Black Friday Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

CyberArk PAM-SEN Dumps

Page: 1 / 14
Total 136 questions
Get PAM-SEN Full Access Download PAM-SEN PDF

CyberArk Sentry PAM Questions and Answers

Question 1

Which file must you edit to ensure the PSM for SSH server is not hardened automatically after installation?

Options:

A.

vault.ini

B.

user.cred

C.

psmpparms

D.

psmgw.config

Question 2

You have been asked to limit a platform called “Windows_Servers” to safes called “WindowsDC1” and “WindowsDC2”. The platform must not be assigned to any other safe.

What is the correct way to accomplish this?

Options:

A.

Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select General and modify “AllowedSafes” to be (WindowsDC1)|(WindowsDC2).

B.

Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select Options and modify “AllowedSafes” to be (Win*).

C.

Edit the “WindowsDC1” and “WindowsDC2” safes through Safe Management, Add “Windows_Servers” to the “AllowedPlatforms”.

D.

Log in to PrivateArk using an Administrative user, Select File, Server File Categories, Locate the category “WindowsServersAllowedSafes” and specify “WindowsDC1,WindowsDC2”.

Question 3

During the PSM installation process, Safes and a User are created.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords, and Activate Users, which authorization(s) does the Vault user installing the PSM need to enable them to be successfully created?

Options:

A.

Manage Vault File Categories Most Voted

B.

Manage Server File Categories

C.

Manage Directory Mapping, Manage Server File Categories

D.

Manage Directory Mapping, Manage Vault File Categories

Question 4

What is the purpose of the CPM_Preinstallation.ps1 script included with the CPM installation package?

Options:

A.

It prompts for input parameters that will be used to pre-populate form fields in the installation wizard.

B.

It automatically installs the CPM, requiring no additional user input.

C.

It allows you to install the CPM using a command line approach rather than using the installation wizard.

D.

It verifies the NET version installed on the server and sets the IIS SSL TLS server configuration.

Question 5

The Remote Desktop Services role must be property licensed by Microsoft.

Options:

A.

TRUE

B.

FALSE

Question 6

At what point is a transparent user provisioned in the vault?

Options:

A.

When a directory mapping matching that user id is created.

B.

When a vault admin runs LDAP configuration wizard.

C.

The first time the user logs in.

D.

During the vault's nightly LD|^P refresh

Question 7

A customer is moving from an on-premises to a public cloud deployment.

What is the best and most cost-effective option to secure the server key?

Options:

A.

Install the Vault in the cloud the same way you would in an on-premises environment. Place the server key in a password protected folder on the operating system.

B.

Install the Vault in the cloud the same way you would in an on-premises environment. Purchase a Hardware Security Module to secure the server key.

C.

Install the Vault using the native cloud images and secure the server key using native cloud Key Management Systems.

D.

Install the Vault using the native cloud images and secure the server key with a Hardware Security Module.

Question 8

What are the basic network requirements to deploy a CPM server?

Options:

A.

Port 1858 to Vault and Port 443 to PVWA

B.

Port 1858 only

C.

all ports to the Vault

D.

Port UDP/1858 to Vault and all required ports to targets and Port 389 to the PSM

Question 9

Arrange the steps to complete CPM Hardening for Out-of-Domain Deployment in the correct sequence.

as

Options:

Question 10

-

The installCyberArkSSHD parameter on the PSM for SSH can be set to multiple values.

Match each value to the correct condition.

as

Options:

Question 11

You are installing the HTML5 gateway on a Linux host using the RPM provided.

After installing the Tomcat webapp, what is the next step in the installation process?

Options:

A.

Deploy the HTML5 service (guacd). Most Voted

B.

Secure the connection between the guacd and the webapp.

C.

Secure the webapp and JWT validation endpoint.

D.

Configure ASLR.

Question 12

Which statement is correct about a post-install hardening?

Options:

A.

The Vault must be hardened during the Vault installation process. Most Voted

B.

After the Vault server is installed, you must join the server to the Enterprise Domain and reboot the host.

C.

It is executed after Vault installation by running CAVaultHarden.exe and hardening options can be edited by changing the Hardening.ini file. Most Voted

D.

If it is mandated by an organization’s IT governance, you do not have to execute Vault hardening; however, server hardening cannot be reversed.

Question 13

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

Options:

A.

Manage Directory Mapping

B.

Activate Users

C.

Backup All Safes, Restore All Safes

D.

Audit Users, Add Network Areas

Question 14

By default, the vault secure protocol uses which IP port and protocol.

Options:

A.

TCP/1858

B.

TCP/443

C.

UDP/1858

D.

TCP/80

Question 15

Which is the correct order of installation for PAS components?

Options:

A.

Vault, CPM. PVWA, PSM

B.

CPM, Vault. PSM, PVWA

C.

Vault, CPM. PSM, PVWA

D.

PVWA, Vault, CPM, PSM

Question 16

As a member of a PAM Level-2 support team, you are troubleshooting an issue related to load balancing four PVWA servers at two data centers. You received a note from your Level-1 support team stating “When testing PVWA website from a workstation, we noticed that the “Source IP of last sign-in” was shown as the VIP (Virtual IP address) assigned to the four PVWA servers instead of the workstation IP where the PVWA site was launched from.”

Which step should you take?

Options:

A.

Verify the “LoadBalancerClientAddressHeader” parameter setting in PVWA configuration file Web.config is set to “X-Forwarded-For”.

B.

Add the VIP (Virtual IP address) assigned to the four PVWA servers to the certificates issued for all four PVWA servers, if missing.

C.

Add a firewall rule to allow the testing workstation to connect to the VIP (Virtual IP address) assigned to the four PVWA servers on Port TCP 443.

D.

Edit the dbparm.ini file on the Vault server and add the IP or subnet of the workstation to the whitelist.

Question 17

In which configuration file on the Vault can filters be configured to either include or exclude log messages that are sent through SNMP?

Options:

A.

PARAgent.ini

B.

DBParm.ini

C.

TSParm.ini

D.

CyberArkv2 MIB file

Question 18

What is a prerequisite step before installing the Vault on Windows 2019?

Options:

A.

Configure the Kerberos authentication method on the default IIS Application pool

B.

Check that the server IP address is correctly configured and that it is static

C.

In the Network Connection properties, configure Preferred DNS Servers

D.

Install Microsoft Windows patch KB4014998

Question 19

What is the PRIMARY reason for installing more than 1 active CPM?

Options:

A.

Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites.

B.

Multiple instances create fault tolerance.

C.

Multiple instances increase response time.

D.

Having additional CPMs increases the maximum number of devices CyberArk can manage

Question 20

Arrange the steps to install the Password Vault Web Access (PVWA) in the correct sequence.

as

Options:

Question 21

Which component should be installed on the Vault if Distributed Vaults are used with PSM?

Options:

A.

RabbitMQ

B.

Disaster Recovery

C.

Remote Control Client

D.

Distributed Vault Server

Question 22

What is a step to enable NTP synchronization on a stand-alone Vault?

Options:

A.

Run Powershell and add the NTP module.

B.

Restart the organization's NTP servers.

C.

Edit dbparm.ini and add a Firewall rule for the NTP address.

D.

Restart the Vault Event Notification Engine service.

Question 23

If a customer has one data center and requires fault tolerance, how many PVWAs should be deployed?

Options:

A.

two or more

B.

one PVWA cluster

C.

one

D.

two PVWA clusters

Question 24

You are installing PSM for SSH with AD-Bridge and CyberArkSSHD mode set to integrated for your customer.

Which additional packages do you need to install to meet the customer’s needs? (Choose two.)

Options:

A.

CARKpsmp-infra

B.

libssh

C.

OpenSSH 7.8 or higher

D.

CARKpsmp-ADBridge

E.

CARKpsmp-SSHD

Question 25

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in C:\Windows\System32\drivers\etc\hosts and in the PVWAApplication under Administration > LDAP Integration > Directories > Hosts

B.

on both the Vault and the PVWA servers in C:\Windows\System32\drivers\etc\hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Question 26

Which utility should be used to register the Vault in Amazon Web Services?

Options:

A.

CAVaultManager Most Voted

B.

StorageManager

C.

CloudVaultManager

D.

CACert

Question 27

A customer wants to store PSM recordings for 100 days and estimates they will have 10 Windows sessions per day for 100 minutes each.

What is the minimum storage required for the Vault and PAReplicate for the PSM recordings?

Options:

A.

25 GB Most Voted

B.

250 GB

C.

500 GB

D.

5 GB

Question 28

A first PSM server has been installed.

What should you confirm before installing any additional PSM servers?

Options:

A.

The PSM ID of the first installed PSM server was changed and the additional PSM server can use the same PSM ID.

B.

The user performing the installation is a direct owner in the PSMUnmanagedSessionAccounts Safe, PSM safe and member of PVWAMonitor group.

C.

The user performing the installation is not a direct owner in the PSMUnmanagedSessionAccounts Safe. Most Voted

D.

The path of the Recordings Folder must be different on all PSM installations.

Question 29

For redundancy, you want to add a secondary RADIUS server.

What must you do to accomplish this?

Options:

A.

Add to the application settings of the PVWA web.config file.

B.

In the PVWA vault.ini file, list each RADIUS server host address in the "Addresses" attribute separated by commas.

C.

Open the DBParm.ini on the Vault server. Add the second RADIUS server configuration settings after the first one, separated by a comma. Most Voted

D.

In the PVWA web.config file, add the location element at the end of the config file. Set the path value to "Default Web Site/PasswordVault/api/auth/pkipn/logon".

Question 30

In a SIEM integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es)

Options:

A.

TRUE

B.

FALSE

Question 31

What must you do to prepare a Windows server for PVWA installation?

Options:

A.

In the InstallationAutomation folder, run the PVWA_Prerequisites.ps1 file as an administrator in Powershell. Most Voted

B.

Install the PrivateArk client.

C.

Verify the user performing the installation is Domain Administrator and has logon access to the Vault server.

D.

Enable IPv6.

Question 32

Which files does the Vault Installation Wizard prompt you for during the Vault install?

Options:

A.

Operator CD and License Most Voted

B.

Master CD and License

C.

Operator CD and Vault Certificate

D.

Master CD and DBparm.ini

Question 33

What must you do to synchronize a new Vault server with an organization’s NTP server?

Options:

A.

Configure an AllowNonStandardFWAddresses rule for the organization’s NTP server in DBParm.ini on the Vault server.

B.

Use the Windows Firewall console to configure a rule on the Vault server which allows communication with the organization’s NTP server.

C.

Ensure the organization’s NTP server is installed in the same location as the Vault server requiring synchronization.

D.

Update the AutoSyncExternalObjects configuration in DBParm.ini on the Vault server to schedule regular synchronization.

Question 34

What would be a good use case for the Replicate module?

Options:

A.

Recovery Time Objectives or Recovery Point Objectives are at or near zero

B.

Integration with an Enterprise Backup Solution is required.

C.

Off site replication is required.

D.

PSM is used

Question 35

You are configuring SNMP remote monitoring for your organization’s Vault servers.

In the PARAgent.ini, which parameter specifies the destination of the Vault SNMP traps?

Options:

A.

SNMPHostIP Most Voted

B.

SNMPTrapPort

C.

SNMPCommunity

D.

SNMPVersion

Question 36

A customer has five main data centers with one PVWA in each center under different URLs.

How can you make this setup fault tolerant?

Options:

A.

This setup is already fault tolerant.

B.

Install more PVWAs in each data center.

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered.

D.

Load balance all PVWAs under same URL.

Question 37

A vault admin received an email notification that a password verification process has failed Which service sent the message?

Options:

A.

The PrivateArk Server Service on the Vault.

B.

The CyberArk Password Manager service on the Components Server.

C.

The CyberArk Event Notification Engine Service on the Vault

D.

The CyberArk Privileged Session Manager service on the Vault.

Question 38

As Vault Admin, you have been asked to enable your organization's CyberArk users to authenticate using LDAP.

In addition to Audit Users, which permission do you need to complete this task?

Options:

A.

Add Network Areas

B.

Manage Directory Mapping

C.

Add/Update Users

D.

Activate Users

Question 39

To apply a new license file you must:

Options:

A.

Upload the license.xml file to the System Safe

B.

Upload the license.xml file to the Vaultlnternal Safe.

C.

Upload the license.xml file to the System Safe and restart the PrivateArk Server service.

D.

Upload the license.xml file to the Vaultlnternal Safe and restart the PrivateArk Server service.

Question 40

What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?

Options:

A.

RSA SecurID Authentication (in PVWA) and LDAP Authentication

B.

CyberArk Authentication and RADIUS Authentication

C.

Oracle SSO (in PVWA) and SAML Authentication

D.

LDAP Authentication and RADIUS Authentication

Load More PAM-SEN Questions
Page: 1 / 14
Total 136 questions
Get PAM-SEN Full Access Download PAM-SEN PDF