusive access C. Enforce one-time password access D. Enforce check-in/check-out exclusive access & Enforce one-time password access.
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe. A. TRUE B. FALSE.
The vault supports Subnet Based Access Control. A. TRUE B. FALSE.
How does the Vault administrator apply a new license file? A. Upload the license.xml file to the system Safe and restart the PrivateArk Server service B. Upload the license.xml file to the system Safe C. Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service D. Upload the license.xml file to the Vault Internal Safe.
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a sec re c nnection via PSM for Windows (previously known as RDP Proxy). A. True B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows.
Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the clients machine makes an RDP connection to the PSM server, which user will be utilized? A. Credentials stored in the Vault for the target machine B. Shadowuser C. PSMConnect D. PSMAdminConnect.
A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root accounts password the Central Policy Manager (CPM) will: A. ignore the logon account and attempt to log in as root B. prompt the end user with a dialog box asking for the login account to use C. log in first with the logon account, then run the SU command to log in as root using the password in the Vault D. none of these.
Which is the primary purpose of exclusive accounts? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a ~collusion to commit fraud ensuring no single actor may use a password without authorization.
What is the chief benefit of PSM? A. Privileged session isolation B. Automatic password management C. Privileged session recording D. ~Privileged session isolation and ~Privileged session recording.
A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control. A. True B. False.
CyberArk recommends implementing object level access control n all Safes. A. True B. False.
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditors machine makes an RDP connection the PSM server, which user will be used? A. PSMAdminConnect B. Shadowuser C. PSMConnect D. Credentials stored in the Vault for the target machine.
Which user(s) can access all passwords in the Vault? A. Administrator B. Any member of Vault administrators C. Any member of auditors D. Master.
Which values are acceptable in the address field of an Account? A. It must be a Fully Qualified Domain Name (FQDN) B. It must be an IP address C. It must be NetBIOS name D. Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable.
A logon account can be specified in the platform settings. A. True B. False.
Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event? A. Password change B. Password reconciliation C. Session suspension D. Session termination.
A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings. What is the issue? A. The user must login as PSMAdminConnect B. The PSM service is not running C. The user is not a member of the PVWAMonitor group D. The user is not a member of the Auditors group.
Which of these accounts onboarding methods is considered proactive? A. Accounts Discovery B. Detecting accounts with PTA C. A Rest API integration with account provisioning software D. A DNA scan.
What is the purpose of the password change process? A. To test that CyberArk is storing accurate credentials for accounts B. To change the password of an account according to organizationally defined password rules C. To allow CyberArk to manage unknown or lost credentials D. To generate a new complex password.
What is the purpose of the PrivateArk Database service? A. Communicates with components B. Sends email alerts from the Vault C. Executes password changes D. Maintains Vault metadata.
A user is receiving the error message oeITATS006E Station is suspended for User jsmith when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem? A. createcredfile.exe B. cavaultmanager.exe C. PrivateArk D. PVWA.
Select the best practice for storing the Master CD. A. Copy the files to the Vault server and discard the CD B. Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD C. Store the CD in a secure location, such as a physical safe D. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault.
An auditor needs to login to the PSM in order to live monitor an active session. Which user I. used to establish the RDP connection to the PSM server? A. PSMConnect B. PSMMaster C. PSMGwUser D. PSMAdminConnect.
You are onboarding an account that is not suppo ted out of the box. What should you do first to obtain a platform to import? A. Create a service ticket in the customer portal explaining the requirements of the custom platform. B. Search common community portals like stackoverflow, reddit, github for an existing platform. C. From the platforms page, uncheck the oeHide non-supported platforms checkbox and see if a platform meeting your needs appears. D. Visit the CyberArk marketplace and search for a platform that meets your needs.
Your organization requires all passwords be rotated every 90 days. Where can you set this regulatory requirement? A. Master Policy B. Safe Templates C. PVWAConfig.xml D. Platform Configuration.
To enable the Automatic response oeAdd to Pending within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe? A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe C. Add accounts (includes update properties), Update Account content, Update Accountproperties, View Audit D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit.
You have been asked to turn off the time access restrictions for a safe. Where is this setting found? A. PrivateArk B. RestAPI C. Password Vault Web Access (PVWA) D. Vault.
What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices? A. UnixPrompts.ini B. plink.exe C. dbparm.ini D. PVConfig.xml.
You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1. What do you need to recover and decrypt the object? (Choose three.) A. Recovery Private Key B. Recover.exe C. Vault data D. Recovery Public Key E. Server Key F. Master Password.
You need to enable the PSM for all platforms. Where do you perform this task? A. Platform Management > (Platform) > UI & Workflows B. Master Policy > Session Management C. Master Policy > Privileged Access Workflows D. Administration > Options > Connection Components.
In the Private Ark client, how do you add an LDAP group to a CyberArk group? A. Select Update on the CyberArk group, and then click Add > LDAP Group B. Select Update on the LDAP Group, and then click Add > LDAP Group C. Select Member Of on the CyberArk group, and then click Add > LDAP Group D. Select Member Of on the LDAP group, and then click Add > LDAP Group.
You are creating a Dual Control workflow for a teams safe. Which safe permissions must you grant to the Approvers group? A. List accounts, Authorize account request B. Retrieve accounts, Access Safe without confirmation C. Retrieve accounts, Authorize account request D. List accounts, Unlock accounts.
Due to network activity, ACME Corps PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault. Which steps should you perform to restore DR replication to normal? A. Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault B. Shutdown PrivateArk Server on DR Vault > Start replication on DR vault C. Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault D. Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault.
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.) A. Operating System Username B. Host IP Address C. Client Hostname D. Operating System Type (Linux/Windows/HP-UX) E. Vault IP Address F. Time Frame.
Which item is an option for PSM recording customization? A. Windows events text recorder with automatic play-back B. Windows events text recorder and universal keystrokes recording simultaneously C. Universal keystrokes text recorder with windows events text recorder disabled D. Custom audio recording for windows events.
Report abuse