Black Friday Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

CyberArk PAM-DEF Dumps

Page: 1 / 24
Total 239 questions
Get PAM-DEF Full Access Download PAM-DEF PDF

CyberArk Defender - PAM Questions and Answers

Question 1

What is the purpose of the HeadStartlnterval setting m a platform?

Options:

A.

It determines how far in advance audit data is collected tor reports

B.

It instructs the CPM to initiate the password change process X number of days before expiration.

C.

It instructs the AIM Provider to ‘skip the cache' during the defined time period

D.

It alerts users of upcoming password changes x number of days before expiration.

Question 2

Where can a user with the appropriate permissions generate a report? (Choose two.)

Options:

A.

PVWA > Reports

B.

PrivateArk Client

C.

Cluster Vault Manager

D.

PrivateArk Server Monitor

E.

PARClient

Question 3

The System safe allows access to the Vault configuration files.

Options:

A.

TRUE

B.

FALS

Question 4

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Options:

A.

Use Accounts, Retrieve Accounts, List Accounts

B.

Use Accounts, List Accounts

C.

Use Accounts

D.

List Accounts, Retrieve Accounts

Question 5

Where can reconcile and/or logon accounts be linked to an account? (Choose two.)

Options:

A.

account settings

B.

platform settings

C.

master policy

D.

safe settings

E.

service account settings

Question 6

What is the chief benefit of PSM?

Options:

A.

Privileged session isolation

B.

Automatic password management

C.

Privileged session recording

D.

‘Privileged session isolation’ and ‘Privileged session recording’

Question 7

What is the purpose of a linked account?

Options:

A.

To ensure that a particular collection of accounts all have the same password.

B.

To ensure a particular set of accounts all change at the same time.

C.

To connect the CPNI to a target system.

D.

To allow more than one account to work together as part of a password management process.

Question 8

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Options:

A.

True; this is the default behavior

B.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file

C.

True, if the AllowFailback setting is set to “yes” in the padr.ini file

D.

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file

Question 9

The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

Options:

A.

TRUE

B.

FALS

Question 10

Within the Vault each password is encrypted by:

Options:

A.

the server key

B.

the recovery public key

C.

the recovery private key

D.

its own unique key

Question 11

A Reconcile Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Question 12

Which values are acceptable in the address field of an Account?

Options:

A.

It must be a Fully Qualified Domain Name (FQDN)

B.

It must be an IP address

C.

It must be NetBIOS name

D.

Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable

Question 13

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Options:

A.

True

B.

False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Question 14

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Options:

A.

The heartbeat s no longer detected on the private network.

B.

The shared storage array is offline.

C.

An alert is generated in the Windows Event log.

D.

The Digital Vault Cluster does not detect a node failure.

Question 15

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.

Password change

B.

Password reconciliation

C.

Session suspension

D.

Session termination

Question 16

Which report provides a list of account stored in the vault.

Options:

A.

Privileged Accounts Inventory

B.

Privileged Accounts Compliance Status

C.

Entitlement Report

D.

Active Log

Question 17

The vault supports Role Based Access Control.

Options:

A.

TRUE

B.

FALSE

Question 18

When are external vault users and groups synchronized by default?

Options:

A.

They are synchronized once every 24 hours between 1 AM and 5 AM. Most Voted

B.

They are synchronized once every 24 hours between 7 PM and 12 AM.

C.

They are synchronized every 2 hours.

D.

They are not synchronized according to a specific schedule.

Question 19

You are configuring CyberArk to use HTML5 gateways exclusively for PSM connections.

In the PVWA, where do you set DefaultConnectionMethod to HTML5?

Options:

A.

Options > Privileged Session Management UI

B.

Options > Privileged Session Management

C.

Options > Privileged Session Management Defaults

D.

Options > Privileged Session Management Interface

Question 20

Which command generates a full backup of the Vault?

Options:

A.

PAReplicate.exe Vault.ini /LogonFromFile user.ini /FullBackup

B.

PAPreBackup.exe C:\PrivateArk\Server\Conf\Vault.ini Backup/Asdf1234 /full

C.

PARestore.exe PADR ini /LogonFromFile vault.ini /FullBackup

D.

CAVaultManager.exe RecoverBackupFiles /BackupPoolName BkpSvr1

Question 21

Match the log file name with the CyberArk Component that generates the log.

as

Options:

Question 22

To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?

Options:

A.

List Accounts, Use Accounts

B.

List Accounts, Use Accounts, Retrieve Accounts

C.

Use Accounts

D.

List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation

Question 23

What is the easiest way to duplicate an existing platform?

Options:

A.

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

B.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

C.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

D.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

Question 24

Which dependent accounts does the CPM support out-of-the-box? (Choose three.)

Options:

A.

Solaris Configuration file

B.

Windows Services

C.

Windows Scheduled

D.

Windows DCOM Applications

E.

Windows Registry

F.

Key Tab file

Question 25

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.

Question 26

Match each automatic remediation to the correct PTA security event.

as

Options:

Question 27

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

Options:

A.

Operating System Username

B.

Host IP Address

C.

Client Hostname

D.

Operating System Type (Linux/Windows/HP-UX)

E.

Vault IP Address

F.

Time Frame

Question 28

In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?

Options:

A.

PVWAMonitor

B.

ReportUsers

C.

PVWAReports

D.

Operators

Question 29

Which command configures email alerts within PTA if settings need to be changed post install?

Options:

A.

/opt/tomcat/utility/emailConfiguration.sh

B.

/opt/PTA/emailConfiguration.sh

C.

/opt/PTA/utility/emailConfig.sh

D.

/opt/tomcat/utility/emailSetup.sh

Question 30

As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Options:

A.

TRUE

B.

FALSE

Question 31

A password compliance audit found:

1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.

2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.

What should you do to address these findings?

Options:

A.

Edit the Master Policy and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

B.

Edit safe properties and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

C.

Edit CPM Settings and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

D.

Contact the Windows Administrators and request them to add two policy exceptions at Active Directory Level: enable "Enforce one-time password access", enable "Record and save session activity".

Question 32

In the Private Ark client under the Tools menu > Administrative Tools > Users and Groups, which option do you use to update users’ Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Question 33

If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Options:

A.

KeyPath

B.

KeyFile

C.

ObjectName

D.

Address

Question 34

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Options:

A.

Create an exception to the Master Policy to exclude the group from the workflow process.

B.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

C.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

D.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

Question 35

When the CPM connects to a database, which interface is most commonly used?

Options:

A.

Kerberos

B.

ODBC

C.

VBScript

D.

Sybase

Question 36

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Options:

A.

Domain Admin

B.

LDAP Admin

C.

Read/Write

D.

Read

Question 37

What do you need on the Vault to support LDAP over SSL?

Options:

A.

CA Certificate(s) used to sign the External Directory certificate Most Voted

B.

RECPRV.key

C.

a private key for the external directory

D.

self-signed Certificate(s) for the Vault

Question 38

You need to enable the PSM for all platforms.

Where do you perform this task?

Options:

A.

Platform Management > (Platform) > UI & Workflows

B.

Master Policy > Session Management

C.

Master Policy > Privileged Access Workflows

D.

Administration > Options > Connection Components

Question 39

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Options:

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Question 40

CyberArk recommends implementing object level access control on all Safes.

Options:

A.

True

B.

False

Question 41

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Options:

A.

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

B.

PSM for Windows (previously known as RDP Proxy)

C.

PSM for SSH (previously known as PSM-SSH Proxy)

D.

All of the above

Question 42

In your organization the “click to connect” button is not active by default.

How can this feature be activated?

Options:

A.

Policies > Master Policy > Allow EPV transparent connections > Inactive

B.

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

C.

Policies > Master Policy > Allow EPV transparent connections > Active

D.

Policies > Master Policy > Password Management

Question 43

Which item is an option for PSM recording customization?

Options:

A.

Windows events text recorder with automatic play-back

B.

Windows events text recorder and universal keystrokes recording simultaneously

C.

Universal keystrokes text recorder with windows events text recorder disabled

D.

Custom audio recording for windows events

Question 44

In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to “Fast Forward” within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.

What could be the cause?

Options:

A.

Recording is of a PSM for SSH session.

B.

The browser you are using is out of date and needs an update to be supported.

C.

You do not have the “View Audit” permission on the safe where the account is stored.

D.

You need to update the recorder settings in the platform to enable screen capture every 10000 ms or less.

Question 45

Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.

How do you accomplish this?

Options:

A.

Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies

B.

Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording Most Voted

C.

Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies

D.

Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies

Question 46

You created a new safe and need to ensure the user group cannot see the password, but can connect through the PSM.

Which safe permissions must you grant to the group? (Choose two.)

Options:

A.

List Accounts Most Voted

B.

Use Accounts Most Voted

C.

Access Safe without Confirmation

D.

Retrieve Files

E.

Confirm Request

Question 47

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Options:

A.

Use Accounts

B.

Retrieve Accounts

C.

Authorize Password Requests

D.

Access Safe without Authorization

Question 48

VAULT authorizations may be granted to_____.

Options:

A.

Vault Users

B.

Vault Groups

C.

LDAP Users

D.

LDAP Groups

Question 49

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Options:

A.

PrivateArk Database

B.

PrivateArk Server

C.

CyberArk Vault Disaster Recovery (DR) service

D.

CyberArk Logical Container

Question 50

Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

Options:

A.

PAR Agent

B.

PrivateArk Server Central Administration

C.

Edit DBParm.ini in a text editor.

D.

Setup.exe

Question 51

Which methods can you use to add a user directly to the Vault Admin Group? (Choose three.)

Options:

A.

REST API

B.

PrivateArk Client

C.

PACLI

D.

PVWA

E.

Active Directory

F.

Sailpoint

Question 52

A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Options:

A.

createcredfile.exe

B.

cavaultmanager.exe

C.

PrivateArk

D.

PVWA

Question 53

You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events.

Where must you update the group to allow this?

Options:

A.

in the PTAAuthorizationGroups parameter, found in Administration > Options > PTA

B.

in the PTAAuthorizationGroups parameter, found in Administration > Options > General

C.

in the SecurityEventsAuthorizationGroups parameter, found in Administration > Security > Options

D.

in the SecurityEventsFeedAuthorizationGroups parameter, found in Administration > Options > General

Question 54

A recently-hired colleague onboarded five new Local Accounts that are used for five standalone Windows Servers. After attempting to connect to the servers from PVWA, the colleague noticed that the "Connect" button was greyed out for all five new accounts.

What can you do to help your colleague resolve this issue? (Choose two.)

Options:

A.

Verify that the address field is populated with an IP or FQDN of each server.

B.

Verify that the correct PSM connection component appears within account platform settings.

C.

Verify that the address field is blank and that the correct PSM connection component appears within account platform settings.

D.

Notify the Windows Team that created the new accounts that the CyberArk PAM solution is not designed to manage local accounts on Windows Servers.

E.

Verify that the "Disable automatic management for this account" setting for each account is not enabled.

Question 55

To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?

Options:

A.

SessionRecorderSafe Most Voted

B.

SessionSafe

C.

RecordingsPath

D.

RecordingLocation

Question 56

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Question 57

Which option in the Private Ark client is used to update users’ Vault group memberships?

Options:

A.

Update > General tab

B.

Update > Authorizations tab

C.

Update > Member Of tab

D.

Update > Group tab

Question 58

tsparm.ini is the main configuration file for the Vault.

Options:

A.

True

B.

False

Question 59

Which Vault authorization does a user need to have assigned to able to generate the "Entitlement Report" from the reports page in PVWA? (Choose two.)

Options:

A.

Manage Users

B.

Audit Users

C.

Read Activity

D.

View Entitlements

E.

List Accounts

Question 60

Before failing back to the production infrastructure after a DR exercise, what must you do to maintain audit history during the DR event?

Options:

A.

Ensure that the Production Instance replicates changes that occurred from the Disaster Recovery Instance.

B.

Briefly stop and start the Disaster Recovery Instance before attempting to fail components back to the Production Instance.

C.

Stop the CPM services before starting the production server.

D.

Perform an IIS Reset on all PVWA servers.

Question 61

You created a new platform by duplicating the out-of-box Linux through the SSH platform.

Without any change, which Text Recorder Type(s) will the new platform support? (Choose two.)

Options:

A.

SSH Text Recorder

B.

Universal Keystrokes Text Recorder

C.

Events Text Recorder

D.

SQL Text Recorder

E.

Telnet Commands Text Recorder

Question 62

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Options:

A.

True

B.

False

Question 63

A user with administrative privileges to the vault can only grant other users privileges that he himself has.

Options:

A.

TRUE

B.

FALSE

Question 64

Match each key to its recommended storage location.

as

Options:

Question 65

A new HTML5 Gateway has been deployed in your organization.

From the PVWA, arrange the steps to configure a PSM host to use the HTML5 Gateway in the correct sequence.

as

Options:

Question 66

To manage automated onboarding rules, a CyberArk user must be a member of which group?

Options:

A.

Vault Admins

B.

CPM User

C.

Auditors

D.

Administrators

Question 67

You are creating a Dual Control workflow for a team’s safe.

Which safe permissions must you grant to the Approvers group?

Options:

A.

List accounts, Authorize account request

B.

Retrieve accounts, Access Safe without confirmation

C.

Retrieve accounts, Authorize account request

D.

List accounts, Unlock accounts

Question 68

Which file must be edited on the Vault to configure it to send data to PTA?

Options:

A.

dbparm.ini

B.

PARAgent.ini

C.

my.ini

D.

padr.ini

Question 69

Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Options:

A.

TRUE

B.

FALSE

Question 70

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Options:

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Question 71

Which change could CyberArk make to the REST API that could cause existing scripts to fail?

Options:

A.

adding optional parameters in the request

B.

adding additional REST methods

C.

removing parameters

D.

returning additional values in the response

Question 72

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Options:

A.

HeadStartInterval

B.

Interval

C.

ImmediateInterval

D.

The CPM does not change the password under this circumstance

Load More PAM-DEF Questions
Page: 1 / 24
Total 239 questions
Get PAM-DEF Full Access Download PAM-DEF PDF