cyber Flashcards
The Active Directory user configured for windows discovery needs which permission(s) or
membership?
A. Member of Domain Admin Group
B. Member of LDAP Admin Group
C. Read and Write Permissions
D. Read Only Permissions
D
Which Vault authorization does a user need to have assigned to able to generate the Entitlement
Report from the reports page in PVWA?(choose two)
A. Manage Users
B. Audit Users
C. Read Activity
D. View Entitlements
E. List Accounts
A,B
What do you need on the Vault to support LDAP over SSL?
A. CA Certificate(s) used to sign the External Directory certificate
B. RECPRV.key
C. a private key for the external directory
D. self-signed Certificate(s) for the Vault
A
You are troubleshooting a PVWA slow response. Which log files should you analyze first? (Choose two.)
A. ITALog.log
B. web.config
C. CyberArk.WebApplication.log
D. CyberArk.WebConsole.log
C,D
What is the easiest way to duplicate an existing platform?
A. From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.
B. From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.
C. From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.
D. From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.
B
RECOVERY PRIVATE KEY—–STORE IN PHYSICAL SAFE
RECOVERY PUBLIC KEY——STORE IN HARDWARE SECURITY MODULE
SERVER KEY———————-STORE IN THE VAULT SERVER DISK DRIVE
SSH KEY—————————STORE IN THE VAULT
Recovery Private Key: Store in a Physical Safe Recovery Public Key: Store on the Vault Server Disk Drive Server Key: Store in a Hardware Security Module SSH Keys: Store in the Vault.
Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment. How do you accomplish this?
A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
B. Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording
C. Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies
D. Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies
A
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request. What is the correct location to identify users or groups who can approve?
A. PVWA > Administration > Platform Configuration > Edit Platform > UI & Workflow > Dual Control > Approvers
B. PVWA > Policies > Access Control (Safes) > Select the safe > Safe Members > Workflow > Authorize Password Requests
C. PVWA > Account List > Edit > Show Advanced Settings > Dual Control > Direct Managers
D. PrivateArk > Admin Tools > Users and Groups > Auditors (Group Membership)
B
You have been given the requirements that certain accounts cannot have their passwords
updated during business hours:
A. Change settings on the CPM configuration safe so that access is permitted after business
hours only
B. Update the password change parameters of the platfrom to match the permitted time
frame
C. Disable automatic CPM management for all accounts that are assigned to this platform
D. Add an exception to the Master Policy to allow the action for this platform during the
permitted time
B
What must you specify when configuring a discovery scan for UNIX? (Choose two.)
A. Vault Administrator
B. CPM Scanner
C. root password for each machine
D. list of machines to scan
E. safe for discovered accounts
C,D
To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?
A. SessionRecorderSafe
B. SessionSafe
C. RecordingsPath
D. RecordingLocation
A
Which processes reduce the risk of credential theft? (Choose two.)
A. require dual control password access approval
B. require password change every X days
C. enforce check-in/check-out exclusive access
D. enforce one-time password access
C,D o B,D
You are onboarding an account that is not supported out of the box. What should you do first to obtain a platform to import?
A. Create a service ticket in the customer portal explaining the requirements of the custom platform
B. Search common community portals like stackoverflow,reddit,github for an existing platform
C. From the platforms page,unchecked the hide non supported platforms checkbox and see if a platform meeting your needs appears
D. Visit the CyberArk marketplace And search or a platform that meets your needs
D
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account. How can this be configured to allow for password management using least privilege?
A. Configure each CPM to use the correct logon account.
B. Configure each CPM to use the correct reconcile account.
C. Configure the UNIX platform to use the correct logon account.
D. Configure the UNIX platform to use the correct reconcile account.
C
RIGHT ORDER:
A.START THE PRIVATEARK DISASTER RECOVERY SERVICE
B.SHUTDOWN THE PRIVATEARK SERVER SERVICE ON THE DR VAULT
C.IN THE PADR.INI FILE, SET FAILOVER MODE=NO AND REMOVE THE LAST TWO LINE
B,C,A
You are configuring a Vault HA cluster.Which file should you check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks?
A. ClusterVault.ini
B. My.ini
C. Vault.ini
D. DBParm.ini
A
Which methods can you use to add a user directly to the Vault Admin Group? (Choose three.)
A. REST API
B. PrivateArk Client
C. PACLI
D. PVWA
E. Active Directory
F. Sailpoint
A,B,E
Which Automatic Remediation is configurable for a PTA detection of a “Suspected Credential
Theft”?
A. Add to Pending
B. Rotate Credentials
C. Reconcile Credentials
D. Disable Account
B
VEDI LA N20
VEDI LA N22
You want to create a new onboarding rule. Where do you accomplish this?
A. In PVWA, click Reports > Unmanaged Accounts > Rules
B. In PVWA, click Options > Platform Management > Onboarding Rules
C. In PrivateArk, click Tools > Onboarding Rules
D. In PVWA, click Accounts > Onboarding Rules
D
What does the minvalidity parameter on a platform policy determine?
A. time between a password retrieval and the account becoming eligible for a password
change
B. timeout for users signed into the PVWA as configured in the glodel settings
C. minimum amount of time that just in time access is valid
D. time in minutes before an empty safe will be automatically deleted
A
What does the Export Vault Data (EVD) utility do?
A. exports data from the Vault to TXT or CSV files, or to MSSQL databases
B. generates a backup file that can be used as a cold backup
C. exports all passwords and imports them into another instance of CyberArk
D. keeps two active vaults in sync
A
When are external vault users and groups synchronized by default?
A. They are synchronized once every 24 hours between 1 AM and 5 AM.
B. They are synchronized once every 24 hours between 7 PM and 12 AM.
C. They are synchronized every 2 hours.
D. They are not synchronized according to a specific schedule.
A
You created a new safe and need to ensure the user group cannot see the password, but can connect through the PSM. Which safe permissions must you grant to the group? (Choose two.)
A. List Accounts
B. Use Accounts
C. Access Safe without Confirmation
D. Retrieve Files
E. Confirm Request
A,B
During a High Availability node switch you notice an error and the Cluster Vault Manager Utility fails back to the original node. Which log files should you check to investigate the cause of the issue? (Choose three.)
A. CyberArk Webconsole.log
B. VaultDB.log
C. PM_Error.log
D. ITALog.log
E. ClusterVault.console.log
F. logiccontainer.log
B,D,E
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)
A. OS Username
B. Current machine IP
C. Current machine hostname
D. Operating System Type (Linux/Windows/HP-UX)
A,B,C
Which master policy settings ensure non repudiation?
A. Require password verification every X days and enforce one time password access
B. Enforce check in/check out exclusive access and enforce one time password access
C. Allow EPV transparent connections and enforce check in/check out exclusive access
D. Allow EPV transparent connections and enforce one time password access
B
Where can a user with the appropriate permissions generate a report? (Choose two.)
A. PVWA > Reports
B. PrivateArk Client
C. Cluster Vault Manager
D. PrivateArk Server Monitor
E. PARClient
A,B
Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support. Which logs will be most useful for the CyberArk Support Team to debug the issue? (Choose three.)
A. PSMConsole.log
B. PSMDebug.log
C. PSMTrace.log
D. <Session_ID>.Component.log</Session_ID>
E. PMconsole.log
F. ITALog.log
A,C,D
You have been asked to identify the up or down status of Vault Services. Which CyberArk utility can you use to accomplish this task?
A. PrivateArk Central Administration Console
B. PAS Reporter
C. PrivateArk Remote Control Agent
D. Syslog
C
A new colleague created a directory mapping between the Active Directory groups and the Vault. Where can the newly Configured directory mapping be tested?
A. Connect to the Active Directory and ensure the organizational unit exists.
B. Connect to Sailpoint (or similar tool) to ensure the organizational unit is correctly named; log in to the PVWA with “Administrator” and confirm authentication succeeds.
C. Search for members that exist only in the mapping group to grant them safe permissions through the PVWA.
D. Connect to the PrivateArk Client with the Administrator Account to see if there is a user in the Vault Admin Group.
C
A user needs to view recorded sessions through the PVWA. Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)
A. Recordings safe
B. Safe the account is in
C. System safe
D. PVWAConfiguration safe
E. VaultInternal safe
A,B
Which file must be edited on the Vault to configure it to send data to PTA?
A. dbparm.ini
B. PARAgent.ini
C. my.ini
D. padr.ini
A
You want to build a connector that connects to a website through the Web applications for PSM framework. Which default connector do you duplicate and modify?
A. PSM-ChromeSample
B. PSM-WebForm
C. PSM-WebApp
D. PSM-WebAppSample
D
VEDI LA N38
When an account is unable to change its own password, how can you ensure that password reset with the reconcile account is performed each time instead of a change?
A. Set the parameter RCAllowManualReconciliation to Yes.
B. Set the parameter ChangePasswordinResetMade to Yes.
C. Set the parameter IgnoreReconcileOnMissingAccount to No.
D. Set the UnlockUserOnReconcile to Yes.
B
In a default CyberArk installation, which group must a user be a member of to view the “reports” page in PVWA?
A. PVWAMonitor
B. ReportUsers
C. PVWAReports
D. Operators
A
Where can you assign a Reconcile account?
A. In the PVWA at the account level
B. In the PVWA in the platform configuration
C. In the Master policy of the PVWA
D. At the Safe level
E. In the CPM settings
A,B
Your organization requires all passwords be rotated every 90 days.
Where can you set this requirement?
A. Master Policy
B. Safe Templates
C. PVWAConfig.xml
D. Platform Configuration
A
According to CyberArk, which issues most commonly cause installed components to display as disconnected in the System Health Dashboard? (Choose two.)
A. network instabilities/outages
B. vault license expiry
C. credential de-sync
D. browser compatibility issues
E. installed location file corruption
A,C
Where can reconcile and/or logon accounts be linked to an account? (Choose two.)
A. account settings
B. platform settings
C. master policy
D. safe settings
E. service account settings
A,B
Which built in report from the reports page in PVWA displays the number of day until a
password is due to expire?
A. Privileged Accounts Inventory
B. Privileged Accounts Compliance Status
C. Activity Log
D. Privileged Account CPM Status
B
You are running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on
a specific safe.
To show complete account inventory information, which permission/s are needed on that safe?
A. List Accounts, View Safe Members
B. Manage Safe Owners
C. List Accounts, Access Safe without confirmation
D. Manage Safe, View Audit
A
You have been asked to create an account group and assign three accounts which belong to a
cluster. When you try to create a new group,you receive an inauthorized error,however,you are able
to edit other aspects of the account properties. Which safe permission do you need to manage
account groups?
A. Create folders
B. Specify next account content
C. Rename accounts
D. Manage safe
A
Which dependent accounts does the CPM support out-of-the-box? (Choose three.)
A. Solaris Configuration file
B. Windows Services
C. Windows Scheduled Tasks
D. Windows DCOM Applications
E. Windows Registry
F. Key Tab file
B,C,E
A password compliance audit found: 1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced. 2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM. What should you do to address these findings?
A. Edit the Master Policy and add two policy exceptions: enable “Enforce one-time password access”, enable “Record and save session activity”.
B. Edit safe properties and add two policy exceptions: enable “Enforce one-time password access”, enable “Record and save session activity”.
C. Edit CPM Settings and add two policy exceptions: enable “Enforce one-time password access”, enable “Record and save session activity”.
D. Contact the Windows Administrators and request them to add two policy exceptions at Active Directory Level: enable “Enforce one-time password access”, enable “Record and save session activity”.
A
If PTA is integrated with a supported SIEM solution, which detection becomes available?
A. unmanaged privileged account
B. privileged access to the Vault during irregular days
C. riskySPN
D. exposed credentials
A
Which change could CyberArk make to the REST API that could cause existing scripts to fail?
A. adding optional parameters in the request
B. adding additional REST methods
C. removing parameters
D. returning additional values in the response
C
In PVWA you are attemping to play a recording made of a session by user jsmith, but there is no option to Fast Forward within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video. What could be the cause?
A. Recording is of a PSM for SSH session
B. The browser you are using is out of date and needs to update to be supported
C. You do not have View Audit permission on the safe where the account is stored
D. You need to update the recorder settings in the platform to enable screen capture every 10000ms or less
A
You created a new platform by duplicating the out-of-box Linux through the SSH platform. Without any change, which Text Recorder Type(s) will the new platform support? (Choose two.)
A. SSH Text Recorder
B. Universal Keystrokes Text Recorder
C. Events Text Recorder
D. SQL Text Recorder
E. Telnet Commands Text Recorder
A,B
Which usage can be added as a service account platform?
A. Kerberos Tokens
B. IIS Application Pools
C. PowerShell Libraries
D. Loosely Connected Devices
B
VEDI LA N55
In addition to add accounts and update account contents, which additional permission on the safe is required to add a single account?
A. Upload Accounts Properties
B. Rename Accounts
C. Update Account Properties
D. Manage Safe
C
You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events. Where must you update the group to allow this?
A. in the PTAAuthorizationGroups parameter, found in Administration > Options > PTA
B. in the PTAAuthorizationGroups parameter, found in Administration > Options > General
C. in the SecurityEventsAuthorizationGroups parameter, found in Administration > Security > Options
D. in the SecurityEventsFeedAuthorizationGroups parameter, found in Administration > Options > General
D
What is required to enable access over SSH to Unix account through both PSM and PSMP?
A. The platform must contain connection components for PSM-SSH and PSMP-SSH
B. PSM and PSMP must already have stored the SSH Fingerprint for the Unix host
C. The Enable PSMP setting in the Unix platform must be set to Yes
D. A duplicate platform with the PSMP settings must be created
A
VEDI LA N59
When the CPM connects to a database, which interface is most commonly used?
A. Kerberos
B. Odbc
C. Vbscript
D. sybade
B
What is required to manage loosely connected devices?
A. PSM for SSH
B. EPM
C. PSM
D. PTA
B
When should vault keys be rotated?
A. when it is copied to file systems outside the vault
B. annually
C. whenever a CyberArk user leaves the organization
D. when migrating to a new data center
A
Where can PTA be configured to send alerts? (Choose two.)
A. SIEM
B. Email
C. Google Analytics
D. EVD
E. PAReplicate
A,B
In your organization the “click to connect” button is not active by default. How can this feature be activated?
A. Policies > Master Policy > Allow EPV transparent connections > Inactive
B. Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception
C. Policies > Master Policy > Allow EPV transparent connections > Active
D. Policies > Master Policy > Password Management
C
What are the mandatory fields when onboarding from Pending Accounts? (Choose two.)
A. Address
B. Safe
C. Account Description
D. Platform
E. CPM
B,D
VEDI LA N66
Which accounts can be selected for use in the Windows discovery process? (Choose two.)
A. an account stored in the Vault
B. an account specified by the user
C. the Vault Administrator
D. any user with Auditor membership
E. the PasswordManager user
A,B
You are concerned about the Windows Domain password changes occurring during business hours. Which settings must be updated to ensure passwords are only rotated outside of business hours?
A. In the platform policy - Automatic Password Management > Password Change > ToHour & FromHour
B. in the Master Policy Account Change Window > ToHour & From Hour
C. Administration Settings - CPM Settings > ToHour & FromHour
D. On each individual account - Edit > Advanced > ToHour & FromHour
A
CyberArk recommends implementing object level access control on all Safes.
A. True B. False
B
PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.
A. True
B. False, the PTA can suspend sessions whether the session is made via the PSM or not
B
Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.
A. TRUE B. FALSE
B
Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?
A.PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)
B.PSM for Windows (previously known as RDP Proxy)
C.PSM for SSH (previously known as PSM-SSH Proxy)
D.All of the above
D
The Vault administrator can change the Vault license by uploading the new license to the system Safe.
A. True B. False
A
Which steps should you perform to restore DR replication to normal?
A.Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
B.Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
C.Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
D.Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
B
The vault supports Role Based Access Control.
A. TRUE B. FALSE
B
To manage automated onboarding rules, a CyberArk user must be a member of which group?
A.Vault Admins
B.CPM User
C.Auditors
D.Administrators
A
CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.
A. TRUE B. FALSE
A
Which report shows the accounts that are accessible to each user?
A.Activity report
B.Entitlement report
C.Privileged Accounts Compliance Status report
D.Applications Inventory report
B
Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?
A.Export Vault Data
B.Export Vault Information
C.PrivateArk Client
D.Privileged Threat Analytics
A
Select the best practice for storing the Master CD.
A.Copy the files to the Vault server and discard the CD
B.Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD
C.Store the CD in a secure location, such as a physical safe
D.Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault
C
Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.
A. TRUE B. FALSE
A
Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.
A.PSM connections to target devices that are not managed by CyberArk.
B.Session Recording.
C.Real-time live session monitoring.
D.PSM connections from a terminal without the need to login to the PVWA.
A,B,C
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
A. TRUE B. FALSE
B
When on-boarding account using Accounts Feed, Which of the following is true?
A.You must specify an existing Safe where are account will be stored when it is on boarded to the Vault
B.You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.
C.You can specify the name of a new Platform that will be created and associated with the account
D.Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with.
B
What is the primary purpose of One Time Passwords?
A.Reduced risk of credential theft
B.More frequent password changes
C.Non-repudiation (individual accountability)
D.To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization.
A
What is the purpose of the PrivateArk Server service?
A. Executes password changes
B. Maintains Vault metadata
C. Makes Vault data accessible to components
D. Sends email alerts from the Vault
C
Which keys are required to be present in order to start the PrivateArk Server service?
A. Recovery public key
B. Recovery private key
C. Server key
D. Safe key
A,C
In the Private Ark client, how do you add an LDAP group to a CyberArk group?
A. Select Update on the CyberArk group, and then click Add > LDAP Group
B. Select Update on the LDAP Group, and then click Add > LDAP Group
C. Select Member Of on the CyberArk group, and then click Add > LDAP Group
D. Select Member Of on the LDAP group, and then click Add > LDAP Group
A
SAFE Authorizations may be granted to____________. Select all that apply.
A. Vault Users
B. Vault Group
C. LDAP Users
D. LDAP Groups
A,B,C,D