Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > CyberArk > CyberArk CDE Certification > PAM-CDE-RECERT

PAM-CDE-RECERT CyberArk CDE Recertification Question and Answers

Question # 4

A company requires challenge/response multi-factor authentication for PSMP sessions. Which server must you integrate with the CyberArk vault?

A.

LDAP

B.

PKI

C.

SAML

D.

RADIUS

Full Access
Question # 5

Within the Vault each password is encrypted by:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Full Access
Question # 6

Which configuration file and Vault utility are used to migrate the server key to an HSM?

A.

DBparm.ini and CAVaultManager exe

B.

VaultKeys.ini and CAVaultManager exe

C.

DBparm.ini and ChangeServerKeys exe

D.

VaultKeys.ini and ChangeServerKeys exe

Full Access
Question # 7

Which report could show all accounts that are past their expiration dates?

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Full Access
Question # 8

Which report shows the accounts that are accessible to each user?

A.

Activity report

B.

Entitlement report

C.

Privileged Accounts Compliance Status report

D.

Applications Inventory report

Full Access
Question # 9

A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.

Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

A.

PVWA > User Provisioning > LDAP Integration > Mapping Criteria

B.

PVWA > User Provisioning > LDAP Integration > Map Name

C.

PVWA > Administration > LDAP Integration > Mappings

D.

PVWA > Administration > LDAP Integration > AD Groups

Full Access
Question # 10

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

A.

Create an exception to the Master Policy to exclude the group from the workflow process.

B.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

C.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

D.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

Full Access
Question # 11

By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

A.

Vault Admins

B.

Security Admins

C.

Security Operators

D.

Auditors

Full Access
Question # 12

Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

A.

Auditors

B.

Vault Admin

C.

DR Users

D.

Operators

Full Access
Question # 13

Which components can connect to a satellite Vault in distributed Vault architecture?

A.

CPM, EPM, PTA

B.

PVWA, PSM

C.

CPM,PVWA, PSM

D.

CPM, PSM

Full Access
Question # 14

Which certificate type do you need to configure the vault for LDAP over SSL?

A.

the CA Certificate that signed the certificate used by the External Directory

B.

a CA signed Certificate for the Vault server

C.

a CA signed Certificate for the PVWA server

D.

a self-signed Certificate for the Vault

Full Access
Question # 15

What is the purpose of the PrivateArk Database service?

A.

Communicates with components

B.

Sends email alerts from the Vault

C.

Executes password changes

D.

Maintains Vault metadata

Full Access
Question # 16

Which user is automatically added to all Safes and cannot be removed?

A.

Auditor

B.

Administrator

C.

Master

D.

Operator

Full Access
Question # 17

Your organization has a requirement to allow users to “check out passwords” and connect to targets with the same account through the PSM.

What needs to be configured in the Master policy to ensure this will happen?

A.

Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active

B.

Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive

C.

Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active

D.

Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive

Full Access
Question # 18

Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

A.

TRUE

B.

FALS

Full Access
Question # 19

In a rule using “Privileged Session Analysis and Response” in PTA, which session options are available to configure as responses to activities?

A.

Suspend, Terminate, None

B.

Suspend, Terminate, Lock Account

C.

Pause, Terminate, None

D.

Suspend, Terminate

Full Access
Question # 20

You are creating a shared safe for the help desk.

What must be considered regarding the naming convention?

A.

Ensure your naming convention is no longer than 20 characters.

B.

Combine environments, owners and platforms to minimize the total number of safes created.

C.

Safe owners should determine the safe name to enable them to easily remember it.

D.

The use of these characters V:*<>".| is not allowed.

Full Access
Question # 21

PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target systems

A.

Windows

B.

UNIX

C.

Oracle

D.

All of the above

Full Access
Question # 22

The vault supports Role Based Access Control.

A.

TRUE

B.

FALSE

Full Access
Question # 23

A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Full Access
Question # 24

Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

Full Access
Question # 25

You are configuring the vault to send syslog audit data to your organization's SIEM solution. What is a valid value for the SyslogServerProtocol parameter in DBPARM.ini file?

A.

TLS

B.

SSH

C.

SMTP

D.

SNMP

Full Access
Question # 26

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

A.

TRUE

B.

FALSE

Full Access
Question # 27

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Full Access
Question # 28

The Password upload utility can be used to create safes.

A.

TRUE

B.

FALS

Full Access
Question # 29

Which keys are required to be present in order to start the PrivateArk Server service?

A.

Recovery public key

B.

Recovery private key

C.

Server key

D.

Safe key

Full Access
Question # 30

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

A.

TRUE

B.

FALSE

Full Access
Question # 31

When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

A.

Platform

B.

Connection Component

C.

CPM

D.

Vault

Full Access
Question # 32

One can create exceptions to the Master Policy based on ____________________.

A.

Safes

B.

Platforms

C.

Policies

D.

Accounts

Full Access
Question # 33

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

A.

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM-SSH Proxy)

D.

All of the above

Full Access
Question # 34

As long as you are a member of the Vault Admins group you can grant any permission on any safe.

A.

TRUE

B.

FALSE

Full Access
Question # 35

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.

How should this be configured to allow for password management using least privilege?

A.

Configure each CPM to use the correct logon account.

B.

Configure each CPM to use the correct reconcile account.

C.

Configure the UNIX platform to use the correct logon account.

D.

Configure the UNIX platform to use the correct reconcile account.

Full Access
Question # 36

You received a notification from one of your CyberArk auditors that they are missing Vault level audit permissions. You confirmed that all auditors are missing the Audit Users Vault permission.

Where do you update this permission for all auditors?

A.

Private Ark Client > Tools > Administrative Tools > Directory Mapping > Vault Authorizations

B.

Private Ark Client > Tools > Administrative Tools > Users and Groups > Auditors > Authorizations tab

C.

PVWA User Provisioning > LDAP integration > Vault Auditors Mapping > Vault Authorizations

D.

PVWA> Administration > Configuration Options > LDAP integration > Vault Auditors Mapping > Vault Authorizations

Full Access
Question # 37

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

A.

on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts

B.

on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Full Access
Question # 38

How does the Vault administrator apply a new license file?

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service

B.

Upload the license.xml file to the system Safe

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service

D.

Upload the license.xml file to the Vault Internal Safe

Full Access
Question # 39

Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.

Which steps should you perform to restore DR replication to normal?

A.

Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

B.

Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

C.

Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

D.

Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault

Full Access
Question # 40

When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

A.

List Accounts, View Safe Members

B.

Manage Safe Owners

C.

List Accounts, Access Safe without confirmation

D.

Manage Safe, View Audit

Full Access
Question # 41

The Accounts Feed contains:

A.

Accounts that were discovered by CyberArk in the last 30 days

B.

Accounts that were discovered by CyberArk that have not yet been onboarded

C.

All accounts added to the vault in the last 30 days

D.

All users added to CyberArk in the last 30 days

Full Access
Question # 42

What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

A.

Min Validity Period

B.

Interval

C.

Immediate Interval

D.

Timeout

Full Access
Question # 43

Arrange the steps to install the Password Vault Web Access (PVWA) in the correct sequence

Full Access
Question # 44

Which tools are used during a CPM renaming process?

A.

APIKeyManager Utility

B.

CreateCredFile Utility

C.

CPMinDomain_Hardening.ps1

D.

PMTerminal.exe

E.

Data Execution Prevention

Full Access
Question # 45

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor’s machine makes an RDP connection the PSM server, which user will be used?

A.

PSMAdminConnect

B.

Shadowuser

C.

PSMConnect

D.

Credentials stored in the Vault for the target machine

Full Access
Question # 46

Accounts Discovery allows secure connections to domain controllers.

A.

TRUE

B.

FALSE

Full Access
Question # 47

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Full Access
Question # 48

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

A.

ignore the logon account and attempt to log in as root

B.

prompt the end user with a dialog box asking for the login account to use

C.

log in first with the logon account, then run the SU command to log in as root using the password in the Vault

D.

none of these

Full Access
Question # 49

You are logging into CyberArk as the Master user to recover an orphaned safe.

Which items are required to log in as Master?

A.

Master CD, Master Password, console access to the Vault server, Private Ark Client

B.

Operator CD, Master Password, console access to the PVWA server, PVWA access

C.

Operator CD, Master Password, console access to the Vault server, Recover.exe

D.

Master CD, Master Password, console access to the PVWA server, Recover.exe

Full Access
Question # 50

To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

A.

List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

B.

List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

C.

Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

D.

View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

Full Access
Question # 51

Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support.

Which logs will help the CyberArk Support Team debug the issue? (Choose three.)

A.

PSMConsole.log

B.

PSMDebug.log

C.

PSMTrace.log

D.

.Component.log

E.

PMconsole.log

F.

ITAlog.log

Full Access
Question # 52

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

A.

TRUE

B.

FALSE

Full Access
Question # 53

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Full Access
Question # 54

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

A.

TRUE

B.

FALSE

Full Access
Question # 55

What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?

A.

UnixPrompts.ini

B.

plink.exe

C.

dbparm.ini

D.

PVConfig.xml

Full Access
Question # 56

If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

A.

the vault will not allow this situation to occur.

B.

only those permissions that exist on the group added to the safe first.

C.

only those permissions that exist in all groups to which the user belongs.

D.

the cumulative permissions of all groups to which that user belongs.

Full Access
Question # 57

To manage automated onboarding rules, a CyberArk user must be a member of which group?

A.

Vault Admins

B.

CPM User

C.

Auditors

D.

Administrators

Full Access
Question # 58

What is the easiest way to duplicate an existing platform?

A.

From PrivateArk, copy/paste the appropriate Policy.ini file: then rename it.

B.

from the PVWA, navigate to the platforms page, select the existing platform that is similar to the new target account platform and click Duplicate, name the new platform.

C.

From PrivateArk, cop/paste the appropriate setting in the PVConfiguration.xml then update the policName variable.

D.

From the PVWA, navigate to the platforms page, select existing platform that is similar to the new target account platform, manually update the platform settings and click "Save as" instead of save to duplicate and rename the platform.

Full Access
Question # 59

You are installing multiple PVWAs behind a load balancer. Which statement is correct?

A.

Port 1858 must be opened between the load balancer and the PVWAs

B.

The load balancer must be configured in DNS round robin.

C.

The load balancer must support "sticky sessions".

D.

The LoadBalancerClientAddressHeader parameter in the PVwA.ini file must be set.

Full Access
Question # 60

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Full Access
Question # 61

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

A.

They are added to the Pending Accounts list and can be reviewed and manually uploaded.

B.

They cannot be onboarded to the Password Vault.

C.

They must be uploaded using third party tools.

D.

They are not part of the Discovery Process.

Full Access
Question # 62

Which of the following properties are mandatory when adding accounts from a file? (Choose three.)

A.

Safe Name

B.

Platform ID

C.

All required properties specified in the Platform

D.

Username

E.

Address

F.

Hostname

Full Access
Question # 63

Match each key to its recommended storage location.

Full Access
Question # 64

It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

A.

TRUE

B.

FALS

Full Access
Question # 65

tsparm.ini is the main configuration file for the Vault.

A.

True

B.

False

Full Access
Question # 66

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

A.

Window 2012 KB4558843

B.

Remote Desktop services (RDS) Session Host Roles

C.

Windows 2016 KB4558843

D.

Remote Desktop services (RDS) Session Broker

Full Access
Copyright myexamcollection.com. All Right Reserved.